summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible
diff options
context:
space:
mode:
authorQiLiang <liangqi1@huawei.com>2016-10-27 06:17:50 +0800
committerQiLiang <liangqi1@huawei.com>2016-10-27 06:18:46 +0800
commit5ac0350135d59f143b91115170b5690631e3f448 (patch)
treeb272d882be516836a45cb8b31f7da5d8372e080e /deploy/adapters/ansible
parentdde596264dadaa3e530adc4e30f9205edfaff3ba (diff)
add osp9 roles
Change-Id: Ie0085f718c2c737ae32c8abf97fd8c0408360acb Signed-off-by: QiLiang <liangqi1@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible')
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/HA-ansible-multinodes.yml265
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/handlers/main.yml13
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_config.yml14
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_install.yml31
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/main.yml23
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/templates/aodh.conf.j246
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/templates/api_paste.ini.j222
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/templates/policy.json.j220
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/vars/Debian.yml22
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/vars/RedHat.yml22
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/aodh/vars/main.yml12
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/apache/files/index.html10
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/apache/tasks/main.yml38
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/Debian.yml37
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/RedHat.yml36
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ceph-mon/tasks/install_mon.yml36
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/ceph_openstack_post.yml19
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/main.yml33
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml37
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ceph-purge/tasks/main.yml37
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/common/tasks/RedHat.yml3
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/common/tasks/main.yml96
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/common/templates/hosts7
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/common/templates/ntp.conf54
-rw-r--r--deploy/adapters/ansible/openstack_osp9/roles/common/templates/openstack_ppa_repo.repo.j27
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/common/templates/pip.conf5
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/common/vars/Debian.yml30
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/common/vars/RedHat.yml26
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/common/vars/main.yml14
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/dashboard/handlers/main.yml12
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/dashboard/tasks/main.yml121
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard-redhat.conf.j221
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf14
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf.j215
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/ports.j215
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/Debian.yml17
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/RedHat.yml19
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/main.yml13
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/database/templates/data.j251
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/database/vars/main.yml39
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ext-network/handlers/main.yml29
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ext-network/tasks/main.yml56
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/Debian.yml18
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/RedHat.yml17
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/main.yml10
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/glance/tasks/nfs.yml67
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/glance/vars/Debian.yml21
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/glance/vars/RedHat.yml23
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/heat/tasks/heat_install.yml39
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/heat/templates/heat.j228
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/keystone/tasks/keystone_install.yml97
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/keystone/vars/RedHat.yml20
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/keystone/vars/main.yml164
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/neutron-compute/tasks/main.yml75
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/neutron-compute/vars/Debian.yml19
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/neutron-network/tasks/main.yml117
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/neutron-network/vars/Debian.yml25
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/nova-compute/tasks/main.yml58
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova-compute.conf11
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova.conf89
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/nova-controller/tasks/nova_config.yml21
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/odl_cluster/tasks/openvswitch.yml148
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/odl_cluster/vars/Debian.yml23
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/log.py41
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/net_init20
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/setup_networks.py73
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/handlers/main.yml11
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/main.yml121
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_controller.yml131
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_sfc_controller.yml140
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/openvswitch.yml64
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/keepalived.conf47
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/ml2_conf.sh15
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/my_configs.debian14
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/network.cfg5
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/Debian.yml15
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/RedHat.yml15
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/main.yml23
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/open-contrail/tasks/uninstall-openvswitch.yml46
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/neutron.j27
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/nova.j23
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/secgroup/vars/Debian.yml35
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/roles/tacker/templates/tacker.j2426
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/templates/dnsmasq-neutron.conf2
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/templates/ml2_conf.ini113
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/templates/neutron.conf486
-rwxr-xr-xdeploy/adapters/ansible/openstack_osp9/templates/nova.conf96
87 files changed, 4476 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/openstack_osp9/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack_osp9/HA-ansible-multinodes.yml
new file mode 100755
index 00000000..c91bc90a
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/HA-ansible-multinodes.yml
@@ -0,0 +1,265 @@
+---
+- hosts: all
+ remote_user: root
+ pre_tasks:
+ - name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /root/.ssh
+ owner: root
+ group: root
+
+ - name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /root/.ssh/config
+ owner: root
+ group: root
+
+ - name: generate ssh keys
+ shell: if [ ! -f ~/.ssh/id_rsa.pub ]; then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; else echo "already gen ssh key!"; fi;
+
+ - name: fetch ssh keys
+ fetch: src=/root/.ssh/id_rsa.pub dest=/tmp/ssh-keys-{{ ansible_hostname }} flat=yes
+
+ - authorized_key:
+ user: root
+ key: "{{ lookup('file', 'item') }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+ max_fail_percentage: 0
+ roles:
+ - common
+
+- hosts: all
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - setup-network
+
+- hosts: ha
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ha
+
+- hosts: controller
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - memcached
+ - apache
+ - database
+ - mq
+ - keystone
+ - nova-controller
+ - neutron-controller
+ - cinder-controller
+ - glance
+ - neutron-common
+ - neutron-network
+ - ceilometer_controller
+# - ext-network
+ - dashboard
+ - heat
+ - aodh
+
+- hosts: all
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - storage
+
+- hosts: compute
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - nova-compute
+ - neutron-compute
+ - cinder-volume
+ - ceilometer_compute
+
+- hosts: all
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - secgroup
+
+- hosts: ceph_adm
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles: []
+ # - ceph-deploy
+
+- hosts: ceph
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-purge
+ - ceph-config
+
+- hosts: ceph_mon
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-mon
+
+- hosts: ceph_osd
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-osd
+
+- hosts: ceph
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-openstack
+
+- hosts: all
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - monitor
+
+
+- hosts: all
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ tasks:
+ - name: set bash to nova
+ user:
+ name: nova
+ shell: /bin/bash
+
+ - name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /var/lib/nova/.ssh
+ owner: nova
+ group: nova
+
+ - name: copy ssh keys for nova
+ shell: cp -rf /root/.ssh/id_rsa /var/lib/nova/.ssh;
+
+ - name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /var/lib/nova/.ssh/config
+ owner: nova
+ group: nova
+
+ - authorized_key:
+ user: nova
+ key: "{{ lookup('file', 'item') }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+
+ - name: chown ssh file
+ shell: chown -R nova:nova /var/lib/nova/.ssh;
+
+
+- hosts: all
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - odl_cluster
+
+- hosts: all
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - onos_cluster
+
+- hosts: all
+ remote_user: root
+ sudo: True
+ max_fail_percentage: 0
+ roles:
+ - open-contrail
+
+- hosts: all
+ remote_user: root
+ #accelerate: true
+ serial: 1
+ max_fail_percentage: 0
+ roles:
+ - odl_cluster_neutron
+
+- hosts: all
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - odl_cluster_post
+
+- hosts: controller
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ext-network
+
+- hosts: controller
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - tacker
+
+- hosts: controller
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - boot-recovery
+
+- hosts: controller
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - controller-recovery
+
+- hosts: compute
+ remote_user: root
+ #accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - compute-recovery
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/handlers/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/handlers/main.yml
new file mode 100755
index 00000000..b3399e0c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/handlers/main.yml
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart aodh services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_config.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_config.yml
new file mode 100755
index 00000000..e60d5338
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_config.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: aodh db sync
+ shell: su -s /bin/sh -c "aodh-dbsync" aodh
+ notify:
+ - restart aodh services
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_install.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_install.yml
new file mode 100755
index 00000000..eb51fbea
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_install.yml
@@ -0,0 +1,31 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install aodh packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: update aodh conf
+ template: src={{ item }} dest=/etc/aodh/aodh.conf
+ backup=yes
+ with_items:
+ - aodh.conf.j2
+# - api_paste.ini.j2
+# - policy.json.j2
+ notify:
+ - restart aodh services
+
+- name: write services to monitor list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: remove default sqlite db
+ shell: rm /var/lib/aodh/aodh.sqlite || touch aodh.sqllite.db.removed
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/main.yml
new file mode 100755
index 00000000..9b61915f
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/main.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include: aodh_install.yml
+ tags:
+ - install
+ - aodh_install
+ - aodh
+
+- include: aodh_config.yml
+ when: inventory_hostname == groups['controller'][0]
+ tags:
+ - config
+ - aodh_config
+ - aodh
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/aodh.conf.j2 b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/aodh.conf.j2
new file mode 100755
index 00000000..d4d232be
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/aodh.conf.j2
@@ -0,0 +1,46 @@
+{% set memcached_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+
+[DEFAULT]
+bind_host = {{ internal_ip }}
+bind_port = 8042
+rpc_backend = rabbit
+auth_strategy = keystone
+debug = True
+
+[oslo_messaging_rabbit]
+rabbit_hosts = {{ internal_vip.ip }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+#rabbit_use_ssl = false
+
+[database]
+connection = mysql://aodh:{{ AODH_DBPASS }}@{{ db_host }}/aodh
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000
+auth_url = http://{{ internal_vip.ip }}:35357
+identity_uri = http://{{ internal_vip.ip }}:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = aodh
+password = {{ AODH_PASS }}
+memcached_servers = {{ memcached_servers }}
+token_cache_time = 300
+revocation_cache_time = 60
+
+[service_credentials]
+os_auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+os_username = aodh
+os_tenant_name = service
+os_password = {{ AODH_PASS }}
+os_endpoint_type = internalURL
+os_region_name = RegionOne
+
+[api]
+host = {{ internal_ip }}
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/api_paste.ini.j2 b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/api_paste.ini.j2
new file mode 100755
index 00000000..151789c4
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/api_paste.ini.j2
@@ -0,0 +1,22 @@
+# aodh API WSGI Pipeline
+# Define the filters that make up the pipeline for processing WSGI requests
+# Note: This pipeline is PasteDeploy's term rather than aodh's pipeline
+# used for processing samples
+
+# Remove authtoken from the pipeline if you don't want to use keystone authentication
+[pipeline:main]
+pipeline = cors request_id authtoken api-server
+
+[app:api-server]
+paste.app_factory = aodh.api.app:app_factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+oslo_config_project = aodh
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = aodh
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/policy.json.j2 b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/policy.json.j2
new file mode 100755
index 00000000..4fd873e9
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/policy.json.j2
@@ -0,0 +1,20 @@
+{
+ "context_is_admin": "role:admin",
+ "segregation": "rule:context_is_admin",
+ "admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s",
+ "default": "rule:admin_or_owner",
+
+ "telemetry:get_alarm": "rule:admin_or_owner",
+ "telemetry:get_alarms": "rule:admin_or_owner",
+ "telemetry:query_alarm": "rule:admin_or_owner",
+
+ "telemetry:create_alarm": "",
+ "telemetry:change_alarm": "rule:admin_or_owner",
+ "telemetry:delete_alarm": "rule:admin_or_owner",
+
+ "telemetry:get_alarm_state": "rule:admin_or_owner",
+ "telemetry:change_alarm_state": "rule:admin_or_owner",
+
+ "telemetry:alarm_history": "rule:admin_or_owner",
+ "telemetry:query_alarm_history": "rule:admin_or_owner"
+}
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/Debian.yml
new file mode 100755
index 00000000..bdf4655e
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/Debian.yml
@@ -0,0 +1,22 @@
+#############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#############################################################################
+---
+packages:
+ - aodh-api
+ - aodh-evaluator
+ - aodh-notifier
+ - aodh-listener
+ - aodh-expirer
+ - python-ceilometerclient
+
+services:
+ - aodh-api
+ - aodh-notifier
+ - aodh-evaluator
+ - aodh-listener
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/RedHat.yml
new file mode 100755
index 00000000..a0381c6b
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/RedHat.yml
@@ -0,0 +1,22 @@
+#############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#############################################################################
+---
+packages:
+ - openstack-aodh-api
+ - openstack-aodh-evaluator
+ - openstack-aodh-notifier
+ - openstack-aodh-listener
+ - openstack-aodh-expirer
+ - python-ceilometerclient
+
+services:
+ - openstack-aodh-api
+ - openstack-aodh-notifier
+ - openstack-aodh-evaluator
+ - openstack-aodh-listener
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/main.yml
new file mode 100755
index 00000000..b17f6ed0
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+##
+## All rights reserved. This program and the accompanying materials
+## are made available under the terms of the Apache License, Version 2.0
+## which accompanies this distribution, and is available at
+## http://www.apache.org/licenses/LICENSE-2.0
+###############################################################################
+---
+packages_noarch: []
+
+services_noarch: []
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/apache/files/index.html b/deploy/adapters/ansible/openstack_osp9/roles/apache/files/index.html
new file mode 100755
index 00000000..f083c4f1
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/apache/files/index.html
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+ <head>
+ <title>Index</title>
+ </head>
+ <body>
+ <a href="/horizon">Openstack Dashboard</a>
+ </body>
+</html>
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/apache/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/apache/tasks/main.yml
new file mode 100755
index 00000000..44407bef
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/apache/tasks/main.yml
@@ -0,0 +1,38 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes"
+ with_items: packages | union(packages_noarch)
+
+- name: assure listen port exist
+ template:
+ dest: '{{ apache_config_dir }}/ports.conf'
+ src: ports.conf.j2
+ notify:
