summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller')
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/deb.conf11
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/deb.conf.bak11
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/get_deb_depends.py22
-rwxr-xr-xdeploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/handlers/main.yml12
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/tasks/main.yml212
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/admin-openrc.sh15
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/demo-openrc.sh13
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone-paste.ini96
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone.conf59
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/wsgi-keystone.conf.j246
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/vars/Debian.yml168
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/vars/main.yml172
12 files changed, 837 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/deb.conf b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/deb.conf
new file mode 100644
index 00000000..6e1159a1
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/deb.conf
@@ -0,0 +1,11 @@
+keystone/admin-password: password
+keystone/auth-token: password
+keystone/admin-password-confirm: password
+keystone/admin-email: root@localhost
+keystone/admin-role-name: admin
+keystone/admin-user: admin
+keystone/create-admin-tenant: false
+keystone/region-name: Orange
+keystone/admin-tenant-name: admin
+keystone/register-endpoint: false
+keystone/configure_db: false
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/deb.conf.bak b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/deb.conf.bak
new file mode 100644
index 00000000..6e1159a1
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/deb.conf.bak
@@ -0,0 +1,11 @@
+keystone/admin-password: password
+keystone/auth-token: password
+keystone/admin-password-confirm: password
+keystone/admin-email: root@localhost
+keystone/admin-role-name: admin
+keystone/admin-user: admin
+keystone/create-admin-tenant: false
+keystone/region-name: Orange
+keystone/admin-tenant-name: admin
+keystone/register-endpoint: false
+keystone/configure_db: false
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/get_deb_depends.py b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/get_deb_depends.py
new file mode 100644
index 00000000..05fc5d46
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/files/get_deb_depends.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+
+import sys
+import subprocess
+
+pkts = []
+
+for arg in sys.argv[1:]:
+ proc = subprocess.Popen(["dpkg-deb", "--info", arg], stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ out = proc.stdout.read()
+ err = proc.stderr.read()
+ if err:
+ print("An error occurred with {} ({})".format(arg, err))
+ continue
+ for line in out.splitlines():
+ line = line.decode('utf-8')
+ if " Depends:" in line:
+ line = line.replace(" Depends:", "")
+ for _dep in line.split(','):
+ pkts.append(_dep.split()[0])
+
+print(" ".join(pkts))
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/handlers/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/handlers/main.yml
new file mode 100755
index 00000000..608a8a09
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart keystone services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/tasks/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/tasks/main.yml
new file mode 100644
index 00000000..437a63c2
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/tasks/main.yml
@@ -0,0 +1,212 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+# install all packages
+- name: install keystone packages
+ shell: apt-get install -y python-pip unzip
+
+# download master.zip
+- name: get image http server
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: http_server
+
+- name: download keystone-moon packages
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/moon/master.zip" dest=/tmp/master.zip mode=0444
+
+- name: extract keystone-moon packages
+ unarchive: src=/tmp/master.zip dest=/tmp copy=no
+
+# install all dependencies
+- name: copy scripts
+ copy: src=get_deb_depends.py dest=/tmp/get_deb_depends.py
+
+- name: install keystone-moon dependencies
+ shell: "apt-get install `python /tmp/get_deb_depends.py /tmp/moon-bin-master/*.deb`"
+ when: ansible_os_family == "Debian"
+
+
+# install keystone moon
+- name: copy scripts
+ copy: src=deb.conf dest=/tmp/deb.conf
+
+- name: install keystone moon
+ shell: >
+ export DEBIAN_FRONTEND="noninteractive";
+ sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb;
+
+#- name: install keystone moon
+# shell: >
+# export DEBIAN_FRONTEND="noninteractive";
+# sudo -E debconf-set-selections python-keystone < /tmp/deb.conf;
+# sudo -E dpkg -i /tmp/moon-bin-master/*moon*.deb;
+
+- name: stop keystone task
+ shell: >
+ service keystone stop;
+ mv /etc/init.d/keystone /home/;
+ mv /etc/init/keystone.conf /home/;
+ mv /lib/systemd/system/keystone.service /home/;
+
+# config keystone and apache2
+- name: delete sqlite database
+ file:
+ path: /var/lib/keystone/keystone.db
+ state: absent
+
+- name: update keystone conf
+ template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes
+
+#- name: initialize fernet keys
+# shell: keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
+
+- name: assure listen port exist
+ lineinfile:
