summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters/ansible')
-rw-r--r--deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml243
-rw-r--r--deploy/adapters/ansible/openstack_ocata/.gitkeep (renamed from deploy/adapters/ansible/openstack_newton/.gitkeep)0
-rw-r--r--deploy/adapters/ansible/roles/config-compute/handlers/main.yml14
-rw-r--r--deploy/adapters/ansible/roles/config-compute/tasks/main.yml36
-rw-r--r--deploy/adapters/ansible/roles/config-compute/templates/compute.j281
-rw-r--r--deploy/adapters/ansible/roles/config-compute/templates/exports11
-rwxr-xr-xdeploy/adapters/ansible/roles/config-controller/controller.j266
-rw-r--r--deploy/adapters/ansible/roles/config-controller/handlers/main.yml11
-rw-r--r--deploy/adapters/ansible/roles/config-controller/tasks/main.yml17
-rwxr-xr-xdeploy/adapters/ansible/roles/config-controller/templates/controller.j266
-rwxr-xr-xdeploy/adapters/ansible/roles/config-deployment/files/cinder.yml13
-rw-r--r--deploy/adapters/ansible/roles/config-deployment/tasks/main.yml33
-rw-r--r--deploy/adapters/ansible/roles/config-deployment/templates/ansible.cfg3
-rw-r--r--deploy/adapters/ansible/roles/config-deployment/templates/openstack_user_config.yml.j2220
-rw-r--r--deploy/adapters/ansible/roles/config-deployment/templates/user_variables.yml27
-rw-r--r--deploy/adapters/ansible/roles/pre-prepare/files/modules7
-rw-r--r--deploy/adapters/ansible/roles/pre-prepare/tasks/main.yml74
-rw-r--r--deploy/adapters/ansible/roles/pre-prepare/templates/sources.list56
-rw-r--r--deploy/adapters/ansible/roles/pre-prepare/vars/main.yml13
-rw-r--r--deploy/adapters/ansible/roles/setup-host/tasks/main.yml27
-rw-r--r--deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml27
-rw-r--r--deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml27
22 files changed, 837 insertions, 235 deletions
diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
index f328d959..2a3e649a 100644
--- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
+++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
@@ -10,250 +10,23 @@
---
- hosts: all
remote_user: root
- pre_tasks:
- - name: make sure ssh dir exist
- file:
- path: '{{ item.path }}'
- owner: '{{ item.owner }}'
- group: '{{ item.group }}'
- state: directory
- mode: 0755
- with_items:
- - path: /root/.ssh
- owner: root
- group: root
-
- - name: write ssh config
- copy:
- content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
- dest: '{{ item.dest }}'
- owner: '{{ item.owner }}'
- group: '{{ item.group }}'
- mode: 0600
- with_items:
- - dest: /root/.ssh/config
- owner: root
- group: root
-
- - name: generate ssh keys
- shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \
- then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \
- else echo "already gen ssh key!"; fi;
-
- - name: fetch ssh keys
- fetch:
- src: /root/.ssh/id_rsa.pub
- dest: /tmp/ssh-keys-{{ ansible_hostname }}
- flat: "yes"
-
- - authorized_key:
- user: root
- key: "{{ lookup('file', item) }}"
- with_fileglob:
- - /tmp/ssh-keys-*
- max_fail_percentage: 0
- roles:
- - common
-
-- hosts: all
- remote_user: root
- max_fail_percentage: 0
- roles:
- - setup-network
-
-- hosts: ha
- remote_user: root
- max_fail_percentage: 0
roles:
- - ha
+ - pre-prepare
- hosts: controller
remote_user: root
- max_fail_percentage: 0
roles:
- - memcached
- - apache
- - database
- - mq
- - keystone
- - nova-controller
- - neutron-controller
- - cinder-controller
- - glance
- - neutron-common
- - neutron-network
- - ceilometer_controller
- - dashboard
- - heat
- - aodh
- - congress
-
-- hosts: all
- remote_user: root
- max_fail_percentage: 0
- roles:
- - storage
+ - config-controller
- hosts: compute
remote_user: root
- max_fail_percentage: 0
- roles:
- - nova-compute
- - neutron-compute
- - cinder-volume
- - ceilometer_compute
-
-- hosts: all
- remote_user: root
- max_fail_percentage: 0
- roles: []
-# - moon
-
-- hosts: all
- remote_user: root
- max_fail_percentage: 0
roles:
- - secgroup
-
-- hosts: ceph_adm
- remote_user: root
- max_fail_percentage: 0
- roles: []
-# - ceph-deploy
-
-- hosts: ceph
- remote_user: root
- max_fail_percentage: 0
- roles:
- - ceph-purge
- - ceph-config
-
-- hosts: ceph_mon
- remote_user: root
- max_fail_percentage: 0
- roles:
