diff options
author | Andy Doan <andy.doan@linaro.org> | 2016-05-16 15:52:24 -0500 |
---|---|---|
committer | Andy Doan <andy.doan@linaro.org> | 2016-05-18 13:31:39 -0500 |
commit | fe167f59ecd0923c6c6af71c33b69788afdea4b1 (patch) | |
tree | 6568d1ebed00b0f0035f49fcff6e516ed2a38778 | |
parent | b7834acfa4715e2dd0bcca20986d325984afcfcd (diff) |
colo/devcloud: add logic to deploy a compute nodedevcloud
Change-Id: I3166d8f0623088bf05811a6fb95cb8ac449dbfc0
-rw-r--r-- | devcloud.yml | 7 | ||||
-rw-r--r-- | roles/devcloud/files/chrony.conf | 87 | ||||
-rw-r--r-- | roles/devcloud/files/jessie-backports | 8 | ||||
-rw-r--r-- | roles/devcloud/files/ml2_conf.ini | 15 | ||||
-rw-r--r-- | roles/devcloud/files/nova-compute.conf | 6 | ||||
-rw-r--r-- | roles/devcloud/handlers/main.yml | 8 | ||||
-rw-r--r-- | roles/devcloud/tasks/main.yml | 53 | ||||
-rw-r--r-- | roles/devcloud/templates/linuxbridge_agent.ini | 15 | ||||
-rw-r--r-- | roles/devcloud/templates/neutron.conf | 28 | ||||
-rw-r--r-- | roles/devcloud/templates/nova.conf | 42 |
10 files changed, 269 insertions, 0 deletions
diff --git a/devcloud.yml b/devcloud.yml new file mode 100644 index 00000000..7c54ff76 --- /dev/null +++ b/devcloud.yml @@ -0,0 +1,7 @@ +- name: Configure dev-cloud compute nodes + hosts: dev-cloud + become: yes + vars_files: + - ["{{secrets_dir}}/group_vars/dev-cloud"] + roles: + - {role: devcloud, tags: [devcloud]} diff --git a/roles/devcloud/files/chrony.conf b/roles/devcloud/files/chrony.conf new file mode 100644 index 00000000..9414341e --- /dev/null +++ b/roles/devcloud/files/chrony.conf @@ -0,0 +1,87 @@ +# MANAGED BY ANSIBLE - DO NOT HAND EDIT! +# This the default chrony.conf file for the Debian chrony package. After +# editing this file use the command 'invoke-rc.d chrony restart' to make +# your changes take effect. John Hasler <jhasler@debian.org> 1998-2008 + +# consider joining the project if possible. If you can't or don't want to +# is down. Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc +# commands to switch it on when a dialup link comes up and off when it goes +# down. Code in /etc/init.d/chrony attempts to determine whether or not +# the link is up at boot time and set the online status accordingly. If +# you have an always-on connection such as cable omit the 'offline' +# directive and chronyd will default to online. +# +# fails they will be discarded. Thus under some circumstances it is +# better to use IP numbers than host names. + + + +# Look here for the admin password needed for chronyc. The initial +# password is generated by a random process at install time. You may +# change it if you wish. + +keyfile /etc/chrony/chrony.keys + +# Set runtime command key. Note that if you change the key (not the +# password) to anything other than 1 you will need to edit +# /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony +# and /etc/cron.weekly/chrony as these scripts use it to get the password. + +commandkey 1 + +# I moved the driftfile to /var/lib/chrony to comply with the Debian +# filesystem standard. + +driftfile /var/lib/chrony/chrony.drift + +# Comment this line out to turn off logging. + +log tracking measurements statistics +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. + +maxupdateskew 100.0 + +# Dump measurements when daemon exits. + +dumponexit + +# Specify directory for dumping measurements. + +dumpdir /var/lib/chrony + + +local stratum 10 + + +allow 10/8 +allow 192.168/16 +allow 172.16/12 + +# This