+ - restart apache related services
+
+- name: remove default listen port on centos
+ lineinfile:
+ dest: /etc/httpd/conf/httpd.conf
+ state: absent
+ regexp: 'Listen 80'
+ when: ansible_os_family == 'RedHat'
+
+- name: copy index.html file
+ copy: src=index.html dest=/var/www/html/index.html mode=0644
+ when: ansible_os_family == 'RedHat'
+
+- name: copy index.html file
+ copy: src=index.html dest=/var/www/index.html mode=0644
+ when: ansible_os_family == 'Debian'
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/Debian.yml
new file mode 100755
index 00000000..b749ffaa
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/Debian.yml
@@ -0,0 +1,37 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+ - ceilometer-api
+ - ceilometer-collector
+ - ceilometer-agent-central
+ - ceilometer-agent-notification
+# - ceilometer-alarm-evaluator
+# - ceilometer-alarm-notifier
+ - python-ceilometerclient
+
+ceilometer_services:
+ - ceilometer-agent-central
+ - ceilometer-agent-notification
+ - ceilometer-api
+ - ceilometer-collector
+# - ceilometer-alarm-evaluator
+# - ceilometer-alarm-notifier
+
+ceilometer_configs_templates:
+ - src: ceilometer.j2
+ dest:
+ - /etc/ceilometer/ceilometer.conf
+ - src: cinder.j2
+ dest:
+ - /etc/cinder/cinder.conf
+ - src: glance.j2
+ dest:
+ - /etc/glance/glance-api.conf
+ - /etc/glance/glance-registry.conf
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/RedHat.yml
new file mode 100755
index 00000000..6c5f53ec
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/RedHat.yml
@@ -0,0 +1,36 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+ - openstack-ceilometer-api
+ - openstack-ceilometer-collector
+ - openstack-ceilometer-central
+ - openstack-ceilometer-notification
+# - openstack-ceilometer-alarm
+ - python-ceilometerclient
+
+ceilometer_services:
+ - openstack-ceilometer-central
+ - openstack-ceilometer-notification
+ - openstack-ceilometer-api
+ - openstack-ceilometer-collector
+# - openstack-ceilometer-alarm-evaluator
+# - openstack-ceilometer-alarm-notifier
+
+ceilometer_configs_templates:
+ - src: ceilometer.j2
+ dest:
+ - /etc/ceilometer/ceilometer.conf
+ - src: cinder.j2
+ dest:
+ - /etc/cinder/cinder.conf
+ - src: glance.j2
+ dest:
+ - /etc/glance/glance-api.conf
+ - /etc/glance/glance-registry.conf
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-mon/tasks/install_mon.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-mon/tasks/install_mon.yml
new file mode 100755
index 00000000..0ad666a6
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-mon/tasks/install_mon.yml
@@ -0,0 +1,36 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Create a default data directory
+ file: path="/var/lib/ceph/mon/ceph-{{ inventory_hostname }}" state="directory"
+
+- name: Populate the monitor daemon
+ shell: "ceph-mon --mkfs -i {{ inventory_hostname }} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring"
+
+- name: Change ceph/mon dir owner to ceph
+ shell: "chown -R ceph:ceph /var/lib/ceph/mon"
+ when: ansible_os_family == "Debian"
+
+- name: Touch the done and auto start file
+ file: path="/var/lib/ceph/mon/ceph-{{ inventory_hostname }}/{{ item }}" state="touch"
+ with_items:
+ - "done"
+ - "{{ ceph_start_type }}"
+
+- name: start mon daemon
+ shell: "{{ ceph_start_script }}"
+
+- name: wait for creating osd keyring
+ wait_for: path=/var/lib/ceph/bootstrap-osd/ceph.keyring
+
+- name: fetch osd keyring
+ fetch: src="/var/lib/ceph/bootstrap-osd/ceph.keyring" dest="/tmp/ceph.osd.keyring" flat=yes
+ run_once: True
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/ceph_openstack_post.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/ceph_openstack_post.yml
new file mode 100755
index 00000000..2097ca57
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/ceph_openstack_post.yml
@@ -0,0 +1,19 @@
+##############################################################################
+## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+##
+## All rights reserved. This program and the accompanying materials
+## are made available under the terms of the Apache License, Version 2.0
+## which accompanies this distribution, and is available at
+## http://www.apache.org/licenses/LICENSE-2.0
+###############################################################################
+---
+- name: get mount info
+ command: mount
+ register: mount_info
+
+- name: try unmount image nfs directory
+ shell: |
+ umount /var/lib/glance/images
+ sed -i '/\/var\/lib\/glance\/images/d' /etc/fstab
+ when: mount_info.stdout.find('images') != -1
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/main.yml
new file mode 100755
index 00000000..06c3acb6
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/main.yml
@@ -0,0 +1,33 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- include_vars: "{{ ansible_os_family }}.yml"
+ tags:
+ - ceph_deploy
+ - ceph_openstack_pre
+ - ceph_openstack_conf
+ - ceph_openstack_post
+ - ceph_openstack
+
+- include: ceph_openstack_pre.yml
+ tags:
+ - ceph_deploy
+ - ceph_openstack_pre
+ - ceph_openstack
+
+- include: ceph_openstack_conf.yml
+ tags:
+ - ceph_deploy
+ - ceph_openstack_conf
+ - ceph_openstack
+
+- include: ceph_openstack_post.yml
+ tags:
+ - ceph_deploy
+ - ceph_openstack_post
+ - ceph_openstack
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml
new file mode 100755
index 00000000..0e476085
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml
@@ -0,0 +1,37 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: create osd lv and mount it on /var/local/osd
+ script: create_osd.sh
+
+- name: copy osd keyring
+ copy: src="/tmp/ceph.osd.keyring" dest="/var/lib/ceph/bootstrap-osd/ceph.keyring"
+
+- name: prepare osd disk
+ shell: ceph-disk prepare --fs-type xfs /var/local/osd
+
+- name: change local/osd dir owner to ceph
+ shell: chown ceph:ceph /var/local/osd
+ when: ansible_os_family == "Debian"
+
+- name: activate osd node
+ shell: ceph-disk activate /var/local/osd
+
+- name: enable ceph service
+ service: name=ceph enabled=yes
+
+- name: rebuild osd after reboot
+ lineinfile: dest=/etc/init/ceph-osd-all-starter.conf insertafter="^task" line="pre-start script\n set -e\n /opt/setup_storage/losetup.sh\n sleep 3\n mount /dev/storage-volumes/ceph0 /var/local/osd\nend script"
+ when: ansible_os_family == "Debian"
+
+- name: rebuild osd after reboot for centos
+ lineinfile: dest=/etc/init.d/ceph insertafter="^### END INIT INFO" line="\nsleep 1\nmount /dev/storage-volumes/ceph0 /var/local/osd"
+ when: ansible_os_family == "RedHat"
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-purge/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-purge/tasks/main.yml
new file mode 100755
index 00000000..02013762
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-purge/tasks/main.yml
@@ -0,0 +1,37 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: clear tmp files
+ local_action: shell rm -rf /tmp/ceph*
+ tags:
+ - ceph_purge
+ - ceph_deploy
+
+- name: install ceph-related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - ceph-deploy
+ tags:
+ - ceph_purge
+ - ceph_deploy
+ when: ansible_os_family == "Debian"
+
+- name: purge ceph
+ shell: "ceph-deploy purge {{ inventory_hostname }}; ceph-deploy purgedata {{ inventory_hostname }}; ceph-deploy forgetkeys"
+ tags:
+ - ceph_purge
+ - ceph_deploy
+ when: ansible_os_family == "Debian"
+
+- name: remove monmap
+ file: path="/tmp/monmap" state="absent"
+ tags:
+ - ceph_purge
+ - ceph_deploy
+
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/RedHat.yml
new file mode 100755
index 00000000..b9f01255
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/RedHat.yml
@@ -0,0 +1,3 @@
+---
+- name: add yum repository for openstack
+ template: src=openstack_ppa_repo.repo.j2 dest=/etc/yum.repos.d/openstack_ppa_repo.repo
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/main.yml
new file mode 100755
index 00000000..0f4cf334
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/main.yml
@@ -0,0 +1,96 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: speed up ansible by purging landscape-common
+ apt: pkg=landscape-common state=absent purge=yes
+ when: ansible_os_family == "Debian"
+
+- name: update hosts files to all hosts
+ template: src=hosts dest=/etc/hosts backup=yes
+
+- name: get compass-core hostname
+ local_action: shell hostname
+ register: name
+
+- name: get compass-core addr
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: COMPASS_SERVER
+
+- name: run redhat specific play if os is redhat
+ include: RedHat.yml
+ when: ansible_distribution == "RedHat"
+
+- name: update compass-core name and ip to hosts files
+ shell: |
+ echo "# compass" >> /etc/hosts
+ echo {{ COMPASS_SERVER.stdout_lines[0] }} {{ name.stdout_lines[0] }} >> /etc/hosts
+
+- name: install python-crypto
+ yum: name=python-crypto state=present
+ register: python_crypto_result
+ ignore_errors: yes
+ when: ansible_os_family == "RedHat"
+
+- name: remove python crypt egg file to work-around https://bugs.centos.org/view.php?id=9896&nbn=2
+ shell: rm -rf /usr/lib64/python2.7/site-packages/pycrypto-2.6.1-py2.7.egg-info
+ when: ansible_os_family == "RedHat" and python_crypto_result.msg == "Error unpacking rpm package python2-crypto-2.6.1-9.el7.x86_64\n"
+
+- name: install packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes"
+ with_items: packages | union(packages_noarch)
+
+- name: make config template dir exist
+ file: path=/opt/os_templates state=directory mode=0755
+
+- name: create pip config directory
+ file: path=~/.pip state=directory
+
+- name: update pip.conf
+ template: src=pip.conf dest=~/.pip/{{ pip_conf }}
+
+- name: install pip packages
+ pip: name={{ item }} state=present extra_args='--pre'
+ with_items: pip_packages
+
+- name: install keyczar for accelerate
+ pip: name=python-keyczar state=present extra_args='--pre'
+ delegate_to: 127.0.0.1
+ run_once: true
+
+- name: update ntp conf
+ template: src=ntp.conf dest=/etc/ntp.conf backup=yes
+
+- name: use ntpdate once for initial sync time
+ shell: ntpdate {{ ntp_server }}
+ ignore_errors: True
+
+- name: sync sys clock to hard clock
+ shell: hwclock --systohc
+ ignore_errors: True
+
+- name: create fireball keys dir
+ file: path=~/.fireball.keys state=directory mode=0700
+ delegate_to: 127.0.0.1
+ run_once: true
+
+- name: restart services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services| union(services_noarch)
+
+- name: write services to monitor list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services| union(services_noarch)
+
+- name: kill daemon for accelerate
+ shell: lsof -ni :5099|grep LISTEN|awk '{print $2}'|xargs kill -9
+ ignore_errors: true
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/templates/hosts b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/hosts
new file mode 100755
index 00000000..6f76de51
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/hosts
@@ -0,0 +1,7 @@
+
+# localhost
+127.0.0.1 localhost
+# controller
+172.16.1.1 host1
+# compute
+172.16.1.1 host1
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/templates/ntp.conf b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/ntp.conf
new file mode 100755
index 00000000..2d560be2
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/ntp.conf
@@ -0,0 +1,54 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+# Specify one or more NTP servers.
+
+# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
+# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
+# more information.
+server {{ ntp_server }}
+server {{ internal_vip.ip }}
+
+# Use local server as a fallback.
+server 127.127.1.0 # local clock
+fudge 127.127.1.0 stratum 10
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify
+restrict -6 default kod notrap nomodify
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines. Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/templates/openstack_ppa_repo.repo.j2 b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/openstack_ppa_repo.repo.j2
new file mode 100644
index 00000000..148f3e14
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/openstack_ppa_repo.repo.j2
@@ -0,0 +1,7 @@
+[openstack_ppa_repo]
+name=rhel - openstack_repo
+proxy=_none_
+baseurl=http://{{ COMPASS_SERVER.stdout_lines[0] }}/cblr/repo_mirror/redhat7-osp9-ppa
+enabled=1
+gpgcheck=0
+skip_if_unavailable=1
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/templates/pip.conf b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/pip.conf
new file mode 100755
index 00000000..7bb3e43e
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/pip.conf
@@ -0,0 +1,5 @@
+[global]
+find-links = http://{{ COMPASS_SERVER.stdout_lines[0] }}/pip
+no-index = true
+[install]
+trusted-host={{ COMPASS_SERVER.stdout_lines[0] }}
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/Debian.yml
new file mode 100755
index 00000000..1d7972eb
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/Debian.yml
@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - ubuntu-cloud-keyring
+ - python-dev
+ - openvswitch-datapath-dkms
+ - openvswitch-switch
+ - python-memcache
+ - python-iniparse
+ - python-lxml
+ #- python-d* #TODO, need remove
+
+pip_packages:
+ - crudini
+ - python-keyczar
+ - yang2tosca
+
+pip_conf: pip.conf
+
+services:
+ - ntp
+
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/RedHat.yml
new file mode 100755
index 00000000..8143e1cb
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/RedHat.yml
@@ -0,0 +1,26 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openvswitch
+ - python-devel
+ - python-memcached
+ - gcc
+ - redhat-lsb-core
+ - python-crypto
+
+pip_packages:
+ - crudini
+ - python-keyczar
+
+pip_conf: pip.conf
+
+services:
+ - openvswitch
+ - ntpd
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/main.yml
new file mode 100755
index 00000000..713b6b5f
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - python-pip
+ - ntp
+
+services_noarch: []
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/handlers/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/handlers/main.yml
new file mode 100755
index 00000000..62e0b8e5
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart dashboard services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/tasks/main.yml
new file mode 100755
index 00000000..a6b813a7
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/tasks/main.yml
@@ -0,0 +1,121 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install dashboard packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: remove ubuntu theme
+ action: "{{ ansible_pkg_mgr }} name=openstack-dashboard-ubuntu-theme state=absent"
+ when: ansible_os_family == 'Debian' and not enable_ubuntu_theme
+ notify:
+ - restart dashboard services
+
+- name: remove default apache2 config
+ file:
+ path: '{{ item }}'
+ state: absent
+ when: ansible_os_family == 'Debian'
+ with_items:
+ - '{{ apache_config_dir }}/conf-available/openstack-dashboard.conf'
+ - '{{ apache_config_dir }}/conf-enabled/openstack-dashboard.conf'
+ - '{{ apache_config_dir }}/sites-available/000-default.conf'
+ - '{{ apache_config_dir }}/sites-enabled/000-default.conf'
+ notify:
+ - restart dashboard services
+
+- name: update apache2 configs
+ template:
+ src: openstack-dashboard.conf.j2
+ dest: '{{ apache_config_dir }}/sites-available/openstack-dashboard.conf'
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart dashboard services
+
+- name: update apache2 configs redhat
+ template:
+ src: openstack-dashboard-redhat.conf.j2
+ dest: '{{ apache_config_dir }}/conf.d/openstack-dashboard.conf'
+ when: ansible_os_family == 'RedHat'
+ notify:
+ - restart dashboard services
+
+- name: enable dashboard
+ file:
+ src: "/etc/apache2/sites-available/openstack-dashboard.conf"
+ dest: "/etc/apache2/sites-enabled/openstack-dashboard.conf"
+ state: "link"
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart dashboard services
+
+- name: update ubuntu horizon settings
+ lineinfile:
+ dest: /etc/openstack-dashboard/local_settings.py
+ regexp: '{{ item.regexp }}'
+ line: '{{ item.line }}'
+ with_items:
+ - regexp: '^WEBROOT[ \t]*=.*'
+ line: 'WEBROOT = "/horizon"'
+ - regexp: '^COMPRESS_OFFLINE[ \t]*=.*'
+ line: 'COMPRESS_OFFLINE=True'
+ - regexp: '^ALLOWED_HOSTS[ \t]*=.*'
+ line: 'ALLOWED_HOSTS = ["*"]'
+ - regexp: '^OPENSTACK_HOST[ \t]*=.*'
+ line: 'OPENSTACK_HOST = "{{ internal_ip }}"'
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart dashboard services
+
+- name: precompile horizon css
+ shell: /usr/bin/python /usr/share/openstack-dashboard/manage.py compress --force
+ ignore_errors: True
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart dashboard services
+
+- name: update redhat version horizon settings
+ lineinfile:
+ dest: /etc/openstack-dashboard/local_settings
+ regexp: '{{ item.regexp }}'
+ line: '{{ item.line }}'
+ with_items:
+ - regexp: '^WEBROOT[ \t]*=.*'
+ line: 'WEBROOT = "/horizon"'
+ - regexp: '^COMPRESS_OFFLINE[ \t]*=.*'
+ line: 'COMPRESS_OFFLINE=False'
+ - regexp: '^ALLOWED_HOSTS[ \t]*=.*'
+ line: 'ALLOWED_HOSTS = ["*"]'
+ - regexp: '^OPENSTACK_HOST[ \t]*=.*'
+ line: 'OPENSTACK_HOST = "{{ internal_ip }}"'
+ when: ansible_os_family == 'RedHat'
+ notify:
+ - restart dashboard services
+
+- name: temperarily workaround for logo image issue
+ shell: sed -i "s/src=\"\/dashboard/src=\"\/horizon/g" /usr/share/openstack-dashboard/openstack_dashboard/themes/rcue/templates/horizon/common/_sidebar.html
+ when: ansible_distribution == 'RedHat'
+ notify:
+ - restart dashboard services
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard-redhat.conf.j2 b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard-redhat.conf.j2
new file mode 100755
index 00000000..d4d1f297
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard-redhat.conf.j2
@@ -0,0 +1,21 @@
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+
+WSGIDaemonProcess horizon processes={{ work_threads }} threads={{ work_threads }}
+WSGIProcessGroup horizon
+WSGISocketPrefix run/wsgi
+
+WSGIScriptAlias /horizon {{ horizon_dir }}/openstack_dashboard/wsgi/django.wsgi
+Alias /horizon/static {{ horizon_dir }}/static
+
+<Directory {{ horizon_dir }}/openstack_dashboard/wsgi>
+ Options All
+ AllowOverride All
+ Require all granted
+</Directory>
+
+<Directory {{ horizon_dir }}/static>
+ Options All
+ AllowOverride All
+ Require all granted
+</Directory>
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf
new file mode 100755
index 00000000..a5a791a3
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf
@@ -0,0 +1,14 @@
+<VirtualHost *:80>
+
+WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
+WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
+Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
+
+<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
+Order allow,deny
+Allow from all
+</Directory>
+
+
+</VirtualHost>