- - ceph-mon
-
-- hosts: ceph_osd
- remote_user: root
- max_fail_percentage: 0
- roles:
- - ceph-osd
-
-- hosts: ceph
- remote_user: root
- max_fail_percentage: 0
- roles:
- - ceph-openstack
-
-- hosts: all
- remote_user: root
- max_fail_percentage: 0
- roles:
- - monitor
-
-- hosts: all
- remote_user: root
- max_fail_percentage: 0
- tasks:
- - name: set bash to nova
- user:
- name: nova
- shell: /bin/bash
+ - config-compute
- - name: make sure ssh dir exist
- file:
- path: '{{ item.path }}'
- owner: '{{ item.owner }}'
- group: '{{ item.group }}'
- state: directory
- mode: 0755
- with_items:
- - path: /var/lib/nova/.ssh
- owner: nova
- group: nova
-
- - name: copy ssh keys for nova
- shell: cp -rf /root/.ssh/id_rsa /var/lib/nova/.ssh;
-
- - name: write ssh config
- copy:
- content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
- dest: '{{ item.dest }}'
- owner: '{{ item.owner }}'
- group: '{{ item.group }}'
- mode: 0600
- with_items:
- - dest: /var/lib/nova/.ssh/config
- owner: nova
- group: nova
-
- - authorized_key:
- user: nova
- key: "{{ lookup('file', item) }}"
- with_fileglob:
- - /tmp/ssh-keys-*
-
- - name: chown ssh file
- shell: chown -R nova:nova /var/lib/nova/.ssh;
-
-- hosts: all
- remote_user: root
- max_fail_percentage: 0
- roles:
- - odl_cluster
-
-- hosts: all
- remote_user: root
- max_fail_percentage: 0
- roles:
- - onos_cluster
-
-- hosts: all
- remote_user: root
- serial: 1
- max_fail_percentage: 0
- roles:
- - odl_cluster_neutron
-
-- hosts: all
- remote_user: root
- max_fail_percentage: 0
- roles:
- - odl_cluster_post
-
-- hosts: controller
- remote_user: root
- max_fail_percentage: 0
- roles:
- - ext-network
-
-- hosts: controller
- remote_user: root
- max_fail_percentage: 0
- roles:
-# - tacker
-
-- hosts: controller
- remote_user: root
- max_fail_percentage: 0
- roles:
- - openstack-post
-
-- hosts: controller
- remote_user: root
- max_fail_percentage: 0
- roles:
- - boot-recovery
-
-- hosts: controller
- remote_user: root
- max_fail_percentage: 0
- roles:
- - controller-recovery
-
-- hosts: compute
+- hosts: localhost
remote_user: root
- max_fail_percentage: 0
roles:
- - compute-recovery
+ - config-deployment
+ - setup-host
+ - setup-infrastructure
+ - setup-openstack
diff --git a/deploy/adapters/ansible/openstack_newton/.gitkeep b/deploy/adapters/ansible/openstack_ocata/.gitkeep
index e69de29b..e69de29b 100644
--- a/deploy/adapters/ansible/openstack_newton/.gitkeep
+++ b/deploy/adapters/ansible/openstack_ocata/.gitkeep
diff --git a/deploy/adapters/ansible/roles/config-compute/handlers/main.yml b/deploy/adapters/ansible/roles/config-compute/handlers/main.yml
new file mode 100644
index 00000000..c565498f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-compute/handlers/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+## All rights reserved. This program and the accompanying materials
+## are made available under the terms of the Apache License, Version 2.0
+## which accompanies this distribution, and is available at
+## http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart network service
+ shell: "/sbin/ifconfig eth0 0 &&/sbin/ifdown -a && \
+ /sbin/ifup --ignore-errors -a"
+
+- name: restart nfs service
+ service: name=nfs-kernel-server state=restarted
diff --git a/deploy/adapters/ansible/roles/config-compute/tasks/main.yml b/deploy/adapters/ansible/roles/config-compute/tasks/main.yml
new file mode 100644
index 00000000..1c5b4865
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-compute/tasks/main.yml
@@ -0,0 +1,36 @@
+##############################################################################
+# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: configure network
+ template:
+ src: compute.j2
+ dest: /etc/network/interfaces
+ notify:
+ - restart network service
+
+- name: Install apt packages
+ apt:
+ pkg: "nfs-kernel-server"
+ state: "present"
+
+- name: make nfs dircetory
+ file: "dest=/images mode=0777 state=directory"
+
+- name: configure service
+ shell: "echo 'nfs 2049/tcp' >> /etc/services; \
+ echo 'nfs 2049/udp' >> /etc/services"
+
+- name: configure NFS
+ template:
+ src: exports
+ dest: /etc/exports
+ notify:
+ - restart nfs service
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2