directive forces `chronyd' to send a message to syslog if it +# makes a system clock adjustment larger than a threshold value in seconds. + +logchange 0.5 + +# This directive defines an email address to which mail should be sent +# if chronyd applies a correction exceeding a particular threshold to the +# system clock. + +# mailonchange root@localhost 0.5 + +# This directive tells chrony to regulate the real-time clock and tells it +# Where to store related data. It may not work on some newer motherboards +# that use the HPET real-time clock. It requires enhanced real-time +# support in the kernel. I've commented it out because with certain +# combinations of motherboard and kernel it is reported to cause lockups. + +# rtcfile /var/lib/chrony/chrony.rtc + +# If the last line of this file reads 'rtconutc' chrony will assume that +# the CMOS clock is on UTC (GMT). If it reads '# rtconutc' or is absent +# chrony will assume local time. The line (if any) was written by the +# chrony postinst based on what it found in /etc/default/rcS. You may +# change it if necessary. +rtconutc +server controller iburst diff --git a/roles/devcloud/files/jessie-backports b/roles/devcloud/files/jessie-backports new file mode 100644 index 00000000..6dd3128e --- /dev/null +++ b/roles/devcloud/files/jessie-backports @@ -0,0 +1,8 @@ +# MANAGED BY ANSIBLE - DO NOT HAND EDIT! +Package: * +Pin: release a=jessie-backports +Pin-Priority: 500 + +Package: qemu* +Pin: release a=jessie-backports +Pin-Priority: 600 diff --git a/roles/devcloud/files/ml2_conf.ini b/roles/devcloud/files/ml2_conf.ini new file mode 100644 index 00000000..2804607b --- /dev/null +++ b/roles/devcloud/files/ml2_conf.ini @@ -0,0 +1,15 @@ +# MANAGED BY ANSIBLE - DO NOT HAND EDIT! +[ml2] +type_drivers = flat,vlan,vxlan +tenant_network_types = vxlan +mechanism_drivers = linuxbridge,l2population +extension_drivers = port_security + +[ml2_type_flat] +flat_networks = public + +[ml2_type_vxlan] +vni_ranges = 1:1000 + +[securitygroup] +enable_ipset = True diff --git a/roles/devcloud/files/nova-compute.conf b/roles/devcloud/files/nova-compute.conf new file mode 100644 index 00000000..7720cdbc --- /dev/null +++ b/roles/devcloud/files/nova-compute.conf @@ -0,0 +1,6 @@ +# MANAGED BY ANSIBLE - DO NOT HAND EDIT! +[DEFAULT] +compute_driver=libvirt.LibvirtDriver + +[libvirt] +virt_type=kvm diff --git a/roles/devcloud/handlers/main.yml b/roles/devcloud/handlers/main.yml new file mode 100644 index 00000000..36c1d5c3 --- /dev/null +++ b/roles/devcloud/handlers/main.yml @@ -0,0 +1,8 @@ +- name: restart-chrony + service: name=chrony state=restarted + +- name: restart-nova + service: name=nova-compute state=restarted + +- name: restart-neutron + service: name=neutron-linuxbridge-agent state=restarted diff --git a/roles/devcloud/tasks/main.yml b/roles/devcloud/tasks/main.yml new file mode 100644 index 00000000..72b67de1 --- /dev/null +++ b/roles/devcloud/tasks/main.yml @@ -0,0 +1,53 @@ +- name: Add Jessie Backports pinning + copy: src=jessie-backports dest=/etc/apt/preferences.d/ + register: backports + +- name: Update apt if needed + when: backports is defined and backports.changed + apt: update_cache=yes + +- name: Install nova-compute packages + apt: pkg={{item}} state=installed + with_items: + - chrony + - nova-compute + - sysfsutils + +- name: Install neutron packages + apt: pkg={{item}} state=installed + with_items: + - neutron-plugin-linuxbridge-agent + - conntrack + +- name: Configure