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf.j2
new file mode 100755
index 00000000..403fcc22
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf.j2
@@ -0,0 +1,15 @@
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+
+<VirtualHost {{ internal_ip }}:80>
+ WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi
+ WSGIDaemonProcess horizon user=horizon group=horizon processes={{ work_threads }} threads={{ work_threads }}
+ WSGIProcessGroup horizon
+ Alias /static {{ horizon_dir }}/static/
+ Alias /horizon/static {{ horizon_dir }}/static/
+ <Directory {{ horizon_dir }}/wsgi>
+ Order allow,deny
+ Allow from all
+ </Directory>
+</VirtualHost>
+
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/ports.j2 b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/ports.j2
new file mode 100755
index 00000000..0bfa0428
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/ports.j2
@@ -0,0 +1,15 @@
+# if you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen {{ internal_ip }}:80
+
+<IfModule ssl_module>
+ Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+ Listen 443
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/Debian.yml
new file mode 100755
index 00000000..aaeb8cdb
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/Debian.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages: []
+
+services:
+ - memcached
+ - apache2
+
+apache_config_dir: /etc/apache2
+horizon_dir: /usr/share/openstack-dashboard/openstack_dashboard
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/RedHat.yml
new file mode 100755
index 00000000..651cbee3
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/RedHat.yml
@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - mod_wsgi
+ - httpd
+
+services:
+ - httpd
+
+http_config_file: "/etc/httpd/conf/httpd.conf"
+apache_config_dir: /etc/httpd
+horizon_dir: /usr/share/openstack-dashboard
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/main.yml
new file mode 100755
index 00000000..2c940ede
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/main.yml
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - openstack-dashboard
+
+services_noarch: []
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/database/templates/data.j2 b/deploy/adapters/ansible/openstack_osp9/roles/database/templates/data.j2
new file mode 100755
index 00000000..66c2fead
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/database/templates/data.j2
@@ -0,0 +1,51 @@
+#!/bin/sh
+mysql -uroot -Dmysql <<EOF
+drop database if exists keystone;
+drop database if exists glance;
+drop database if exists neutron;
+drop database if exists nova;
+drop database if exists cinder;
+drop database if exists heat;
+drop database if exists aodh;
+
+CREATE DATABASE keystone;
+{% for host in ['%', 'localhost', inventory_hostname] %}
+GRANT ALL ON keystone.* TO 'keystone'@'{{ host }}' IDENTIFIED BY '{{ KEYSTONE_DBPASS }}';
+{% endfor %}
+
+CREATE DATABASE glance;
+{% for host in ['%', 'localhost', inventory_hostname] %}
+GRANT ALL ON glance.* TO 'glance'@'{{ host }}' IDENTIFIED BY '{{ GLANCE_DBPASS }}';
+{% endfor %}
+
+CREATE DATABASE neutron;
+{% for host in ['%', 'localhost', inventory_hostname] %}
+GRANT ALL ON neutron.* TO 'neutron'@'{{ host }}' IDENTIFIED BY '{{ NEUTRON_DBPASS }}';
+{% endfor %}
+
+CREATE DATABASE nova;
+{% for host in ['%', 'localhost', inventory_hostname] %}
+GRANT ALL ON nova.* TO 'nova'@'{{ host }}' IDENTIFIED BY '{{ NOVA_DBPASS }}';
+{% endfor %}
+
+CREATE DATABASE cinder;
+{% for host in ['%', 'localhost', inventory_hostname] %}
+GRANT ALL ON cinder.* TO 'cinder'@'{{ host }}' IDENTIFIED BY '{{ CINDER_DBPASS }}';
+{% endfor %}
+
+CREATE DATABASE heat;
+{% for host in ['%', 'localhost', inventory_hostname] %}
+GRANT ALL ON heat.* TO 'heat'@'{{ host }}' IDENTIFIED BY '{{ HEAT_DBPASS }}';
+{% endfor %}
+
+CREATE DATABASE aodh;
+{% for host in ['%', 'localhost', inventory_hostname] %}
+GRANT ALL ON aodh.* TO 'aodh'@'{{ host }}' IDENTIFIED BY '{{ AODH_DBPASS }}';
+{% endfor %}
+
+{% if WSREP_SST_USER is defined %}
+{% for host in ['%', 'localhost', inventory_hostname] %}
+GRANT ALL ON *.* TO '{{ WSREP_SST_USER }}'@'{{ host }}' IDENTIFIED BY '{{ WSREP_SST_PASS }}';
+{% endfor %}
+{% endif %}
+EOF
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/database/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/database/vars/main.yml
new file mode 100755
index 00000000..a32897f0
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/database/vars/main.yml
@@ -0,0 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch:
+ - mysql
+
+credentials:
+ - user: keystone
+ db: keystone
+ password: "{{ KEYSTONE_DBPASS }}"
+ - user: neutron
+ db: neutron
+ password: "{{ NEUTRON_DBPASS }}"
+ - user: glance
+ db: glance
+ password: "{{ GLANCE_DBPASS }}"
+ - user: nova
+ db: nova_api
+ password: "{{ NOVA_DBPASS }}"
+ - user: nova
+ db: nova
+ password: "{{ NOVA_DBPASS }}"
+ - user: cinder
+ db: cinder
+ password: "{{ CINDER_DBPASS }}"
+ - user: heat
+ db: heat
+ password: "{{ HEAT_DBPASS }}"
+ - user: aodh
+ db: aodh
+ password: "{{ AODH_DBPASS }}"
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/handlers/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/handlers/main.yml
new file mode 100755
index 00000000..36e39072
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/handlers/main.yml
@@ -0,0 +1,29 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart neutron-plugin-openvswitch-agent
+ service: name=neutron-openvswitch-agent state=restarted enabled=yes
+ when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}"
+
+- name: restart neutron-l3-agent
+ service: name=neutron-l3-agent state=restarted enabled=yes
+
+- name: kill dnsmasq
+ command: killall dnsmasq
+ ignore_errors: True
+
+- name: restart neutron-dhcp-agent
+ service: name=neutron-dhcp-agent state=restarted enabled=yes
+
+- name: restart neutron-metadata-agent
+ service: name=neutron-metadata-agent state=restarted enabled=yes
+
+- name: restart xorp
+ service: name=xorp state=restarted enabled=yes sleep=10
+ ignore_errors: True
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/tasks/main.yml
new file mode 100755
index 00000000..b52b9178
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/tasks/main.yml
@@ -0,0 +1,56 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+# FIXME: temporary workaround for openstack api access random failure
+- name: restart api server
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: api_services | union(api_services_noarch)
+
+- name: restart neutron server
+ service: name=neutron-server state=restarted enabled=yes
+
+- name: wait for neutron time
+ shell: "sleep 10"
+
+- name: create external net
+ neutron_network:
+ login_username: ADMIN
+ login_password: "{{ ADMIN_PASS }}"
+ login_tenant_name: admin
+ auth_url: "http://{{ internal_vip.ip }}:35357/v2.0"
+ name: "{{ public_net_info.network }}"
+ provider_network_type: "{{ public_net_info.type }}"
+ provider_physical_network: "{{ public_net_info.provider_network }}"
+ provider_segmentation_id: "{{ public_net_info.segment_id}}"
+ shared: false
+ router_external: yes
+ state: present
+ run_once: true
+ when: 'public_net_info.enable == True'
+
+- name: create external subnet
+ neutron_subnet:
+ login_username: ADMIN
+ login_password: "{{ ADMIN_PASS }}"
+ login_tenant_name: admin
+ auth_url: "http://{{ internal_vip.ip }}:35357/v2.0"
+ name: "{{ public_net_info.subnet }}"
+ network_name: "{{ public_net_info.network }}"
+ cidr: "{{ public_net_info.floating_ip_cidr }}"
+ enable_dhcp: "{{ public_net_info.enable_dhcp }}"
+ no_gateway: "{{ public_net_info.no_gateway }}"
+ gateway_ip: "{{ public_net_info.external_gw }}"
+ allocation_pool_start: "{{ public_net_info.floating_ip_start }}"
+ allocation_pool_end: "{{ public_net_info.floating_ip_end }}"
+ state: present
+ run_once: true
+ when: 'public_net_info.enable == True'
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/Debian.yml
new file mode 100755
index 00000000..0b5c78b6
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/Debian.yml
@@ -0,0 +1,18 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+api_services:
+ - nova-api
+ - glance-api
+ - ceilometer-api
+ - heat-api
+ - heat-api-cfn
+ - aodh-api
+ - cinder-api
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/RedHat.yml
new file mode 100755
index 00000000..886401fd
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/RedHat.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+api_services:
+ - openstack-nova-api
+ - openstack-glance-api
+ - openstack-ceilometer-api
+ - openstack-heat-api
+ - openstack-heat-api-cfn
+ - openstack-cinder-api
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/main.yml
new file mode 100755
index 00000000..b19b6ebf
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/main.yml
@@ -0,0 +1,10 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+api_services_noarch: []
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/glance/tasks/nfs.yml b/deploy/adapters/ansible/openstack_osp9/roles/glance/tasks/nfs.yml
new file mode 100755
index 00000000..deec81f8
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/glance/tasks/nfs.yml
@@ -0,0 +1,67 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: install nfs packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: nfs_packages
+
+- name: install nfs
+ local_action: yum name={{ item }} state=present
+ with_items:
+ - rpcbind
+ - nfs-utils
+ run_once: True
+
+- name: create image directory
+ local_action: file path=/opt/images state=directory mode=0777
+ run_once: True
+
+- name: remove nfs config item if exist
+ local_action: lineinfile dest=/etc/exports state=absent
+ regexp="^/opt/images"
+ run_once: True
+
+- name: update nfs config
+ local_action: lineinfile dest=/etc/exports state=present
+ line="/opt/images *(rw,insecure,sync,all_squash)"
+ run_once: True
+
+- name: restart compass nfs service
+ local_action: service name={{ item }} state=restarted enabled=yes
+ with_items:
+ - rpcbind
+ - nfs-server
+ run_once: True
+
+- name: get mount info
+ command: mount
+ register: mount_info
+ tags:
+ - recovery
+
+- name: get nfs server
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: ip_info
+ tags:
+ - recovery
+
+- name: restart host nfs service
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: '{{ nfs_services }}'
+
+- name: mount image directory
+ shell: |
+ mount -t nfs -onfsvers=3 {{ ip_info.stdout_lines[0] }}:/opt/images /var/lib/glance/images
+ sed -i '/\/var\/lib\/glance\/images/d' /etc/fstab
+ #echo {{ ip_info.stdout_lines[0] }}:/opt/images /var/lib/glance/images/ nfs nfsvers=3 >> /etc/fstab
+ when: mount_info.stdout.find('images') == -1
+ retries: 5
+ delay: 3
+ tags:
+ - recovery
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/Debian.yml
new file mode 100755
index 00000000..d1825012
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/Debian.yml
@@ -0,0 +1,21 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - glance
+ - nfs-common
+
+nfs_packages:
+ - nfs-common
+
+nfs_services: []
+
+services:
+ - glance-registry
+ - glance-api
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/RedHat.yml
new file mode 100755
index 00000000..2987d0c4
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/RedHat.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openstack-glance
+ - rpcbind
+
+nfs_packages:
+ - nfs-utils
+ - rpcbind
+
+nfs_services:
+ - rpcbind
+
+services:
+ - openstack-glance-api
+ - openstack-glance-registry
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/heat/tasks/heat_install.yml b/deploy/adapters/ansible/openstack_osp9/roles/heat/tasks/heat_install.yml
new file mode 100755
index 00000000..b90e6402
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/heat/tasks/heat_install.yml
@@ -0,0 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install heat related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: generate heat service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+# '
+
+- name: create heat user domain
+ shell: >
+ . /opt/admin-openrc-v3.sh;
+ openstack domain create --description "Stack projects and users" heat;
+ openstack user create --domain heat --password {{ HEAT_PASS }} heat_domain_admin;
+ openstack role add --domain heat --user-domain heat --user heat_domain_admin admin;
+ openstack role create heat_stack_owner;
+ openstack role add --project demo --user demo heat_stack_owner;
+ when: inventory_hostname == groups['controller'][0]
+
+- name: update heat conf
+ template: src=heat.j2
+ dest=/etc/heat/heat.conf
+ backup=yes
+ notify:
+ - restart heat service
+ - remove heat-sqlite-db
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/heat/templates/heat.j2 b/deploy/adapters/ansible/openstack_osp9/roles/heat/templates/heat.j2
new file mode 100755
index 00000000..62df9fd9
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/heat/templates/heat.j2
@@ -0,0 +1,28 @@
+[DEFAULT]
+heat_metadata_server_url = http://{{ internal_vip.ip }}:8000
+heat_waitcondition_server_url = http://{{ internal_vip.ip }}:8000/v1/waitcondition
+rpc_backend = rabbit
+rabbit_host = {{ rabbit_host }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+log_dir = /var/log/heat
+stack_domain_admin = heat_domain_admin
+stack_domain_admin_password = {{ HEAT_PASS }}
+stack_user_domain_name = heat
+
+[database]
+connection = mysql://heat:{{ HEAT_DBPASS }}@{{ db_host }}/heat
+idle_timeout = 30
+use_db_reconnect = True
+pool_timeout = 10
+
+[ec2authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
+admin_tenant_name = service
+admin_user = heat
+admin_password = {{ HEAT_PASS }}
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/openstack_osp9/roles/keystone/tasks/keystone_install.yml
new file mode 100755
index 00000000..ba4fc28e
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/keystone/tasks/keystone_install.yml
@@ -0,0 +1,97 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install keystone packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: disable boot auto start
+ file:
+ path={{ item }}
+ state=absent
+ with_items:
+ - /etc/init.d/keystone
+ - /etc/init/keystone.conf
+ when: ansible_os_family == "Debian"
+
+- name: generate keystone service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: delete sqlite database
+ file:
+ path: /var/lib/keystone/keystone.db
+ state: absent
+
+- name: update keystone conf
+ template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes
+ notify:
+ - restart keystone services
+
+- name: assure listen port exist
+ lineinfile:
+ dest: '{{ apache_config_dir }}/ports.conf'
+ regexp: '{{ item.regexp }}'
+ line: '{{ item.line}}'
+ with_items:
+ - regexp: "^Listen {{ internal_ip }}:5000"
+ line: "Listen {{ internal_ip }}:5000"
+ - regexp: "^Listen {{ internal_ip }}:35357"
+ line: "Listen {{ internal_ip }}:35357"
+ notify:
+ - restart keystone services
+
+- name: update apache2 configs
+ template:
+ src: wsgi-keystone.conf.j2
+ dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart keystone services
+
+- name: update apache2 configs
+ template:
+ src: wsgi-keystone.conf.j2
+ dest: '{{ apache_config_dir }}/wsgi-keystone.conf'
+ when: ansible_os_family == 'RedHat'
+ notify:
+ - restart keystone services
+
+- name: enable keystone server
+ file:
+ src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf"
+ dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf"
+ state: "link"
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart keystone services
+
+- name: keystone source files
+ template: src={{ item }} dest=/opt/{{ item }}
+ with_items:
+ - admin-openrc.sh
+ - demo-openrc.sh
+ - admin-openrc-v3.sh
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/RedHat.yml
new file mode 100755
index 00000000..63ddce3c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/RedHat.yml
@@ -0,0 +1,20 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+cron_path: "/var/spool/cron"
+
+packages:
+ - openstack-keystone
+ - python-openstackclient
+
+services:
+ - httpd
+
+apache_config_dir: /etc/httpd/conf.d
+http_service_name: httpd
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/main.yml
new file mode 100755
index 00000000..9e97a29c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/main.yml
@@ -0,0 +1,164 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - python-keystoneclient
+
+services_noarch: []
+os_services:
+ - name: keystone
+ type: identity
+ region: RegionOne
+ description: "OpenStack Identity"
+ publicurl: "http://{{ public_vip.ip }}:5000/v2.0"
+ internalurl: "http://{{ internal_vip.ip }}:5000/v2.0"
+ adminurl: "http://{{ internal_vip.ip }}:35357/v2.0"
+
+ - name: glance
+ type: image
+ region: RegionOne
+ description: "OpenStack Image Service"
+ publicurl: "http://{{ public_vip.ip }}:9292"
+ internalurl: "http://{{ internal_vip.ip }}:9292"
+ adminurl: "http://{{ internal_vip.ip }}:9292"
+
+ - name: nova
+ type: compute
+ region: RegionOne
+ description: "OpenStack Compute"
+ publicurl: "http://{{ public_vip.ip }}:8774/v2/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
+
+ - name: neutron
+ type: network
+ region: RegionOne
+ description: "OpenStack Networking"
+ publicurl: "http://{{ public_vip.ip }}:9696"
+ internalurl: "http://{{ internal_vip.ip }}:9696"
+ adminurl: "http://{{ internal_vip.ip }}:9696"
+
+ - name: ceilometer
+ type: metering
+ region: RegionOne
+ description: "OpenStack Telemetry"
+ publicurl: "http://{{ public_vip.ip }}:8777"
+ internalurl: "http://{{ internal_vip.ip }}:8777"
+ adminurl: "http://{{ internal_vip.ip }}:8777"
+
+ - name: aodh
+ type: alarming
+ region: RegionOne
+ description: "OpenStack Telemetry"
+ publicurl: "http://{{ public_vip.ip }}:8042"
+ internalurl: "http://{{ internal_vip.ip }}:8042"
+ adminurl: "http://{{ internal_vip.ip }}:8042"
+
+ - name: cinder
+ type: volume
+ region: RegionOne
+ description: "OpenStack Block Storage"
+ publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+
+ - name: cinderv2
+ type: volumev2
+ region: RegionOne
+ description: "OpenStack Block Storage v2"
+ publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+
+ - name: heat
+ type: orchestration
+ region: RegionOne
+ description: "OpenStack Orchestration"
+ publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+
+ - name: heat-cfn
+ type: cloudformation
+ region: RegionOne
+ description: "OpenStack CloudFormation Orchestration"
+ publicurl: "http://{{ public_vip.ip }}:8000/v1"
+ internalurl: "http://{{ internal_vip.ip }}:8000/v1"
+ adminurl: "http://{{ internal_vip.ip }}:8000/v1"
+
+os_users:
+ - user: admin
+ password: "{{ ADMIN_PASS }}"
+ email: admin@admin.com
+ role: admin
+ tenant: admin
+ tenant_description: "Admin Tenant"
+
+ - user: glance
+ password: "{{ GLANCE_PASS }}"
+ email: glance@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: nova
+ password: "{{ NOVA_PASS }}"