new file mode 100644
index 00000000..8337fbcb
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2
@@ -0,0 +1,81 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+
+# Physical interface
+auto eth0
+iface eth0 inet manual
+
+
+# OpenStack Networking VXLAN (tunnel/overlay) VLAN interface
+auto {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}}
+iface {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} inet manual
+ vlan-raw-device {{sys_intf_mappings["mgmt"]["interface"]}}
+
+# Storage network VLAN interface (optional)
+auto {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}}
+iface {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} inet manual
+ vlan-raw-device {{sys_intf_mappings["storage"]["interface"]}}
+
+# Container/Host management bridge
+auto br-mgmt
+iface br-mgmt inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports eth0
+ address {{host_info[inventory_hostname].MGMT_IP}}
+ netmask 255.255.255.0
+
+# compute1 VXLAN (tunnel/overlay) bridge config
+auto br-vxlan
+iface br-vxlan inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}}
+ address {{host_info[inventory_hostname].VXLAN_IP}}
+ netmask 255.255.252.0
+
+# OpenStack Networking VLAN bridge
+auto br-vlan
+iface br-vlan inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{ network_cfg["provider_net_mappings"][0]["interface"] }}
+ address {{ip_settings[inventory_hostname]["br-prv"]["ip"]}}
+ netmask 255.255.255.0
+ gateway {{ip_settings[inventory_hostname]["br-prv"]["gw"]}}
+ offload-sg off
+ # Create veth pair, don't bomb if already exists
+ pre-up ip link add br-vlan-veth type veth peer name eth12 || true
+ # Set both ends UP
+ pre-up ip link set br-vlan-veth up
+ pre-up ip link set eth12 up
+ # Delete veth pair on DOWN
+ post-down ip link del br-vlan-veth || true
+ bridge_ports br-vlan-veth
+
+# Add an additional address to br-vlan
+iface br-vlan inet static
+ # Flat network default gateway
+ # -- This needs to exist somewhere for network reachability
+ # -- from the router namespace for floating IP paths.
+ # -- Putting this here is primarily for tempest to work.
+ address {{host_info[inventory_hostname].VLAN_IP_SECOND}}
+ netmask 255.255.252.0
+
+# compute1 Storage bridge
+auto br-storage
+iface br-storage inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}}
+ address {{ip_settings[inventory_hostname]["storage"]["ip"]}}
+ netmask 255.255.252.0
diff --git a/deploy/adapters/ansible/roles/config-compute/templates/exports b/deploy/adapters/ansible/roles/config-compute/templates/exports
new file mode 100644
index 00000000..c2749c85
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-compute/templates/exports
@@ -0,0 +1,11 @@
+# /etc/exports: the access control list for filesystems which may be exported
+# to NFS clients. See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
+#
+/images *(rw,sync,no_subtree_check,no_root_squash)
diff --git a/deploy/adapters/ansible/roles/config-controller/controller.j2 b/deploy/adapters/ansible/roles/config-controller/controller.j2
new file mode 100755
index 00000000..a4f073f0
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-controller/controller.j2
@@ -0,0 +1,66 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# Physical interface
+auto eth0
+iface eth0 inet manual
+
+# OpenStack Networking VXLAN (tunnel/overlay) VLAN interface
+auto {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}}
+iface {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} inet manual
+ vlan-raw-device {{sys_intf_mappings["mgmt"]["interface"]}}
+
+# Storage network VLAN interface (optional)
+auto {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}}
+iface {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} inet manual
+ vlan-raw-device {{sys_intf_mappings["storage"]["interface"]}}
+
+# Container/Host management bridge
+auto br-mgmt
+iface br-mgmt inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports eth0
+ address {{host_info[inventory_hostname].MGMT_IP}}
+ netmask 255.255.255.0
+
+# OpenStack Networking VXLAN (tunnel/overlay) bridge
+#
+# Only the COMPUTE and NETWORK nodes must have an IP address
+# on this bridge. When used by infrastructure nodes, the
+# IP addresses are assigned to containers which use this
+# bridge.
