colo/devcloud: add logic to deploy a compute nodedevcloud

Change-Id: I3166d8f0623088bf05811a6fb95cb8ac449dbfc0

10 files changed, 269 insertions, 0 deletions

diff --git a/devcloud.yml b/devcloud.yml
new file mode 100644
index 00000000..7c54ff76
--- /dev/null
+++ b/devcloud.yml
@@ -0,0 +1,7 @@
+- name: Configure dev-cloud compute nodes
+  hosts: dev-cloud
+  become: yes
+  vars_files:
+    - ["{{secrets_dir}}/group_vars/dev-cloud"]
+  roles:
+    - {role: devcloud, tags: [devcloud]}
diff --git a/roles/devcloud/files/chrony.conf b/roles/devcloud/files/chrony.conf
new file mode 100644
index 00000000..9414341e
--- /dev/null
+++ b/roles/devcloud/files/chrony.conf
@@ -0,0 +1,87 @@
+# MANAGED BY ANSIBLE - DO NOT HAND EDIT!
+# This the default chrony.conf file for the Debian chrony package.  After
+# editing this file use the command 'invoke-rc.d chrony restart' to make
+# your changes take effect.  John Hasler <jhasler@debian.org> 1998-2008
+
+# consider joining the project if possible.  If you can't or don't want to
+# is down.  Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc
+# commands to switch it on when a dialup link comes up and off when it goes
+# down.  Code in /etc/init.d/chrony attempts to determine whether or not
+# the link is up at boot time and set the online status accordingly.  If
+# you have an always-on connection such as cable omit the 'offline'
+# directive and chronyd will default to online.
+#
+# fails they will be discarded.  Thus under some circumstances it is
+# better to use IP numbers than host names.
+
+
+
+# Look here for the admin password needed for chronyc.  The initial
+# password is generated by a random process at install time.  You may
+# change it if you wish.
+
+keyfile /etc/chrony/chrony.keys
+
+# Set runtime command key.  Note that if you change the key (not the
+# password) to anything other than 1 you will need to edit
+# /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony
+# and /etc/cron.weekly/chrony as these scripts use it to get the password.
+
+commandkey 1
+
+# I moved the driftfile to /var/lib/chrony to comply with the Debian
+# filesystem standard.
+
+driftfile /var/lib/chrony/chrony.drift
+
+# Comment this line out to turn off logging.
+
+log tracking measurements statistics
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+
+maxupdateskew 100.0
+
+# Dump measurements when daemon exits.
+
+dumponexit
+
+# Specify directory for dumping measurements.
+
+dumpdir /var/lib/chrony
+
+
+local stratum 10
+
+
+allow 10/8
+allow 192.168/16
+allow 172.16/12
+
+# This directive forces `chronyd' to send a message to syslog if it
+# makes a system clock adjustment larger than a threshold value in seconds.
+
+logchange 0.5
+
+# This directive defines an email address to which mail should be sent
+# if chronyd applies a correction exceeding a particular threshold to the
+# system clock.
+
+# mailonchange root@localhost 0.5
+
+# This directive tells chrony to regulate the real-time clock and tells it
+# Where to store related data.  It may not work on some newer motherboards
+# that use the HPET real-time clock.  It requires enhanced real-time
+# support in the kernel.  I've commented it out because with certain
+# combinations of motherboard and kernel it is reported to cause lockups.
+
+# rtcfile /var/lib/chrony/chrony.rtc
+
+# If the last line of this file reads 'rtconutc' chrony will assume that
+# the CMOS clock is on UTC (GMT).  If it reads '# rtconutc' or is absent
+# chrony will assume local time.  The line (if any) was written by the
+# chrony postinst based on what it found in /etc/default/rcS.  You may
+# change it if necessary.
+rtconutc
+server controller iburst
diff --git a/roles/devcloud/files/jessie-backports b/roles/devcloud/files/jessie-backports
new file mode 100644
index 00000000..6dd3128e
--- /dev/null
+++ b/roles/devcloud/files/jessie-backports
@@ -0,0 +1,8 @@
+# MANAGED BY ANSIBLE - DO NOT HAND EDIT!
+Package: *
+Pin: release a=jessie-backports
+Pin-Priority: 500
+
+Package: qemu*
+Pin: release a=jessie-backports
+Pin-Priority: 600
diff --git a/roles/devcloud/files/ml2_conf.ini b/roles/devcloud/files/ml2_conf.ini
new file mode 100644
index 00000000..2804607b
--- /dev/null
+++ b/roles/devcloud/files/ml2_conf.ini
@@ -0,0 +1,15 @@
+# MANAGED BY ANSIBLE - DO NOT HAND EDIT!
+[ml2]
+type_drivers = flat,vlan,vxlan
+tenant_network_types = vxlan
+mechanism_drivers = linuxbridge,l2population
+extension_drivers = port_security
+
+[ml2_type_flat]
+flat_networks = public
+
+[ml2_type_vxlan]
+vni_ranges = 1:1000
+
+[securitygroup]
+enable_ipset = True
diff --git a/roles/devcloud/files/nova-compute.conf b/roles/devcloud/files/nova-compute.conf
new file mode 100644
index 00000000..7720cdbc
--- /dev/null
