├── .gitignore ├── LICENSE ├── README.md ├── dns ├── install.yml ├── ocp.j2 └── server.yml ├── istat ├── install.yml └── istatserver.conf.j2 ├── ks ├── .gitignore ├── README.md ├── build.sh └── conf │ └── ks.cfg ├── openshift ├── README.md ├── delete.yml ├── hosts.example.yml ├── install.yml ├── installer.yml ├── post-install.yml ├── pre-install.yml └── pre-install │ ├── ansible │ ├── config.yml │ ├── hosts.j2 │ └── inventory.yml │ ├── docker-storage │ ├── docker-storage-setup.j2 │ └── docker-storage.yml │ ├── keys │ └── keys.yml │ ├── servers │ └── create.yml │ └── system │ └── system.yml ├── openstack ├── README.md ├── backup.yml ├── config │ ├── flavors.yml │ ├── images.yml │ ├── keypair.yml │ ├── lab.yml │ └── network.yml ├── configure.yml ├── hosts.example.yml ├── install.yml ├── packstack.yml ├── prepare.yml └── restore.yml └── rhel └── subscription.yml /.gitignore: -------------------------------------------------------------------------------- 1 | *.retry 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 /dev/null > tools 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Pack Your Labs 2 | 3 | This is a collection of labs I'm doing on the field. Being a consultant is somehow being a nomad 4 | and I can't rely on things that might fail, like mobile internet. Thus my labs are always with me... 5 | and now I'm sharing them with you. 6 | 7 | The principle is simple: if it doesn't fit in my backpack, doesn't worth doing. 8 | 9 | ## What You Will Need 10 | 11 | A nice piece of hardware and Ansible. 12 | 13 | ## How To Provision The Labs 14 | 15 | Just follow the lab's README file, each one contains everything you'll need to run the labs locally. 16 | -------------------------------------------------------------------------------- /dns/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: dns 3 | name: Configure DNS 4 | 5 | tasks: 6 | - name: Ensure openstack hostname 7 | shell: hostname {{ inventory_hostname }} && echo "{{ inventory_hostname }}" > /etc/hostname 8 | 9 | - name: Subscribe host 10 | redhat_subscription: 11 | state: present 12 | username: "{{ subscription.user }}" 13 | password: "{{ subscription.password }}" 14 | pool_ids: "{{ subscription.pool_ids }}" 15 | 16 | - name: Disable all repositories 17 | shell: subscription-manager repos --disable=* 18 | retries: 10 19 | delay: 5 20 | 21 | - name: Enable repos 22 | shell: subscription-manager repos --enable={{ item }} 23 | with_items: "{{ subscription.repos }}" 24 | retries: 10 25 | delay: 5 26 | 27 | - name: Install packages 28 | yum: 29 | name: "{{ item }}" 30 | state: present 31 | with_items: 32 | - dnsmasq 33 | retries: 10 34 | delay: 5 35 | 36 | - name: Create config file 37 | template: 38 | src: ocp.j2 39 | dest: /etc/dnsmasq.d/ocp 40 | 41 | - name: Enable DNS service 42 | systemd: 43 | name: dnsmasq 44 | state: started 45 | enabled: yes 46 | -------------------------------------------------------------------------------- /dns/ocp.j2: -------------------------------------------------------------------------------- 1 | {% for host in groups['ocp'] %} 2 | {% if hostvars[host]["master"] %} 3 | address=/{{ ocp.console }}/{{ hostvars[host]['internal_ip'] }} 4 | {% endif %} 5 | {% if hostvars[host]["infra"] %} 6 | address=/.{{ ocp.subdomain }}/{{ hostvars[host]['internal_ip'] }} 7 | {% endif %} 8 | address=/{{ host }}/{{ hostvars[host]['internal_ip'] }} 9 | {% endfor %} 10 | -------------------------------------------------------------------------------- /dns/server.yml: -------------------------------------------------------------------------------- 1 | - hosts: osp 2 | name: Create Servers 3 | 4 | tasks: 5 | - name: Create port on OpenStack 6 | shell: > 7 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 8 | openstack port create \ 9 | --fixed-ip subnet={{ hostvars[item]["network"] }}_subnet,ip-address={{ hostvars[item]["internal_ip"] }} \ 10 | --network {{ hostvars[item]["network"] }}_network \ 11 | {{ item }}-port 12 | with_items: "{{ groups['dns'] }}" 13 | 14 | - name: Attach port to floating ip 15 | shell: > 16 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 17 | openstack floating ip set \ 18 | --port {{ item }}-port \ 19 | {{ hostvars[item]["external_ip"] }} 20 | with_items: "{{ groups['dns'] }}" 21 | 22 | - name: Create server on OpenStack 23 | shell: > 24 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 25 | openstack server create --flavor {{ hostvars[item]["flavor"] }} \ 26 | --key-name {{ hostvars[item]["key_name"] }} \ 27 | --image {{ hostvars[item]["image"] }} \ 28 | --port {{ item }}-port \ 29 | --wait \ 30 | {{ item }} 31 | with_items: "{{ groups['dns'] }}" 32 | -------------------------------------------------------------------------------- /istat/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | name: Install iStat Server 4 | 5 | tasks: 6 | - name: Install required packages 7 | yum: 8 | name: "{{ item }}" 9 | state: present 10 | with_items: 11 | - gcc-c++ 12 | - autoconf 13 | - automake 14 | - libxml2-devel 15 | - openssl-devel 16 | - sqlite-devel 17 | 18 | - name: Install optional packages 19 | yum: 20 | name: "{{ item }}" 21 | state: present 22 | with_items: 23 | - lm_sensors 24 | - lm_sensors-devel 25 | when: (baremetal is defined) and baremetal 26 | 27 | - name: Extract source package 28 | unarchive: 29 | src: "{{ istat.download_url }}" 30 | dest: /root/ 31 | remote_src: yes 32 | 33 | - name: Build iStat 34 | shell: > 35 | cd /root/istatserver-* && ./autogen && ./configure && make && make install && \ 36 | cp ./resource/systemd/istatserver.service /etc/systemd/system/istatserver.service 37 | 38 | - name: Copy configuration file 39 | template: 40 | src: istatserver.conf.j2 41 | dest: /usr/local/etc/istatserver/istatserver.conf 42 | 43 | - name: Enable iStat service 44 | systemd: 45 | name: istatserver 46 | state: started 47 | enabled: yes 48 | 49 | - name: Add firewall rule 50 | firewalld: 51 | immediate: yes 52 | permanent: yes 53 | port: 5109/tcp 54 | state: enabled 55 | 56 | -------------------------------------------------------------------------------- /istat/istatserver.conf.j2: -------------------------------------------------------------------------------- 1 | # 2 | # istatserver.conf: Configuration for istatserver 3 | # 4 | 5 | # server_code is a 5 digit number by default but it can be anything you like including text 6 | server_code {{ istat.server_code }} 7 | 8 | # network_addr 127.0.0.1 9 | # network_port 5109 10 | # server_user istat 11 | # server_group istat 12 | # server_socket /tmp/istatserver.sock 13 | # server_pid /var/run/istatserver.pid 14 | 15 | # Set to 1 if you want to disable sqlite history storage. 