+#
+auto br-vxlan
+iface br-vxlan inet manual
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}}
+
+# OpenStack Networking VLAN bridge
+auto br-vlan
+iface br-vlan inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{ network_cfg["provider_net_mappings"][0]["interface"] }}
+ address {{ ip_settings[inventory_hostname]["br-prv"]["ip"] }}
+ netmask 255.255.255.0
+ gateway {{ ip_settings[inventory_hostname]["br-prv"]["gw"] }}
+ dns-nameserver 8.8.8.8 8.8.4.4
+
+# compute1 Storage bridge
+auto br-storage
+iface br-storage inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}}
+ address {{ ip_settings[inventory_hostname]["storage"]["ip"] }}
+ netmask 255.255.252.0
diff --git a/deploy/adapters/ansible/roles/config-controller/handlers/main.yml b/deploy/adapters/ansible/roles/config-controller/handlers/main.yml
new file mode 100644
index 00000000..3d979e6a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-controller/handlers/main.yml
@@ -0,0 +1,11 @@
+##############################################################################
+## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+## All rights reserved. This program and the accompanying materials
+## are made available under the terms of the Apache License, Version 2.0
+## which accompanies this distribution, and is available at
+## http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart network service
+ shell: "/sbin/ifconfig eth0 0 &&/sbin/ifdown -a && \
+ /sbin/ifup --ignore-errors -a"
diff --git a/deploy/adapters/ansible/roles/config-controller/tasks/main.yml b/deploy/adapters/ansible/roles/config-controller/tasks/main.yml
new file mode 100644
index 00000000..54e4bf1e
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-controller/tasks/main.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: configure controller network
+ template:
+ src: controller.j2
+ dest: /etc/network/interfaces
+ notify:
+ - restart network service
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2
new file mode 100755
index 00000000..a4f073f0
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2
@@ -0,0 +1,66 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# Physical interface
+auto eth0
+iface eth0 inet manual
+
+# OpenStack Networking VXLAN (tunnel/overlay) VLAN interface
+auto {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}}
+iface {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} inet manual
+ vlan-raw-device {{sys_intf_mappings["mgmt"]["interface"]}}
+
+# Storage network VLAN interface (optional)
+auto {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}}
+iface {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} inet manual
+ vlan-raw-device {{sys_intf_mappings["storage"]["interface"]}}
+
+# Container/Host management bridge
+auto br-mgmt
+iface br-mgmt inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports eth0
+ address {{host_info[inventory_hostname].MGMT_IP}}
+ netmask 255.255.255.0
+
+# OpenStack Networking VXLAN (tunnel/overlay) bridge
+#
+# Only the COMPUTE and NETWORK nodes must have an IP address
+# on this bridge. When used by infrastructure nodes, the
+# IP addresses are assigned to containers which use this
+# bridge.
+#
+auto br-vxlan
+iface br-vxlan inet manual
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}}
+
+# OpenStack Networking VLAN bridge
+auto br-vlan
+iface br-vlan inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{ network_cfg["provider_net_mappings"][0]["interface"] }}
+ address {{ ip_settings[inventory_hostname]["br-prv"]["ip"] }}
+ netmask 255.255.255.0
+ gateway {{ ip_settings[inventory_hostname]["br-prv"]["gw"] }}
+ dns-nameserver 8.8.8.8 8.8.4.4
+
+# compute1 Storage bridge
+auto br-storage
+iface br-storage inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}}
+ address {{ ip_settings[inventory_hostname]["storage"]["ip"] }}
+ netmask 255.255.252.0
diff --git a/deploy/adapters/ansible/roles/config-deployment/files/cinder.yml b/deploy/adapters/ansible/roles/config-deployment/files/cinder.yml
new file mode 100755
index 00000000..3a39935a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-deployment/files/cinder.yml
@@ -0,0 +1,13 @@
+---
+# This file contains an example to show how to set
+# the cinder-volume service to run in a container.
+#
+# Important note:
+# When using LVM or any iSCSI-based cinder backends, such as NetApp with
+# iSCSI protocol, the cinder-volume service *must* run on metal.
