Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 8eafb7ed36ea55398ca178538fd87980d3d2faa3 / . / playbooks / generate_workspace.yml
blob: 9e4206b1d62a7def7caf1501a904ec3dffc47de5 [file] [log] [blame]
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]1# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15- name: Generate workspace for Atmosphere
16 hosts: localhost
17 gather_facts: false
18 tasks:
19 - name: Create folders for workspace
20 ansible.builtin.file:
21 path: "{{ workspace_path }}/{{ item }}"
22 state: directory
23 loop:
24 - group_vars
25 - group_vars/all
26 - group_vars/controllers
27 - group_vars/cephs
28 - group_vars/computes
29 - host_vars
30
31- name: Generate Ceph control plane configuration for workspace
32 hosts: localhost
33 gather_facts: false
34 vars:
35 _ceph_path: "{{ workspace_path }}/group_vars/all/ceph.yml"
36 # Input variables
37 ceph_fsid: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
38 ceph_public_network: 10.96.240.0/24
39 tasks:
40 - name: Ensure the Ceph control plane configuration file exists
41 ansible.builtin.file:
42 path: "{{ _ceph_path }}"
43 state: touch
44
45 - name: Load the current Ceph control plane configuration into a variable
46 ansible.builtin.include_vars:
47 file: "{{ _ceph_path }}"
48 name: ceph
49
50 - name: Generate Ceph control plane values for missing variables
51 ansible.builtin.set_fact:
52 ceph: "{{ ceph | default({}) | combine({item.key: item.value}) }}"
53 # NOTE(mnaser): We don't want to override existing Ceph configurations,
54 # so we generate a stub one if and only if it doesn't exist
55 when: item.key not in ceph
56 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
57 # doing this using `with_fileglob` or `with_filetree`
58 with_dict:
59 ceph_mon_fsid: "{{ ceph_fsid }}"
60 ceph_mon_public_network: "{{ ceph_public_network }}"
61
62 - name: Write new Ceph control plane configuration file to disk
63 ansible.builtin.copy:
64 content: "{{ ceph | to_nice_yaml(indent=2, width=180) }}"
65 dest: "{{ _ceph_path }}"
66
67- name: Generate Ceph OSD configuration for workspace
68 hosts: localhost
69 gather_facts: false
70 vars:
71 _ceph_osd_path: "{{ workspace_path }}/group_vars/cephs/osds.yml"
72 tasks:
73 - name: Ensure the Ceph OSDs configuration file exists
74 ansible.builtin.file:
75 path: "{{ _ceph_osd_path }}"
76 state: touch
77
78 - name: Load the current Ceph OSDs configuration into a variable
79 ansible.builtin.include_vars:
80 file: "{{ _ceph_osd_path }}"
81 name: ceph_osd
82
83 - name: Generate Ceph OSDs values for missing variables
84 ansible.builtin.set_fact:
85 ceph_osd: "{{ ceph_osd | default({}) | combine({item.key: item.value}) }}"
86 # NOTE(mnaser): We don't want to override existing Ceph configurations,
87 # so we generate a stub one if and only if it doesn't exist
88 when: item.key not in ceph_osd
89 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
90 # doing this using `with_fileglob` or `with_filetree`
91 with_dict:
92 ceph_osd_devices:
93 - /dev/vdb
94 - /dev/vdc
95 - /dev/vdd
96
97 - name: Write new Ceph OSDs configuration file to disk
98 ansible.builtin.copy:
99 content: "{{ ceph_osd | to_nice_yaml(indent=2, width=180) }}"
100 dest: "{{ _ceph_osd_path }}"
101
102- name: Generate Kubernetes configuration for workspace
103 hosts: localhost
104 gather_facts: false
105 vars:
106 _kubernetes_path: "{{ workspace_path }}/group_vars/all/kubernetes.yml"
107 tasks:
108 - name: Ensure the Kubernetes configuration file exists
109 ansible.builtin.file:
110 path: "{{ _kubernetes_path }}"
111 state: touch
112
113 - name: Load the current Kubernetes configuration into a variable
114 ansible.builtin.include_vars:
115 file: "{{ _kubernetes_path }}"
116 name: kubernetes
117
118 - name: Generate Kubernetes values for missing variables
119 ansible.builtin.set_fact:
120 kubernetes: "{{ kubernetes | default({}) | combine({item.key: item.value}) }}"
121 # NOTE(mnaser): We don't want to override existing Ceph configurations,
122 # so we generate a stub one if and only if it doesn't exist
123 when: item.key not in kubernetes
124 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
