├── files └── tables │ ├── resources.csv │ ├── workload_template.csv │ └── workload_resources.csv ├── templates ├── workloads │ ├── docker-iperf.yaml.j2 │ ├── docker-ubuntu.yaml.j2 │ └── test.yaml.j2 ├── admin-ciaorc.j2 ├── demo-ciaorc.j2 ├── ciao-cnci-agent.service.j2 ├── ciao-scheduler.service.j2 ├── configuration.yaml.j2 └── ciao-controller.service.j2 ├── meta └── main.yml ├── handlers └── main.yml ├── tasks ├── install.yml ├── images.yml ├── main.yml ├── build.yml ├── startservices.yml ├── endpoints.yml ├── certificates.yml └── create_cnci_image.yml ├── README.md ├── defaults └── main.yml └── LICENSE /files/tables/resources.csv: -------------------------------------------------------------------------------- 1 | 1, instances 2 | 2, vcpus 3 | 3, mem_mb 4 | 4, disk_mb 5 | 5, network_node 6 | -------------------------------------------------------------------------------- /templates/workloads/docker-iperf.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | #cloud-config 3 | runcmd: 4 | - [ /bin/bash, runIperf.sh, "-P 8" ] 5 | ... 6 | -------------------------------------------------------------------------------- /templates/workloads/docker-ubuntu.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | #cloud-config 3 | runcmd: 4 | - [ /usr/bin/python3, -m, http.server] 5 | ... 6 | -------------------------------------------------------------------------------- /templates/admin-ciaorc.j2: -------------------------------------------------------------------------------- 1 | export CIAO_CONTROLLER={{ keystone_fqdn }} 2 | export CIAO_IDENTITY=https://{{ keystone_fqdn }}:35357 3 | export CIAO_USERNAME=admin 4 | export CIAO_PASSWORD={{ keystone_admin_password }} 5 | export CIAO_TENANT_NAME=admin 6 | -------------------------------------------------------------------------------- /templates/demo-ciaorc.j2: -------------------------------------------------------------------------------- 1 | export CIAO_CONTROLLER={{ keystone_fqdn }} 2 | export CIAO_IDENTITY=https://{{ keystone_fqdn }}:35357 3 | export CIAO_USERNAME={{ keystone_users[0].user }} 4 | export CIAO_PASSWORD={{ keystone_users[0].password }} 5 | export CIAO_TENANT_NAME=demo 6 | -------------------------------------------------------------------------------- /templates/ciao-cnci-agent.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Ciao CNCI Agent 3 | After=network.target 4 | 5 | [Service] 6 | ExecStartPre=-/usr/bin/ethtool -L enp0s2 combined 4 7 | ExecStart=/usr/sbin/ciao-cnci-agent -server auto -v 3 8 | ExecReload=/bin/kill -HUP $MAINPID 9 | KillMode=process 10 | Restart=on-failure 11 | RestartSec=31s 12 | 13 | [Install] 14 | WantedBy=default.target 15 | -------------------------------------------------------------------------------- /templates/workloads/test.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | #cloud-config 3 | users: 4 | - name: {{ ciao_guest_user }} 5 | gecos: CIAO Demo User 6 | lock-passwd: false 7 | passwd: $6$rounds=4096$w9I3hR4g/hu$AnYjaC2DfznbPSG3vxsgtgAS4mJwWBkcR74Y/KHNB5OsfAlA4gpU5j6CHWMOkkt9j.9d7OYJXJ4icXHzKXTAO. 8 | sudo: ALL=(ALL) NOPASSWD:ALL 9 | ssh-authorized-keys: {{ ciao_ssh_public_key }} 10 | ... 11 | -------------------------------------------------------------------------------- /templates/ciao-scheduler.