controler.yml

---
- name: deploy Open Stack controler
  hosts: 192.168.122.68
  user: root
  sudo: yes
  gather_facts: True
  vars:
   - files: files/
   - private: private/
   - endpoint: http://controller:35357/v2.0

  vars_files:
   - vars/os.yml
   - vars/ip.yml

  tasks:
#  - name: Set the hostname
#    action: shell hostname os-controler

  - name: install core pkgs
    action: yum state=present pkg={{ item }}
    with_items:
    - libselinux-python
    - ntp

  - name: disable selinux
    action: selinux policy=targeted state=permissive

  - template: src={{ files }}/hosts dest=/etc/hosts owner=root mode=0644

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-networking.html
  #- service: name=NetworkManager state=stopped enabled=no
  - service: name=network state=started enabled=yes
  #- service: name=firewalld state=stopped enabled=no
  - service: name=iptables state=started enabled=yes

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-neutron-networking-controller-node.html
  - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=yes"
  - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^NETMASK=" line="NETMASK=255.255.255.0"
  - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^IPADDR=" line="IPADDR={{controller_private_ip}}"
  - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="BOOTPROTO=" line="BOOTPROTO=none"
  # FIXME notify network service restart

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-ntp.html
  - service: name=ntpd state=started enabled=yes

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-database-controller.html
  - name: install mysql packages
    action: yum state=present pkg={{ item }}
    with_items:
    - mysql-server
    - MySQL-python
  - lineinfile: dest=/etc/my.cnf regexp="^bind-address" insertafter="^\[mysqld\]" line="bind-address = {{ controller_public_ip }}"
  - lineinfile: dest=/etc/my.cnf regexp="^default-storage-engine" insertafter="^\[mysqld\]" line="default-storage-engine = innodb"
  - lineinfile: dest=/etc/my.cnf regexp="^collation-server" insertafter="^\[mysqld\]" line="collation-server = utf8_general_ci"
  - lineinfile: dest=/etc/my.cnf regexp="^init-connect" insertafter="^\[mysqld\]" line="init-connect = 'SET NAMES utf8'"
  - lineinfile: dest=/etc/my.cnf regexp="^character-set-server " insertafter="^\[mysqld\]" line="character-set-server = utf8"
  - service: name=mysqld state=started enabled=yes
    # 'localhost' needs to be the last item for idempotency, see
    # http://ansible.cc/docs/modules.html#mysql-user
  - name: update mysql root password for all root accounts
    mysql_user: name=root host={{ item }} password={{ DBPASSWORD }}
    with_items:
      - "{{ controller_public_ip }}"
      - 127.0.0.1
      - ::1
      - localhost
  - name: copy .my.cnf file with root password credentials
    template: src={{ files }}/my.cnf dest=/root/.my.cnf owner=root mode=0600
  - name: delete anonymous MySQL server user for $server_hostname
    action: mysql_user user="" host="{{ controller_public_ip }}" state="absent"
  - name: delete anonymous MySQL server user for localhost
    action: mysql_user user="" state="absent"
  - name: remove the MySQL test database
    action: mysql_db db=test state=absent


  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-packages.html
  - yum: state=present name=http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-2.noarch.rpm
  - yum: state=present name=http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
  #- yum: state=present name=http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
  - yum: state=present name=openstack-utils
  - yum: state=present name=openstack-selinux
  - yum: name=* state=latest

  # here docs recommend reboot, I will just skip it

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-queue.html
  - yum: name="qpid-cpp-server" state=present
  - lineinfile: dest=/etc/qpidd.conf regexp="^auth= " insertafter="^#auth" line="auth=no"
  # TODO harden qpid installation
  - service: name=qpidd state=started enabled=yes