+ dest: '{{ apache_config_dir }}/ports.conf'
+ regexp: '{{ item.regexp }}'
+ line: '{{ item.line}}'
+ with_items:
+ - regexp: "^Listen {{ internal_ip }}:5000"
+ line: "Listen {{ internal_ip }}:5000"
+ - regexp: "^Listen {{ internal_ip }}:35357"
+ line: "Listen {{ internal_ip }}:35357"
+
+- name: update apache2 configs
+ template:
+ src: wsgi-keystone.conf.j2
+ dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
+ when: ansible_os_family == 'Debian'
+
+- name: enable keystone server
+ file:
+ src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf"
+ dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf"
+ state: "link"
+ when: ansible_os_family == 'Debian'
+
+- name: keystone source files
+ template: src={{ item }} dest=/opt/{{ item }}
+ with_items:
+ - admin-openrc.sh
+ - demo-openrc.sh
+
+# keystone paste ini
+- name: keystone paste ini 1
+ shell: sudo cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak;
+
+- name: keystone paste ini 2
+ shell: sudo sed "3i[pipeline:moon_pipeline]\npipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service\n\n[app:moon_service]\nuse = egg:keystone#moon_service\n" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini;
+
+- name: keystone paste ini 3
+ shell: sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini;
+
+- name: keystone paste ini 4
+ shell: sudo sed "s/use = egg:Paste#urlmap/use = egg:Paste#urlmap\n\/moon = moon_pipeline/" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini;
+
+- name: keystone paste ini 5
+ shell: sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini;
+
+# moon log
+- name: moon log
+ shell: >
+ sudo mkdir /var/log/moon/;
+ sudo chown keystone /var/log/moon/;
+ sudo addgroup moonlog;
+ sudo chgrp moonlog /var/log/moon/;
+ sudo touch /var/log/moon/keystonemiddleware.log;
+ sudo touch /var/log/moon/system.log;
+ sudo chgrp moonlog /var/log/moon/keystonemiddleware.log;
+ sudo chgrp moonlog /var/log/moon/system.log;
+ sudo chmod g+rw /var/log/moon;
+ sudo chmod g+rw /var/log/moon/keystonemiddleware.log;
+ sudo chmod g+rw /var/log/moon/system.log;
+ sudo adduser keystone moonlog;
+
+
+# keystone db sync
+- name: keystone db sync
+ shell: >
+ sudo /usr/bin/keystone-manage db_sync;
+ sudo /usr/bin/keystone-manage db_sync --extension moon;
+ when: inventory_hostname == haproxy_hosts.keys()[0]
+
+
+#############################################
+- name: wait for keystone ready
+ wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }}
+
+- name: cron job to purge expired tokens hourly
+ cron:
+ name: 'purge expired tokens'
+ special_time: hourly
+ job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1'
+
+#############################################
+
+
+# apache2 restart
+- name: restart apache2
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
+
+# install moonclient
+- name: install moon client
+ shell: sudo pip install /tmp/moon-bin-master/python-moonclient-0.1.tar.gz
+
+###################################################
+
+
+- name: add tenants
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ tenant: "{{ item.tenant }}"
+ tenant_description: "{{ item.tenant_description }}"
+ with_items: "{{ os_users }}"
+ when: inventory_hostname == groups['controller'][0]
+
+- name: add users
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ user: "{{ item.user }}"
+ tenant: "{{ item.tenant }}"
+ password: "{{ item.password }}"
+ email: "{{ item.email }}"
+ with_items: "{{ os_users }}"
+ when: inventory_hostname == groups['controller'][0]
+
+- name: grant roles
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ user: "{{ item.user }}"
+ role: "{{ item.role }}"
+ tenant: "{{ item.tenant }}"
+ with_items: "{{ os_users }}"
+ when: inventory_hostname == groups['controller'][0]
+
+- name: add endpoints
+ keystone_service:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ name: "{{ item.name }}"
+ type: "{{ item.type }}"
+ region: "{{ item.region}}"
+ description: "{{ item.description }}"
+ publicurl: "{{ item.publicurl }}"
+ internalurl: "{{ item.internalurl }}"
+ adminurl: "{{ item.adminurl }}"
+ with_items: "{{ os_services }}"
+ when: inventory_hostname == groups['controller'][0]
+
+
+###################################################
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/admin-openrc.sh b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/admin-openrc.sh
new file mode 100644
index 00000000..6ba620ff
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/admin-openrc.sh
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+# Verify the Identity Service installation
+export OS_PASSWORD={{ ADMIN_PASS }}
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
+export OS_USERNAME=admin
+export OS_VOLUME_API_VERSION=2
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/demo-openrc.sh b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/demo-openrc.sh
new file mode 100644
index 00000000..5807e868
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/demo-openrc.sh
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+export OS_USERNAME=demo
+export OS_PASSWORD={{ DEMO_PASS }}
+export OS_TENANT_NAME=demo
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone-paste.ini b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone-paste.ini
new file mode 100644
index 00000000..cd9ebede
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone-paste.ini
@@ -0,0 +1,96 @@
+# Keystone PasteDeploy configuration file.