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=CIAO Scheduler Service 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | ExecStart={{ bindir }}/ciao-scheduler --cacert=/etc/pki/ciao/CAcert-{{ ciao_controller_fqdn }}.pem \ 8 | --cert=/etc/pki/ciao/cert-Scheduler-{{ ciao_controller_fqdn }}.pem \ 9 | --logtostderr -v 2 10 | User=ciao 11 | Restart=always 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Alberto Murillo 3 | description: Ansible role to install the controller node for a CIAO cluster 4 | company: Intel 5 | 6 | issue_tracker_url: https://github.com/01org/ciao 7 | 8 | license: Apache 9 | 10 | min_ansible_version: 2.1 11 | 12 | platforms: 13 | - name: Ubuntu 14 | versions: 15 | - xenial 16 | - name: ClearLinux 17 | 18 | galaxy_tags: 19 | - ubuntu 20 | - xenial 21 | - clearlinux 22 | - ciao 23 | 24 | dependencies: 25 | - clearlinux.ciao-common 26 | -------------------------------------------------------------------------------- /files/tables/workload_template.csv: -------------------------------------------------------------------------------- 1 | 69e84267-ed01-4738-b15f-b47de06b62e7,Fedora 23 Cloud,test.yaml,legacy,qemu,73a86d7e-93c0-480e-9c41-ab42f69b7799,"", 0 2 | e35ed972-c46c-4aad-a1e7-ef103ae079a2,Clear Cloud,test.yaml,efi,qemu,df3768da-31f5-4ba6-82f0-127a1a705169,"", 0 3 | eba04826-62a5-48bd-876f-9119667b1487,CNCI,test.yaml,efi,qemu,4e16e743-265a-4bf2-9fd1-57ada0b28904,"", 1 4 | ca957444-fa46-11e5-94f9-38607786d9ec,Docker Ubuntu latest,docker-ubuntu.yaml,"",docker,fa7d86d8-fa46-11e5-8493-38607786d9ec,"ubuntu:latest",0 5 | ab68111c-03a6-11e6-87de-001320fb6e31,Docker Iperf,docker-iperf.yaml,"",docker,b5e696b8-03a6-11e6-a424-001320fb6e31,"mcastelino/iperf:latest",0 6 | -------------------------------------------------------------------------------- /templates/configuration.yaml.j2: -------------------------------------------------------------------------------- 1 | configure: 2 | scheduler: 3 | storage_type: file 4 | storage_uri: file:///etc/ciao/configuration.yaml 5 | controller: 6 | compute_port: 8774 7 | compute_ca: /etc/pki/keystone/keystone_cert.pem 8 | compute_cert: /etc/pki/keystone/keystone_key.pem 9 | identity_user: {{ ciao_service_user }} 10 | identity_password: {{ ciao_service_password }} 11 | storage: 12 | ceph_id: {{ ceph_id }} 13 | launcher: 14 | compute_net: 15 | {{ ciao_compute_subnets | to_nice_yaml }} 16 | mgmt_net: 17 | {{ ciao_mgmt_subnets | to_nice_yaml }} 18 | disk_limit: true 19 | mem_limit: true 20 | identity_service: 21 | type: keystone 22 | url: https://{{ keystone_fqdn }}:35357 23 | -------------------------------------------------------------------------------- /templates/ciao-controller.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=CIAO Controller Service 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | ExecStart={{ bindir }}/ciao-controller --cacert=/etc/pki/ciao/CAcert-{{ ciao_controller_fqdn }}.pem \ 8 | --cert=/etc/pki/ciao/cert-Controller-localhost.pem \ 9 | --tables_init_path=/var/lib/ciao/tables \ 10 | --workloads_path=/var/lib/ciao/workloads \ 11 | --database_path=/var/lib/ciao/datastore/ciao-controller.db \ 12 | --stats_path=/var/lib/ciao/datastore/ciao-controller-stats.db \ 13 | --logtostderr -v 2 14 | Restart=always 15 | 16 | [Install] 17 | WantedBy=multi-user.target 18 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: restart scheduler 17 | service: name=ciao-scheduler.service enabled=yes state=restarted 18 | 19 | - name: restart controller 20 | service: name=ciao-controller.service enabled=yes state=restarted 21 | -------------------------------------------------------------------------------- /files/tables/workload_resources.csv: -------------------------------------------------------------------------------- 1 | 69e84267-ed01-4738-b15f-b47de06b62e7, 2, 2, 2, 1 2 | 69e84267-ed01-4738-b15f-b47de06b62e7, 3, 128, 128, 1 3 | 69e84267-ed01-4738-b15f-b47de06b62e7, 4, 80, 80, 1 4 | e35ed972-c46c-4aad-a1e7-ef103ae079a2, 2, 2, 2, 1 5 | e35ed972-c46c-4aad-a1e7-ef103ae079a2, 3, 128, 128, 1 6 | e35ed972-c46c-4aad-a1e7-ef103ae079a2, 4, 80, 80, 1 7 | eba04826-62a5-48bd-876f-9119667b1487, 2, 4, 4, 1 8 | eba04826-62a5-48bd-876f-9119667b1487, 3, 2048, 2048, 1 9 | eba04826-62a5-48bd-876f-9119667b1487, 4, 2048, 2048, 1 10 | eba04826-62a5-48bd-876f-9119667b1487, 5, 1, 1, 1 11 | ca957444-fa46-11e5-94f9-38607786d9ec, 2, 2, 2, 1 12 | ca957444-fa46-11e5-94f9-38607786d9ec, 3, 128, 128, 1 13 | ca957444-fa46-11e5-94f9-38607786d9ec, 4, 80, 80, 1 14 | ab68111c-03a6-11e6-87de-001320fb6e31, 2, 2, 2, 1 15 | ab68111c-03a6-11e6-87de-001320fb6e31, 3, 128, 128, 1 16 | ab68111c-03a6-11e6-87de-001320fb6e31, 4, 80, 80, 1 17 | -------------------------------------------------------------------------------- /tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Install CIAO binaries 17 | copy: src={{ gopath }}/bin/{{ item }} dest={{ bindir }}/{{ item }} mode=755 18 | with_items: 19 | - ciao-cert 20 | - ciao-cli 21 | - ciao-controller 22 | - ciao-scheduler 23 | when: ciao_dev 24 | notify: 25 | - restart scheduler 26 | - restart controller 27 | -------------------------------------------------------------------------------- /tasks/images.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Create images directory 17 | file: path=images state=directory 18 | 19 | - name: Download images 20 | get_url: 21 | url: "{{ item.url }}" 22 | dest: "{{ item.dest }}" 23 | validate_certs: no 24 | force: no 25 | with_items: 26 | - url: "{{ ovmf_url }}" 27 | dest: images/OVMF.fd 28 | - url: "{{ fedora_cloud_image_url }}" 29 | dest: images/{{ fedora_cloud_image }} 30 | - url: "{{ clear_cloud_image_url }}" 31 | dest: images/{{ clear_cloud_image }}.xz 32 | 33 | - name: Uncompress ClearLinux Image 34 | command: unxz -k {{ clear_cloud_image }}.xz 35 | args: 36 | chdir: images 37 | creates: "{{ clear_cloud_image }}" 38 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - include: build.yml 17 | become: no 18 | 19 | - include: images.yml 20 | become: no 21 | connection: local 22 | 23 | - include: endpoints.yml 24 | connection: local 25 | 26 | - name: Wait for ciao build 27 | become: no 28 | connection: local 29 | async_status: 30 | jid: "{{ ciao_build.ansible_job_id }}" 31 | register: ciao_build_wait 32 | until: ciao_build_wait.finished 33 | retries: 30 34 | changed_when: "ciao_build_wait.stderr is defined and 'github.com/01org/ciao/' in ciao_build_wait.stderr" 35 | when: ciao_dev 36 | 37 | - include: install.yml 38 | 39 | - include: certificates.yml 40 | 41 | - include: create_cnci_image.yml 42 | connection: local 43 | 44 | - include: startservices.yml 45 | 46 | - name: Create ciaorc file 47 | become: no 48 | connection: local 49 | template: src={{ item }}.j2 dest=./{{ item }} mode=0400 50 | with_items: 51 | - admin-ciaorc 52 | - demo-ciaorc 53 | -------------------------------------------------------------------------------- /tasks/build.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - block: 17 | - name: Setup GOROOT directory 18 | connection: local 19 | file: path={{ gopath }} state=directory 20 | 21 | - name: Build CIAO from sources 22 | connection: local 23 | shell: go get -v github.com/01org/ciao/... 24 | register: ciao_build 25 | async: 1800 26 | poll: 0 27 | environment: 28 | GOPATH: "{{ gopath }}" 29 | when: ciao_dev 30 | 31 | - block: 32 | - name: Create fetch directory 33 | connection: local 34 | file: path=fetch state=directory 35 | 36 | - name: Fetch ciao files 37 | fetch: 38 | dest: fetch/{{ item }} 39 | fail_on_missing: yes 40 | flat: yes 41 | src: /usr/bin/{{ item }} 42 | with_items: 43 | - ciao-cert 44 | - ciao-cnci-agent 45 | 46 | - name: Make ciao files runnable 47 | connection: local 48 | file: path=fetch/{{ item }} mode=0755 49 | with_items: 50 | - ciao-cert 51 | - ciao-cnci-agent 52 | when: not ciao_dev 53 | -------------------------------------------------------------------------------- /tasks/startservices.