+ email: nova@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: keystone
+ password: "{{ KEYSTONE_PASS }}"
+ email: keystone@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: neutron
+ password: "{{ NEUTRON_PASS }}"
+ email: neutron@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: ceilometer
+ password: "{{ CEILOMETER_PASS }}"
+ email: ceilometer@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: cinder
+ password: "{{ CINDER_PASS }}"
+ email: cinder@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: aodh
+ password: "{{ AODH_PASS }}"
+ email: aodh@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: heat
+ password: "{{ HEAT_PASS }}"
+ email: heat@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: demo
+ password: ""
+ email: heat@demo.com
+ role: heat_stack_user
+ tenant: demo
+ tenant_description: "Demo Tenant"
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/tasks/main.yml
new file mode 100755
index 00000000..fd3e51d3
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/tasks/main.yml
@@ -0,0 +1,75 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: activate ipv4 forwarding
+ sysctl: name=net.ipv4.ip_forward value=1
+ state=present reload=yes
+
+- name: deactivate ipv4 rp filter
+ sysctl: name=net.ipv4.conf.all.rp_filter value=0
+ state=present reload=yes
+
+- name: deactivate ipv4 default rp filter
+ sysctl: name=net.ipv4.conf.default.rp_filter
+ value=0 state=present reload=yes
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install compute-related neutron packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: fix openstack neutron plugin config file
+ shell: |
+ sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
+ systemctl daemon-reload
+ when: ansible_os_family == 'RedHat'
+
+- name: fix openstack neutron plugin config file ubuntu
+ shell: |
+ sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /etc/init/neutron-openvswitch-agent.conf
+ sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /etc/init.d/neutron-openvswitch-agent
+ when: ansible_os_family == "Debian"
+
+- name: generate neutron compute service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: config ml2 plugin
+ template: src=templates/ml2_conf.ini
+ dest=/etc/neutron/plugins/ml2/ml2_conf.ini
+ backup=yes
+
+- name: ln plugin.ini
+ file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link
+
+- name: config neutron
+ template: src=templates/neutron.conf
+ dest=/etc/neutron/neutron.conf backup=yes
+ notify:
+ - restart neutron compute service
+ - restart nova-compute services
+
+- meta: flush_handlers
+
+- include: ../../neutron-network/tasks/odl.yml
+ when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}"
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/vars/Debian.yml
new file mode 100755
index 00000000..6ae52f3b
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/vars/Debian.yml
@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+packages:
+ - neutron-common
+ - neutron-plugin-ml2
+ - openvswitch-datapath-dkms
+ - openvswitch-switch
+ - neutron-plugin-openvswitch-agent
+
+services:
+ - neutron-openvswitch-agent
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/tasks/main.yml
new file mode 100755
index 00000000..31f7f17c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/tasks/main.yml
@@ -0,0 +1,117 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: activate ipv4 forwarding
+ sysctl: name=net.ipv4.ip_forward value=1
+ state=present reload=yes
+
+- name: deactivate ipv4 rp filter
+ sysctl: name=net.ipv4.conf.all.rp_filter value=0
+ state=present reload=yes
+
+- name: deactivate ipv4 default rp filter
+ sysctl: name=net.ipv4.conf.default.rp_filter
+ value=0 state=present reload=yes
+
+- name: assert kernel support for vxlan
+ command: modinfo -F version vxlan
+ when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
+
+- name: assert iproute2 suppport for vxlan
+ command: ip link add type vxlan help
+ register: iproute_out
+ failed_when: iproute_out.rc == 255
+ when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install neutron network related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: generate neutron network service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: fix openstack neutron plugin config file
+ shell: |
+ sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
+ systemctl daemon-reload
+ when: ansible_os_family == 'RedHat'
+
+- name: fix openstack neutron plugin config file ubuntu
+ shell: |
+ sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /etc/init/neutron-openvswitch-agent.conf
+ sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /etc/init.d/neutron-openvswitch-agent
+ when: ansible_os_family == "Debian"
+
+- name: config l3 agent
+ template: src=l3_agent.ini dest=/etc/neutron/l3_agent.ini
+ backup=yes
+
+- name: config dhcp agent
+ template: src=dhcp_agent.ini dest=/etc/neutron/dhcp_agent.ini
+ backup=yes
+
+- name: update dnsmasq-neutron.conf
+ template: src=templates/dnsmasq-neutron.conf
+ dest=/etc/neutron/dnsmasq-neutron.conf
+
+- name: config metadata agent
+ template: src=metadata_agent.ini
+ dest=/etc/neutron/metadata_agent.ini backup=yes
+
+- name: config ml2 plugin
+ template: src=templates/ml2_conf.ini
+ dest=/etc/neutron/plugins/ml2/ml2_conf.ini
+ backup=yes
+
+- name: ln plugin.ini
+ file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link
+
+- name: config neutron
+ template: src=templates/neutron.conf
+ dest=/etc/neutron/neutron.conf backup=yes
+
+- name: force mtu to 1450 for vxlan
+ lineinfile:
+ dest: /etc/neutron/dnsmasq-neutron.conf
+ regexp: '^dhcp-option-force'
+ line: 'dhcp-option-force=26,1450'
+ when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
+
+- include: firewall.yml
+ when: enable_fwaas == True
+
+- include: vpn.yml
+ when: enable_vpnaas == True
+
+- include: odl.yml
+ when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}"
+
+- name: restart neutron network relation service
+ service: name={{ item }} state=restarted enabled=yes
+ with_flattened:
+ - services_noarch
+ - services
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/vars/Debian.yml
new file mode 100755
index 00000000..c95d0265
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/vars/Debian.yml
@@ -0,0 +1,25 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - neutron-plugin-ml2
+ - openvswitch-datapath-dkms
+ - openvswitch-switch
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-plugin-openvswitch-agent
+
+services:
+ - openvswitch-switch
+ - neutron-openvswitch-agent
+
+openvswitch_agent: neutron-plugin-openvswitch-agent
+
+xorp_packages:
+ - xorp
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/tasks/main.yml
new file mode 100755
index 00000000..fe544630
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/tasks/main.yml
@@ -0,0 +1,58 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install nova-compute related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: restart virtlogd
+ service: name=virtlogd state=started enabled=yes
+ when: ansible_os_family == "Debian"
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: update nova-compute conf
+ template: src={{ item }} dest=/etc/nova/{{ item }}
+ with_items:
+ - nova.conf
+ notify:
+ - restart nova-compute services
+
+- name: get number of cpu support virtualization
+ shell: egrep -c '(vmx|svm)' /proc/cpuinfo
+ register: kvm_cpu_num
+
+- name: update nova-compute conf
+ template: src={{ item }} dest=/etc/nova/{{ item }}
+ with_items:
+ - nova-compute.conf
+ notify:
+ - restart nova-compute services
+
+- name: generate neutron control service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: remove nova sqlite db
+ shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.removed
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova-compute.conf b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova-compute.conf
new file mode 100755
index 00000000..305d408b
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova-compute.conf
@@ -0,0 +1,11 @@
+[DEFAULT]
+compute_driver=libvirt.LibvirtDriver
+force_raw_images = true
+[libvirt]
+{% if kvm_cpu_num.stdout_lines[0]|int == 0 %}
+virt_type=qemu
+{% else %}
+virt_type=kvm
+{% endif %}
+images_type = raw
+mem_stats_period_seconds=0
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova.conf b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova.conf
new file mode 100755
index 00000000..73b49a5a
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova.conf
@@ -0,0 +1,89 @@
+[DEFAULT]
+block_device_allocate_retries=5
+block_device_allocate_retries_interval=300
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+logdir=/var/log/nova
+state_path=/var/lib/nova
+lock_path=/var/lib/nova/tmp
+force_dhcp_release=True
+iscsi_helper=tgtadm
+libvirt_use_virtio_for_bridges=True
+connection_type=libvirt
+root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
+verbose={{ VERBOSE}}
+debug={{ DEBUG }}
+ec2_private_dns_show_ip=True
+api_paste_config=/etc/nova/api-paste.ini
+volumes_path=/var/lib/nova/volumes
+enabled_apis=osapi_compute,metadata
+
+default_floating_pool={{ public_net_info.network }}
+auth_strategy = keystone
+
+rpc_backend = rabbit
+rabbit_host = {{ rabbit_host }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+
+osapi_compute_listen={{ internal_ip }}
+metadata_listen={{ internal_ip }}
+
+my_ip = {{ internal_ip }}
+vnc_enabled = True
+vncserver_listen = {{ internal_ip }}
+vncserver_proxyclient_address = {{ internal_ip }}
+novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html
+
+novncproxy_host = {{ internal_ip }}
+novncproxy_port = 6080
+
+network_api_class = nova.network.neutronv2.api.API
+linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+security_group_api = neutron
+
+instance_usage_audit = True
+instance_usage_audit_period = hour
+notify_on_state_change = vm_and_task_state
+notification_driver = nova.openstack.common.notifier.rpc_notifier
+notification_driver = ceilometer.compute.nova_notifier
+
+[database]
+# The SQLAlchemy connection string used to connect to the database
+connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova
+idle_timeout = 30
+use_db_reconnect = True
+pool_timeout = 10
+
+[api_database]
+connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova_api
+idle_timeout = 30
+use_db_reconnect = True
+pool_timeout = 10
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000/2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
+admin_tenant_name = service
+admin_user = nova
+admin_password = {{ NOVA_PASS }}
+
+[glance]
+host = {{ internal_vip.ip }}
+
+[neutron]
+url = http://{{ internal_vip.ip }}:9696
+auth_strategy = keystone
+admin_tenant_name = service
+admin_username = neutron
+admin_password = {{ NEUTRON_PASS }}
+admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0
+service_metadata_proxy = True
+metadata_proxy_shared_secret = {{ METADATA_SECRET }}
+auth_type = password
+auth_url = http://{{ internal_vip.ip }}:35357
+password = {{ NEUTRON_PASS }}
+username = neutron
+project_domain_name = default
+user_domain_name = default
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/nova-controller/tasks/nova_config.yml b/deploy/adapters/ansible/openstack_osp9/roles/nova-controller/tasks/nova_config.yml
new file mode 100755
index 00000000..f332c97a
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/nova-controller/tasks/nova_config.yml
@@ -0,0 +1,21 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: nova api db sync
+ shell: su -s /bin/sh -c "nova-manage api_db sync" nova
+ ignore_errors: True
+ notify:
+ - restart nova service
+
+- name: nova db sync
+ nova_manage: action=dbsync
+ notify:
+ - restart nova service
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/tasks/openvswitch.yml b/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/tasks/openvswitch.yml
new file mode 100755
index 00000000..33099104
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/tasks/openvswitch.yml
@@ -0,0 +1,148 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+#- name: Install Crudini
+# apt: name={{ item }} state=present
+# with_items:
+# - crudini
+
+- name: install compute packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: compute_packages | union(compute_packages_noarch)
+
+- name: remove neutron-openvswitch-agent service daemon
+ shell: sed -i '/{{ service_ovs_agent_name }}/d' /opt/service ;
+
+- name: shut down and disable Neutron's openvswitch agent services
+ service: name={{ service_ovs_agent_name }} state=stopped enabled=no
+
+- name: remove Neutron's openvswitch agent services
+ shell: >
+ update-rc.d -f {{ service_ovs_agent_name }} remove;
+ mv /etc/init.d/{{ service_ovs_agent_name }} /home/{{ service_ovs_agent_name }};
+ mv /etc/init/{{ service_ovs_agent_name }}.conf /home/{{ service_ovs_agent_name }}.conf;
+ when: ansible_os_family == "Debian"
+
+
+- name: Stop the Open vSwitch service and clear existing OVSDB
+ shell: >
+ service {{ service_ovs_name }} stop ;
+ rm -rf /var/log/openvswitch/* ;
+ rm -rf /etc/openvswitch/conf.db ;
+ service {{ service_ovs_name }} start ;
+
+- name: set opendaylight as the manager
+ command: su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ internal_vip.ip }}:6640;"
+
+- name: check br-int
+ shell: ovs-vsctl list-br | grep br-int; while [ $? -ne 0 ]; do sleep 10; ovs-vsctl list-br | grep br-int; done
+
+- name: set local ip in openvswitch
+ shell: ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) other_config={'local_ip'=' {{ internal_ip }} '};
+
+#'
+
+##################################################################
+########### Recover External network for odl l3 #################
+##################################################################
+
+- name: check br-ex
+ shell: ovs-vsctl list-br | grep br-ex; while [ $? -ne 0 ]; do sleep 10; ovs-vsctl list-br | grep br-ex; done
+ when: odl_l3_agent == "Enable"
+
+- name: add ovs uplink
+ openvswitch_port: bridge=br-ex port={{ item["interface"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and odl_l3_agent == "Enable"
+
+- name: wait 10 seconds
+ shell: sleep 10
+ when: odl_l3_agent == "Enable"
+
+- name: set external nic in openvswitch
+ shell: ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) other_config:provider_mappings=br-ex:{{ item["interface"] }}
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and odl_l3_agent == "Enable"
+
+- name: copy recovery script
+ copy: src={{ item }} dest=/opt/setup_networks
+ with_items:
+ - recover_network_odl_l3.py
+ - setup_networks_odl_l3.py
+ when: odl_l3_agent == "Enable"
+
+- name: recover external script
+ shell: python /opt/setup_networks/recover_network_odl_l3.py
+ when: odl_l3_agent == "Enable"
+
+- name: update keepalived info
+ template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf
+ when: inventory_hostname in groups['odl'] and odl_l3_agent == "Enable"
+
+- name: modify net-init
+ shell: sed -i 's/setup_networks.py/setup_networks_odl_l3.py/g' /etc/init.d/net_init
+ when: odl_l3_agent == "Enable"
+
+##################################################################
+########### Recover External network for odl l2 #################
+##################################################################
+
+- name: add ovs bridge
+ openvswitch_bridge: bridge={{ item["name"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and odl_l3_agent == "Disable"
+
+- name: add ovs uplink
+ openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and odl_l3_agent == "Disable"
+
+- name: copy recovery script
+ copy: src={{ item }} dest=/opt/setup_networks
+ with_items:
+ - recover_network.py
+ when: odl_l3_agent == "Disable"
+
+- name: recover external script
+ shell: python /opt/setup_networks/recover_network.py
+ when: odl_l3_agent == "Disable"
+
+##################################################################
+
+
+- name: restart keepalived to recover external IP
+ shell: service keepalived restart
+ when: inventory_hostname in groups['odl']
+ ignore_errors: True
+
+
+
+##################################################################
+##################################################################
+##################################################################
+- name: configure opendaylight -> ml2
+ shell: >
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True;
+
+#- name: Adjust Service Daemon
+# shell: >
+# sed -i '/neutron-openvswitch-agent/d' /opt/service ;
+# echo opendaylight >> /opt/service ;
+
+- name: copy ml2 configuration script
+ template:
+ src: ml2_conf.sh
+ dest: "/opt/ml2_conf.sh"
+ mode: 0777
+
+- name: execute ml2 configuration script
+ command: su -s /bin/sh -c "/opt/ml2_conf.sh;"
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/vars/Debian.yml
new file mode 100755
index 00000000..a3d5dd02
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/vars/Debian.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+controller_packages:
+# - openjdk-7-jdk
+ - crudini
+
+compute_packages:
+ - crudini
+
+service_ovs_name: openvswitch-switch
+service_ovs_agent_name: neutron-openvswitch-agent
+
+service_file:
+ src: opendaylight.conf
+ dst: /etc/init/opendaylight.conf
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/log.py b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/log.py
new file mode 100755
index 00000000..fffeb589
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/log.py
@@ -0,0 +1,41 @@
+import logging
+import os
+loggers = {}
+log_dir="/var/log/setup_network"
+try:
+ os.makedirs(log_dir)
+except:
+ pass
+
+def getLogger(name):
+ if name in loggers:
+ return loggers[name]
+
+ logger = logging.getLogger(name)
+ logger.setLevel(logging.DEBUG)
+
+ # create file handler which logs even debug messages
+ log_file = "%s/%s.log" % (log_dir, name)
+ try:
+ os.remove(log_file)
+ except:
+ pass
+
+ fh = logging.FileHandler(log_file)
+ fh.setLevel(logging.DEBUG)
+
+ # create console handler with a higher log level
+ ch = logging.StreamHandler()
+ ch.setLevel(logging.ERROR)
+
+ # create formatter and add it to the handlers
+ formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
+ ch.setFormatter(formatter)
+ fh.setFormatter(formatter)
+
+ # add the handlers to logger
+ logger.addHandler(ch)
+ logger.addHandler(fh)
+
+ loggers[name] = logger
+ return logger
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/net_init b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/net_init
new file mode 100755
index 00000000..c27a8bf8
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/net_init
@@ -0,0 +1,20 @@
+#!/bin/bash
+## BEGIN INIT INFO
+# Provides: anamon.init
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
+# Required-Start: $network
+# Short-Description: Starts the cobbler anamon boot notification program
+# Description: anamon runs the first time a machine is booted after
+# installation.
