Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 85b896cfe4861e7484499dfa7078e6bbcc7e95e4 / . / playbooks / generate_workspace.yml
blob: c072d947e49f83bd4ca3395a1d3eec7ad74db77c [file] [log] [blame]
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]1# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15- name: Generate workspace for Atmosphere
16 hosts: localhost
17 gather_facts: false
18 tasks:
19 - name: Create folders for workspace
20 ansible.builtin.file:
21 path: "{{ workspace_path }}/{{ item }}"
22 state: directory
23 loop:
24 - group_vars
25 - group_vars/all
26 - group_vars/controllers
27 - group_vars/cephs
28 - group_vars/computes
29 - host_vars
30
31- name: Generate Ceph control plane configuration for workspace
32 hosts: localhost
33 gather_facts: false
34 vars:
35 _ceph_path: "{{ workspace_path }}/group_vars/all/ceph.yml"
36 # Input variables
37 ceph_fsid: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
38 ceph_public_network: 10.96.240.0/24
39 tasks:
40 - name: Ensure the Ceph control plane configuration file exists
41 ansible.builtin.file:
42 path: "{{ _ceph_path }}"
43 state: touch
44
45 - name: Load the current Ceph control plane configuration into a variable
46 ansible.builtin.include_vars:
47 file: "{{ _ceph_path }}"
48 name: ceph
49
50 - name: Generate Ceph control plane values for missing variables
51 ansible.builtin.set_fact:
52 ceph: "{{ ceph | default({}) | combine({item.key: item.value}) }}"
53 # NOTE(mnaser): We don't want to override existing Ceph configurations,
54 # so we generate a stub one if and only if it doesn't exist
55 when: item.key not in ceph
56 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
57 # doing this using `with_fileglob` or `with_filetree`
58 with_dict:
59 ceph_mon_fsid: "{{ ceph_fsid }}"
60 ceph_mon_public_network: "{{ ceph_public_network }}"
61
62 - name: Write new Ceph control plane configuration file to disk
63 ansible.builtin.copy:
64 content: "{{ ceph | to_nice_yaml(indent=2, width=180) }}"
65 dest: "{{ _ceph_path }}"
66
67- name: Generate Ceph OSD configuration for workspace
68 hosts: localhost
69 gather_facts: false
70 vars:
71 _ceph_osd_path: "{{ workspace_path }}/group_vars/cephs/osds.yml"
72 tasks:
73 - name: Ensure the Ceph OSDs configuration file exists
74 ansible.builtin.file:
75 path: "{{ _ceph_osd_path }}"
76 state: touch
77
78 - name: Load the current Ceph OSDs configuration into a variable
79 ansible.builtin.include_vars:
80 file: "{{ _ceph_osd_path }}"
81 name: ceph_osd
82
83 - name: Generate Ceph OSDs values for missing variables
84 ansible.builtin.set_fact:
85 ceph_osd: "{{ ceph_osd | default({}) | combine({item.key: item.value}) }}"
86 # NOTE(mnaser): We don't want to override existing Ceph configurations,
87 # so we generate a stub one if and only if it doesn't exist
88 when: item.key not in ceph_osd
89 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
90 # doing this using `with_fileglob` or `with_filetree`
91 with_dict:
92 ceph_osd_devices:
93 - /dev/vdb
94 - /dev/vdc
95 - /dev/vdd
96
97 - name: Write new Ceph OSDs configuration file to disk
98 ansible.builtin.copy:
99 content: "{{ ceph_osd | to_nice_yaml(indent=2, width=180) }}"
100 dest: "{{ _ceph_osd_path }}"
101
102- name: Generate Kubernetes configuration for workspace
103 hosts: localhost
104 gather_facts: false
105 vars:
106 _kubernetes_path: "{{ workspace_path }}/group_vars/all/kubernetes.yml"
107 tasks:
108 - name: Ensure the Kubernetes configuration file exists
109 ansible.builtin.file:
110 path: "{{ _kubernetes_path }}"
111 state: touch
112
113 - name: Load the current Kubernetes configuration into a variable
114 ansible.builtin.include_vars:
115 file: "{{ _kubernetes_path }}"
116 name: kubernetes
117
118 - name: Generate Kubernetes values for missing variables
119 ansible.builtin.set_fact:
120 kubernetes: "{{ kubernetes | default({}) | combine({item.key: item.value}) }}"
121 # NOTE(mnaser): We don't want to override existing Ceph configurations,