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Create scheduler unit 17 | template: src=ciao-scheduler.service.j2 dest=/etc/systemd/system/ciao-scheduler.service 18 | notify: 19 | - reload systemd config 20 | - restart scheduler 21 | 22 | - name: Create controller unit 23 | template: src=ciao-controller.service.j2 dest=/etc/systemd/system/ciao-controller.service 24 | notify: 25 | - reload systemd config 26 | - restart controller 27 | 28 | - name: Copy table files 29 | copy: dest=/var/lib/ciao src=tables owner=ciao group=ciao 30 | 31 | - name: Create workloads directory 32 | file: path=/var/lib/ciao/workloads state=directory owner=ciao group=ciao 33 | 34 | - name: Copy workloads files 35 | template: dest=/var/lib/ciao/workloads/{{ item }} src=workloads/{{ item }}.j2 owner=ciao group=ciao 36 | with_items: 37 | - docker-iperf.yaml 38 | - docker-ubuntu.yaml 39 | - test.yaml 40 | 41 | - name: Create /etc/ciao config dir 42 | file: path=/etc/ciao state=directory owner=ciao group=ciao 43 | 44 | - name: Create configuration file 45 | template: dest=/etc/ciao/configuration.yaml src=configuration.yaml.j2 owner=ciao group=ciao 46 | 47 | - meta: flush_handlers 48 | 49 | - name: Ensure controller services are running 50 | service: name={{ item }} enabled=yes state=started 51 | with_items: 52 | - ciao-scheduler.service 53 | - ciao-controller.service 54 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # clearlinux.ciao-controller 2 | Ansible role to install the controller node for a CIAO cluster 3 | 4 | This role configures the following components 5 | 6 | * ciao scheduler 7 | * ciao controller 8 | 9 | ## Requirements 10 | None 11 | 12 | ## Role Variables 13 | The available variables for this roles are the variables from [clearlinux.ciao-common](https://github.com/clearlinux/ansible-role-ciao-common) plus the following: 14 | 15 | Note: Mandatory variables are shown in **bold** 16 | 17 | Variable | Default Value | Description 18 | -------- | ------------- | ----------- 19 | ciao_controller_ip | `{{ ansible_default_ipv4['address'] }}` | IP Address for CIAO controller node 20 | ciao_mgmt_subnets | `{{ ansible_default_ipv4['network'] }}` | CIAO management subnets 21 | ciao_compute_subnets | `{{ ciao_mgmt_subnet }}` | CIAO compute subnets 22 | ciao_service_user | ciao | OpenStack user for CIAO services 23 | ciao_service_password | ciaoUserPassword | Password for `ciao_service_user` 24 | ciao_admin_email | admin@example.com | CIAO administrator email address 25 | ciao_cert_organization | Example Inc. | Name of the organization running the CIAO cluster 26 | ciao_guest_user | demouser | CIAO virtual machines can be accessed with this username and it's public key 27 | ciao_guest_key | ~/.ssh/id_rsa.pub | A path to an SSH public authentication key for `ciao_guest_user` 28 | ceph_id | admin | Cephx user to authenticate 29 | secret_path | /etc/ceph/ceph.client.admin.keyring| Path to ceph user keyring 30 | 31 | **WARNING**: `ciao_guest_user` and `ciao_guest_key` are a temporary development feature. They give the developer running a dev/test ciao cluster superuser ssh access to all compute workload instances and also all cnci instances. In the future this will be removed when cloud-init and user specified workloads are enabled in the webui and cli. 32 | 33 | ## Dependencies 34 | * [clearlinux.ciao-common](https://github.com/clearlinux/ansible-role-ciao-common) 35 | 36 | ## Example Playbook 37 | file *ciao.yml* 38 | ``` 39 | - hosts: controllers 40 | roles: 41 | - clearlinux.ciao-controller 42 | ``` 43 | 44 | file *group_vars/all* 45 | ``` 46 | keystone_fqdn: identity.example.com 47 | keystone_admin_password: secret 48 | 49 | ciao_service_user: csr 50 | ciao_service_password: secret 51 | ciao_guest_user: demouser 52 | ciao_guest_key: ~/.ssh/id_rsa.pub 53 | ``` 54 | 55 | ## Contribution 56 | **Pull Requests and Issues should be opened at [clearlinux/clear-config-management](https://github.com/clearlinux/clear-config-management).