16 | disable_history_storage 0 17 | 18 | # Set to 1 if you want to disable disk filtering based on mount path. 19 | disk_disable_filtering 0 20 | 21 | # Set to 1 if you want to use mount path as label instead of the device name. 22 | disk_mount_path_label 1 23 | 24 | # Set custom disk label. Will override all other labels. 25 | # disk_rename_label /dev/sda1 "root" 26 | # disk_rename_label /home "home" 27 | -------------------------------------------------------------------------------- /ks/.gitignore: -------------------------------------------------------------------------------- 1 | *.iso -------------------------------------------------------------------------------- /ks/README.md: -------------------------------------------------------------------------------- 1 | # Kickstart Files 2 | 3 | For a complete automated installation, you can use the Anaconda's Kickstart. The easiest way is 4 | to provide a second disk labeled `OEMDRV`. 5 | 6 | The file `conf/ks.cfg` is very close to the one I use. In case you don't want to modify it, just 7 | install your CentOS/Red Hat and look for the kickstart file on the `/root/` folder. 8 | 9 | The `build.sh` script will create the `iso` image for you. 10 | -------------------------------------------------------------------------------- /ks/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | mkisofs -V OEMDRV -o kickstart.iso conf/. 4 | -------------------------------------------------------------------------------- /ks/conf/ks.cfg: -------------------------------------------------------------------------------- 1 | #version=DEVEL 2 | 3 | auth --passalgo=sha512 --useshadow 4 | repo --name="Server-HighAvailability" --baseurl=file:///run/install/repo/addons/HighAvailability 5 | repo --name="Server-ResilientStorage" --baseurl=file:///run/install/repo/addons/ResilientStorage 6 | #platform x86, AMD64, or Intel EM64T 7 | shutdown 8 | text 9 | cdrom 10 | 11 | firstboot --enable 12 | # This uses both msata slots 13 | ignoredisk --only-use=sda,sdb 14 | 15 | keyboard --vckeymap=us --xlayouts='us' 16 | lang en_US.UTF-8 17 | 18 | network --bootproto=dhcp --device=eno1 --ipv6=auto --activate 19 | network --hostname= 20 | 21 | # Example password 'redhat' 22 | rootpw --iscrypted $1$7d8GWa/0$lPxpLEi57hTh6YweA16EG0 23 | # System services 24 | services --enabled="chronyd" 25 | # System timezone 26 | timezone --isUtc 27 | # System bootloader configuration 28 | bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda 29 | # Partition clearing information 30 | clearpart --all --initlabel --drives=sda,sdb 31 | # Disk partitioning information 32 | part /boot --fstype="xfs" --size=1024 33 | part pv.266 --fstype="lvmpv" --ondisk=sdb --size= 34 | part pv.260 --fstype="lvmpv" --ondisk=sda --size= 35 | part /boot/efi --fstype="efi" --size=200 --fsoptions="umask=0077,shortname=winnt" 36 | volgroup --pesize=4096 pv.260 pv.266 37 | logvol / --fstype="xfs" --size=960428 --name=root --vgname= 38 | logvol swap --fstype="swap" --size=16064 --name=swap --vgname= 39 | 40 | skipx 41 | %post 42 | mkdir /root/.ssh 43 | echo "" > /root/.ssh/authorized_keys 44 | chmod 400 /root/.ssh/authorized_keys 45 | chmod 500 /root/.ssh 46 | %end 47 | 48 | %packages 49 | @^minimal 50 | @core 51 | chrony 52 | kexec-tools 53 | 54 | %end 55 | 56 | %addon com_redhat_kdump --enable --reserve-mb='auto' 57 | 58 | %end 59 | 60 | %anaconda 61 | pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty 62 | pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok 63 | pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty 64 | %end 65 | -------------------------------------------------------------------------------- /openshift/README.md: -------------------------------------------------------------------------------- 1 | # OpenShift Packed Lab 2 | 3 | This is the playbook I'm using to deploy Red Hat OpenShift Container Platform on top of my Intel Nuc 4 | Skull Canyon. It requires the Red Hat OpenStack Platform already installed. 5 | 6 | The playbook will: 7 | 8 | - create OpenStack instances for all nodes 9 | - create and attach a volume for the docker storage on each instance 10 | - attach a volume for the docker registry (you need to create it before) 11 | - apply the pre reqs 12 | - generate the Ansible inventory 13 | - run the OpenShift installation playbook 14 | 15 | In the end, you'll have a nice and crispy OpenShift waiting for you. 16 | 17 | ## The hosts file 18 | 19 | Check the `hosts.example.yml` for a full working example (almost like mine). The variable 20 | sections are explained below. 21 | 22 | ### Subscription Parameters 23 | 24 | ```yaml 25 | subscription: 26 | user: some-user 27 | password: some-password 28 | pool_ids: 29 | - some-pool-id 30 | ``` 31 | 32 | This section configures the subscription, it's pretty straightforward, just provide your Red Hat 33 | credentials and the pool id which gives you access to the Red Hat OpenShift Container Platform. 34 | 35 | You might want to query the available subscriptions using `subscription-manager list --available`. 36 | 37 | ### OpenStack Parameters 38 | 39 | This is the main structure of the section 40 | 41 | ```yaml 42 | osp: 43 | auth: 44 | auth_url: http://openstack.example.com:5000/v3 45 | username: admin 46 | password: openstack 47 | user_domain_name: Default 48 | project_name: admin 49 | ``` 50 | 51 | The authentication parameters will be added as a cloud provider in OpenShift installation. 