chrony (ntp) + copy: src=chrony.conf dest=/etc/chrony/chrony.conf + notify: + - restart-chrony + +- name: Configure nova-compute + copy: src=nova-compute.conf dest=/etc/nova + notify: restart-nova + +- name: Configure nova + template: src=nova.conf dest=/etc/nova + notify: restart-nova + +- name: Configure neutron.conf + template: src=neutron.conf dest=/etc/neutron/ + notify: restart-neutron + +- name: Configure neutron ml2_conf + copy: src=ml2_conf.ini dest=/etc/neutron/plugins/ml2/ + notify: restart-neutron + +- name: Configure linuxbridge_agent.ini + template: src=linuxbridge_agent.ini dest=/etc/neutron/plugins/ml2/ + notify: restart-neutron + +- name: packaging hack + file: src=/etc/neutron/plugins/ml2 state=link + dest=/etc/neutron/plugins/linuxbridge + +- name: packaging hack + file: src=/etc/neutron/plugins/ml2/linuxbridge_agent.ini state=link + dest=/etc/neutron/plugins/ml2/linuxbridge_conf.ini diff --git a/roles/devcloud/templates/linuxbridge_agent.ini b/roles/devcloud/templates/linuxbridge_agent.ini new file mode 100644 index 00000000..99f416ad --- /dev/null +++ b/roles/devcloud/templates/linuxbridge_agent.ini @@ -0,0 +1,15 @@ +# MANAGED BY ANSIBLE - DO NOT HAND EDIT! +[linux_bridge] +physical_interface_mappings = public:eno1 + +[vxlan] +enable_vxlan = True +local_ip = {{ansible_default_ipv4.address}} +l2_population = True + +[agent] +prevent_arp_spoofing = True + +[securitygroup] +enable_security_group = True +firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver diff --git a/roles/devcloud/templates/neutron.conf b/roles/devcloud/templates/neutron.conf new file mode 100644 index 00000000..36854b8c --- /dev/null +++ b/roles/devcloud/templates/neutron.conf @@ -0,0 +1,28 @@ +# MANAGED BY ANSIBLE - DO NOT HAND EDIT! +[DEFAULT] +verbose = True +debug = True +state_path = /var/lib/neutron +rpc_backend = rabbit +auth_strategy = keystone + +[keystone_authtoken] +auth_uri = http://controller:5000 +auth_url = http://controller:35357 +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{neutron_user}} +password = {{neutron_pass}} + +[oslo_messaging_rabbit] +rabbit_host = controller +rabbit_userid = {{rabbit_user}} +rabbit_password = {{rabbit_pass}} + +[oslo_concurrency] +lock_path = $state_path/lock + +[agent] + diff --git a/roles/devcloud/templates/nova.conf b/roles/devcloud/templates/nova.conf new file mode 100644 index 00000000..580fc940 --- /dev/null +++ b/roles/devcloud/templates/nova.conf @@ -0,0 +1,42 @@ +# MANAGED BY ANSIBLE - DO NOT HAND EDIT! +[DEFAULT] +state_path=/var/lib/nova +lock_path=/var/lock/nova +rootwrap_config=/etc/nova/rootwrap.conf +vnc_enabled=false +rpc_backend = rabbit +auth_strategy = keystone +my_ip = {{ansible_default_ipv4.address}} +network_api_class = nova.network.neutronv2.api.API +security_group_api = neutron +linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver + +[glance] +host = controller + +[keystone_authtoken] +auth_uri = http://controller:5000 +auth_url = http://controller:35357 +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{nova_user}} +password = {{nova_pass}} + +[oslo_messaging_rabbit] +rabbit_host = controller +rabbit_userid = {{rabbit_user}} +rabbit_password = {{rabbit_pass}} + +[neutron] +url = http://controller:9696 +auth_url = http://controller:35357 +auth_plugin = password +project_domain_id = default +user_domain_id = default +region_name = RegionOne +project_name = service +username = {{neutron_user}} +password = {{neutron_pass}} |