** 57 | 58 | ## License 59 | Apache-2.0 60 | 61 | ## Author Information 62 | This role was created by [Alberto Murillo](alberto.murillo.silva@intel.com) 63 | -------------------------------------------------------------------------------- /tasks/endpoints.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Create CIAO OpenStack Services 17 | keystone: 18 | login_user: admin 19 | login_password: "{{ keystone_admin_password }}" 20 | login_project_name: "admin" 21 | command: "ensure_service" 22 | service_name: "{{ item.service }}" 23 | service_type: "{{ item.type }}" 24 | description: "{{ item.description | default('') }}" 25 | endpoint: "https://{{ keystone_fqdn }}:35357/v3" 26 | insecure: yes 27 | with_items: "{{ ciao_openstack_services }}" 28 | 29 | - name: Create CIAO OpenStack Endpoints 30 | keystone: 31 | login_user: admin 32 | login_password: "{{ keystone_admin_password }}" 33 | login_project_name: "admin" 34 | command: "ensure_endpoint" 35 | region_name: "RegionOne" 36 | service_name: "{{ item.service }}" 37 | service_type: "{{ item.type }}" 38 | endpoint_list: 39 | - url: "{{ item.public_url }}" 40 | interface: "public" 41 | - url: "{{ item.internal_url }}" 42 | interface: "internal" 43 | - url: "{{ item.admin_url }}" 44 | interface: "admin" 45 | endpoint: "https://{{ keystone_fqdn }}:35357/v3" 46 | insecure: yes 47 | with_items: "{{ ciao_openstack_endpoints }}" 48 | 49 | - name: Create CIAO service user for OpenStack 50 | keystone: 51 | login_user: admin 52 | login_password: "{{ keystone_admin_password }}" 53 | login_project_name: "admin" 54 | command: "ensure_user" 55 | user_name: "{{ ciao_service_user }}" 56 | project_name: "service" 57 | password: "{{ ciao_service_password }}" 58 | domain_name: "Default" 59 | email: "{{ ciao_admin_email }}" 60 | endpoint: "https://{{ keystone_fqdn }}:35357/v3" 61 | insecure: yes 62 | 63 | - name: Add CIAO service user to admin role 64 | keystone: 65 | login_user: admin 66 | login_password: "{{ keystone_admin_password }}" 67 | login_project_name: "admin" 68 | command: "ensure_user_role" 69 | user_name: "{{ ciao_service_user }}" 70 | project_name: "service" 71 | role_name: "admin" 72 | endpoint: "https://{{ keystone_fqdn }}:35357/v3" 73 | insecure: yes 74 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # IP Address for CIAO controller node 17 | ciao_controller_ip: "{{ ansible_default_ipv4['address'] }}" 18 | 19 | # CIAO management subnets 20 | ciao_mgmt_subnets: "{{ [(ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr] }}" 21 | 22 | # CIAO compute subnets 23 | ciao_compute_subnets: "{{ ciao_mgmt_subnets }}" 24 | 25 | # OpenStack user for CIAO services 26 | ciao_service_user: ciao 27 | 28 | # Password for 'ciao_service_user' 29 | ciao_service_password: ciaoUserPassword 30 | 31 | # CIAO administrator email address 32 | # this address is embedded in ciao certificates 33 | ciao_admin_email: admin@example.com 34 | 35 | # Name of the organization running the CIAO cluster 36 | # this name is embedded in ciao certificates 37 | ciao_cert_organization: Example Inc. 38 | 39 | # CIAO virtual machines can be accessed with this username and it's public key 40 | ciao_guest_user: demouser 41 | 42 | # A path to an SSH public authentication key for `ciao_guest_user` 43 | ciao_guest_key: ~/.ssh/id_rsa.pub 