+## END INIT INFO
+
+#
+# anamon.init: Starts the cobbler post-install boot notification program
+#
+# chkconfig: 35 0 6
+#
+# description: anamon runs the first time a machine is booted after
+# installation.
+#
+python /opt/setup_networks/setup_networks.py
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/setup_networks.py b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/setup_networks.py
new file mode 100755
index 00000000..e58d6c72
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/setup_networks.py
@@ -0,0 +1,73 @@
+import yaml
+import netaddr
+import os
+import log as logging
+
+LOG = logging.getLogger("net-init")
+config_path = os.path.join(os.path.dirname(__file__), "network.cfg")
+
+def setup_bondings(bond_mappings):
+ print bond_mappings
+
+def add_vlan_link(interface, ifname, vlan_id):
+ LOG.info("add_vlan_link enter")
+ cmd = "ip link add link %s name %s type vlan id %s; " % (ifname, interface, vlan_id)
+ cmd += "ip link set %s up; ip link set %s up" % (interface, ifname)
+ LOG.info("add_vlan_link: cmd=%s" % cmd)
+ os.system(cmd)
+
+def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None):
+ LOG.info("add_ovs_port enter")
+ cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname)
+ if vlan_id:
+ cmd += " tag=%s" % vlan_id
+ cmd += " -- set Interface %s type=internal;" % ifname
+ cmd += "ip link set dev %s address `ip link show %s |awk '/link\/ether/{print $2}'`;" \
+ % (ifname, uplink)
+ cmd += "ip link set %s up;" % ifname
+ LOG.info("add_ovs_port: cmd=%s" % cmd)
+ os.system(cmd)
+
+def setup_intfs(sys_intf_mappings, uplink_map):
+ LOG.info("setup_intfs enter")
+ for intf_name, intf_info in sys_intf_mappings.items():
+ if intf_info["type"] == "vlan":
+ add_vlan_link(intf_name, intf_info["interface"], intf_info["vlan_tag"])
+ elif intf_info["type"] == "ovs":
+ add_ovs_port(
+ intf_info["interface"],
+ intf_name,
+ uplink_map[intf_info["interface"]],
+ vlan_id=intf_info.get("vlan_tag"))
+ else:
+ pass
+
+def setup_ips(ip_settings, sys_intf_mappings):
+ LOG.info("setup_ips enter")
+ for intf_info in ip_settings.values():
+ network = netaddr.IPNetwork(intf_info["cidr"])
+ if sys_intf_mappings[intf_info["name"]]["type"] == "ovs":
+ intf_name = intf_info["name"]
+ else:
+ intf_name = intf_info["alias"]
+ cmd = "ip addr add %s/%s brd %s dev %s;" \
+ % (intf_info["ip"], intf_info["netmask"], str(network.broadcast),intf_name)
+ if "gw" in intf_info:
+ cmd += "route del default;"
+ cmd += "ip route add default via %s dev %s" % (intf_info["gw"], intf_name)
+ LOG.info("setup_ips: cmd=%s" % cmd)
+ os.system(cmd)
+
+def main(config):
+ uplink_map = {}
+ setup_bondings(config["bond_mappings"])
+ for provider_net in config["provider_net_mappings"]:
+ uplink_map[provider_net['name']] = provider_net['interface']
+
+ setup_intfs(config["sys_intf_mappings"], uplink_map)
+ setup_ips(config["ip_settings"], config["sys_intf_mappings"])
+
+if __name__ == "__main__":
+ os.system("service openvswitch-switch status|| service openvswitch-switch start")
+ config = yaml.load(open(config_path))
+ main(config)
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/handlers/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/handlers/main.yml
new file mode 100755
index 00000000..e099fcf4
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/handlers/main.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart onos service
+ service: name=onos state=restarted enabled=yes
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/main.yml
new file mode 100755
index 00000000..6b619057
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/main.yml
@@ -0,0 +1,121 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install onos related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+ when: groups['onos']|length !=0
+
+- name: remove neutron-openvswitch-agent auto start
+ shell: >
+ update-rc.d neutron-openvswitch-agent remove;
+ sed -i /neutron-openvswitch-agent/d /opt/service
+ when: groups['onos']|length !=0
+ ignore_errors: True
+
+- name: shut down and disable Neutron's agent services
+ service: name=neutron-openvswitch-agent state=stopped
+ when: groups['onos']|length !=0
+ ignore_errors: True
+
+- name: remove neutron-l3-agent auto start
+ shell: >
+ update-rc.d neutron-l3-agent remove;
+ sed -i /neutron-l3-agent/d /opt/service
+ when: inventory_hostname in groups['onos']
+ ignore_errors: True
+
+- name: shut down and disable Neutron's l3 agent services
+ service: name=neutron-l3-agent state=stopped
+ when: inventory_hostname in groups['onos']
+ ignore_errors: True
+
+- name: Stop the Open vSwitch service and clear existing OVSDB
+ shell: >
+ service openvswitch-switch stop ;
+ rm -rf /var/log/openvswitch/* ;
+ rm -rf /etc/openvswitch/conf.db ;
+ service openvswitch-switch start ;
+ when: groups['onos']|length !=0
+ ignore_errors: True
+
+##################################################################
+########### Recover External network #################
+##################################################################
+
+- name: add ovs bridge
+ openvswitch_bridge: bridge={{ item["name"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and groups['onos']|length !=0
+
+- name: add ovs uplink
+ openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and groups['onos']|length !=0
+
+- name: add ovs uplink
+ shell: ip link set {{ item["interface"] }} up
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and groups['onos']|length !=0
+
+- name: ensure script dir exist
+ shell: mkdir -p /opt/setup_networks
+ when: groups['onos']|length !=0
+
+- name: copy scripts
+ copy: src={{ item }} dest=/opt/setup_networks
+ with_items:
+ - setup_networks/log.py
+ - setup_networks/setup_networks.py
+ when: groups['onos']|length !=0
+
+- name: copy boot scripts
+ copy: src={{ item }} dest=/etc/init.d/ mode=0755
+ with_items:
+ - setup_networks/net_init
+ when: groups['onos']|length !=0
+
+- name: copy config files
+ template: src=network.cfg dest=/opt/setup_networks
+ when: groups['onos']|length !=0
+
+- name: make sure python lib exist
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - python-yaml
+ - python-netaddr
+ when: groups['onos']|length !=0
+
+- name: run scripts
+ shell: python /opt/setup_networks/setup_networks.py
+ when: groups['onos']|length !=0
+
+- name: add to boot scripts
+ service: name=net_init enabled=yes
+ when: groups['onos']|length !=0
+##################################################################
+
+- name: restart keepalived to recover external IP
+ shell: service keepalived restart
+ when: inventory_hostname in groups['onos']
+ ignore_errors: True
+
+- name: Install ONOS Cluster on Controller
+ include: onos_controller.yml
+ when: inventory_hostname in groups['onos'] and onos_sfc == "Disable"
+
+- name: Install ONOS Cluster on Controller
+ include: onos_sfc_controller.yml
+ when: inventory_hostname in groups['onos'] and onos_sfc == "Enable"
+
+- name: Config ONOS Cluster
+ include: openvswitch.yml
+ when: groups['onos']|length !=0
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_controller.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_controller.yml
new file mode 100755
index 00000000..9ab8d1c1
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_controller.yml
@@ -0,0 +1,131 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: get image http server
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: http_server
+
+- name: download onos driver packages
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_driver }}" dest=/opt/
+
+- name: unarchive onos driver package
+ command: su -s /bin/sh -c "tar xvf /opt/networking-onos.tar -C /opt/"
+
+- name: install onos driver
+ command: su -s /bin/sh -c "/opt/networking-onos/install_driver.sh"
+
+- name: install onos required packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages
+
+- name: download oracle-jdk8 package file
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_pkg_name }}" dest=/opt/{{ jdk8_pkg_name }}
+
+- name: download oracle-jdk8 script file
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_script_name }}" dest=/opt/
+
+- name: unarchive onos driver package
+ command: su -s /bin/sh -c "tar xvf /opt/install_jdk8.tar -C /opt/"
+
+- name: install install_jdk8 package
+ command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh"
+
+- name: create JAVA_HOME environment variable
+ shell: >
+ export J2SDKDIR=/usr/lib/jvm/java-8-oracle;
+ export J2REDIR=/usr/lib/jvm/java-8-oracle/jre;
+ export PATH=$PATH:/usr/lib/jvm/java-8-oracle/bin:/usr/lib/jvm/java-8-oracle/db/bin:/usr/lib/jvm/java-8-oracle/jre/bin;
+ export JAVA_HOME=/usr/lib/jvm/java-8-oracle;
+ export DERBY_HOME=/usr/lib/jvm/java-8-oracle/db;
+
+- name: create onos group
+ group: name=onos system=yes state=present
+
+- name: create onos user
+ user:
+ name: onos
+ group: onos
+ home: "{{ onos_home }}"
+ createhome: "yes"
+ system: "yes"
+ shell: "/bin/false"
+
+- name: download onos package
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_pkg_name }}" dest=/opt/{{ onos_pkg_name }}
+
+- name: create new jar repository
+ command: su -s /bin/sh -c "mkdir ~/.m2"
+ ignore_errors: True
+
+- name: download jar repository
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ repository }}" dest=~/.m2/
+
+- name: extract jar repository
+ command: su -s /bin/sh -c "tar xvf ~/.m2/repository.tar -C ~/.m2/"
+
+- name: extract onos package
+ command: su -s /bin/sh -c "tar xzf /opt/{{ onos_pkg_name }} -C {{ onos_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files" onos
+
+- name: configure onos service
+ shell: >
+ echo 'export ONOS_OPTS=debug' > {{ onos_home }}/options;
+ echo 'export ONOS_USER=root' >> {{ onos_home }}/options;
+ mkdir {{ onos_home }}/var;
+ mkdir {{ onos_home }}/config;
+ sed -i '/pre-stop/i\env JAVA_HOME=/usr/lib/jvm/java-8-oracle' {{ onos_home }}/init/onos.conf;
+ cp -rf {{ onos_home }}/init/onos.conf /etc/init/;
+ cp -rf {{ onos_home }}/init/onos.conf /etc/init.d/;
+
+- name: configure onos boot feature
+ shell: >
+ sed -i '/^featuresBoot=/c\featuresBoot={{ onos_boot_features }}' {{ onos_home }}/{{ karaf_dist }}/etc/org.apache.karaf.features.cfg;
+
+- name: wait for config time
+ shell: "sleep 10"
+
+- name: start onos service
+ service: name=onos state=started enabled=yes
+
+- name: wait for onos start time
+ shell: "sleep 200"
+
+- name: add onos auto start
+ shell: >
+ echo "onos">>/opt/service
+
+##########################################################################################################
+################################ ONOS connect with OpenStack ################################
+##########################################################################################################
+- name: Configure Neutron1
+ shell: >
+ crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins onos_router;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers onos_ml2;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers vxlan
+
+- name: Create ML2 Configuration File
+ template:
+ src: ml2_conf.sh
+ dest: "/opt/ml2_conf.sh"
+ mode: 0777
+
+- name: Configure Neutron2
+ command: su -s /bin/sh -c "/opt/ml2_conf.sh;"
+
+- name: Configure Neutron3
+ shell: >
+ mysql -e "drop database if exists neutron_ml2;";
+ mysql -e "create database neutron_ml2 character set utf8;";
+ mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';";
+ su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron;
+ su -s /bin/sh -c "neutron-db-manage --subproject networking-sfc upgrade head" neutron;
+
+- name: Restart neutron-server
+ service: name=neutron-server state=restarted
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_sfc_controller.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_sfc_controller.yml
new file mode 100755
index 00000000..226923e8
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_sfc_controller.yml
@@ -0,0 +1,140 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: get image http server
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: http_server
+
+- name: download onos driver packages
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_driver }}" dest=/opt/
+
+- name: download onos sfc driver package
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_sfc_driver }}" dest=/opt/
+
+- name: unarchive onos driver package
+ command: su -s /bin/sh -c "tar xvf /opt/networking-onos.tar -C /opt/"
+
+- name: unarchive onos sfc driver package
+ command: su -s /bin/sh -c "tar xvf /opt/networking-sfc.tar -C /opt/"
+
+- name: install onos driver
+ command: su -s /bin/sh -c "/opt/networking-onos/install_driver.sh"
+
+- name: install onos sfc driver
+ command: su -s /bin/sh -c "/opt/networking-sfc/install_driver.sh"
+
+- name: install onos required packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages
+
+- name: download oracle-jdk8 package file
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_pkg_name }}" dest=/opt/{{ jdk8_pkg_name }}
+
+- name: download oracle-jdk8 script file
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_script_name }}" dest=/opt/
+
+- name: unarchive onos driver package
+ command: su -s /bin/sh -c "tar xvf /opt/install_jdk8.tar -C /opt/"
+
+- name: install install_jdk8 package
+ command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh"
+
+- name: create JAVA_HOME environment variable
+ shell: >
+ export J2SDKDIR=/usr/lib/jvm/java-8-oracle;
+ export J2REDIR=/usr/lib/jvm/java-8-oracle/jre;
+ export PATH=$PATH:/usr/lib/jvm/java-8-oracle/bin:/usr/lib/jvm/java-8-oracle/db/bin:/usr/lib/jvm/java-8-oracle/jre/bin;
+ export JAVA_HOME=/usr/lib/jvm/java-8-oracle;
+ export DERBY_HOME=/usr/lib/jvm/java-8-oracle/db;
+
+- name: create onos group
+ group: name=onos system=yes state=present
+
+- name: create onos user
+ user:
+ name: onos
+ group: onos
+ home: "{{ onos_home }}"
+ createhome: "yes"
+ system: "yes"
+ shell: "/bin/false"
+
+- name: download onos package
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_pkg_name }}" dest=/opt/{{ onos_pkg_name }}
+
+- name: create new jar repository
+ command: su -s /bin/sh -c "mkdir ~/.m2"
+ ignore_errors: True
+
+- name: download jar repository
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ repository }}" dest=~/.m2/
+
+- name: extract jar repository
+ command: su -s /bin/sh -c "tar xvf ~/.m2/repository.tar -C ~/.m2/"
+
+- name: extract onos package
+ command: su -s /bin/sh -c "tar xzf /opt/{{ onos_pkg_name }} -C {{ onos_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files" onos
+
+- name: configure onos service
+ shell: >
+ echo 'export ONOS_OPTS=debug' > {{ onos_home }}/options;
+ echo 'export ONOS_USER=root' >> {{ onos_home }}/options;
+ mkdir {{ onos_home }}/var;
+ mkdir {{ onos_home }}/config;
+ sed -i '/pre-stop/i\env JAVA_HOME=/usr/lib/jvm/java-8-oracle' {{ onos_home }}/init/onos.conf;
+ cp -rf {{ onos_home }}/init/onos.conf /etc/init/;
+ cp -rf {{ onos_home }}/init/onos.conf /etc/init.d/;
+
+- name: configure onos boot feature
+ shell: >
+ sed -i '/^featuresBoot=/c\featuresBoot={{ onos_boot_features }}' {{ onos_home }}/{{ karaf_dist }}/etc/org.apache.karaf.features.cfg;
+
+- name: wait for config time
+ shell: "sleep 10"
+
+- name: start onos service
+ service: name=onos state=started enabled=yes
+
+- name: wait for onos start time
+ shell: "sleep 200"
+
+- name: add onos auto start
+ shell: >
+ echo "onos">>/opt/service
+
+##########################################################################################################
+################################ ONOS connect with OpenStack ################################
+##########################################################################################################
+- name: Configure Neutron1
+ shell: >
+ crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins networking_sfc.services.sfc.plugin.SfcPlugin,networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin,onos_router;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers onos_ml2;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers vxlan