+++ b/roles/devcloud/files/nova-compute.conf
@@ -0,0 +1,6 @@
+# MANAGED BY ANSIBLE - DO NOT HAND EDIT!
+[DEFAULT]
+compute_driver=libvirt.LibvirtDriver
+
+[libvirt]
+virt_type=kvm
diff --git a/roles/devcloud/handlers/main.yml b/roles/devcloud/handlers/main.yml
new file mode 100644
index 00000000..36c1d5c3
--- /dev/null
+++ b/roles/devcloud/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: restart-chrony
+  service: name=chrony state=restarted
+
+- name: restart-nova
+  service: name=nova-compute state=restarted
+
+- name: restart-neutron
+  service: name=neutron-linuxbridge-agent state=restarted
diff --git a/roles/devcloud/tasks/main.yml b/roles/devcloud/tasks/main.yml
new file mode 100644
index 00000000..72b67de1
--- /dev/null
+++ b/roles/devcloud/tasks/main.yml
@@ -0,0 +1,53 @@
+- name: Add Jessie Backports pinning
+  copy: src=jessie-backports dest=/etc/apt/preferences.d/
+  register: backports
+
+- name: Update apt if needed
+  when: backports is defined and backports.changed
+  apt: update_cache=yes
+
+- name: Install nova-compute packages
+  apt: pkg={{item}} state=installed
+  with_items:
+    - chrony
+    - nova-compute
+    - sysfsutils
+
+- name: Install neutron packages
+  apt: pkg={{item}} state=installed
+  with_items:
+    - neutron-plugin-linuxbridge-agent
+    - conntrack
+
+- name: Configure chrony (ntp)
+  copy: src=chrony.conf dest=/etc/chrony/chrony.conf
+  notify:
+    - restart-chrony
+
+- name: Configure nova-compute
+  copy: src=nova-compute.conf dest=/etc/nova
+  notify: restart-nova
+
+- name: Configure nova
+  template: src=nova.conf dest=/etc/nova
+  notify: restart-nova
+
+- name: Configure neutron.conf
+  template: src=neutron.conf dest=/etc/neutron/
+  notify: restart-neutron
+
+- name: Configure neutron ml2_conf
+  copy: src=ml2_conf.ini dest=/etc/neutron/plugins/ml2/
+  notify: restart-neutron
+
+- name: Configure linuxbridge_agent.ini
+  template: src=linuxbridge_agent.ini dest=/etc/neutron/plugins/ml2/
+  notify: restart-neutron
+
+- name: packaging hack
+  file: src=/etc/neutron/plugins/ml2 state=link
+        dest=/etc/neutron/plugins/linuxbridge
+
+- name: packaging hack
+  file: src=/etc/neutron/plugins/ml2/linuxbridge_agent.ini state=link
+        dest=/etc/neutron/plugins/ml2/linuxbridge_conf.ini
diff --git a/roles/devcloud/templates/linuxbridge_agent.ini b/roles/devcloud/templates/linuxbridge_agent.ini
new file mode 100644
index 00000000..99f416ad
--- /dev/null
+++ b/roles/devcloud/templates/linuxbridge_agent.ini
@@ -0,0 +1,15 @@
+# MANAGED BY ANSIBLE - DO NOT HAND EDIT!
+[linux_bridge]
+physical_interface_mappings = public:eno1
+
+[vxlan]
+enable_vxlan = True
+local_ip = {{ansible_default_ipv4.address}}
+l2_population = True
+
+[agent]
+prevent_arp_spoofing = True
+
+[securitygroup]
+enable_security_group = True
+firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
diff --git a/roles/devcloud/templates/neutron.conf b/roles/devcloud/templates/neutron.conf
new file mode 100644
index 00000000..36854b8c
--- /dev/null
+++ b/roles/devcloud/templates/neutron.conf
@@ -0,0 +1,28 @@
+# MANAGED BY ANSIBLE - DO NOT HAND EDIT!
+[DEFAULT]
+verbose = True
+debug = True
+state_path = /var/lib/neutron
+rpc_backend = rabbit
+auth_strategy = keystone
+
+[keystone_authtoken]
+auth_uri = http://controller:5000
+auth_url = http://controller:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{neutron_user}}
+password = {{neutron_pass}}
+
+[oslo_messaging_rabbit]
+rabbit_host = controller
+rabbit_userid = {{rabbit_user}}
+rabbit_password = {{rabbit_pass}}
+
+[oslo_concurrency]
+lock_path = $state_path/lock
+
+[agent]
+
diff --git a/roles/devcloud/templates/nova.conf b/roles/devcloud/templates/nova.conf
new file mode 100644
index 00000000..580fc940
--- /dev/null
+++ b/roles/devcloud/templates/nova.conf
@@ -0,0 +1,42 @@
+# MANAGED BY ANSIBLE - DO NOT HAND EDIT!
+[DEFAULT]
+state_path=/var/lib/nova
+lock_path=/var/lock/nova
+rootwrap_config=/etc/nova/rootwrap.conf
+vnc_enabled=false
+rpc_backend = rabbit
+auth_strategy = keystone
+my_ip = {{ansible_default_ipv4.address}}
+network_api_class = nova.network.neutronv2.api.API
+security_group_api = neutron
+linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
+[glance]
+host = controller
+
+[keystone_authtoken]
+auth_uri = http://controller:5000
+auth_url = http://controller:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{nova_user}}
+password = {{nova_pass}}
+
+[oslo_messaging_rabbit]
+rabbit_host = controller
+rabbit_userid = {{rabbit_user}}
+rabbit_password = {{rabbit_pass}}
+
+[neutron]
+url = http://controller:9696
+auth_url = http://controller:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+region_name = RegionOne
+project_name = service
+username = {{neutron_user}}
+password = {{neutron_pass}}