52 | 53 | ### OpenShift Parameters 54 | 55 | This is the main structure of the section 56 | 57 | ```yaml 58 | deploy_metrics: true 59 | deploy_logging: true 60 | subdomain: cloud.example.com 61 | console: openshift.example.com 62 | registry: 63 | volume: 64 | id: e7fe29c5-a4bd-4640-b647-8a6555853e23 65 | size: 50Gi 66 | cluster_admin_user: admin 67 | ``` 68 | 69 | - `deploy_metrics`: sets the installer to deploy the metrics component 70 | - `deploy_logging`: sets the installer to deploy the logging component 71 | - `subdomain`: configures the subdomain for the router 72 | - `console`: configures the console hostname 73 | - `registry`: configures the already created storage for docker registry 74 | - `cluster_admin_user`: sets a cluster admin user (it's useful for a lab environment) 75 | 76 | ### Host vars 77 | 78 | In order to create the instances and configure them, a set of host vars is needed: 79 | 80 | - `bastion`: sets the hosts as the bastion host (the host that will run the OCP installer playbook) 81 | - `kind`: sets the kind of the node (master, compute, infra or master-infra) 82 | - `internal_ip`: sets the internal ip (OpenStack network) 83 | - `external_ip`: sets the external ip (physical network) 84 | - `docker_storage`: sets the parameters for creating and attaching the docker storage volume 85 | -------------------------------------------------------------------------------- /openshift/delete.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: ocp 3 | name: Release system 4 | 5 | tasks: 6 | - name: Unsubscribe system 7 | shell: subscription-manager remove --all 8 | 9 | - hosts: osp 10 | name: Delete OpenShift Cluster 11 | 12 | tasks: 13 | - name: Delete servers 14 | shell: > 15 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 16 | openstack server delete {{ item }} --wait 17 | with_items: "{{ groups['ocp'] }}" 18 | 19 | - name: Delete ports 20 | shell: > 21 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 22 | openstack port delete {{ item }}-port 23 | with_items: "{{ groups['ocp'] }}" 24 | 25 | - name: Delete docker storage volumes 26 | shell: > 27 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 28 | openstack volume delete {{ hostvars[item]["docker_storage"]["volume"] }} 29 | with_items: "{{ groups['ocp'] }}" 30 | -------------------------------------------------------------------------------- /openshift/hosts.example.yml: -------------------------------------------------------------------------------- 1 | all: 2 | children: 3 | osp: 4 | hosts: 5 | openstack.example.com: 6 | ansible_user: root 7 | ocp: 8 | vars: 9 | ansible_user: cloud-user 10 | ansible_become: yes 11 | 12 | bastion_private_key: ~/some-path/ocp-master 13 | bastion_public_key: ~/some-path/ocp-master.pub 14 | 15 | flavor: ocp.node 16 | key_name: openstack-keypair 17 | network: lab 18 | image: rhel 19 | hosts: 20 | ocp-master.example.com: 21 | bastion: true 22 | kind: master 23 | schedulable: false 24 | internal_ip: 10.0.1.17 25 | external_ip: 192.168.0.31 26 | docker_storage: 27 | device: /dev/vdc 28 | name: docker-vg 29 | volume: ocp-master-docker-storage 30 | size: 25 31 | ocp-infra.example.com: 32 | kind: infra 33 | internal_ip: 10.0.1.15 34 | external_ip: 192.168.0.32 35 | docker_storage: 36 | device: /dev/vdc 37 | name: docker-vg 38 | volume: ocp-infra-docker-storage 39 | size: 25 40 | ocp-app-1.example.com: 41 | kind: compute 42 | internal_ip: 10.0.1.14 43 | external_ip: 192.168.0.33 44 | docker_storage: 45 | device: /dev/vdc 46 | name: docker-vg 47 | volume: ocp-app-1-docker-storage 48 | size: 25 49 | ocp-app-2.example.com: 50 | kind: compute 51 | internal_ip: 10.0.1.16 52 | external_ip: 192.168.0.34 53 | docker_storage: 54 | device: /dev/vdc 55 | name: docker-vg 56 | volume: ocp-app-2-docker-storage 57 | size: 25 58 | vars: 59 | subscription: 60 | user: my-portal-user 61 | password: "my-porta-password" 62 | pool_ids: 63 | - pool_id 64 | ocp: 65 | deploy_metrics: true 66 | deploy_logging: true 67 | subdomain: cloud.example.com 68 | console: openshift.example.com 69 | registry: 70 | volume: 71 | id: e7fe29c5-a4bd-4640-b647-8a6555853e23 72 | size: 50Gi 73 | cluster_admin_user: admin 74 | osp: 75 | auth: 76 | auth_url: http://openstack.example.com:5000/v3 77 | username: admin 78 | password: openstack 79 | user_domain_name: Default 80 | project_name: admin 81 | -------------------------------------------------------------------------------- /openshift/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_playbook: pre-install.yml 3 | - import_playbook: installer.yml 4 | - import_playbook: post-install.yml 5 | -------------------------------------------------------------------------------- /openshift/installer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: ocp 3 | name: Call OpenShift Ansible Installer 4 | tasks: 5 | - block: 6 | 7 | - name: Run Pre Requisites Playbook 8 | shell: > 9 | ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml > /tmp/ansible.log 10 | 11 | - name: Run Install Playbook 12 | shell: > 13 | ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml >> /tmp/ansible.log 14 | 15 | when: (bastion is defined) and bastion 16 | -------------------------------------------------------------------------------- /openshift/post-install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: ocp 3 | name: Configure Installed Openshift 4 | 5 | tasks: 6 | - block: 7 | - name: Give cluster-admin access to defined user 8 | shell: > 9 | oc adm policy add-cluster-role-to-user cluster-admin {{ ocp.cluster_admin_user }} 10 | when: (bastion is defined) and bastion 11 | -------------------------------------------------------------------------------- /openshift/pre-install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_playbook: pre-install/servers/create.yml 3 | - import_playbook: pre-install/system/system.yml 4 | - import_playbook: pre-install/keys/keys.yml 5 | - import_playbook: pre-install/docker-storage/docker-storage.yml 6 | - import_playbook: pre-install/ansible/config.yml 7 | - import_playbook: pre-install/ansible/inventory.yml 8 | -------------------------------------------------------------------------------- /openshift/pre-install/ansible/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: ocp 3 | name: Configure Ansible 4 | 5 | tasks: 