+
+- name: Create ML2 Configuration File
+ template:
+ src: ml2_conf.sh
+ dest: "/opt/ml2_conf.sh"
+ mode: 0777
+
+- name: Configure Neutron2
+ command: su -s /bin/sh -c "/opt/ml2_conf.sh;"
+
+- name: Configure Neutron3
+ shell: >
+ mysql -e "drop database if exists neutron_ml2;";
+ mysql -e "create database neutron_ml2 character set utf8;";
+ mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';";
+ su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron;
+ su -s /bin/sh -c "neutron-db-manage --subproject networking-sfc upgrade head" neutron;
+
+- name: Restart neutron-server
+ service: name=neutron-server state=restarted
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/openvswitch.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/openvswitch.yml
new file mode 100755
index 00000000..76863890
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/openvswitch.yml
@@ -0,0 +1,64 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: set veth port
+ shell: >
+ ip link add onos_port1 type veth peer name onos_port2;
+ ifconfig onos_port1 up;
+ ifconfig onos_port2 up;
+ ignore_errors: True
+
+- name: set veth to ovs
+ shell: >
+ export externamMac=`ifconfig eth1 | grep -Eo '\<[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'`;
+ ifconfig onos_port2 hw ether $externamMac;
+ ovs-vsctl add-port br-prv onos_port1;
+ ignore_errors: True
+
+- name: add openflow-base feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-openflow-base'";
+ when: inventory_hostname in groups['onos']
+
+- name: add openflow feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-openflow'";
+ when: inventory_hostname in groups['onos']
+
+- name: add ovsdatabase feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-ovsdatabase'";
+ when: inventory_hostname in groups['onos']
+
+- name: add ovsdb-base feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-ovsdb-base'";
+ when: inventory_hostname in groups['onos']
+
+- name: add onos driver ovsdb feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-drivers-ovsdb'";
+ when: inventory_hostname in groups['onos']
+
+- name: add ovsdb provider host feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-ovsdb-provider-host'";
+ when: inventory_hostname in groups['onos']
+
+- name: add vtn feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-app-vtn-onosfw'";
+ when: inventory_hostname in groups['onos']
+
+- name: set public eth card start
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'externalportname-set -n onos_port2'"
+ when: inventory_hostname in groups['onos']
+
+- name: Set ONOS as the manager
+ command: su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ ip_settings[groups['onos'][0]]['mgmt']['ip'] }}:6640;"
+
+- name: delete default gateway
+ shell: >
+ route delete default;
+ when: inventory_hostname not in groups['onos']
+ ignore_errors: True
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/keepalived.conf b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/keepalived.conf
new file mode 100755
index 00000000..4ccf1c43
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/keepalived.conf
@@ -0,0 +1,47 @@
+global_defs {
+ router_id {{ inventory_hostname }}
+}
+
+vrrp_sync_group VG1 {
+ group {
+ internal_vip
+ public_vip
+ }
+}
+
+vrrp_instance internal_vip {
+ interface {{ internal_vip.interface }}
+ virtual_router_id {{ vrouter_id_internal }}
+ state BACKUP
+ nopreempt
+ advert_int 1
+ priority {{ 50 + (host_index[inventory_hostname] * 50) }}
+
+ authentication {
+ auth_type PASS
+ auth_pass 1234
+ }
+
+ virtual_ipaddress {
+ {{ internal_vip.ip }}/{{ internal_vip.netmask }} dev {{ internal_vip.interface }}
+ }
+}
+
+vrrp_instance public_vip {
+ interface br-ex
+ virtual_router_id {{ vrouter_id_public }}
+ state BACKUP
+ nopreempt
+ advert_int 1
+ priority {{ 50 + (host_index[inventory_hostname] * 50) }}
+
+ authentication {
+ auth_type PASS
+ auth_pass 4321
+ }
+
+ virtual_ipaddress {
+ {{ network_cfg.public_vip.ip }}/{{ network_cfg.public_vip.netmask }} dev br-ex
+ }
+
+}
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/ml2_conf.sh b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/ml2_conf.sh
new file mode 100755
index 00000000..8af03df4
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/ml2_conf.sh
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+cat <<EOT>> /etc/neutron/plugins/ml2/ml2_conf.ini
+[onos]
+password = admin
+username = admin
+url_path = http://{{ ip_settings[groups['onos'][0]]['mgmt']['ip'] }}:8181/onos/vtn
+EOT
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/my_configs.debian b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/my_configs.debian
new file mode 100755
index 00000000..5ab1519b
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/my_configs.debian
@@ -0,0 +1,14 @@
+{%- for alias, intf in host_ip_settings.items() %}
+
+auto {{ alias }}
+iface {{ alias }} inet static
+ address {{ intf["ip"] }}
+ netmask {{ intf["netmask"] }}
+{% if "gw" in intf %}
+ gateway {{ intf["gw"] }}
+{% endif %}
+{% if intf["name"] == alias %}
+ pre-up ip link set {{ sys_intf_mappings[alias]["interface"] }} up
+ pre-up ip link add link {{ sys_intf_mappings[alias]["interface"] }} name {{ alias }} type vlan id {{ sys_intf_mappings[alias]["vlan_tag"] }}
+{% endif %}
+{% endfor %}
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/network.cfg b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/network.cfg
new file mode 100755
index 00000000..75ba90cb
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/network.cfg
@@ -0,0 +1,5 @@
+bond_mappings: {{ network_cfg["bond_mappings"] }}
+ip_settings: {{ ip_settings[inventory_hostname] }}
+sys_intf_mappings: {{ sys_intf_mappings }}
+provider_net_mappings: {{ network_cfg["provider_net_mappings"] }}
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/Debian.yml
new file mode 100755
index 00000000..c480dd9f
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/Debian.yml
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - software-properties-common
+ - crudini
+ - git
+
+services: []
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/RedHat.yml
new file mode 100755
index 00000000..c480dd9f
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/RedHat.yml
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - software-properties-common
+ - crudini
+ - git
+
+services: []
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/main.yml
new file mode 100755
index 00000000..0f6204e2
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/main.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch: []
+onos_pkg_name: onos-1.6.0.tar.gz
+onos_home: /opt/onos/
+karaf_dist: apache-karaf-3.0.5
+jdk8_pkg_name: jdk-8u51-linux-x64.tar.gz
+jdk8_script_name: install_jdk8.tar
+onos_driver: networking-onos.tar
+onos_sfc_driver: networking-sfc.tar
+repository: repository.tar
+onos_boot_features: config,standard,region,package,kar,ssh,management,webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui,onos-openflow-base, onos-openflow, onos-ovsdatabase, onos-ovsdb-base, onos-drivers-ovsdb, onos-ovsdb-provider-host, onos-app-vtn-onosfw
+
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/open-contrail/tasks/uninstall-openvswitch.yml b/deploy/adapters/ansible/openstack_osp9/roles/open-contrail/tasks/uninstall-openvswitch.yml
new file mode 100755
index 00000000..836cb78b
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/open-contrail/tasks/uninstall-openvswitch.yml
@@ -0,0 +1,46 @@
+---
+- name: del ovs bridge
+ shell: ovs-vsctl del-br br-int; ovs-vsctl del-br br-tun; ovs-vsctl del-br br-prv;
+
+- name: remove ovs and ovs-plugin daeman
+ shell: >
+ sed -i '/neutron-openvswitch-agent/d' /opt/service ;
+ sed -i '/openvswitch-switch/d' /opt/service ;
+
+- name: stop ovs and ovs-plugin
+ shell: service openvswitch-switch stop; service neutron-openvswitch-agent stop;
+
+- name: remove ovs and ovs-plugin files
+ shell: >
+ update-rc.d -f neutron-openvswitch-agent remove;
+ mv /etc/init.d/neutron-openvswitch-agent /home/neutron-openvswitch-agent;
+ mv /etc/init/neutron-openvswitch-agent.conf /home/neutron-openvswitch-agent.conf;
+ update-rc.d -f openvswitch-switch remove ;
+ mv /etc/init.d/openvswitch-switch /home/openvswitch-switch ;
+ mv /etc/init/openvswitch-switch.conf /home/openvswitch-switch.conf ;
+ update-rc.d -f neutron-ovs-cleanup remove ;
+ mv /etc/init.d/neutron-ovs-cleanup /home/neutron-ovs-cleanup ;
+ mv /etc/init/neutron-ovs-cleanup.conf /home/neutron-ovs-cleanup.conf ;
+
+- name: remove ovs kernel module
+ shell: rmmod vport_vxlan; rmmod openvswitch;
+ ignore_errors: True
+
+- name: copy recovery script
+ copy: src={{ item }} dest=/opt/setup_networks
+ with_items:
+# - recover_network_opencontrail.py
+ - setup_networks_opencontrail.py
+
+#- name: recover external script
+# shell: python /opt/setup_networks/recover_network_opencontrail.py
+
+- name: modify net-init
+ shell: sed -i 's/setup_networks.py/setup_networks_opencontrail.py/g' /etc/init.d/net_init
+
+- name: resolve dual NIC problem
+ shell: >
+ echo "net.ipv4.conf.all.arp_ignore=1" >> /etc/sysctl.conf ;
+ /sbin/sysctl -p ;
+ echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore ;
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/neutron.j2 b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/neutron.j2
new file mode 100755
index 00000000..e7107660
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/neutron.j2
@@ -0,0 +1,7 @@
+[securitygroup]
+firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+enable_security_group = True
+
+[agent]
+prevent_arp_spoofing = False
+
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/nova.j2 b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/nova.j2
new file mode 100755
index 00000000..7dbc216a
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/nova.j2
@@ -0,0 +1,3 @@
+[DEFAULT]
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+security_group_api = neutron
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/secgroup/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/vars/Debian.yml
new file mode 100755
index 00000000..221a3d92
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/vars/Debian.yml
@@ -0,0 +1,35 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+configs_templates:
+ - src: nova.j2
+ dest:
+ - /etc/nova/nova.conf
+ - src: neutron.j2
+ dest:
+ - /etc/neutron/plugins/ml2/ml2_conf.ini
+ - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+ - /etc/neutron/plugins/ml2/restproxy.ini
+
+controller_services:
+ - nova-api
+ - nova-cert
+ - nova-conductor
+ - nova-consoleauth
+ - nova-novncproxy
+ - nova-scheduler
+ - neutron-server
+ - neutron-openvswitch-agent
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-metadata-agent
+
+compute_services:
+ - nova-compute
+ - neutron-openvswitch-agent
diff --git a/deploy/adapters/ansible/openstack_osp9/roles/tacker/templates/tacker.j2 b/deploy/adapters/ansible/openstack_osp9/roles/tacker/templates/tacker.j2
new file mode 100755
index 00000000..f1d9125b
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/roles/tacker/templates/tacker.j2
@@ -0,0 +1,426 @@
+[DEFAULT]
+# Print more verbose output (set logging level to INFO instead of default WARNING level).
+verbose = True
+
+# Print debugging output (set logging level to DEBUG instead of default WARNING level).
+debug = True
+
+# Where to store Tacker state files. This directory must be writable by the
+# user executing the agent.
+state_path = /var/lib/tacker
+
+# Where to store lock files
+lock_path = $state_path/lock
+
+auth_strategy = keystone
+policy_file = /usr/local/etc/tacker/policy.json
+
+# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
+# log_date_format = %Y-%m-%d %H:%M:%S
+
+# use_syslog -> syslog
+# log_file and log_dir -> log_dir/log_file
+# (not log_file) and log_dir -> log_dir/{binary_name}.log
+# use_stderr -> stderr
+# (not user_stderr) and (not log_file) -> stdout
+# publish_errors -> notification system
+
+use_syslog = False
+# syslog_log_facility = LOG_USER
+
+# use_stderr = True
+# log_file =
+# log_dir =
+
+# publish_errors = False
+
+# Address to bind the API server to
+bind_host = {{ internal_ip }}
+
+# Port the bind the API server to
+bind_port = 8888
+
+# Path to the extensions. Note that this can be a colon-separated list of
+# paths. For example:
+# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
+# The __path__ of tacker.extensions is appended to this, so if your
+# extensions are in there you don't need to specify them here
+# api_extensions_path =
+
+# (StrOpt) Tacker core plugin entrypoint to be loaded from the
+# tacker.core_plugins namespace. See setup.cfg for the entrypoint names of the
+# plugins included in the tacker source distribution. For compatibility with
+# previous versions, the class name of a plugin can be specified instead of its
+# entrypoint name.
+#
+# core_plugin =
+# Example: core_plugin = ml2
+
+# (ListOpt) List of service plugin entrypoints to be loaded from the
+# tacker.service_plugins namespace. See setup.cfg for the entrypoint names of
+# the plugins included in the tacker source distribution. For compatibility
+# with previous versions, the class name of a plugin can be specified instead
+# of its entrypoint name.
+#
+# service_plugins =
+# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
+
+service_plugins = vnfm,nfvo
+
+# Paste configuration file
+# api_paste_config = api-paste.ini
+
+# The strategy to be used for auth.
+# Supported values are 'keystone'(default), 'noauth'.
+# auth_strategy = keystone
+
+# Allow sending resource operation notification to DHCP agent
+# dhcp_agent_notification = True
+
+# Enable or disable bulk create/update/delete operations
+# allow_bulk = True
+# Enable or disable pagination
+# allow_pagination = False
+# Enable or disable sorting
+# allow_sorting = False
+# Enable or disable overlapping IPs for subnets
+# Attention: the following parameter MUST be set to False if Tacker is
+# being used in conjunction with nova security groups
+# allow_overlapping_ips = False
+# Ensure that configured gateway is on subnet
+# force_gateway_on_subnet = False
+
+
+# RPC configuration options. Defined in rpc __init__
+# The messaging module to use, defaults to kombu.
+# rpc_backend = tacker.openstack.common.rpc.impl_kombu
+# Size of RPC thread pool
+# rpc_thread_pool_size = 64
+# Size of RPC connection pool
+# rpc_conn_pool_size = 30
+# Seconds to wait for a response from call or multicall
+# rpc_response_timeout = 60
+# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
+# rpc_cast_timeout = 30
+# Modules of exceptions that are permitted to be recreated
+# upon receiving exception data from an rpc call.
+# allowed_rpc_exception_modules = tacker.openstack.common.exception, nova.exception
+# AMQP exchange to connect to if using RabbitMQ or QPID
+# control_exchange = tacker
+
+# If passed, use a fake RabbitMQ provider
+# fake_rabbit = False
+
+# Configuration options if sending notifications via kombu rpc (these are
+# the defaults)
+# SSL version to use (valid only if SSL enabled)
+# kombu_ssl_version =
+# SSL key file (valid only if SSL enabled)
+# kombu_ssl_keyfile =
+# SSL cert file (valid only if SSL enabled)
+# kombu_ssl_certfile =
+# SSL certification authority file (valid only if SSL enabled)
+# kombu_ssl_ca_certs =
+# IP address of the RabbitMQ installation
+# rabbit_host = localhost
+# Password of the RabbitMQ server
+# rabbit_password = guest
+# Port where RabbitMQ server is running/listening
+# rabbit_port = 5672
+# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
+# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
+# rabbit_hosts = localhost:5672
+# User ID used for RabbitMQ connections
+# rabbit_userid = guest
+# Location of a virtual RabbitMQ installation.