44 | 45 | # The contents of ciao_guest_key file 46 | ciao_ssh_public_key: "{{ lookup('file', ciao_guest_key) }}" 47 | 48 | # CIAO Services to create in Keystone 49 | ciao_openstack_services: 50 | - service: ciao 51 | type: compute 52 | description: CIAO Compute Service 53 | - service: cinder 54 | type: volume 55 | description: CIAO Storage Service 56 | - service: cinderv2 57 | type: volumev2 58 | description: CIAO Storage Service v2 59 | 60 | # CIAO endpoints to create in Keystone 61 | ciao_openstack_endpoints: 62 | - service: ciao 63 | type: compute 64 | public_url: https://{{ ciao_controller_fqdn }}:8774/v2.1/%(tenant_id)s 65 | internal_url: https://{{ ciao_controller_fqdn }}:8774/v2.1/%(tenant_id)s 66 | admin_url: https://{{ ciao_controller_fqdn }}:8774/v2.1/%(tenant_id)s 67 | - service: cinder 68 | type: volume 69 | public_url: https://{{ ciao_controller_fqdn }}:8776/v1/%(tenant_id)s 70 | internal_url: https://{{ ciao_controller_fqdn }}:8776/v1/%(tenant_id)s 71 | admin_url: https://{{ ciao_controller_fqdn }}:8776/v1/%(tenant_id)s 72 | - service: cinderv2 73 | type: volumev2 74 | public_url: https://{{ ciao_controller_fqdn }}:8776/v2/%(tenant_id)s 75 | internal_url: https://{{ ciao_controller_fqdn }}:8776/v2/%(tenant_id)s 76 | admin_url: https://{{ ciao_controller_fqdn }}:8776/v2/%(tenant_id)s 77 | 78 | # Cephx user to authenticate 79 | ceph_id: admin 80 | 81 | # Path to ceph user keyring 82 | secret_path: /etc/ceph/ceph.client.admin.keyring 83 | -------------------------------------------------------------------------------- /tasks/certificates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Create a local certificates directory if it does not exist 17 | become: no 18 | connection: local 19 | file: path=certificates/ciao state=directory 20 | 21 | - name: Set ciao-cert location 22 | set_fact: ciao_cert={{ (gopath + '/bin/ciao-cert') if ciao_dev else '../../fetch/ciao-cert' }} 23 | 24 | - name: Create Scheduler key and CA certificate 25 | become: no 26 | connection: local 27 | command: > 28 | {{ ciao_cert }} -server -role scheduler 29 | -email={{ ciao_admin_email }} -organization="{{ ciao_cert_organization }}" 30 | -ip={{ ciao_controller_ip }} -host={{ ciao_controller_fqdn }} -verify 31 | args: 32 | chdir: certificates/ciao 33 | creates: CAcert-{{ ciao_controller_fqdn }}.pem 34 | 35 | - name: Create agent keys 36 | become: no 37 | connection: local 38 | command: > 39 | {{ ciao_cert }} -role {{ item.role }} --server-cert 40 | cert-Scheduler-{{ ciao_controller_fqdn }}.pem -email={{ ciao_admin_email }} 41 | --organization="{{ ciao_cert_organization }}" -host=localhost -verify 42 | args: 43 | chdir: certificates/ciao 44 | creates: "{{ item.creates }}" 45 | with_items: 46 | - role: agent 47 | creates: cert-CNAgent-localhost.pem 48 | - role: netagent 49 | creates: cert-NetworkingAgent-localhost.pem 50 | - role: cnciagent 51 | creates: cert-CNCIAgent-localhost.pem 52 | - role: controller 53 | creates: cert-Controller-localhost.pem 54 | 55 | - name: Copy certificates 56 | copy: src=certificates/{{ item }} dest=/etc/pki/{{ item }} 57 | with_items: 58 | - ciao/CAcert-{{ ciao_controller_fqdn }}.pem 59 | - ciao/cert-Controller-localhost.pem 60 | - ciao/cert-Scheduler-{{ ciao_controller_fqdn }}.pem 61 | - keystone/keystone_cert.pem 62 | - keystone/keystone_key.pem 63 | 64 | - name: Install certificate (ClearLinux) 65 | copy: src=certificates/keystone/keystone_cert.pem dest=/etc/ssl/certs 66 | when: ansible_os_family == "Clear linux software for intel architecture" 67 | 68 | - block: 69 | - name: Install certificate (Ubuntu) 70 | copy: 71 | src: certificates/keystone/keystone_cert.pem 72 | dest: /usr/local/share/ca-certificates/keystone_cert.crt 