122 # so we generate a stub one if and only if it doesn't exist
123 when: item.key not in kubernetes
124 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
125 # doing this using `with_fileglob` or `with_filetree`
126 with_dict:
127 kubernetes_hostname: 10.96.240.10
128 kubernetes_keepalived_vrid: 42
129 kubernetes_keepalived_interface: ens3
130 kubernetes_keepalived_vip: 10.96.240.10
131
132 - name: Write new Kubernetes configuration file to disk
133 ansible.builtin.copy:
134 content: "{{ kubernetes | to_nice_yaml(indent=2, width=180) }}"
135 dest: "{{ _kubernetes_path }}"
136
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]137- name: Generate Keepalived configuration for workspace
138 hosts: localhost
139 gather_facts: false
140 vars:
141 _keepalived_path: "{{ workspace_path }}/group_vars/all/keepalived.yml"
142 tasks:
143 - name: Ensure the Keeaplived configuration file exists
144 ansible.builtin.file:
145 path: "{{ _keepalived_path }}"
146 state: touch
147
148 - name: Load the current Keepalived configuration into a variable
149 ansible.builtin.include_vars:
150 file: "{{ _keepalived_path }}"
151 name: keepalived
152
153 - name: Generate Keepalived values for missing variables
154 ansible.builtin.set_fact:
155 keepalived: "{{ keepalived | default({}) | combine({item.key: item.value}) }}"
156 # NOTE(mnaser): We don't want to override existing Keepalived configurations,
157 # so we generate a stub one if and only if it doesn't exist
158 when: item.key not in keepalived
159 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
160 # doing this using `with_fileglob` or `with_filetree`
161 with_dict:
okozachenko8a516962022-04-22 23:31:20 +1000[diff] [blame]162 keepalived_interface: br-ex
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]163 keepalived_vip: 10.96.250.10
164
165 - name: Write new Keepalived configuration file to disk
166 ansible.builtin.copy:
167 content: "{{ keepalived | to_nice_yaml(indent=2, width=180) }}"
168 dest: "{{ _keepalived_path }}"
169
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]170- name: Generate endpoints for workspace
171 hosts: localhost
172 gather_facts: false
173 vars:
174 _endpoints_path: "{{ workspace_path }}/group_vars/all/endpoints.yml"
175 # Input variables
176 region_name: RegionOne
177 domain_name: vexxhost.cloud
178 tasks:
179 - name: Ensure the endpoints file exists
180 ansible.builtin.file:
181 path: "{{ _endpoints_path }}"
182 state: touch
183
184 - name: Load the current endpoints into a variable
185 ansible.builtin.include_vars:
186 file: "{{ _endpoints_path }}"
187 name: endpoints
188
189 - name: Generate endpoint skeleton for missing variables
190 ansible.builtin.set_fact:
191 endpoints: |
192 {{
193 endpoints |
194 default({}) |
195 combine({item: default_map[item]})
196 }}
197 # NOTE(mnaser): We don't want to override existing endpoints, so we generate
198 # a stub one if and only if it doesn't exist
199 when: item not in endpoints
200 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
201 # doing this using `with_fileglob` or `with_filetree`
202 with_lines: >
203 ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
204 xargs grep undef |
205 egrep '(_host|region_name)' |
206 cut -d':' -f2
207 # NOTE(mnaser): We use these variables to generate map of service name to
208 # service type in order to generate the URLs
209 vars:
210 default_map:
211 openstack_helm_endpoints_region_name: "{{ region_name }}"
okozachenko43771bd2022-04-30 01:22:46 +1000[diff] [blame]212 openstack_helm_endpoints_barbican_api_host: "key-manager.{{ domain_name }}"
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]213 openstack_helm_endpoints_cinder_api_host: "volume.{{ domain_name }}"
214 openstack_helm_endpoints_designate_api_host: "dns.{{ domain_name }}"
215 openstack_helm_endpoints_glance_api_host: "image.{{ domain_name }}"
216 openstack_helm_endpoints_heat_api_host: "orchestration.{{ domain_name }}"
217 openstack_helm_endpoints_heat_cfn_api_host: "cloudformation.{{ domain_name }}"