125 # doing this using `with_fileglob` or `with_filetree`
126 with_dict:
127 kubernetes_hostname: 10.96.240.10
128 kubernetes_keepalived_vrid: 42
129 kubernetes_keepalived_interface: ens3
130 kubernetes_keepalived_vip: 10.96.240.10
131
132 - name: Write new Kubernetes configuration file to disk
133 ansible.builtin.copy:
134 content: "{{ kubernetes | to_nice_yaml(indent=2, width=180) }}"
135 dest: "{{ _kubernetes_path }}"
136
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]137- name: Generate Keepalived configuration for workspace
138 hosts: localhost
139 gather_facts: false
140 vars:
141 _keepalived_path: "{{ workspace_path }}/group_vars/all/keepalived.yml"
142 tasks:
143 - name: Ensure the Keeaplived configuration file exists
144 ansible.builtin.file:
145 path: "{{ _keepalived_path }}"
146 state: touch
147
148 - name: Load the current Keepalived configuration into a variable
149 ansible.builtin.include_vars:
150 file: "{{ _keepalived_path }}"
151 name: keepalived
152
153 - name: Generate Keepalived values for missing variables
154 ansible.builtin.set_fact:
155 keepalived: "{{ keepalived | default({}) | combine({item.key: item.value}) }}"
156 # NOTE(mnaser): We don't want to override existing Keepalived configurations,
157 # so we generate a stub one if and only if it doesn't exist
158 when: item.key not in keepalived
159 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
160 # doing this using `with_fileglob` or `with_filetree`
161 with_dict:
okozachenko8a516962022-04-22 23:31:20 +1000[diff] [blame]162 keepalived_interface: br-ex
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]163 keepalived_vip: 10.96.250.10
164
165 - name: Write new Keepalived configuration file to disk
166 ansible.builtin.copy:
167 content: "{{ keepalived | to_nice_yaml(indent=2, width=180) }}"
168 dest: "{{ _keepalived_path }}"
169
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]170- name: Generate endpoints for workspace
171 hosts: localhost
172 gather_facts: false
173 vars:
174 _endpoints_path: "{{ workspace_path }}/group_vars/all/endpoints.yml"
175 # Input variables
176 region_name: RegionOne
177 domain_name: vexxhost.cloud
178 tasks:
179 - name: Ensure the endpoints file exists
180 ansible.builtin.file:
181 path: "{{ _endpoints_path }}"
182 state: touch
Mohammed Naserf3a14a32022-09-19 15:15:39 -0400[diff] [blame]183
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]184 - name: Load the current endpoints into a variable
185 ansible.builtin.include_vars:
186 file: "{{ _endpoints_path }}"
187 name: endpoints
188
189 - name: Generate endpoint skeleton for missing variables
190 ansible.builtin.set_fact:
191 endpoints: |
192 {{
193 endpoints |
194 default({}) |
195 combine({item: default_map[item]})
196 }}
197 # NOTE(mnaser): We don't want to override existing endpoints, so we generate
198 # a stub one if and only if it doesn't exist
199 when: item not in endpoints
200 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
201 # doing this using `with_fileglob` or `with_filetree`
202 with_lines: >
203 ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
204 xargs grep undef |
205 egrep '(_host|region_name)' |
206 cut -d':' -f2
207 # NOTE(mnaser): We use these variables to generate map of service name to
208 # service type in order to generate the URLs
209 vars:
210 default_map:
211 openstack_helm_endpoints_region_name: "{{ region_name }}"
okozachenko43771bd2022-04-30 01:22:46 +1000[diff] [blame]212 openstack_helm_endpoints_barbican_api_host: "key-manager.{{ domain_name }}"
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]213 openstack_helm_endpoints_cinder_api_host: "volume.{{ domain_name }}"
214 openstack_helm_endpoints_designate_api_host: "dns.{{ domain_name }}"
215 openstack_helm_endpoints_glance_api_host: "image.{{ domain_name }}"
216 openstack_helm_endpoints_heat_api_host: "orchestration.{{ domain_name }}"
217 openstack_helm_endpoints_heat_cfn_api_host: "cloudformation.{{ domain_name }}"
218 openstack_helm_endpoints_horizon_api_host: "dashboard.{{ domain_name }}"
219 openstack_helm_endpoints_ironic_api_host: "baremetal.{{ domain_name }}"