+# rabbit_virtual_host = /
+# Maximum retries with trying to connect to RabbitMQ
+# (the default of 0 implies an infinite retry count)
+# rabbit_max_retries = 0
+# RabbitMQ connection retry interval
+# rabbit_retry_interval = 1
+# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
+# wipe RabbitMQ database when changing this option. (boolean value)
+# rabbit_ha_queues = false
+
+# QPID
+# rpc_backend=tacker.openstack.common.rpc.impl_qpid
+# Qpid broker hostname
+# qpid_hostname = localhost
+# Qpid broker port
+# qpid_port = 5672
+# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
+# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
+# qpid_hosts = localhost:5672
+# Username for qpid connection
+# qpid_username = ''
+# Password for qpid connection
+# qpid_password = ''
+# Space separated list of SASL mechanisms to use for auth
+# qpid_sasl_mechanisms = ''
+# Seconds between connection keepalive heartbeats
+# qpid_heartbeat = 60
+# Transport to use, either 'tcp' or 'ssl'
+# qpid_protocol = tcp
+# Disable Nagle algorithm
+# qpid_tcp_nodelay = True
+
+# ZMQ
+# rpc_backend=tacker.openstack.common.rpc.impl_zmq
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address.
+# rpc_zmq_bind_address = *
+
+# ============ Notification System Options =====================
+
+# Notifications can be sent when network/subnet/port are created, updated or deleted.
+# There are three methods of sending notifications: logging (via the
+# log_file directive), rpc (via a message queue) and
+# noop (no notifications sent, the default)
+
+# Notification_driver can be defined multiple times
+# Do nothing driver
+# notification_driver = tacker.openstack.common.notifier.no_op_notifier
+# Logging driver
+# notification_driver = tacker.openstack.common.notifier.log_notifier
+# RPC driver.
+notification_driver = tacker.openstack.common.notifier.rpc_notifier
+
+# default_notification_level is used to form actual topic name(s) or to set logging level
+# default_notification_level = INFO
+
+# default_publisher_id is a part of the notification payload
+# host = myhost.com
+# default_publisher_id = $host
+
+# Defined in rpc_notifier, can be comma separated values.
+# The actual topic names will be %s.%(default_notification_level)s
+# notification_topics = notifications
+
+# Default maximum number of items returned in a single response,
+# value == infinite and value < 0 means no max limit, and value must
+# be greater than 0. If the number of items requested is greater than
+# pagination_max_limit, server will just return pagination_max_limit
+# of number of items.
+# pagination_max_limit = -1
+
+# Maximum number of DNS nameservers per subnet
+# max_dns_nameservers = 5
+
+# Maximum number of host routes per subnet
+# max_subnet_host_routes = 20
+
+# Maximum number of fixed ips per port
+# max_fixed_ips_per_port = 5
+
+# =========== items for agent management extension =============
+# Seconds to regard the agent as down; should be at least twice
+# report_interval, to be sure the agent is down for good
+# agent_down_time = 75
+# =========== end of items for agent management extension =====
+
+# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
+# networks to first DHCP agent which sends get_active_networks message to
+# tacker server
+# network_auto_schedule = True
+
+# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
+# routers to first L3 agent which sends sync_routers message to tacker server
+# router_auto_schedule = True
+
+# Number of DHCP agents scheduled to host a network. This enables redundant
+# DHCP agents for configured networks.
+# dhcp_agents_per_network = 1
+
+# =========== end of items for agent scheduler extension =====
+
+# =========== WSGI parameters related to the API server ==============
+# Number of separate worker processes to spawn. The default, 0, runs the
+# worker thread in the current process. Greater than 0 launches that number of
+# child processes as workers. The parent process manages them.
+# api_workers = 0
+
+# Number of separate RPC worker processes to spawn. The default, 0, runs the
+# worker thread in the current process. Greater than 0 launches that number of
+# child processes as RPC workers. The parent process manages them.
+# This feature is experimental until issues are addressed and testing has been
+# enabled for various plugins for compatibility.
+# rpc_workers = 0
+
+# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
+# starting API server. Not supported on OS X.
+# tcp_keepidle = 600
+
+# Number of seconds to keep retrying to listen
+# retry_until_window = 30
+
+# Number of backlog requests to configure the socket with.
+# backlog = 4096
+
+# Max header line to accommodate large tokens
+# max_header_line = 16384
+
+# Enable SSL on the API server
+# use_ssl = False
+
+# Certificate file to use when starting API server securely
+# ssl_cert_file = /path/to/certfile
+
+# Private key file to use when starting API server securely
+# ssl_key_file = /path/to/keyfile
+
+# CA certificate file to use when starting API server securely to
+# verify connecting clients. This is an optional parameter only required if
+# API clients need to authenticate to the API server using SSL certificates
+# signed by a trusted CA
+# ssl_ca_file = /path/to/cafile
+# ======== end of WSGI parameters related to the API server ==========
+
+
+# ======== tacker nova interactions ==========
+# Send notification to nova when port status is active.
+# notify_nova_on_port_status_changes = True
+
+# Send notifications to nova when port data (fixed_ips/floatingips) change
+# so nova can update it's cache.
+# notify_nova_on_port_data_changes = True
+
+# URL for connection to nova (Only supports one nova region currently).
+# nova_url = http://127.0.0.1:8774/v2
+
+# Name of nova region to use. Useful if keystone manages more than one region
+# nova_region_name =
+
+# Username for connection to nova in admin context
+# nova_admin_username =
+
+# The uuid of the admin nova tenant
+# nova_admin_tenant_id =
+
+# Password for connection to nova in admin context.
+# nova_admin_password =
+
+# Authorization URL for connection to nova in admin context.
+# nova_admin_auth_url =
+
+# CA file for novaclient to verify server certificates
+# nova_ca_certificates_file =
+
+# Boolean to control ignoring SSL errors on the nova url
+# nova_api_insecure = False
+
+# Number of seconds between sending events to nova if there are any events to send
+# send_events_interval = 2
+
+# ======== end of tacker nova interactions ==========
+
+[agent]
+# Use "sudo tacker-rootwrap /etc/tacker/rootwrap.conf" to use the real
+# root filter facility.
+# Change to "sudo" to skip the filtering and just run the comand directly
+root_helper = sudo /usr/local/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf
+
+# =========== items for agent management extension =============
+# seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time
+# report_interval = 30
+
+# =========== end of items for agent management extension =====
+
+[keystone_authtoken]
+signing_dir = /var/cache/tacker
+#cafile = /opt/stack/data/ca-bundle.pem
+#project_domain_id = default
+project_name = service
+#user_domain_id = default
+password = console
+username = tacker
+auth_url = http://{{ internal_vip.ip }}:35357
+auth_plugin = password
+identity_uri = http://{{ internal_vip.ip }}:5000
+auth_uri = http://{{ internal_vip.ip }}:5000
+
+
+[database]
+# This line MUST be changed to actually run the plugin.
+# Example:
+# connection = mysql://root:pass@127.0.0.1:3306/tacker
+connection = mysql://tacker:TACKER_DBPASS@{{ internal_vip.ip }}:3306/tacker?charset=utf8
+# Replace 127.0.0.1 above with the IP address of the database used by the
+# main tacker server. (Leave it as is if the database runs on this host.)
+# connection = sqlite://
+# NOTE: In deployment the [database] section and its connection attribute may
+# be set in the corresponding core plugin '.ini' file. However, it is suggested
+# to put the [database] section and its connection attribute in this
+# configuration file.
+
+# Database engine for which script will be generated when using offline
+# migration
+# engine =
+
+# The SQLAlchemy connection string used to connect to the slave database
+# slave_connection =
+
+# Database reconnection retry times - in event connectivity is lost
+# set to -1 implies an infinite retry count
+# max_retries = 10
+
+# Database reconnection interval in seconds - if the initial connection to the
+# database fails
+# retry_interval = 10
+
+# Minimum number of SQL connections to keep open in a pool
+# min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool
+# max_pool_size = 10
+
+# Timeout in seconds before idle sql connections are reaped
+# idle_timeout = 3600
+
+# If set, use this value for max_overflow with sqlalchemy
+# max_overflow = 20
+
+# Verbosity of SQL debugging information. 0=None, 100=Everything
+# connection_debug = 0
+
+# Add python stack traces to SQL as comment strings
+# connection_trace = False
+
+# If set, use this value for pool_timeout with sqlalchemy
+# pool_timeout = 10
+
+[tacker]
+# Specify drivers for hosting device
+# infra_driver = heat,nova,noop
+
+# Specify drivers for mgmt
+# mgmt_driver = noop,openwrt
+
+# Specify drivers for monitoring
+# monitor_driver = ping, http_ping
+
+[nfvo_vim]
+# Supported VIM drivers, resource orchestration controllers such as OpenStack, kvm
+#Default VIM driver is OpenStack
+#vim_drivers = openstack
+#Default VIM placement if vim id is not provided
+default_vim = VIM0
+
+[vim_keys]
+#openstack = /etc/tacker/vim/fernet_keys
+[tacker_nova]
+# parameters for novaclient to talk to nova
+region_name = RegionOne
+#project_domain_id = default
+project_name = service
+#user_domain_id = default
+password = console
+username = nova
+auth_url = http://{{ internal_vip.ip }}:35357
+auth_plugin = password
+
+[tacker_heat]
+heat_uri = http://{{ internal_vip.ip }}:8004/v1
+stack_retries = 60
+stack_retry_wait = 5
diff --git a/deploy/adapters/ansible/openstack_osp9/templates/dnsmasq-neutron.conf b/deploy/adapters/ansible/openstack_osp9/templates/dnsmasq-neutron.conf
new file mode 100755
index 00000000..7bcbd9df
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/templates/dnsmasq-neutron.conf
@@ -0,0 +1,2 @@
+dhcp-option-force=26,1454
+
diff --git a/deploy/adapters/ansible/openstack_osp9/templates/ml2_conf.ini b/deploy/adapters/ansible/openstack_osp9/templates/ml2_conf.ini
new file mode 100755
index 00000000..7b3e76da
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/templates/ml2_conf.ini
@@ -0,0 +1,113 @@
+[ml2]
+# (ListOpt) List of network type driver entrypoints to be loaded from
+# the neutron.ml2.type_drivers namespace.
+#
+# type_drivers = local,flat,vlan,gre,vxlan
+# Example: type_drivers = flat,vlan,gre,vxlan
+type_drivers = {{ NEUTRON_TYPE_DRIVERS |join(",") }}
+
+# (ListOpt) Ordered list of network_types to allocate as tenant
+# networks. The default value 'local' is useful for single-box testing
+# but provides no connectivity between hosts.
+#
+# tenant_network_types = local
+# Example: tenant_network_types = vlan,gre,vxlan
+tenant_network_types = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }}
+
+# (ListOpt) Ordered list of networking mechanism driver entrypoints
+# to be loaded from the neutron.ml2.mechanism_drivers namespace.
+# mechanism_drivers =
+# Example: mechanism_drivers = openvswitch,mlnx
+# Example: mechanism_drivers = arista
+# Example: mechanism_drivers = cisco,logger
+# Example: mechanism_drivers = openvswitch,brocade
+# Example: mechanism_drivers = linuxbridge,brocade
+mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }}
+
+[ml2_type_flat]
+# (ListOpt) List of physical_network names with which flat networks
+# can be created. Use * to allow flat networks with arbitrary
+# physical_network names.
+#
+flat_networks = *
+# Example:flat_networks = physnet1,physnet2
+# Example:flat_networks = *
+
+[ml2_type_vlan]
+# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
+# specifying physical_network names usable for VLAN provider and
+# tenant networks, as well as ranges of VLAN tags on each
+# physical_network available for allocation as tenant networks.
+#
+network_vlan_ranges = {{ NEUTRON_VLAN_RANGES|join(",") }}
+# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
+
+[ml2_type_gre]
+# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
+tunnel_id_ranges = 1:1000
+
+[ml2_type_vxlan]
+# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating
+# ranges of VXLAN VNI IDs that are available for tenant network allocation.
+#
+vni_ranges = 1001:4095
+
+# (StrOpt) Multicast group for the VXLAN interface. When configured, will
+# enable sending all broadcast traffic to this multicast group. When left
+# unconfigured, will disable multicast VXLAN mode.
+#
+vxlan_group = 239.1.1.1
+# Example: vxlan_group = 239.1.1.1
+
+[securitygroup]
+# Controls if neutron security group is enabled or not.
+# It should be false when you use nova security group.
+# enable_security_group = True
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = True
+
+[database]
+connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron?charset=utf8
+
+[ovs]
+local_ip = {{ internal_ip }}
+{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %}
+integration_bridge = br-int
+{% if NEUTRON_TUNNEL_TYPES %}
+tunnel_bridge = br-tun
+tunnel_id_ranges = 1001:4095
+tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
+{% endif %}
+bridge_mappings = {{ NEUTRON_OVS_BRIDGE_MAPPINGS | join(",") }}
+{% endif %}
+
+[agent]
+root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
+tunnel_types = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
+{% if 'vxlan' in NEUTRON_TUNNEL_TYPES %}
+vxlan_udp_port = 4789
+{% endif %}
+l2_population = False
+
+[odl]
+{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
+network_vlan_ranges = 1001:4095
+{% if NEUTRON_TUNNEL_TYPES %}
+tunnel_id_ranges = 1001:4095
+tun_peer_patch_port = patch-int
+int_peer_patch_port = patch-tun
+tunnel_bridge = br-tun
+{% endif %}
+
+tenant_network_type = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }}
+integration_bridge = br-int
+controllers = 10.1.0.15:8080:admin:admin
+{% endif %}
+
+[ml2_odl]
+{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
+username = {{ odl_username }}
+password = {{ odl_password }}
+url = http://{{ controller }}:{{ odl_api_port }}/controller/nb/v2/neutron
+{% endif %}
+
diff --git a/deploy/adapters/ansible/openstack_osp9/templates/neutron.conf b/deploy/adapters/ansible/openstack_osp9/templates/neutron.conf
new file mode 100755
index 00000000..33231ed5
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/templates/neutron.conf
@@ -0,0 +1,486 @@
+[DEFAULT]
+# Print more verbose output (set logging level to INFO instead of default WARNING level).
+verbose = {{ VERBOSE }}
+
+# Print debugging output (set logging level to DEBUG instead of default WARNING level).
+debug = {{ VERBOSE }}
+
+# Where to store Neutron state files. This directory must be writable by the
+# user executing the agent.
+state_path = /var/lib/neutron
+
+# Where to store lock files
+lock_path = $state_path/lock
+
+notify_nova_on_port_status_changes = True
+notify_nova_on_port_data_changes = True
+
+# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
+# log_date_format = %Y-%m-%d %H:%M:%S
+
+# use_syslog -> syslog
+# log_file and log_dir -> log_dir/log_file
+# (not log_file) and log_dir -> log_dir/{binary_name}.log
+# use_stderr -> stderr
+# (not user_stderr) and (not log_file) -> stdout
+# publish_errors -> notification system
+
+# use_syslog = False
+# syslog_log_facility = LOG_USER
+
+# use_stderr = True
+# log_file =
+log_dir = /var/log/neutron
+
+# publish_errors = False
+
+# Address to bind the API server to
+bind_host = {{ network_server_host }}
+
+# Port the bind the API server to
+bind_port = 9696
+
+# Path to the extensions. Note that this can be a colon-separated list of
+# paths. For example:
+# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
+# The __path__ of neutron.extensions is appended to this, so if your
+# extensions are in there you don't need to specify them here
+# api_extensions_path =
+
+# (StrOpt) Neutron core plugin entrypoint to be loaded from the
+# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
+# plugins included in the neutron source distribution. For compatibility with
+# previous versions, the class name of a plugin can be specified instead of its
+# entrypoint name.
+#
+#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
+core_plugin = ml2
+# Example: core_plugin = ml2
+
+# (ListOpt) List of service plugin entrypoints to be loaded from the
+# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
+# the plugins included in the neutron source distribution. For compatibility
+# with previous versions, the class name of a plugin can be specified instead
+# of its entrypoint name.