6 | - block: 7 | - name: Disable ansible host key checking 8 | lineinfile: 9 | path: /etc/ansible/ansible.cfg 10 | regexp: "^#host_key_checking = False" 11 | line: "host_key_checking = False" 12 | 13 | - name: Increase ansible timeout 14 | lineinfile: 15 | path: /etc/ansible/ansible.cfg 16 | regexp: "^#timeout = 10" 17 | line: "timeout = 60" 18 | -------------------------------------------------------------------------------- /openshift/pre-install/ansible/hosts.j2: -------------------------------------------------------------------------------- 1 | [OSEv3:children] 2 | masters 3 | nodes 4 | etcd 5 | 6 | [OSEv3:vars] 7 | ansible_ssh_user=cloud-user 8 | ansible_become=yes 9 | 10 | openshift_deployment_type=openshift-enterprise 11 | openshift_release=v3.11 12 | 13 | openshift_install_examples=true 14 | 15 | openshift_use_crio=true 16 | openshift_crio_use_rpm=true 17 | openshift_crio_enable_docker_gc=true 18 | os_firewall_use_firewalld=true 19 | 20 | oreg_auth_user={{ subscription.user }} 21 | oreg_auth_password={{ subscription.password }} 22 | 23 | {% if ocp.deploy_olm %} 24 | openshift_enable_olm=true 25 | openshift_additional_registry_credentials=[{'host':'registry.connect.redhat.com','user':'{{ subscription.user }}','password':'{{ subscription.password }}','test_image':'mongodb/enterprise-operator:0.3.2'}] 26 | {% endif %} 27 | 28 | openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] 29 | 30 | openshift_cloudprovider_kind=openstack 31 | openshift_cloudprovider_openstack_auth_url={{ osp.auth.auth_url }} 32 | openshift_cloudprovider_openstack_username={{ osp.auth.username }} 33 | openshift_cloudprovider_openstack_password={{ osp.auth.password }} 34 | openshift_cloudprovider_openstack_domain_name={{ osp.auth.user_domain_name }} 35 | openshift_cloudprovider_openstack_tenant_name=lab 36 | openshift_cloudprovider_openstack_blockstorage_version=v2 37 | 38 | {% if ocp.deploy_metrics %} 39 | openshift_metrics_install_metrics=true 40 | openshift_metrics_server_install=true 41 | openshift_metrics_cassandra_storage_type=dynamic 42 | {% endif %} 43 | 44 | {% if ocp.deploy_logging %} 45 | openshift_logging_install_logging=true 46 | openshift_logging_storage_kind=dynamic 47 | openshift_logging_es_memory_limit=2Gi 48 | {% endif %} 49 | 50 | {% if ocp.deploy_cluster_monitoring %} 51 | openshift_cluster_monitoring_operator_install=true 52 | openshift_cluster_monitoring_operator_prometheus_storage_enabled=true 53 | openshift_cluster_monitoring_operator_alertmanager_storage_enabled=true 54 | {% else %} 55 | openshift_cluster_monitoring_operator_install=false 56 | {% endif %} 57 | 58 | {% set master_port = '443' %} 59 | {% for host in groups['ocp'] %} 60 | {% if hostvars[host]["kind"] == 'master-infra' %} 61 | {% set master_port = '8443' %} 62 | {% endif %} 63 | {% endfor %} 64 | 65 | openshift_master_api_port={{ master_port }} 66 | openshift_master_console_port={{ master_port }} 67 | 68 | openshift_disable_check=disk_availability,memory_availability,docker_image_availability 69 | 70 | osm_api_server_args={'deserialization-cache-size': ['1000']} 71 | 72 | {% if ocp.additional_registries is defined %} 73 | openshift_docker_insecure_registries={{ ocp.additional_registries }} 74 | openshift_docker_additional_registries={{ ocp.additional_registries }} 75 | {% endif %} 76 | 77 | openshift_master_cluster_hostname={{ ocp.console }} 78 | openshift_master_cluster_public_hostname={{ ocp.console }} 79 | openshift_master_default_subdomain={{ ocp.subdomain }} 80 | 81 | openshift_template_service_broker_namespaces=['openshift'] 82 | 83 | openshift_hosted_registry_storage_kind=openstack 84 | openshift_hosted_registry_storage_access_modes=['ReadWriteOnce'] 85 | openshift_hosted_registry_storage_openstack_filesystem=ext4 86 | #openshift_hosted_registry_storage_openstack_volumeID={{ ocp.registry.volume.id }} 87 | openshift_hosted_registry_storage_volume_size={{ ocp.registry.volume.size }} 88 | 89 | openshift_hosted_etcd_storage_kind=dynamic 90 | openshift_hosted_etcd_storage_access_modes=["ReadWriteOnce"] 91 | openshift_hosted_etcd_storage_volume_size=1G 92 | openshift_hosted_etcd_storage_labels={'storage': 'etcd'} 93 | 94 | [masters] 95 | {% for host in groups['ocp'] %} 96 | {% if hostvars[host]["kind"] == "master" %} 97 | {{ host }} 98 | {% endif %} 99 | {% endfor %} 100 | 101 | [etcd] 102 | {% for host in groups['ocp'] %} 103 | {% if hostvars[host]["kind"] == "master" %} 104 | {{ host }} 105 | {% endif %} 106 | {% endfor %} 107 | 108 | [nodes] 109 | {% for host in groups['ocp'] %} 110 | {{ host }} openshift_node_group_name='node-config-{{ hostvars[host]["kind"] }}' 111 | {% endfor %} 112 | -------------------------------------------------------------------------------- /openshift/pre-install/ansible/inventory.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: ocp 3 | name: Prepare Ansible Inventory 4 | 5 | tasks: 6 | - name: Copy ansible inventory file 7 | template: 8 | src: hosts.j2 9 | dest: /etc/ansible/hosts 10 | when: (bastion is defined) and bastion 11 | -------------------------------------------------------------------------------- /openshift/pre-install/docker-storage/docker-storage-setup.j2: -------------------------------------------------------------------------------- 1 | DEVS={{ docker_storage.device }} 2 | VG={{ docker_storage.name }} 3 | -------------------------------------------------------------------------------- /openshift/pre-install/docker-storage/docker-storage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: ocp 3 | name: Prepare Docker Storage 4 | 5 | tasks: 6 | - name: Configure docker storage 7 | block: 8 | - name: Stop docker service 9 | systemd: 10 | state: stopped 11 | enabled: no 12 | name: docker 13 | 14 | - name: Remove /var/lib/docker directory 15 | file: 16 | path: /var/lib/docker 17 | state: absent 18 | 19 | - name: Copy docker-storage-setup file 20 | template: 21 | src: docker-storage-setup.j2 22 | dest: /etc/sysconfig/docker-storage-setup 23 | 24 | - name: Reset docker storage setup 25 | shell: docker-storage-setup --reset 26 | 27 | - name: Setup docker storage 28 | shell: docker-storage-setup 29 | 30 | - name: Start and enable docker service 31 | systemd: 32 | state: started 33 | enabled: yes 34 | name: docker 35 | -------------------------------------------------------------------------------- /openshift/pre-install/keys/keys.