218 openstack_helm_endpoints_horizon_api_host: "dashboard.{{ domain_name }}"
219 openstack_helm_endpoints_ironic_api_host: "baremetal.{{ domain_name }}"
220 openstack_helm_endpoints_keystone_api_host: "identity.{{ domain_name }}"
221 openstack_helm_endpoints_neutron_api_host: "network.{{ domain_name }}"
222 openstack_helm_endpoints_nova_api_host: "compute.{{ domain_name }}"
223 openstack_helm_endpoints_nova_novnc_host: "vnc.{{ domain_name }}"
224 openstack_helm_endpoints_octavia_api_host: "load-balancer.{{ domain_name }}"
225 openstack_helm_endpoints_placement_api_host: "placement.{{ domain_name }}"
226 openstack_helm_endpoints_senlin_api_host: "clustering.{{ domain_name }}"
227
228 - name: Write new endpoints file to disk
229 ansible.builtin.copy:
230 content: "{{ endpoints | to_nice_yaml(indent=2, width=180) }}"
231 dest: "{{ _endpoints_path }}"
232
233 - name: Ensure the endpoints file exists
234 ansible.builtin.file:
235 path: "{{ _endpoints_path }}"
236 state: touch
237
238- name: Generate Neutron configuration for workspace
239 hosts: localhost
240 gather_facts: false
241 vars:
242 _neutron_path: "{{ workspace_path }}/group_vars/all/neutron.yml"
243 # Input variables
244 tasks:
245 - name: Ensure the Neutron configuration file exists
246 ansible.builtin.file:
247 path: "{{ _neutron_path }}"
248 state: touch
249
250 - name: Load the current Neutron configuration into a variable
251 ansible.builtin.include_vars:
252 file: "{{ _neutron_path }}"
253 name: neutron
254
255 - name: Generate Neutron values for missing variables
256 ansible.builtin.set_fact:
257 neutron: "{{ neutron | default({}) | combine({item.key: item.value}) }}"
258 # NOTE(mnaser): We don't want to override existing Ceph configurations,
259 # so we generate a stub one if and only if it doesn't exist
260 when: item.key not in neutron
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]261 with_dict:
262 openstack_helm_neutron_values:
263 conf:
264 auto_bridge_add:
265 br-ex: ens4
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]266 openstack_helm_neutron_networks:
267 - name: public
268 external: true
269 shared: true
270 mtu_size: 1500
271 port_security_enabled: true
272 provider_network_type: flat
273 provider_physical_network: external
274 subnets:
275 - name: public-subnet
276 cidr: 10.96.250.0/24
okozachenko87131922022-04-09 01:04:53 +1000[diff] [blame]277 gateway_ip: 10.96.250.10
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]278 allocation_pool_start: 10.96.250.200
279 allocation_pool_end: 10.96.250.220
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]280 enable_dhcp: true
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]281
282 - name: Write new Neutron configuration file to disk
283 ansible.builtin.copy:
284 content: "{{ neutron | to_nice_yaml(indent=2, width=180) }}"
285 dest: "{{ _neutron_path }}"
286
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]287- name: Generate Nova configuration for workspace
288 hosts: localhost
289 gather_facts: false
290 vars:
291 _nova_path: "{{ workspace_path }}/group_vars/all/nova.yml"
292 # Input variables
293 tasks:
294 - name: Ensure the Nova configuration file exists
295 ansible.builtin.file:
296 path: "{{ _nova_path }}"
297 state: touch
298
299 - name: Load the current Nova configuration into a variable
300 ansible.builtin.include_vars:
301 file: "{{ _nova_path }}"
302 name: nova
303
304 - name: Generate Nova values for missing variables
305 ansible.builtin.set_fact:
306 nova: "{{ nova | default({}) | combine({item.key: item.value}) }}"
307 # NOTE(mnaser): We don't want to override existing Nova configurations,
308 # so we generate a stub one if and only if it doesn't exist
309 when: item.key not in nova
310 with_dict:
311 openstack_helm_nova_flavors:
312 - name: m1.tiny
313 ram: 512
314 disk: 1
315 vcpus: 1
316 - name: m1.small
317 ram: 2048
318 disk: 20
319 vcpus: 1
320 - name: "m1.medium"
321 ram: 4096
322 disk: 40
323 vcpus: 2
324 - name: "m1.large"
325 ram: 8192
326 disk: 80
327 vcpus: 4
328 - name: "m1.xlarge"