73 | 74 | - name: Update CA certificates (Ubuntu) 75 | command: update-ca-certificates 76 | args: 77 | creates: /etc/ssl/certs/keystone_cert.pem 78 | when: ansible_os_family == "Debian" 79 | 80 | - block: 81 | - name: Install certificate (Fedora) 82 | copy: 83 | src: certificates/keystone/keystone_cert.pem 84 | dest: /etc/pki/ca-trust/source/anchors/keystone_cert.pem 85 | 86 | - name: Update CA trust (Fedora) 87 | command: update-ca-trust 88 | args: 89 | creates: /etc/pki/tls/certs/keystone_cert.pem 90 | when: ansible_os_family == "RedHat" 91 | -------------------------------------------------------------------------------- /tasks/create_cnci_image.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright (c) 2016 Intel Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Check if cnci image is already setup 17 | become: no 18 | stat: path=images/.cnci_ready 19 | register: st 20 | changed_when: False 21 | 22 | - name: Download cnci image 23 | become: no 24 | get_url: 25 | url: "{{ cnci_image_url }}" 26 | dest: images/{{ cnci_image }}.xz 27 | validate_certs: no 28 | register: download_cnci 29 | 30 | - name: Remove old cnci image 31 | become: no 32 | file: path=images/{{ cnci_image }} state=absent 33 | when: download_cnci.changed or not st.stat.exists 34 | 35 | - name: Decompress cnci image 36 | become: no 37 | command: unxz -k {{ cnci_image }}.xz 38 | args: 39 | chdir: images 40 | creates: "{{ cnci_image }}" 41 | register: decompress_cnci 42 | 43 | - block: 44 | - name: Find available loop device 45 | command: "losetup -f" 46 | register: loop_device 47 | 48 | - name: Mount cnci image on loop 49 | command: "losetup {{ loop_device.stdout }} -P images/{{ cnci_image }}" 50 | 51 | - name: Mounting cnci image in /mnt/tmp 52 | mount: 53 | name: /mnt/tmp 54 | src: "{{ loop_device.stdout }}p2" 55 | fstype: ext4 56 | state: mounted 57 | 58 | - name: Set ciao-cnci-agent location 59 | set_fact: ciao_cnci_agent={{ (gopath + '/bin/ciao-cnci-agent') if ciao_dev else 'fetch/ciao-cnci-agent' }} 60 | 61 | - name: Copy ciao_cnci_agent to cnci image 62 | shell: cp {{ ciao_cnci_agent }} /mnt/tmp/usr/bin/ 63 | args: 64 | creates: /mnt/tmp/usr/bin/ciao-cnci-agent 65 | 66 | - name: Copy ciao-cnci-agent.service to cnci image 67 | template: src=ciao-cnci-agent.service.j2 dest=/mnt/tmp/usr/lib/systemd/system/ciao-cnci-agent.service 68 | 69 | - name: Enable ciao-cnci-agent.service in cnci image 70 | command: chroot /mnt/tmp /bin/bash -c "systemctl enable ciao-cnci-agent" 71 | args: 72 | creates: /mnt/tmp/etc/systemd/system/default.target.wants/ciao-cnci-agent.service 73 | 74 | - name: Create /var/lib/ciao in cnci image 75 | file: path=/mnt/tmp/var/lib/ciao state=directory 76 | 77 | - name: Copy CA certificates to cnci image 78 | shell: cp certificates/ciao/CAcert-* /mnt/tmp/var/lib/ciao/CAcert-server-localhost.pem 79 | args: 80 | creates: /mnt/tmp/var/lib/ciao/CAcert-server-localhost.pem 81 | 82 | - name: Copy CNCI Agent certificate 83 | shell: cp certificates/ciao/cert-CNCIAgent-* /mnt/tmp/var/lib/ciao/cert-client-localhost.pem 84 | args: 85 | creates: /mnt/tmp/var/lib/ciao/cert-client-localhost.pem 86 | 87 | - name: Unmounting cnci image 88 | mount: 89 | name: /mnt/tmp 90 | src: "{{ loop_device.stdout }}p2" 91 | fstype: ext4 92 | state: absent 93 | 94 | - name: Detach cnci image from loop device 95 | command: "losetup -d {{ loop_device.stdout }}" 96 | 97 | - name: Creating images/.cnci_ready 98 | become: no 99 | file: path=images/.cnci_ready state=touch 100 | when: decompress_cnci.changed 101 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | --------------------------------------------------------------------------------