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: ocp 3 | name: Prepare Keys 4 | 5 | tasks: 6 | - name: Add authorized key 7 | authorized_key: 8 | user: cloud-user 9 | state: present 10 | key: '{{ item }}' 11 | with_file: 12 | - "{{ bastion_public_key }}" 13 | 14 | - name: Configure bastion 15 | block: 16 | - name: Copy private key to bastion 17 | copy: 18 | src: "{{ bastion_private_key }}" 19 | dest: "/root/.ssh/id_rsa" 20 | mode: 0600 21 | 22 | - name: Copy public key to bastion 23 | copy: 24 | src: "{{ bastion_public_key }}" 25 | dest: "/root/.ssh/id_rsa.pub" 26 | mode: 0644 27 | 28 | when: (bastion is defined) and bastion -------------------------------------------------------------------------------- /openshift/pre-install/servers/create.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | name: Create Servers 4 | 5 | tasks: 6 | - name: Create port on OpenStack 7 | shell: > 8 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 9 | openstack port create \ 10 | --fixed-ip subnet={{ hostvars[item]["network"] }}_subnet,ip-address={{ hostvars[item]["internal_ip"] }} \ 11 | --network {{ hostvars[item]["network"] }}_network \ 12 | {{ item }}-port 13 | with_items: "{{ groups['ocp'] }}" 14 | 15 | - name: Attach port to floating ip 16 | shell: > 17 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 18 | openstack floating ip set \ 19 | --port {{ item }}-port \ 20 | {{ hostvars[item]["external_ip"] }} 21 | with_items: "{{ groups['ocp'] }}" 22 | 23 | - name: Create server on OpenStack 24 | shell: > 25 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 26 | openstack server create --flavor {{ hostvars[item]["flavor"] }} \ 27 | --key-name {{ hostvars[item]["key_name"] }} \ 28 | --image {{ hostvars[item]["image"] }} \ 29 | --port {{ item }}-port \ 30 | --wait \ 31 | {{ item }} 32 | with_items: "{{ groups['ocp'] }}" 33 | 34 | - name: Create docker storage volume on OpenStack 35 | shell: > 36 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 37 | eval $(openstack volume create --size {{ hostvars[item]["docker_storage"]["size"] }} {{ hostvars[item]["docker_storage"]["volume"] }} -f shell) && \ 38 | openstack server add volume --device {{ hostvars[item]["docker_storage"]["device"] }} {{ item }} $id 39 | with_items: "{{ groups['ocp'] }}" 40 | -------------------------------------------------------------------------------- /openshift/pre-install/system/system.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: ocp 3 | name: Prepare System 4 | 5 | tasks: 6 | - name: Ensure openstack hostname 7 | shell: hostname {{ inventory_hostname }} && echo "{{ inventory_hostname }}" > /etc/hostname 8 | 9 | - name: Subscribe host 10 | redhat_subscription: 11 | state: present 12 | username: "{{ subscription.user }}" 13 | password: "{{ subscription.password }}" 14 | pool_ids: "{{ subscription.pool_ids }}" 15 | 16 | - name: Disable all repositories 17 | shell: subscription-manager repos --disable=* 18 | 19 | - name: Enable repos 20 | shell: subscription-manager repos --enable={{ item }} 21 | with_items: 22 | - rhel-7-server-rpms 23 | - rhel-7-server-extras-rpms 24 | - rhel-7-server-ose-3.11-rpms 25 | - rhel-7-fast-datapath-rpms 26 | - rhel-7-server-ansible-2.6-rpms 27 | 28 | - name: Install packages 29 | yum: 30 | name: "{{ item }}" 31 | state: present 32 | with_items: 33 | - python2-setuptools 34 | - wget 35 | - git 36 | - net-tools 37 | - bind-utils 38 | - iptables-services 39 | - bridge-utils 40 | - bash-completion 41 | - kexec-tools 42 | - sos 43 | - psacct 44 | - openshift-ansible 45 | - docker 46 | 47 | - name: Update packages 48 | yum: 49 | name: '*' 50 | state: latest 51 | -------------------------------------------------------------------------------- /openstack/README.md: -------------------------------------------------------------------------------- 1 | # OpenStack Packed Lab 2 | 3 | This is the playbook I'm using to deploy Red Hat OpenStack Platform on top of my Intel Nuc Skull 4 | Canyon. 5 | 6 | The playbook will: 7 | 8 | - Subscribe the host 9 | - Enable the required repositories 10 | - Install the required packages 11 | - Create and customize the packstack answer file 12 | - Invoke the packstack installer 13 | - Create a public flat network with a subnet 14 | - Create the supplied images 15 | - Create the supplied flavors 16 | - Create the supplied keypair 17 | - Create a `lab` project with the supplied networks, floating IPs 18 | - Add SSH and ICMP to the default security group 19 | 20 | Which means: at the end you'll have everything to play with OpenStack. 21 | 22 | ## The hosts file 23 | 24 | Check the `hosts.example.yml` for a full working example (almost like mine). The variable 25 | sections are explained below. 26 | 27 | ### Subscription Parameters 28 | 29 | ```yaml 30 | subscription: 31 | user: some-user 32 | password: some-password 33 | pool_ids: 34 | - some-pool-id 35 | ``` 36 | 37 | This section configures the subscription, it's pretty straightforward, just provide your Red Hat 38 | credentials and the pool id which gives you access to the Red Hat OpenStack Platform. 39 | 40 | You might want to query the available subscriptions using `subscription-manager list --available`. 41 | 42 | ### OpenStack Parameters 43 | 44 | This is the main structure of the section 45 | 46 | ```yaml 47 | osp: 48 | resource_path: 49 | packstack: 50 | keypairs: 51 | network: 52 | images: 53 | flavors: 54 | lab: 55 | ``` 56 | 57 | #### Upload Path 58 | 59 | The `resource_path` takes a path on the remote host that will receive the resources (like keypairs, 60 | images, packstack file, etc.). It will be created so just throw the desired path and let the 61 | playbook create it for you. 62 | 63 | #### Packstack Configuration 64 | 65 | The `packstack` configuration is structured as this example: 66 | 67 | ```yaml 68 | packstack: 69 | CONFIG_KEY: config_value 70 | ``` 71 | 72 | The key-value pairs will be dded to the packstack answers file before the packstack installation. 