+#
+# service_plugins =
+# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
+service_plugins = router
+
+# Paste configuration file
+api_paste_config = api-paste.ini
+
+# The strategy to be used for auth.
+# Supported values are 'keystone'(default), 'noauth'.
+auth_strategy = keystone
+
+# Base MAC address. The first 3 octets will remain unchanged. If the
+# 4h octet is not 00, it will also be used. The others will be
+# randomly generated.
+# 3 octet
+# base_mac = fa:16:3e:00:00:00
+# 4 octet
+# base_mac = fa:16:3e:4f:00:00
+
+# Maximum amount of retries to generate a unique MAC address
+# mac_generation_retries = 16
+
+# DHCP Lease duration (in seconds)
+dhcp_lease_duration = 86400
+
+# Allow sending resource operation notification to DHCP agent
+# dhcp_agent_notification = True
+
+# Enable or disable bulk create/update/delete operations
+# allow_bulk = True
+# Enable or disable pagination
+# allow_pagination = False
+# Enable or disable sorting
+# allow_sorting = False
+# Enable or disable overlapping IPs for subnets
+# Attention: the following parameter MUST be set to False if Neutron is
+# being used in conjunction with nova security groups
+allow_overlapping_ips = True
+# Ensure that configured gateway is on subnet
+# force_gateway_on_subnet = False
+
+
+# RPC configuration options. Defined in rpc __init__
+# The messaging module to use, defaults to kombu.
+# rpc_backend = neutron.openstack.common.rpc.impl_kombu
+rpc_backend = rabbit
+rabbit_host = {{ rabbit_host }}
+rabbit_password = {{ RABBIT_PASS }}
+
+# Size of RPC thread pool
+rpc_thread_pool_size = 240
+# Size of RPC connection pool
+rpc_conn_pool_size = 100
+# Seconds to wait for a response from call or multicall
+rpc_response_timeout = 300
+# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
+rpc_cast_timeout = 300
+# Modules of exceptions that are permitted to be recreated
+# upon receiving exception data from an rpc call.
+# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
+# AMQP exchange to connect to if using RabbitMQ or QPID
+# control_exchange = neutron
+
+# If passed, use a fake RabbitMQ provider
+# fake_rabbit = False
+
+# Configuration options if sending notifications via kombu rpc (these are
+# the defaults)
+# SSL version to use (valid only if SSL enabled)
+# kombu_ssl_version =
+# SSL key file (valid only if SSL enabled)
+# kombu_ssl_keyfile =
+# SSL cert file (valid only if SSL enabled)
+# kombu_ssl_certfile =
+# SSL certification authority file (valid only if SSL enabled)
+# kombu_ssl_ca_certs =
+# Port where RabbitMQ server is running/listening
+rabbit_port = 5672
+# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
+# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
+# rabbit_hosts = localhost:5672
+# User ID used for RabbitMQ connections
+rabbit_userid = {{ RABBIT_USER }}
+# Location of a virtual RabbitMQ installation.
+# rabbit_virtual_host = /
+# Maximum retries with trying to connect to RabbitMQ
+# (the default of 0 implies an infinite retry count)
+# rabbit_max_retries = 0
+# RabbitMQ connection retry interval
+# rabbit_retry_interval = 1
+# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
+# wipe RabbitMQ database when changing this option. (boolean value)
+# rabbit_ha_queues = false
+# QPID
+# rpc_backend=neutron.openstack.common.rpc.impl_qpid
+# Qpid broker hostname
+# qpid_hostname = localhost
+# Qpid broker port
+# qpid_port = 5672
+# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
+# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
+# qpid_hosts = localhost:5672
+# Username for qpid connection
+# qpid_username = ''
+# Password for qpid connection
+# qpid_password = ''
+# Space separated list of SASL mechanisms to use for auth
+# qpid_sasl_mechanisms = ''
+# Seconds between connection keepalive heartbeats
+# qpid_heartbeat = 60
+# Transport to use, either 'tcp' or 'ssl'
+# qpid_protocol = tcp
+# Disable Nagle algorithm
+# qpid_tcp_nodelay = True
+
+# ZMQ
+# rpc_backend=neutron.openstack.common.rpc.impl_zmq
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
+# The "host" option should point or resolve to this address.
+# rpc_zmq_bind_address = *
+
+# ============ Notification System Options =====================
+
+# Notifications can be sent when network/subnet/port are created, updated or deleted.
+# There are three methods of sending notifications: logging (via the
+# log_file directive), rpc (via a message queue) and
+# noop (no notifications sent, the default)
+
+# Notification_driver can be defined multiple times
+# Do nothing driver
+# notification_driver = neutron.openstack.common.notifier.no_op_notifier
+# Logging driver
+# notification_driver = neutron.openstack.common.notifier.log_notifier
+# RPC driver.
+notification_driver = neutron.openstack.common.notifier.rpc_notifier
+
+# default_notification_level is used to form actual topic name(s) or to set logging level
+default_notification_level = INFO
+
+# default_publisher_id is a part of the notification payload
+# host = myhost.com
+# default_publisher_id = $host
+
+# Defined in rpc_notifier, can be comma separated values.
+# The actual topic names will be %s.%(default_notification_level)s
+notification_topics = notifications
+
+# Default maximum number of items returned in a single response,
+# value == infinite and value < 0 means no max limit, and value must
+# be greater than 0. If the number of items requested is greater than
+# pagination_max_limit, server will just return pagination_max_limit
+# of number of items.
+# pagination_max_limit = -1
+
+# Maximum number of DNS nameservers per subnet
+# max_dns_nameservers = 5
+
+# Maximum number of host routes per subnet
+# max_subnet_host_routes = 20
+
+# Maximum number of fixed ips per port
+# max_fixed_ips_per_port = 5
+
+# =========== items for agent management extension =============
+# Seconds to regard the agent as down; should be at least twice
+# report_interval, to be sure the agent is down for good
+agent_down_time = 75
+# =========== end of items for agent management extension =====
+
+# =========== items for agent scheduler extension =============
+# Driver to use for scheduling network to DHCP agent
+network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
+# Driver to use for scheduling router to a default L3 agent
+router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
+# Driver to use for scheduling a loadbalancer pool to an lbaas agent
+# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
+
+# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
+# networks to first DHCP agent which sends get_active_networks message to
+# neutron server
+# network_auto_schedule = True
+
+# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
+# routers to first L3 agent which sends sync_routers message to neutron server
+# router_auto_schedule = True
+
+# Number of DHCP agents scheduled to host a network. This enables redundant
+# DHCP agents for configured networks.
+# dhcp_agents_per_network = 1
+
+# =========== end of items for agent scheduler extension =====
+
+# =========== WSGI parameters related to the API server ==============
+# Number of separate worker processes to spawn. The default, 0, runs the
+# worker thread in the current process. Greater than 0 launches that number of
+# child processes as workers. The parent process manages them.
+api_workers = 8
+
+# Number of separate RPC worker processes to spawn. The default, 0, runs the
+# worker thread in the current process. Greater than 0 launches that number of
+# child processes as RPC workers. The parent process manages them.
+# This feature is experimental until issues are addressed and testing has been
+# enabled for various plugins for compatibility.
+rpc_workers = 8
+
+# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
+# starting API server. Not supported on OS X.
+# tcp_keepidle = 600
+
+# Number of seconds to keep retrying to listen
+# retry_until_window = 30
+
+# Number of backlog requests to configure the socket with.
+# backlog = 4096
+
+# Max header line to accommodate large tokens
+# max_header_line = 16384
+
+# Enable SSL on the API server
+# use_ssl = False
+
+# Certificate file to use when starting API server securely
+# ssl_cert_file = /path/to/certfile
+
+# Private key file to use when starting API server securely
+# ssl_key_file = /path/to/keyfile
+
+# CA certificate file to use when starting API server securely to
+# verify connecting clients. This is an optional parameter only required if
+# API clients need to authenticate to the API server using SSL certificates
+# signed by a trusted CA
+# ssl_ca_file = /path/to/cafile
+# ======== end of WSGI parameters related to the API server ==========
+
+
+# ======== neutron nova interactions ==========
+# Send notification to nova when port status is active.
+notify_nova_on_port_status_changes = True
+
+# Send notifications to nova when port data (fixed_ips/floatingips) change
+# so nova can update it's cache.
+notify_nova_on_port_data_changes = True
+
+# URL for connection to nova (Only supports one nova region currently).
+nova_url = http://{{ internal_vip.ip }}:8774/v2
+
+# Name of nova region to use. Useful if keystone manages more than one region
+nova_region_name = RegionOne
+
+# Username for connection to nova in admin context
+nova_admin_username = nova
+
+# The uuid of the admin nova tenant
+{% if NOVA_ADMIN_TENANT_ID|default('') %}
+nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }}
+{% endif %}
+# Password for connection to nova in admin context.
+nova_admin_password = {{ NOVA_PASS }}
+
+# Authorization URL for connection to nova in admin context.
+nova_admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0
+
+# Number of seconds between sending events to nova if there are any events to send
+send_events_interval = 2
+
+# ======== end of neutron nova interactions ==========
+
+[quotas]
+# Default driver to use for quota checks
+quota_driver = neutron.db.quota_db.DbQuotaDriver
+
+# Resource name(s) that are supported in quota features
+quota_items = network,subnet,port
+
+# Default number of resource allowed per tenant. A negative value means
+# unlimited.
+default_quota = -1
+
+# Number of networks allowed per tenant. A negative value means unlimited.
+quota_network = 100
+
+# Number of subnets allowed per tenant. A negative value means unlimited.
+quota_subnet = 100
+
+# Number of ports allowed per tenant. A negative value means unlimited.
+quota_port = 8000
+
+# Number of security groups allowed per tenant. A negative value means
+# unlimited.
+quota_security_group = 1000
+
+# Number of security group rules allowed per tenant. A negative value means
+# unlimited.
+quota_security_group_rule = 1000
+
+# Number of vips allowed per tenant. A negative value means unlimited.
+# quota_vip = 10
+
+# Number of pools allowed per tenant. A negative value means unlimited.
+# quota_pool = 10
+
+# Number of pool members allowed per tenant. A negative value means unlimited.
+# The default is unlimited because a member is not a real resource consumer
+# on Openstack. However, on back-end, a member is a resource consumer
+# and that is the reason why quota is possible.
+# quota_member = -1
+
+# Number of health monitors allowed per tenant. A negative value means
+# unlimited.
+# The default is unlimited because a health monitor is not a real resource
+# consumer on Openstack. However, on back-end, a member is a resource consumer
+# and that is the reason why quota is possible.
+# quota_health_monitors = -1
+
+# Number of routers allowed per tenant. A negative value means unlimited.
+# quota_router = 10
+
+# Number of floating IPs allowed per tenant. A negative value means unlimited.
+# quota_floatingip = 50
+
+[agent]
+# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
+# root filter facility.
+# Change to "sudo" to skip the filtering and just run the comand directly
+root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
+
+# =========== items for agent management extension =============
+# seconds between nodes reporting state to server; should be less than
+# agent_down_time, best if it is half or less than agent_down_time
+report_interval = 30
+
+# =========== end of items for agent management extension =====
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
+admin_tenant_name = service
+admin_user = neutron
+admin_password = {{ NEUTRON_PASS }}
+signing_dir = $state_path/keystone-signing
+
+[database]
+# This line MUST be changed to actually run the plugin.
+# Example:
+# connection = mysql://root:pass@127.0.0.1:3306/neutron
+# Replace 127.0.0.1 above with the IP address of the database used by the
+# main neutron server. (Leave it as is if the database runs on this host.)
+# connection = sqlite:////var/lib/neutron/neutron.sqlite
+connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
+
+# The SQLAlchemy connection string used to connect to the slave database
+slave_connection =
+
+# Database reconnection retry times - in event connectivity is lost
+# set to -1 implies an infinite retry count
+max_retries = 10
+
+# Database reconnection interval in seconds - if the initial connection to the
+# database fails
+retry_interval = 10
+
+# Minimum number of SQL connections to keep open in a pool
+min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool
+max_pool_size = 100
+
+# Timeout in seconds before idle sql connections are reaped
+idle_timeout = 30
+use_db_reconnect = True
+
+# If set, use this value for max_overflow with sqlalchemy
+max_overflow = 100
+
+# Verbosity of SQL debugging information. 0=None, 100=Everything
+connection_debug = 0
+
+# Add python stack traces to SQL as comment strings
+connection_trace = False
+
+# If set, use this value for pool_timeout with sqlalchemy
+pool_timeout = 10
+
+[service_providers]
+# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
+# Must be in form:
+# service_provider=<service_type>:<name>:<driver>[:default]
+# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
+# Combination of <service type> and <name> must be unique; <driver> must also be unique
+# This is multiline option, example for default provider:
+# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
+# example of non-default provider:
+# service_provider=FIREWALL:name2:firewall_driver_path
+# --- Reference implementations ---
+service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewllDriver:default
+# In order to activate Radware's lbaas driver you need to uncomment the next line.
+# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
+# Otherwise comment the HA Proxy line
+# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
+# uncomment the following line to make the 'netscaler' LBaaS provider available.
+# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
+# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
+# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
+# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
+# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
+
+{% if enable_fwaas %}
+[fwaas]
+driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
+enabled = True
+{% endif %}
+
+[nova]
+auth_url = http://{{ internal_vip.ip }}:35357
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = nova
+password = {{ NOVA_PASS }}
+
diff --git a/deploy/adapters/ansible/openstack_osp9/templates/nova.conf b/deploy/adapters/ansible/openstack_osp9/templates/nova.conf
new file mode 100755
index 00000000..3a5735cf
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_osp9/templates/nova.conf
@@ -0,0 +1,96 @@
+{% set memcached_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+
+[DEFAULT]
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+logdir=/var/log/nova
+state_path=/var/lib/nova
+lock_path=/var/lib/nova/tmp
+force_dhcp_release=True
+iscsi_helper=tgtadm
+libvirt_use_virtio_for_bridges=True
+connection_type=libvirt
+root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
+verbose={{ VERBOSE}}
+debug={{ DEBUG }}
+ec2_private_dns_show_ip=True
+api_paste_config=/etc/nova/api-paste.ini
+volumes_path=/var/lib/nova/volumes
+enabled_apis=osapi_compute,metadata
+
+default_floating_pool={{ public_net_info.network }}
+auth_strategy = keystone
+
+rpc_backend = rabbit
+rabbit_host = {{ rabbit_host }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+
+osapi_compute_listen={{ internal_ip }}
+metadata_listen={{ internal_ip }}
+
+my_ip = {{ internal_ip }}
+vnc_enabled = True
+vncserver_listen = {{ internal_ip }}
+vncserver_proxyclient_address = {{ internal_ip }}
+novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html
+
+novncproxy_host = {{ internal_ip }}
+novncproxy_port = 6080
+
+network_api_class = nova.network.neutronv2.api.API
+linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+security_group_api = neutron
+
+instance_usage_audit = True
+instance_usage_audit_period = hour
+notify_on_state_change = vm_and_task_state
+notification_driver = nova.openstack.common.notifier.rpc_notifier
+notification_driver = ceilometer.compute.nova_notifier
+
+memcached_servers = {{ memcached_servers }}
+
+[database]
+# The SQLAlchemy connection string used to connect to the database
+connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova
+idle_timeout = 30
+use_db_reconnect = True
+pool_timeout = 10
+
+[api_database]
+connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova_api
+idle_timeout = 30
+use_db_reconnect = True
+pool_timeout = 10
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000/2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
+admin_tenant_name = service
+admin_user = nova
+admin_password = {{ NOVA_PASS }}
+memcached_servers = {{ memcached_servers }}
+
+[glance]
+host = {{ internal_vip.ip }}
+
+[neutron]
+url = http://{{ internal_vip.ip }}:9696
+auth_strategy = keystone
+admin_tenant_name = service
+admin_username = neutron
+admin_password = {{ NEUTRON_PASS }}
+admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0
+service_metadata_proxy = True
+metadata_proxy_shared_secret = {{ METADATA_SECRET }}
+auth_type = password
+auth_url = http://{{ internal_vip.ip }}:35357
+password = {{ NEUTRON_PASS }}
+username = neutron
+project_domain_name = default
+user_domain_name = default