+
+[pipeline:moon_pipeline]
+pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service
+
+[app:moon_service]
+use = egg:keystone#moon_service
+
+[filter:debug]
+use = egg:oslo.middleware#debug
+
+[filter:request_id]
+use = egg:oslo.middleware#request_id
+
+[filter:build_auth_context]
+use = egg:keystone#build_auth_context
+
+[filter:token_auth]
+use = egg:keystone#token_auth
+
+[filter:admin_token_auth]
+# This is deprecated in the M release and will be removed in the O release.
+# Use `keystone-manage bootstrap` and remove this from the pipelines below.
+use = egg:keystone#admin_token_auth
+
+[filter:json_body]
+use = egg:keystone#json_body
+
+[filter:cors]
+use = egg:oslo.middleware#cors
+oslo_config_project = keystone
+
+[filter:ec2_extension]
+use = egg:keystone#ec2_extension
+
+[filter:ec2_extension_v3]
+use = egg:keystone#ec2_extension_v3
+
+[filter:s3_extension]
+use = egg:keystone#s3_extension
+
+[filter:url_normalize]
+use = egg:keystone#url_normalize
+
+[filter:sizelimit]
+use = egg:oslo.middleware#sizelimit
+
+[app:public_service]
+use = egg:keystone#public_service
+
+[app:service_v3]
+use = egg:keystone#service_v3
+
+[app:admin_service]
+use = egg:keystone#admin_service
+
+[pipeline:public_api]
+# The last item in this pipeline must be public_service or an equivalent
+# application. It cannot be a filter.
+pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension public_service
+
+[pipeline:admin_api]
+# The last item in this pipeline must be admin_service or an equivalent
+# application. It cannot be a filter.
+pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension s3_extension admin_service
+
+[pipeline:api_v3]
+# The last item in this pipeline must be service_v3 or an equivalent
+# application. It cannot be a filter.
+pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
+
+[app:public_version_service]
+use = egg:keystone#public_version_service
+
+[app:admin_version_service]
+use = egg:keystone#admin_version_service
+
+[pipeline:public_version_api]
+pipeline = cors sizelimit url_normalize public_version_service
+
+[pipeline:admin_version_api]
+pipeline = cors sizelimit url_normalize admin_version_service
+
+[composite:main]
+use = egg:Paste#urlmap
+/moon = moon_pipeline
+/v2.0 = public_api
+/v3 = api_v3
+/ = public_version_api
+
+[composite:admin]
+use = egg:Paste#urlmap
+/moon = moon_pipeline
+/v2.0 = admin_api
+/v3 = api_v3
+/ = admin_version_api
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone.conf b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone.conf
new file mode 100644
index 00000000..649fc32c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/keystone.conf
@@ -0,0 +1,59 @@
+{% set memcached_servers = [] %}
+{% set rabbitmq_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% set _ = rabbitmq_servers.append('%s:5672'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+{% set rabbitmq_servers = rabbitmq_servers|join(',') %}
+[DEFAULT]
+admin_token={{ ADMIN_TOKEN }}
+debug={{ DEBUG }}
+log_dir = /var/log/keystone
+
+[cache]
+backend=keystone.cache.memcache_pool
+memcache_servers={{ memcached_servers}}
+enabled=true
+
+[revoke]
+driver=sql
+expiration_buffer=3600
+caching=true
+
+[database]
+connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone?charset=utf8
+idle_timeout=30
+min_pool_size=5
+max_pool_size=120
+pool_timeout=30
+
+
+[identity]
+default_domain_id=default
+driver=sql
+
+[assignment]
+driver=sql
+
+[resource]
+driver=sql
+caching=true
+cache_time=3600
+
+[token]
+enforce_token_bind=permissive
+expiration=43200
+provider=uuid
+driver=sql
+caching=true
+cache_time=3600
+
+[eventlet_server]
+public_bind_host= {{ identity_host }}
+admin_bind_host= {{ identity_host }}
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+rabbit_hosts = {{ rabbitmq_servers }}
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/wsgi-keystone.conf.j2
new file mode 100644
index 00000000..64d864af
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/templates/wsgi-keystone.conf.j2
@@ -0,0 +1,46 @@
+ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+<VirtualHost {{ internal_ip }}:5000>
+ WSGIDaemonProcess keystone-public processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-public
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-public
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
+
+<VirtualHost {{ internal_ip }}:35357>
+ WSGIDaemonProcess keystone-admin processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-admin
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/vars/Debian.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/vars/Debian.yml
new file mode 100644
index 00000000..0da81179
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/vars/Debian.yml
@@ -0,0 +1,168 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+packages:
+ - adduser
+ - dbconfig-common
+ - init-system-helpers
+ - python-keystone
+ - q-text-as-data
+ - sqlite3
+ - ssl-cert
+ - debconf
+ - lsb-base
+ - python:any
+ - libjs-sphinxdoc
+ - python-pip
+ - unzip
+ - apache2
+ - libapache2-mod-wsgi
+
+dependency_packages:
+ - python-cryptography
+ - python-dateutil
+ - python-dogpile.cache
+ - python-eventlet
+ - python-greenlet
+ - python-jsonschema
+ - python-keystoneclient
+ - python-keystonemiddleware
+ - python-ldap
+ - python-ldappool
+ - python-lxml
+ - python-memcache
+ - python-migrate
+ - python-msgpack
+ - python-mysqldb
+ - python-oauthlib
+ - python-openstackclient
+ - python-oslo.cache
+ - python-oslo.concurrency
+ - python-oslo.config
+ - python-oslo.context
+ - python-oslo.db
+ - python-oslo.i18n
+ - python-oslo.log
+ - python-oslo.messaging
+ - python-oslo.middleware
+ - python-oslo.policy
+ - python-oslo.serialization
+ - python-oslo.service
+ - python-oslo.utils
+ - python-pam
+ - python-passlib
+ - python-paste
+ - python-pastedeploy
+ - python-pbr
+ - python-pycadf
+ - python-pymysql
+ - python-pysaml2
+ - python-pysqlite2
+ - python-routes
+ - python-six
+ - python-sqlalchemy
+ - python-stevedore
+ - python-webob
+ - unzip
+ - python3-keystoneauth1
+ - python3-keystoneclient
+ - python3-oslo.config
+ - python3-oslo.context
+ - python3-oslo.i18n
+ - python3-oslo.serialization
+ - python-oslo.service
+ - python-oslo.utils
+ - python-pam
+ - python-passlib
+ - python-paste
+ - python-pastedeploy
+ - python-pbr
+ - python-pycadf
+ - python-pymysql
+ - python-pysaml2
+ - python-pysqlite2
+ - python-routes
+ - python-six
+ - python-sqlalchemy
+ - python-stevedore
+ - python-webob
+ - unzip
+ - python3-keystoneauth1
+ - python3-keystoneclient
+ - python3-oslo.config
+ - python3-oslo.context
+ - python3-oslo.i18n
+ - python3-oslo.serialization
+ - python3-oslo.utils
+ - apache2
+ - libapache2-mod-wsgi
+ - python3-cryptography
+ - python3-dateutil
+ - python3-dogpile.cache
+ - python3-eventlet
+ - python3-greenlet
+ - python3-jsonschema
+ - python3-keystoneclient
+ - python3-keystonemiddleware
+ - python3-lxml
+ - python3-memcache
+ - python3-migrate
+ - python3-msgpack
+ - python3-mysqldb
+ - python3-oauthlib
+ - python3-openstackclient
+ - python3-oslo.cache
+ - python3-oslo.concurrency
+ - python3-oslo.config
+ - python3-oslo.context
+ - python3-oslo.db
+ - python3-oslo.i18n
+ - python3-oslo.log
+ - python3-oslo.messaging
+ - python3-oslo.middleware
+ - python3-oslo.policy
+ - python3-oslo.serialization
+ - python3-oslo.service
+ - python3-oslo.utils
+ - python3-pam
+ - python3-passlib
+ - python3-paste
+ - python3-pastedeploy
+ - python3-pbr
+ - python3-pycadf
+ - python3-pymysql
+ - python3-pysaml2
+ - python3-routes
+ - python3-six
+ - python3-sqlalchemy
+ - python3-stevedore
+ - python3-webob
+ - python3-oslo.service
+ - python3-oslo.utils
+ - python3-pam
+ - python3-passlib
+ - python3-paste
+ - python3-pastedeploy
+ - python3-pbr
+ - python3-pycadf
+ - python3-pymysql
+ - python3-pysaml2
+ - python3-routes
+ - python3-six
+ - python3-sqlalchemy
+ - python3-stevedore
+ - python3-webob
+
+services:
+ - apache2
+
+
+apache_config_dir: /etc/apache2
+http_service_name: apache2
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/vars/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/vars/main.yml