73 | This allow you to customize the installation. Following is an example: 74 | 75 | ```yaml 76 | osp: 77 | resource_path: /tmp/openstack 78 | packstack: 79 | CONFIG_DEFAULT_PASSWORD: openstack 80 | CONFIG_KEYSTONE_ADMIN_PW: openstack 81 | CONFIG_CINDER_VOLUMES_SIZE: 300G 82 | CONFIG_HEAT_INSTALL: y 83 | ``` 84 | 85 | #### Keypairs 86 | 87 | The `keypairs` section allows you to configure your ssh keys for using with OpenStack instances. 88 | Just add entries to the configuration in the format name=key_path, like the example: 89 | 90 | ```yaml 91 | keypairs: 92 | laptop: ~/.ssh/id_rsa.pub 93 | ``` 94 | 95 | The key name will be the keypair name in OpenStack. Remember that the paths should be local to the 96 | host executing the playbook. 97 | 98 | #### Network Configuration 99 | 100 | The `network` section configures the public network in OpenStack. The playbook will create and 101 | configure a public network based on the provided configuration. The structure is described below: 102 | 103 | ```yaml 104 | network: 105 | nic: "the network interface for public access" 106 | cidr: "the CIDR value of your network" 107 | dns: "the DNS server to use" 108 | dhcp: 109 | start: "the start range of the DHCP to configure" 110 | end: "the end range of the DHCP to configure" 111 | ``` 112 | 113 | The `nic` will be used to configure the public network using the `flat` provider. Below is an 114 | example: 115 | 116 | ```yaml 117 | network: 118 | nic: eno1 119 | cidr: 192.168.0.0/24 120 | dns: 192.168.0.1 121 | dhcp: 122 | start: 192.168.0.20 123 | end: 192.168.0.100 124 | ``` 125 | 126 | #### Images Configuration 127 | 128 | The `images` section allows you to specify images to be available for OpenStack users. The structure 129 | is specified below: 130 | 131 | ```yaml 132 | images: 133 | name: 134 | url: url/to/the/image 135 | disk_format: (ami, ari, aki, vhd, vmdk, raw, qcow2, vhdx, vdi, iso or ploop) 136 | min_disk: size in GB 137 | min_ram: size in MB 138 | ``` 139 | 140 | The `image_name` will be used as the name in the OpenStack. Below is an example: 141 | 142 | ```yaml 143 | images: 144 | rhel: 145 | url: https://server.example.com/images/rhel-server-7.4-x86_64-kvm.qcow2 146 | disk_format: qcow2 147 | min_disk: 10 148 | min_ram: 256 149 | rhel-atomic: 150 | url: https://server.example.com/images/rhel-atomic-cloud-7.4.3-8.x86_64.qcow2 151 | disk_format: qcow2 152 | min_disk: 10 153 | min_ram: 128 154 | ``` 155 | 156 | This will create a `rhel` and a `rhel-atomic` image ready to be used. Remember that the paths should 157 | be local to the host executing the playbook. 158 | 159 | #### Flavors Configuration 160 | 161 | The `flavours` section allows you to configure the flavors that will be available to use. The 162 | structure is specified below: 163 | 164 | ```yaml 165 | flavors: 166 | name: 167 | ram: amount in MB 168 | disk: amount in GB 169 | ephemeral: amount in GB 170 | swap: amount in MB 171 | vcpus: number 172 | ``` 173 | 174 | Each entry will be added using the provided `name`. Below is an example: 175 | 176 | ```yaml 177 | flavors: 178 | m1.nano: 179 | ram: 128 180 | disk: 1 181 | ephemeral: 0 182 | swap: 0 183 | vcpus: 1 184 | m1.micro: 185 | ram: 256 186 | disk: 1 187 | ephemeral: 0 188 | swap: 0 189 | vcpus: 1 190 | ``` 191 | 192 | #### Lab Configuration 193 | 194 | The lab will be created as a project having the `admin` user as its owner. The structure to 195 | configure the project is specified below: 196 | 197 | ```yaml 198 | lab: 199 | floating_ip: 200 | - fixed_address_a 201 | - fixed_address_b 202 | networks: 203 | name: 204 | cidr: subnet cidr 205 | dhcp: 206 | start: ip start range 207 | end: ip end range 208 | ``` 209 | 210 | The `floating_ip` defines floating IPs that will be created for you. In the `network` section, you 211 | can specify networks to create. Below is an example: 212 | 213 | ```yaml 214 | lab: 215 | floating_ip: 216 | - 192.168.0.30 217 | - 192.168.0.31 218 | networks: 219 | workshop: 220 | cidr: 10.0.0.0/24 221 | dhcp: 222 | start: 10.0.0.10 223 | end: 10.0.0.100 224 | test: 225 | cidr: 10.0.1.0/24 226 | dhcp: 227 | start: 10.0.1.10 228 | end: 10.0.1.100 229 | ``` 230 | 231 | This will create 2 floating IPs and 2 private networks (one named `workshop` and the other named 232 | `test`) both added to a router that is connected to the external network. 233 | 234 | ## Installing OpenStack 235 | 236 | To install OpenStack, just run the `install.yml` playbook. It should take a while, specially if 237 | you have lots of images to create. 238 | 239 | If for some dark reason Packstack fails, try to run db sync on the components and run packstack 240 | manually: 241 | 242 | ``` 243 | cinder-manage db sync 244 | nova-manage db sync 245 | keystone-manage db_sync 246 | ``` 247 | 248 | At the end you will have a nice and crispy OpenStack lab just waiting for you to launch your 249 | instances. 250 | -------------------------------------------------------------------------------- /openstack/backup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | name: Backup OpenStack Data 4 | 5 | tasks: 6 | - name: Create backup path 7 | file: 8 | path: "{{ osp.backup.path }}" 9 | state: directory 10 | 11 | - name: Remove attachments 12 | shell: > 13 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 14 | openstack server remove volume \ 15 | $(openstack volume show {{ item }} -c attachments --format shell | cut -d"'" -f4) \ 16 | {{ item }} || true 17 | with_items: "{{ osp.backup.volumes }}" 18 | 19 | - name: Remove previous images 20 | shell: > 21 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 22 | openstack image delete {{ item }} || true 23 | with_items: "{{ osp.backup.volumes }}" 24 | 25 | - name: Upload volumes to images 26 | shell: > 27 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 28 | cinder upload-to-image {{ item }} {{ item }} 29 | with_items: "{{ osp.backup.volumes }}" 30 | 31 | - name: Wait until all images are saved 32 | shell: > 33 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 