220 openstack_helm_endpoints_keystone_api_host: "identity.{{ domain_name }}"
221 openstack_helm_endpoints_neutron_api_host: "network.{{ domain_name }}"
222 openstack_helm_endpoints_nova_api_host: "compute.{{ domain_name }}"
223 openstack_helm_endpoints_nova_novnc_host: "vnc.{{ domain_name }}"
224 openstack_helm_endpoints_octavia_api_host: "load-balancer.{{ domain_name }}"
225 openstack_helm_endpoints_placement_api_host: "placement.{{ domain_name }}"
226 openstack_helm_endpoints_senlin_api_host: "clustering.{{ domain_name }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]227 openstack_helm_endpoints_magnum_api_host: "container-infra.{{ domain_name }}"
228 openstack_helm_endpoints_magnum_registry_host: "container-infra-registry.{{ domain_name }}"
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]229
230 - name: Write new endpoints file to disk
231 ansible.builtin.copy:
232 content: "{{ endpoints | to_nice_yaml(indent=2, width=180) }}"
233 dest: "{{ _endpoints_path }}"
234
235 - name: Ensure the endpoints file exists
236 ansible.builtin.file:
237 path: "{{ _endpoints_path }}"
238 state: touch
239
240- name: Generate Neutron configuration for workspace
241 hosts: localhost
242 gather_facts: false
243 vars:
244 _neutron_path: "{{ workspace_path }}/group_vars/all/neutron.yml"
245 # Input variables
246 tasks:
247 - name: Ensure the Neutron configuration file exists
248 ansible.builtin.file:
249 path: "{{ _neutron_path }}"
250 state: touch
251
252 - name: Load the current Neutron configuration into a variable
253 ansible.builtin.include_vars:
254 file: "{{ _neutron_path }}"
255 name: neutron
256
257 - name: Generate Neutron values for missing variables
258 ansible.builtin.set_fact:
259 neutron: "{{ neutron | default({}) | combine({item.key: item.value}) }}"
260 # NOTE(mnaser): We don't want to override existing Ceph configurations,
261 # so we generate a stub one if and only if it doesn't exist
262 when: item.key not in neutron
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]263 with_dict:
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]264 neutron_networks:
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]265 - name: public
266 external: true
267 shared: true
268 mtu_size: 1500
269 port_security_enabled: true
270 provider_network_type: flat
271 provider_physical_network: external
272 subnets:
273 - name: public-subnet
274 cidr: 10.96.250.0/24
okozachenko87131922022-04-09 01:04:53 +1000[diff] [blame]275 gateway_ip: 10.96.250.10
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]276 allocation_pool_start: 10.96.250.200
277 allocation_pool_end: 10.96.250.220
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]278 enable_dhcp: true
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]279
280 - name: Write new Neutron configuration file to disk
281 ansible.builtin.copy:
282 content: "{{ neutron | to_nice_yaml(indent=2, width=180) }}"
283 dest: "{{ _neutron_path }}"
284
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]285- name: Generate Nova configuration for workspace
286 hosts: localhost
287 gather_facts: false
288 vars:
289 _nova_path: "{{ workspace_path }}/group_vars/all/nova.yml"
290 # Input variables
291 tasks:
292 - name: Ensure the Nova configuration file exists
293 ansible.builtin.file:
294 path: "{{ _nova_path }}"
295 state: touch
296
297 - name: Load the current Nova configuration into a variable
298 ansible.builtin.include_vars:
299 file: "{{ _nova_path }}"
300 name: nova
301
302 - name: Generate Nova values for missing variables
303 ansible.builtin.set_fact:
304 nova: "{{ nova | default({}) | combine({item.key: item.value}) }}"
305 # NOTE(mnaser): We don't want to override existing Nova configurations,
306 # so we generate a stub one if and only if it doesn't exist
307 when: item.key not in nova
308 with_dict:
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]309 nova_flavors:
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]310 - name: m1.tiny
311 ram: 512
312 disk: 1
313 vcpus: 1
314 - name: m1.small
315 ram: 2048
316 disk: 20
317 vcpus: 1
318 - name: "m1.medium"
319 ram: 4096
320 disk: 40