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/keystone-install.html
  - name: install identity service
    action: yum state=present pkg={{ item }}
    with_items:
    - openstack-keystone
    - python-keystoneclient
  - command: openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:{{ KEYSTONE_DBPASS }}@localhost/keystone
  - mysql_db: name=keystone state=present
  - mysql_user: name=keystone host=localhost password={{ KEYSTONE_DBPASS }} priv='keystone.*:ALL'
  - mysql_user: name=keystone host="%" password={{ KEYSTONE_DBPASS }} priv='keystone.*:ALL'
  - command: su -s /bin/sh -c "keystone-manage db_sync" keystone
  - command: openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token {{ ADMIN_TOKEN }}
  - command: keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
  - file: path=/etc/keystone/ssl recurse=yes owner=keystone group=keystone
  - command: chmod -R o-rwx /etc/keystone/ssl
  - service: name=openstack-keystone state=started enabled=yes
  - shell: echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' > /var/spool/cron/root

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/keystone-users.html
  # instead of exported vars use: --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }}
  - shell: keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} user-list | grep ' admin ' || keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} user-create --name=admin --pass={{ ADMIN_PASS }} --email={{ ADMIN_EMAIL }}
  - shell: keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} role-list | grep ' admin ' || keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} role-create --name=admin
  - shell: keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} tenant-list | grep ' admin ' || keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} tenant-create --name=admin --description="Admin Tenant"
  - shell: keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} user-role-list --user=admin --tenant=admin | grep ' admin ' || keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} user-role-add --user=admin --tenant=admin --role=admin
  - shell: keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} user-role-list --user=admin --tenant=admin | grep ' _member_ ' || keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} user-role-add --user=admin --role=_member_ --tenant=admin
  # SKIPPED - creating normal user, FIXME later by real users
  - shell: keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} tenant-list | grep ' service ' || keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} tenant-create --name=service --description="Service Tenant"


  # http://docs.openstack.org/trunk/install-guide/install/yum/content/keystone-services.html
  - shell: keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} service-list | grep ' identity ' || keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} service-create --name=keystone --type=identity --description="OpenStack Identity"
  - shell: keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} service-list | awk '/ identity / {print $2}'
    register: SERVICE_ID
  - shell: keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} endpoint-list | grep {{ SERVICE_ID.stdout }} || keystone --os-token {{ ADMIN_TOKEN }} --os-endpoint {{ endpoint }} endpoint-create --service-id={{ SERVICE_ID.stdout }} --publicurl=http://controller:5000/v2.0 --internalurl=http://controller:5000/v2.0 --adminurl={{ endpoint }}

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/keystone-verify.html
  - command: keystone --os-username=admin --os-password={{ ADMIN_PASS }} --os-auth-url={{ endpoint }} token-get
  - command: keystone --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url={{endpoint}} token-get

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/install_clients.html
  - name: install client packages
    action: yum state=present pkg={{ item }}
    with_items:
    - python-ceilometerclient
    - python-cinderclient
    - python-glanceclient
    - python-heatclient
    - python-keystoneclient
    - python-neutronclient
    - python-novaclient
    - python-swiftclient
    - python-troveclient

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/cli_openrc.html
  - template: src={{ files }}/admin-openrc.sh dest=/root/ owner=root mode=0600