+# Reference: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1226855
+
+container_skel:
+ cinder_volumes_container:
+ properties:
+ is_metal: true
diff --git a/deploy/adapters/ansible/roles/config-deployment/tasks/main.yml b/deploy/adapters/ansible/roles/config-deployment/tasks/main.yml
new file mode 100644
index 00000000..b0696010
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-deployment/tasks/main.yml
@@ -0,0 +1,33 @@
+##############################################################################
+# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: create osa log directory
+ file:
+ path: /var/log/osa/
+ state: directory
+
+- name: copy openstack_user_config
+ template:
+ src: openstack_user_config.yml.j2
+ dest: /etc/openstack_deploy/openstack_user_config.yml
+
+- name: copy user_variables
+ template:
+ src: user_variables.yml
+ dest: /etc/openstack_deploy/user_variables.yml
+
+- name: copy cinder.yml
+ copy:
+ src: cinder.yml
+ dest: /etc/openstack_deploy/env.d/cinder.yml
+
+- name: copy ansible.cfg
+ template:
+ src: ansible.cfg
+ dest: /opt/openstack-ansible/playbooks/
diff --git a/deploy/adapters/ansible/roles/config-deployment/templates/ansible.cfg b/deploy/adapters/ansible/roles/config-deployment/templates/ansible.cfg
new file mode 100644
index 00000000..41502fbf
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-deployment/templates/ansible.cfg
@@ -0,0 +1,3 @@
+[ssh_connection]
+retries = 5
+scp_if_ssh = True
diff --git a/deploy/adapters/ansible/roles/config-deployment/templates/openstack_user_config.yml.j2 b/deploy/adapters/ansible/roles/config-deployment/templates/openstack_user_config.yml.j2
new file mode 100644
index 00000000..38e14784
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-deployment/templates/openstack_user_config.yml.j2
@@ -0,0 +1,220 @@
+---
+cidr_networks:
+ container: 10.1.0.0/24
+ tunnel: 172.29.240.0/22
+ storage: 172.16.2.0/24
+
+used_ips:
+ - "10.1.0.1,10.1.0.55"
+ - "10.1.0.100,10.1.0.110"
+ - "172.29.240.1,172.29.240.50"
+ - "172.16.2.1,172.16.2.50"
+ - "172.29.248.1,172.29.248.50"
+
+global_overrides:
+ internal_lb_vip_address: 10.1.0.22
+ external_lb_vip_address: {{ public_vip.ip }}
+ tunnel_bridge: "br-vxlan"
+ management_bridge: "br-mgmt"
+ provider_networks:
+ - network:
+ container_bridge: "br-mgmt"
+ container_type: "veth"
+ container_interface: "eth1"
+ ip_from_q: "container"
+ type: "raw"
+ group_binds:
+ - all_containers
+ - hosts
+ is_container_address: true
+ is_ssh_address: true
+ - network:
+ container_bridge: "br-vxlan"
+ container_type: "veth"
+ container_interface: "eth10"
+ ip_from_q: "tunnel"
+ type: "vxlan"
+ range: "1:1000"
+ net_name: "vxlan"
+ group_binds:
+ - neutron_linuxbridge_agent
+ - network:
+ container_bridge: "br-vlan"
+ container_type: "veth"
+ container_interface: "eth12"
+ host_bind_override: "eth12"
+ type: "flat"
+ net_name: "flat"
+ group_binds:
+ - neutron_linuxbridge_agent
+ - network:
+ container_bridge: "br-vlan"
+ container_type: "veth"
+ container_interface: "eth11"
+ type: "vlan"
+ range: "1:1"
+ net_name: "vlan"
+ group_binds:
+ - neutron_linuxbridge_agent
+ - network:
+ container_bridge: "br-storage"
+ container_type: "veth"
+ container_interface: "eth2"
+ ip_from_q: "storage"
+ type: "raw"
+ group_binds:
+ - glance_api
+ - cinder_api
+ - cinder_volume
+ - nova_compute
+
+###
+### Infrastructure
+###
+
+# galera, memcache, rabbitmq, utility
+shared-infra_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# repository (apt cache, python packages, etc)
+repo-infra_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# load balancer
+# Ideally the load balancer should not use the Infrastructure hosts.
+# Dedicated hardware is best for improved performance and security.
+haproxy_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# rsyslog server
+#log_hosts:
+ # log1:
+ # ip: 10.1.0.53
+
+###
+### OpenStack
+###
+
+# keystone
+identity_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# cinder api services
+storage-infra_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# glance
+# The settings here are repeated for each infra host.