34 | eval $(openstack image show {{ item }} -c status --format shell --prefix image_) && echo $image_status 35 | register: result 36 | until: result.stdout == 'active' 37 | retries: 100 38 | delay: 10 39 | with_items: "{{ osp.backup.volumes }}" 40 | 41 | - name: Save images to disk 42 | shell: > 43 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 44 | eval $(openstack image show {{ item }} -c id --format shell --prefix image_) && \ 45 | glance image-download $image_id --file="{{ osp.backup.path }}/{{ item }}" 46 | with_items: "{{ osp.backup.volumes }}" 47 | 48 | - name: Check md5 49 | shell: > 50 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 51 | eval $(openstack image show {{ item }} -c checksum --format shell --prefix image_) && \ 52 | echo "$image_checksum {{ item }}" > "{{ osp.backup.path }}/{{ item }}.md5" && \ 53 | cd {{ osp.backup.path }} && md5sum -c "{{ item }}.md5" 54 | with_items: "{{ osp.backup.volumes }}" 55 | 56 | -------------------------------------------------------------------------------- /openstack/config/flavors.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | remote_user: root 4 | name: Configure OpenStack Flavors 5 | tasks: 6 | - name: create flavor 7 | shell: > 8 | source ~/keystonerc_admin && \ 9 | openstack flavor create \ 10 | --ram {{ item.value.ram }} \ 11 | --disk {{ item.value.disk }} \ 12 | --ephemeral {{ item.value.ephemeral }} \ 13 | --swap {{ item.value.swap }} \ 14 | --vcpus {{ item.value.vcpus }} \ 15 | {{ item.key }} 16 | with_dict: "{{ osp.flavors }}" 17 | -------------------------------------------------------------------------------- /openstack/config/images.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | remote_user: root 4 | name: Configure OpenStack Images 5 | tasks: 6 | - name: download images 7 | get_url: 8 | url: "{{ item.value.url }}" 9 | dest: "{{ osp.resource_path }}/{{ item.key }}.image" 10 | with_dict: "{{ osp.images }}" 11 | 12 | - name: create images 13 | shell: > 14 | source ~/keystonerc_admin && \ 15 | openstack image create \ 16 | --public \ 17 | --disk-format {{ item.value.disk_format }} \ 18 | --min-disk {{ item.value.min_disk }} \ 19 | --min-ram {{ item.value.min_ram }} \ 20 | --file {{ osp.resource_path }}/{{ item.key }}.image \ 21 | {{ item.key }} 22 | with_dict: "{{ osp.images }}" 23 | -------------------------------------------------------------------------------- /openstack/config/keypair.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | remote_user: root 4 | name: Configure OpenStack Key Pair 5 | tasks: 6 | - name: send key 7 | copy: 8 | src: "{{ item.value }}" 9 | dest: "{{ osp.resource_path }}/{{ item.key }}.key" 10 | with_dict: "{{ osp.keypairs }}" 11 | 12 | - name: add key 13 | shell: > 14 | source ~/keystonerc_admin && \ 15 | openstack keypair create --public-key "{{ osp.resource_path }}/{{ item.key }}.key" {{ item.key }} 16 | with_dict: "{{ osp.keypairs }}" 17 | -------------------------------------------------------------------------------- /openstack/config/lab.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | remote_user: root 4 | name: Configure OpenStack Packed Lab 5 | tasks: 6 | - name: create project 7 | shell: > 8 | source ~/keystonerc_admin && \ 9 | openstack project create --enable lab && \ 10 | openstack role add --user admin --project lab _member_ && \ 11 | openstack role add --user admin --project lab admin 12 | 13 | - name: configure lab network 14 | shell: > 15 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 16 | openstack network create {{ item.key }}_network && \ 17 | openstack subnet create --dhcp \ 18 | --allocation-pool start={{ item.value.dhcp.start }},end={{ item.value.dhcp.end }} \ 19 | --dns-nameserver {{ osp.network.dns }} \ 20 | --network {{ item.key }}_network \ 21 | --subnet-range {{ item.value.cidr }} \ 22 | {{ item.key }}_subnet 23 | with_dict: "{{ osp.lab.networks }}" 24 | 25 | - name: create router 26 | shell: > 27 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 28 | openstack router create --project lab --enable lab_router && \ 29 | neutron router-gateway-set lab_router public_network 30 | 31 | - name: add lab subnet to router 32 | shell: > 33 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 34 | openstack router add subnet lab_router "{{ item.key }}"_subnet 35 | with_dict: "{{ osp.lab.networks }}" 36 | 37 | - name: get default security group id 38 | shell: > 39 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 40 | eval $(openstack project show lab -f shell) && openstack security group list | grep $id | grep default | cut -d' ' -f2 41 | register: security_group_id 42 | 43 | - name: configure default security group 44 | shell: > 45 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 46 | openstack security group rule create \ 47 | --ingress \ 48 | --protocol icmp \ 49 | --ethertype IPv4 \ 50 | {{ security_group_id.stdout }} && \ 51 | openstack security group rule create \ 52 | --ingress \ 53 | --protocol tcp \ 54 | --ethertype IPv4 \ 55 | --dst-port 1:65535 \ 56 | {{ security_group_id.stdout }} && \ 57 | openstack security group rule create \ 58 | --ingress \ 59 | --protocol udp \ 60 | --ethertype IPv4 \ 61 | --dst-port 1:65535 \ 62 | {{ security_group_id.stdout }} 63 | 64 | - name: create floating ip 65 | shell: > 66 | source ~/keystonerc_admin && export OS_PROJECT_NAME=lab && \ 67 | openstack floating ip create --floating-ip-address {{ item }} public_network 68 | with_items: "{{ osp.lab.floating_ip }}" 69 | -------------------------------------------------------------------------------- /openstack/config/network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | remote_user: root 4 | name: Configure OpenStack Network 5 | tasks: 6 | - name: create public network 7 | shell: > 8 | source ~/keystonerc_admin && \ 9 | openstack network create \ 10 | --external \ 11 | --provider-network-type flat \ 12 | --provider-physical-network physnet1 \ 13 | public_network && \ 14 | openstack subnet create --dhcp \ 15 | --allocation-pool start={{ osp.network.dhcp.start }},end={{ osp.network.dhcp.end }} \ 16 | --dns-nameserver {{ osp.network.dns }} \ 17 | --network public_network \ 18 | --subnet-range {{ osp.network.cidr }} \ 19 | public_subnet 20 | -------------------------------------------------------------------------------- /openstack/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_playbook: config/keypair.yml 3 | - import_playbook: config/network.yml 4 | - import_playbook: config/flavors.yml 5 | - import_playbook: config/images.yml 6 | - import_playbook: config/lab.yml 7 | -------------------------------------------------------------------------------- /openstack/hosts.example.yml: -------------------------------------------------------------------------------- 1 | osp: 2 | hosts: 3 | my-openstack-host: 4 | vars: 5 | subscription: 6 | user: some-user 7 | password: some-password 8 | pool_ids: 9 | - my-openstack-pool-id 10 | network: 11 | cidr: 192.168.0.0./24 12 | dns: 192.168.0.1 13 | dhcp: 14 | start: 192.168.0.20 15 | end: 192.168.0.100 16 | osp: 17 | resource_path: /tmp/openstack 18 | packstack: 19 | CONFIG_DEFAULT_PASSWORD: openstack 20 | CONFIG_KEYSTONE_ADMIN_PW: openstack 21 | CONFIG_CINDER_VOLUMES_SIZE: 300G 22 | CONFIG_HEAT_INSTALL: y 23 | keypairs: 24 | laptop: ~/.ssh/id_rsa.pub 25 | network: 26 | nic: eno1 27 | cidr: 192.168.0.0/24 28 | dns: 192.168.0.1 29 | dhcp: 30 | start: 192.168.0.20 31 | end: 192.168.0.100 32 | images: 33 | cirros: 34 | local_path: /path/to/cirros-0.4.0-x86_64-disk.img 35 | disk_format: qcow2 36 | min_disk: 1 37 | min_ram: 128 38 | flavors: 39 | m1.nano: 40 | ram: 128 41 | disk: 1 42 | ephemeral: 0 43 | swap: 0 44 | vcpus: 1 45 | m1.micro: 46 | ram: 256 47 | disk: 1 48 | ephemeral: 0 49 | swap: 0 50 | vcpus: 1 51 | lab: 52 | floating_ip: 5 53 | networks: 54 | workshop: 55 | cidr: 10.0.0.0/24 56 | dhcp: 57 | start: 10.0.0.10 58 | end: 10.0.0.100 59 | test: 60 | cidr: 10.0.1.0/24 61 | dhcp: 62 | start: 10.0.1.10 63 | end: 10.0.1.100 64 | -------------------------------------------------------------------------------- /openstack/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_playbook: prepare.yml 3 | - import_playbook: packstack.yml 4 | - import_playbook: configure.yml 5 | -------------------------------------------------------------------------------- /openstack/packstack.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | name: Install OpenStack using Packstack 4 | tasks: 5 | - name: generate packstack config file 6 | shell: packstack --gen-answer-file={{ osp.resource_path }}/packstack-answers.cfg 7 | 8 | - name: configure packstack 9 | block: 10 | - shell: openstack-config --set {{ osp.resource_path }}/packstack-answers.cfg general {{ item.key }} {{ item.value }} 11 | with_dict: 12 | CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS: physnet1:br-ex 13 | CONFIG_PROVISION_DEMO: n 14 | CONFIG_NEUTRON_OVS_BRIDGE_IFACES: "br-ex:{{ osp.network.nic }}" 15 | CONFIG_DEFAULT_PASSWORD: openstack 16 | CONFIG_KEYSTONE_ADMIN_PW: openstack 17 | 18 | - shell: openstack-config --set {{ osp.resource_path }}/packstack-answers.cfg general {{ item.key }} {{ item.value }} 19 | with_dict: "{{ osp.packstack }}" 20 | 21 | - name: packstack 22 | shell: packstack --answer-file={{ osp.resource_path }}/packstack-answers.cfg --timeout=6000 > /tmp/packstack.log 23 | -------------------------------------------------------------------------------- /openstack/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | name: Prepare OpenStack Installation 4 | 5 | tasks: 6 | - name: create resource folder 7 | file: 8 | path: "{{ osp.resource_path }}" 9 | state: directory 10 | 11 | - name: subscribe host 12 | redhat_subscription: 13 | state: present 14 | username: "{{ subscription.user }}" 15 | password: "{{ subscription.password }}" 16 | pool_ids: "{{ subscription.pool_ids }}" 17 | 18 | - name: disable all repositories 19 | shell: subscription-manager repos --disable=* 20 | 21 | - name: enable repos 22 | shell: subscription-manager repos --enable={{ item }} 23 | with_items: 24 | - rhel-7-server-rpms 25 | - rhel-7-server-rh-common-rpms 26 | - rhel-7-server-extras-rpms 27 | - rhel-7-server-openstack-12-rpms 28 | - rhel-7-server-openstack-12-devtools-rpms 29 | 30 | - name: install packages 31 | yum: 32 | name: "{{ item }}" 33 | state: present 34 | with_items: 35 | - python2-setuptools 36 | - yum-utils 37 | - openstack-utils 38 | - openstack-packstack 39 | - openstack-nova-migration 40 | - bash-completion 41 | - vim 42 | 43 | - name: upgrade all packages 44 | yum: 45 | name: '*' 46 | state: latest 47 | 48 | - name: disable network manager 49 | shell: > 50 | systemctl disable NetworkManager ; systemctl stop NetworkManager ; systemctl enable network ; systemctl start network 51 | 52 | - name: disable firewalld 53 | systemd: 54 | name: firewalld 55 | state: stopped 56 | enabled: no 57 | -------------------------------------------------------------------------------- /openstack/restore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: osp 3 | name: Restore OpenStack Volumes 4 | 5 | tasks: 6 | - name: Remove previous images 7 | shell: > 8 | source ~/keystonerc_admin && \ 9 | openstack image delete {{ item }} || true 10 | with_items: "{{ osp.backup.volumes }}" 11 | 12 | - name: Save images 13 | shell: > 14 | source ~/keystonerc_admin && \ 15 | openstack image create \ 16 | --public \ 17 | --file {{ osp.backup.path }}/{{ item }} \ 18 | {{ item }} 19 | with_items: "{{ osp.backup.volumes }}" 20 | -------------------------------------------------------------------------------- /rhel/subscription.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | name: Subscription 4 | 5 | tasks: 6 | - name: Subscribe host 7 | redhat_subscription: 8 | state: present 9 | username: "{{ subscription.user }}" 10 | password: "{{ subscription.password }}" 11 | pool_ids: "{{ subscription.pool_ids }}" 12 | 13 | - name: Disable all repositories 14 | shell: subscription-manager repos --disable=* 15 | retries: 10 16 | delay: 5 17 | 18 | - name: Enable repos 19 | shell: subscription-manager repos --enable={{ item }} 20 | with_items: "{{ subscription.repos }}" 21 | retries: 10 22 | delay: 5 23 | --------------------------------------------------------------------------------