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/glance-install.html
  - name: install Image Service on the controller node
    action: yum state=present pkg={{ item }}
    with_items:
    - openstack-glance
    - python-glanceclient
  - command: openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:{{GLANCE_DBPASS}}@controller/glance
  - command: openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:{{GLANCE_DBPASS}}@controller/glance
  - command: openstack-config --set /etc/glance/glance-api.conf DEFAULT rpc_backend qpid
  - command: openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname controller
  - mysql_db: name=glance state=present
  - mysql_user: name=glance host=localhost password={{ GLANCE_DBPASS }} priv='glance.*:ALL'
  - mysql_user: name=glance host="%" password={{ GLANCE_DBPASS }} priv='glance.*:ALL'
  - command: su -s /bin/sh -c "glance-manage db_sync" glance
  - shell: source /root/admin-openrc.sh && keystone user-list | grep ' glance ' || keystone user-create --name=glance --pass={{GLANCE_PASS}} --email=root@localhost
  - shell: source /root/admin-openrc.sh && keystone user-role-list --user=glance --tenant=service | grep ' admin ' || keystone user-role-add --user=glance --tenant=service --role=admin
  - command: openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
  - command: openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
  - command: openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
  - command: openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
  - command: openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
  - command: openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
  - command: openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password {{GLANCE_PASS}}
  - command: openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
  - command: openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
  - command: openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
  - command: openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
  - command: openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
  - command: openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
  - command: openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
  - command: openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password {{GLANCE_PASS}}
  - command: openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
  - shell: source /root/admin-openrc.sh && keystone service-list | grep ' image ' || keystone service-create --name=glance --type=image --description="OpenStack Image Service"
  - shell: source /root/admin-openrc.sh && keystone service-list | awk '/ image / {print $2}'
    register: SERVICE_ID
  - shell: source /root/admin-openrc.sh && keystone endpoint-list | grep {{ SERVICE_ID.stdout }} || keystone endpoint-create --service-id={{ SERVICE_ID.stdout }} --publicurl=http://controller:9292 --internalurl=http://controller:9292 --adminurl=http://controller:9292
  - service: name=openstack-glance-api state=started enabled=yes
  - service: name=openstack-glance-registry state=started enabled=yes

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/glance-verify.html
  - get_url: url=http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img dest=/root/cirros-0.3.2-x86_64-disk.img mode=0440
  - shell: source /root/admin-openrc.sh && glance image-list |grep "cirros-0.3.2-x86_64" || glance image-create --name=cirros-0.3.2-x86_64 --disk-format=qcow2 --container-format=bare --is-public=True < /root/cirros-0.3.2-x86_64-disk.img

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/nova-controller.html
  - name: install the Compute packages necessary for the controller node
    action: yum state=present pkg={{ item }}
    with_items:
    - openstack-nova-api
    - openstack-nova-cert
    - openstack-nova-conductor
    - openstack-nova-console
    - openstack-nova-novncproxy
    - openstack-nova-scheduler
    - python-novaclient
  - command: openstack-config --set /etc/nova/nova.conf database connection mysql://nova:{{NOVA_DBPASS}}@controller/nova
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT my_ip {{ controller_private_ip }}
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen {{ controller_private_ip }}
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address {{ controller_private_ip }}
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT glance_api_servers controller:9292
  - mysql_db: name=nova state=present
  - mysql_user: name=nova host=localhost password={{ NOVA_DBPASS }} priv='nova.*:ALL'
  - mysql_user: name=nova host="%" password={{ NOVA_DBPASS }} priv='nova.*:ALL'
  - command: su -s /bin/sh -c "nova-manage db sync" nova
  - shell: source /root/admin-openrc.sh && keystone user-list | grep ' nova ' || keystone user-create --name=nova --pass={{NOVA_PASS}} --email=root@localhost
  - shell: source /root/admin-openrc.sh && keystone user-role-list --user=nova --tenant=service | grep ' admin ' || keystone user-role-add --user=nova --tenant=service --role=admin
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password {{ NOVA_PASS }}
  - shell: source /root/admin-openrc.sh && keystone service-list | grep ' compute ' || keystone service-create --name=nova --type=compute --description="OpenStack Compute"
  - shell: source /root/admin-openrc.sh && keystone service-list | awk '/ compute / {print $2}'
    register: SERVICE_ID
  - shell: source /root/admin-openrc.sh && keystone endpoint-list | grep {{ SERVICE_ID.stdout }} || keystone endpoint-create --service-id={{ SERVICE_ID.stdout }} --publicurl='http://controller:8774/v2/%(tenant_id)s' --internalurl='http://controller:8774/v2/%(tenant_id)s' --adminurl='http://controller:8774/v2/%(tenant_id)s'
  - service: name={{ item }} state=started enabled=yes
    with_items:
    - openstack-nova-api
    - openstack-nova-cert
    - openstack-nova-consoleauth
    - openstack-nova-scheduler
    - openstack-nova-conductor
    - openstack-nova-novncproxy
  - shell: source /root/admin-openrc.sh && nova image-list