321 vcpus: 2
322 - name: "m1.large"
323 ram: 8192
324 disk: 80
325 vcpus: 4
326 - name: "m1.xlarge"
327 ram: 16384
328 disk: 160
329 vcpus: 8
330
331 - name: Write new Nova configuration file to disk
332 ansible.builtin.copy:
333 content: "{{ nova | to_nice_yaml(indent=2, width=180) }}"
334 dest: "{{ _nova_path }}"
335
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]336- name: Generate secrets for workspace
337 hosts: localhost
338 gather_facts: false
339 vars:
340 secrets_path: "{{ workspace_path }}/group_vars/all/secrets.yml"
341 tasks:
342 - name: Ensure the secrets file exists
343 ansible.builtin.file:
344 path: "{{ secrets_path }}"
345 state: touch
346
347 - name: Load the current secrets into a variable
348 ansible.builtin.include_vars:
349 file: "{{ secrets_path }}"
350 name: secrets
351
352 - name: Generate secrets for missing variables
353 ansible.builtin.set_fact:
354 secrets: "{{ secrets | default({}) | combine({item: lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=32')}) }}"
355 # NOTE(mnaser): We don't want to override existing secrets, so we generate
356 # a new one if and only if it doesn't exist
357 when: item not in secrets
358 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
359 # doing this using `with_fileglob` or `with_filetree`
360 with_lines: >
361 ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
362 xargs grep undef |
okozachenko43771bd2022-04-30 01:22:46 +1000[diff] [blame]363 egrep -v '(_host|region_name|_ssh_key|_vip|_interface|_kek)' |
364 cut -d':' -f2
365
366 - name: Generate base64 encoded secrets
367 ansible.builtin.set_fact:
368 secrets: "{{ secrets | default({}) | combine({item: lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=32') | b64encode}) }}"
369 # NOTE(mnaser): We don't want to override existing secrets, so we generate
370 # a new one if and only if it doesn't exist
371 when: item not in secrets
372 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
373 # doing this using `with_fileglob` or `with_filetree`
374 with_lines: >
375 ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
376 xargs grep undef |
377 egrep '(_kek)' |
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]378 cut -d':' -f2
379
Mohammed Naser01338322022-03-22 14:51:31 -0400[diff] [blame]380 - name: Generate temporary files for generating keys for missing variables
381 ansible.builtin.tempfile:
382 state: file
383 prefix: "{{ item }}"
384 register: _ssh_key_file
385 # NOTE(mnaser): We don't want to override existing secrets, so we generate
386 # a new one if and only if it doesn't exist
387 when: item not in secrets
388 # NOTE(mnaser): This is absolutely hideous but there's no clean way of
389 # doing this using `with_fileglob` or `with_filetree`
390 with_lines: >
391 ls {{ playbook_dir }}/../roles/*/defaults/main.yml |
392 xargs grep undef |
393 egrep '(_ssh_key)' |
394 cut -d':' -f2
395
396 - name: Generate SSH keys for missing variables
397 community.crypto.openssh_keypair:
398 path: "{{ item.path }}"
399 regenerate: full_idempotence
400 register: _openssh_keypair
401 loop: "{{ _ssh_key_file.results }}"
402 loop_control:
403 label: "{{ item.item }}"
404
405 - name: Set values for SSH keys
406 ansible.builtin.set_fact:
407 secrets: "{{ secrets | default({}) | combine({item.item: lookup('file', item.path)}) }}"
408 loop: "{{ _ssh_key_file.results }}"
409 loop_control:
410 label: "{{ item.item }}"
411
412 - name: Delete the temporary files generated for SSH keys
413 ansible.builtin.file:
414 path: "{{ item.path }}"
415 state: absent
416 loop: "{{ _ssh_key_file.results }}"
417 loop_control:
418 label: "{{ item.item }}"
419
Mohammed Naser46e15522022-03-19 16:07:44 -0400[diff] [blame]420 - name: Write new secrets file to disk
421 ansible.builtin.copy:
422 content: "{{ secrets | to_nice_yaml }}"
423 dest: "{{ secrets_path }}"
424
425 - name: Encrypt secrets file with Vault password
426 ansible.builtin.shell:
427 ansible-vault encrypt --vault-password-file {{ secrets_vault_password_file }} {{ secrets_path }}
428 when:
okozachenko45fd72c2022-04-15 14:36:46 +1000[diff] [blame]429 - secrets_vault_password_file is defined