329 ram: 16384
330 disk: 160
331 vcpus: 8
332
333 - name: Write new Nova configuration file to disk
334 ansible.builtin.copy:
335 content: "{{ nova | to_nice_yaml(indent=2, width=180) }}"
336 dest: "{{ _nova_path }}"
337
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]338- name: Generate secrets for workspace
339 hosts: localhost
340 gather_facts: false
341 vars:
342 secrets_path: "{{ workspace_path }}/group_vars/all/secrets.yml"
343 tasks:
344 - name: Ensure the secrets file exists
345 ansible.builtin.file:
346 path: "{{ secrets_path }}"
347 state: touch
348
349 - name: Load the current secrets into a variable
350 ansible.builtin.include_vars:
351 file: "{{ secrets_path }}"
352 name: secrets
353
354 - name: Generate secrets for missing variables
355 ansible.builtin.set_fact:
356 secrets: "{{ secrets | default({}) | combine({item: lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=32')}) }}"
357 # NOTE(mnaser): We don't want to override existing secrets, so we generate
358 # a new one if and only if it doesn't exist
359 when: item not in secrets
360 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
361 # doing this using `with_fileglob` or `with_filetree`
362 with_lines: >
363 ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
364 xargs grep undef |
okozachenko43771bd2022-04-30 01:22:46 +1000[diff] [blame]365 egrep -v '(_host|region_name|_ssh_key|_vip|_interface|_kek)' |
366 cut -d':' -f2
367
368 - name: Generate base64 encoded secrets
369 ansible.builtin.set_fact:
370 secrets: "{{ secrets | default({}) | combine({item: lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=32') | b64encode}) }}"
371 # NOTE(mnaser): We don't want to override existing secrets, so we generate
372 # a new one if and only if it doesn't exist
373 when: item not in secrets
374 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
375 # doing this using `with_fileglob` or `with_filetree`
376 with_lines: >
377 ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
378 xargs grep undef |
379 egrep '(_kek)' |
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]380 cut -d':' -f2
381
Mohammed Naser01338322022-03-22 14:51:31 -0400[diff] [blame]382 - name: Generate temporary files for generating keys for missing variables
383 ansible.builtin.tempfile:
384 state: file
385 prefix: "{{ item }}"
386 register: _ssh_key_file
387 # NOTE(mnaser): We don't want to override existing secrets, so we generate
388 # a new one if and only if it doesn't exist
389 when: item not in secrets
390 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
391 # doing this using `with_fileglob` or `with_filetree`
392 with_lines: >
393 ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
394 xargs grep undef |
395 egrep '(_ssh_key)' |
396 cut -d':' -f2
397
398 - name: Generate SSH keys for missing variables
399 community.crypto.openssh_keypair:
400 path: "{{ item.path }}"
401 regenerate: full_idempotence
402 register: _openssh_keypair
403 loop: "{{ _ssh_key_file.results }}"
404 loop_control:
405 label: "{{ item.item }}"
406
407 - name: Set values for SSH keys
408 ansible.builtin.set_fact:
409 secrets: "{{ secrets | default({}) | combine({item.item: lookup('file', item.path)}) }}"
410 loop: "{{ _ssh_key_file.results }}"
411 loop_control:
412 label: "{{ item.item }}"
413
414 - name: Delete the temporary files generated for SSH keys
415 ansible.builtin.file:
416 path: "{{ item.path }}"
417 state: absent
418 loop: "{{ _ssh_key_file.results }}"
419 loop_control:
420 label: "{{ item.item }}"
421
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]422 - name: Write new secrets file to disk
423 ansible.builtin.copy:
424 content: "{{ secrets | to_nice_yaml }}"
425 dest: "{{ secrets_path }}"
426
427 - name: Encrypt secrets file with Vault password
428 ansible.builtin.shell:
429 ansible-vault encrypt --vault-password-file {{ secrets_vault_password_file }} {{ secrets_path }}
430 when:
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]431 - secrets_vault_password_file is defined