  # FIXME do this on others compute nodes as well
  # http://docs.openstack.org/trunk/install-guide/install/yum/content/nova-compute.html
  - action: yum state=present pkg=openstack-nova-compute
  - command: openstack-config --set /etc/nova/nova.conf database connection mysql://nova:{{NOVA_DBPASS}}@controller/nova
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
  - command: openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password {{NOVA_PASS}}
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT my_ip {{ compute1_private_ip }}
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address {{ compute1_private_ip }}
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT glance_host controller
  # FIXME if 
  # egrep -c '(vmx|svm)' /proc/cpuinfo
  # returns 0 then run
  # openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
  - service: name={{ item }} state=started enabled=yes
    with_items:
    - libvirtd
    - messagebus
    - openstack-nova-compute

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/neutron-ml2-controller-node.html
  - mysql_db: name=neutron state=present
  - mysql_user: name=neutron host=localhost password={{ NEUTRON_DBPASS }} priv='neutron.*:ALL'
  - mysql_user: name=neutron host="%" password={{ NEUTRON_DBPASS }} priv='neutron.*:ALL'
  - shell: source /root/admin-openrc.sh && keystone user-list | grep ' neutron ' || keystone user-create --name neutron --pass {{NEUTRON_PASS}} --email root@localhost
  - shell: source /root/admin-openrc.sh && user-role-list --user neutron --tenant service | grep ' admin ' || keystone user-role-add --user neutron --tenant service --role admin
  - shell: source /root/admin-openrc.sh && keystone service-list | grep ' network ' || keystone service-create --name neutron --type network --description "OpenStack Networking"
  - shell: source /root/admin-openrc.sh && keystone service-list | awk '/ network / {print $2}'
    register: SERVICE_ID
  - shell: source /root/admin-openrc.sh && keystone endpoint-list | grep {{ SERVICE_ID.stdout }} || keystone endpoint-create --service-id {{ SERVICE_ID.stdout }} --publicurl http://controller:9696 --adminurl http://controller:9696 --internalurl http://controller:9696
  - action: yum state=present pkg={{ item }}
    with_items:
    - openstack-neutron
    - openstack-neutron-ml2
    - python-neutronclient
  # To configure the Networking server component
  # 1.
  - command: openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:{{NEUTRON_DBPASS}}@controller/neutron
  # 2.
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
  - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
  - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_host controller
  - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_protocol http
  - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357
  - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service
  - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron
  - command: openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password {{NEUTRON_PASS}}
  # 3.
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_qpid
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT qpid_hostname controller
  # 4.
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_username nova
  - shell: source /root/admin-openrc.sh && keystone tenant-list | awk '/ service / { print $2 }'
    register TENANT_ID
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id {{ TENANT_ID.stdout }}
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_password {{NOVA_PASS}}
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://controller:35357/v2.0
  # 5.
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
  - command: openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
  # 6.
  # FIXME - Comment out any lines in the [service_providers] section.
  # To configure the Modular Layer 2 (ML2) plug-in
  - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers gre
  - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre
  - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
  - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000
  - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
  - command: openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True
  # To configure Compute to use Networking
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://controller:9696
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_auth_strategy keystone
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password {{NEUTRON_PASS}}
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://controller:35357/v2.0
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
  - command: openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
  # To finalize installation
  - command: ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
  - service: name={{ item }} state=restarted
    with_items:
    - openstack-nova-api
    - openstack-nova-scheduler
    - openstack-nova-conductor
  - service: name=neutron-server state=started enabled=yes

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/neutron-ml2-network-node.html
  # 
  # FIXME - continue with the same chapter