new file mode 100644
index 00000000..9db404b9
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-controller/vars/main.yml
@@ -0,0 +1,172 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch: []
+
+os_services:
+ - name: keystone
+ type: identity
+ region: regionOne
+ description: "OpenStack Identity"
+ publicurl: "http://{{ public_vip.ip }}:5000/v2.0"
+ internalurl: "http://{{ internal_vip.ip }}:5000/v2.0"
+ adminurl: "http://{{ internal_vip.ip }}:35357/v2.0"
+
+ - name: glance
+ type: image
+ region: regionOne
+ description: "OpenStack Image Service"
+ publicurl: "http://{{ public_vip.ip }}:9292"
+ internalurl: "http://{{ internal_vip.ip }}:9292"
+ adminurl: "http://{{ internal_vip.ip }}:9292"
+
+ - name: nova
+ type: compute
+ region: regionOne
+ description: "OpenStack Compute"
+ publicurl: "http://{{ public_vip.ip }}:8774/v2/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
+
+ - name: neutron
+ type: network
+ region: regionOne
+ description: "OpenStack Networking"
+ publicurl: "http://{{ public_vip.ip }}:9696"
+ internalurl: "http://{{ internal_vip.ip }}:9696"
+ adminurl: "http://{{ internal_vip.ip }}:9696"
+
+ - name: ceilometer
+ type: metering
+ region: regionOne
+ description: "OpenStack Telemetry"
+ publicurl: "http://{{ public_vip.ip }}:8777"
+ internalurl: "http://{{ internal_vip.ip }}:8777"
+ adminurl: "http://{{ internal_vip.ip }}:8777"
+
+ - name: aodh
+ type: alarming
+ region: regionOne
+ description: "OpenStack Telemetry"
+ publicurl: "http://{{ public_vip.ip }}:8042"
+ internalurl: "http://{{ internal_vip.ip }}:8042"
+ adminurl: "http://{{ internal_vip.ip }}:8042"
+
+# - name: cinder
+# type: volume
+# region: regionOne
+# description: "OpenStack Block Storage"
+# publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s"
+# internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+# adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+#
+# - name: cinderv2
+# type: volumev2
+# region: regionOne
+# description: "OpenStack Block Storage v2"
+# publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s"
+# internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+# adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+
+ - name: heat
+ type: orchestration
+ region: regionOne
+ description: "OpenStack Orchestration"
+ publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+
+ - name: heat-cfn
+ type: cloudformation
+ region: regionOne
+ description: "OpenStack CloudFormation Orchestration"
+ publicurl: "http://{{ public_vip.ip }}:8000/v1"
+ internalurl: "http://{{ internal_vip.ip }}:8000/v1"
+ adminurl: "http://{{ internal_vip.ip }}:8000/v1"
+
+ - name: swift
+ type: object-store
+ region: regionOne
+ description: "OpenStack Object Storage"
+ publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
+
+os_users:
+ - user: admin
+ password: "{{ ADMIN_PASS }}"
+ email: admin@admin.com
+ role: admin
+ tenant: admin
+ tenant_description: "Admin Tenant"
+
+ - user: glance
+ password: "{{ GLANCE_PASS }}"
+ email: glance@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: nova
+ password: "{{ NOVA_PASS }}"
+ email: nova@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: keystone
+ password: "{{ KEYSTONE_PASS }}"
+ email: keystone@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: neutron
+ password: "{{ NEUTRON_PASS }}"
+ email: neutron@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: ceilometer
+ password: "{{ CEILOMETER_PASS }}"
+ email: ceilometer@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: cinder
+ password: "{{ CINDER_PASS }}"
+ email: cinder@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: heat
+ password: "{{ HEAT_PASS }}"
+ email: heat@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: demo
+ password: ""
+ email: heat@demo.com
+ role: heat_stack_user
+ tenant: demo
+ tenant_description: "Demo Tenant"
+
+ - user: swift
+ password: "{{ CINDER_PASS }}"
+ email: swift@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"