aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/pre-openstack
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters/ansible/roles/pre-openstack')
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/files/centos_base.repo31
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/files/modules7
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml77
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml76
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/tasks/main.yml14
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/templates/hosts9
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/templates/sources.list36
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/vars/main.yml20
8 files changed, 270 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/roles/pre-openstack/files/centos_base.repo b/deploy/adapters/ansible/roles/pre-openstack/files/centos_base.repo
new file mode 100644
index 00000000..ba768e0a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-openstack/files/centos_base.repo
@@ -0,0 +1,31 @@
+[base]
+name=CentOS-$releasever - Base
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#released updates
+[updates]
+name=CentOS-$releasever - Updates
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
diff --git a/deploy/adapters/ansible/roles/pre-openstack/files/modules b/deploy/adapters/ansible/roles/pre-openstack/files/modules
new file mode 100644
index 00000000..c73925e6
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-openstack/files/modules
@@ -0,0 +1,7 @@
+# /etc/modules: kernel modules to load at boot time.
+# This file contains the names of kernel modules that should be loaded
+# at boot time, one per line. Lines beginning with "#" are ignored.
+# Parameters can be specified after the module name.
+
+bonding
+8021q
diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml
new file mode 100644
index 00000000..5456c9fc
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml
@@ -0,0 +1,77 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /root/.ssh
+ owner: root
+ group: root
+
+- name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /root/.ssh/config
+ owner: root
+ group: root
+
+- name: generate ssh keys
+ shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \
+ then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \
+ else echo "already gen ssh key!"; fi;
+
+- name: fetch ssh keys
+ fetch:
+ src: /root/.ssh/id_rsa.pub
+ dest: /tmp/ssh-keys-{{ ansible_hostname }}
+ flat: "yes"
+
+- authorized_key:
+ user: root
+ key: "{{ lookup('file', item) }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+ - /root/.ssh/id_rsa.pub
+
+- name: change sources(yum) list
+ copy:
+ src: centos_base.repo
+ dest: /etc/yum.repos.d/centos_base.repo
+
+- name: Install yum packages
+ yum:
+ pkg: "{{ item }}"
+ state: "present"
+ with_items: "{{ yumpackages }}"
+
+- name: add the appropriate kernel modules
+ copy:
+ src: modules
+ dest: /etc/modules-load.d/openstack-ansible.conf
+
+- name: restart ntp service
+ shell: "systemctl enable ntpd.service && systemctl start ntpd.service"
+
+- name: change the MaxSessions
+ lineinfile:
+ dest: /etc/ssh/sshd_config
+ line: "MaxSessions 500"
+
+- name: restart ssh service
+ shell: service sshd restart
diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml
new file mode 100644
index 00000000..a0f7d015
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml
@@ -0,0 +1,76 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /root/.ssh
+ owner: root
+ group: root
+
+- name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /root/.ssh/config
+ owner: root
+ group: root
+
+- name: generate ssh keys
+ shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \
+ then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \
+ else echo "already gen ssh key!"; fi;
+
+- name: fetch ssh keys
+ fetch:
+ src: /root/.ssh/id_rsa.pub
+ dest: /tmp/ssh-keys-{{ ansible_hostname }}
+ flat: "yes"
+
+- authorized_key:
+ user: root
+ key: "{{ lookup('file', item) }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+ - /root/.ssh/id_rsa.pub
+
+- name: change sourcesi(apt) list
+ template:
+ src: sources.list
+ dest: /etc/apt/sources.list
+
+- name: rm apt.conf
+ file:
+ path: /etc/apt/apt.conf
+ state: absent
+
+- name: restart ntp service
+ shell: "service ntp restart"
+
+- name: add the appropriate kernel modules
+ copy:
+ src: modules
+ dest: /etc/modules
+
+- name: change the MaxSessions
+ lineinfile:
+ dest: /etc/ssh/sshd_config
+ line: "MaxSessions 500"
+
+- name: restart ssh service
+ shell: service ssh restart
diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/main.yml
new file mode 100644
index 00000000..76203440
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include: "{{ ansible_distribution }}.yml"
+ when: ansible_distribution == 'Ubuntu'
+
+- include: "{{ ansible_os_family }}.yml"
+ when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'
diff --git a/deploy/adapters/ansible/roles/pre-openstack/templates/hosts b/deploy/adapters/ansible/roles/pre-openstack/templates/hosts
new file mode 100644
index 00000000..bb770d5b
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-openstack/templates/hosts
@@ -0,0 +1,9 @@
+# localhost
+127.0.0.1 localhost
+# controller
+10.1.0.50 host1
+10.1.0.51 host2
+10.1.0.52 host3
+# compute
+10.1.0.53 host4
+10.1.0.54 host5
diff --git a/deploy/adapters/ansible/roles/pre-openstack/templates/sources.list b/deploy/adapters/ansible/roles/pre-openstack/templates/sources.list
new file mode 100644
index 00000000..799e4b58
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-openstack/templates/sources.list
@@ -0,0 +1,36 @@
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution.
+
+deb http://archive.ubuntu.com/ubuntu/ xenial main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted
+
+## Uncomment the following two lines to add software from the 'universe'
+## repository.
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team. Also, please note that software in universe WILL NOT receive any
+## review or updates from the Ubuntu security team.
+deb http://archive.ubuntu.com/ubuntu/ xenial universe
+deb-src http://archive.ubuntu.com/ubuntu/ xenial universe
+deb http://archive.ubuntu.com/ubuntu/ xenial-updates universe
+deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates universe
+
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team.
+# deb http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted
+# deb-src http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted
+
+deb http://archive.ubuntu.com/ubuntu/ xenial-security main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ xenial-security main restricted
+deb http://archive.ubuntu.com/ubuntu/ xenial-security universe
+deb-src http://archive.ubuntu.com/ubuntu/ xenial-security universe
+# deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse
+# deb-src http://archive.ubuntu.com/ubuntu/ xenial-security multiverse
+
diff --git a/deploy/adapters/ansible/roles/pre-openstack/vars/main.yml b/deploy/adapters/ansible/roles/pre-openstack/vars/main.yml
new file mode 100644
index 00000000..f44a9f9f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-openstack/vars/main.yml
@@ -0,0 +1,20 @@
+---
+aptpackages:
+- bridge-utils
+- debootstrap
+- ifenslave
+- ifenslave-2.6
+- lsof
+- lvm2
+- ntp
+- ntpdate
+- sudo
+- vlan
+- tcpdump
+
+yumpackages:
+- bridge-utils
+- iputils
+- lvm2
+- ntp
+- tcpdump