+# They could instead be applied as global settings in
+# user_variables, but are left here to illustrate that
+# each container could have different storage targets.
+image_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+ container_vars:
+ limit_container_types: glance
+ glance_nfs_client:
+ - server: "{{ip_settings[groups.compute[0]]['storage']['ip']}}"
+ remote_path: "/images"
+ local_path: "/var/lib/glance/images"
+ type: "nfs"
+ options: "_netdev,auto"
+{% endfor %}
+
+# nova api, conductor, etc services
+compute-infra_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# heat
+orchestration_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# horizon
+dashboard_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# neutron server, agents (L3, etc)
+network_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# ceilometer (telemetry API)
+metering-infra_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# aodh (telemetry alarm service)
+metering-alarm_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# gnocchi (telemetry metrics storage)
+metrics_hosts:
+{% for host in groups.controller%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# nova hypervisors
+compute_hosts:
+{% for host in groups.compute%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# ceilometer compute agent (telemetry)
+metering-compute_hosts:
+{% for host in groups.compute%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+{% endfor %}
+
+# cinder volume hosts (NFS-backed)
+# The settings here are repeated for each infra host.
+# They could instead be applied as global settings in
+# user_variables, but are left here to illustrate that
+# each container could have different storage targets.
+storage_hosts:
+{% for host in groups.compute%}
+ {{host}}:
+ ip: {{ hostvars[host]['ansible_ssh_host'] }}
+ container_vars:
+ cinder_backends:
+ limit_container_types: cinder_volume
+ lvm:
+ volume_group: cinder-volumes
+ volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver
+ volume_backend_name: LVM_iSCSI
+ iscsi_ip_address: "{{ip_settings[host]['storage']['ip']}}"
+{% endfor %}
diff --git a/deploy/adapters/ansible/roles/config-deployment/templates/user_variables.yml b/deploy/adapters/ansible/roles/config-deployment/templates/user_variables.yml
new file mode 100644
index 00000000..30b2c6b2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-deployment/templates/user_variables.yml
@@ -0,0 +1,27 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ##
+# ## This file contains commonly used overrides for convenience. Please inspect
+# ## the defaults for each role to find additional override options.
+# ##
+
+# # Debug and Verbose options.
+debug: false
+
+haproxy_keepalived_external_vip_cidr: "{{ public_vip.ip }}/32"
+haproxy_keepalived_internal_vip_cidr: "10.1.0.22/32"
+haproxy_keepalived_external_interface: br-vlan
+haproxy_keepalived_internal_interface: br-mgmt
diff --git a/deploy/adapters/ansible/roles/pre-prepare/files/modules b/deploy/adapters/ansible/roles/pre-prepare/files/modules
new file mode 100644
index 00000000..c73925e6
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-prepare/files/modules
@@ -0,0 +1,7 @@
+# /etc/modules: kernel modules to load at boot time.
+# This file contains the names of kernel modules that should be loaded
+# at boot time, one per line. Lines beginning with "#" are ignored.
+# Parameters can be specified after the module name.
+
+bonding
+8021q
diff --git a/deploy/adapters/ansible/roles/pre-prepare/tasks/main.yml b/deploy/adapters/ansible/roles/pre-prepare/tasks/main.yml
new file mode 100644
index 00000000..5bd38f12
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-prepare/tasks/main.yml
@@ -0,0 +1,74 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /root/.ssh
+ owner: root
+ group: root
+
+- name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /root/.ssh/config
+ owner: root
+ group: root
+
+- name: generate ssh keys
+ shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \
+ then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \
+ else echo "already gen ssh key!"; fi;
+
+- name: fetch ssh keys
+ fetch:
+ src: /root/.ssh/id_rsa.pub
+ dest: /tmp/ssh-keys-{{ ansible_hostname }}
+ flat: "yes"
+
+- authorized_key:
+ user: root
+ key: "{{ lookup('file', item) }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+ - /root/.ssh/id_rsa.pub
+
+- name: change sources list
+ template:
+ src: sources.list
+ dest: /etc/apt/sources.list
+
+- name: rm apt.conf
+ file:
+ path: /etc/apt/apt.conf
+ state: absent
+
+- name: Install apt packages
+ apt:
+ pkg: "{{ item }}"
+ state: "present"
+ with_items: "{{ packages }}"
+
+- name: restart ntp service
+ shell: "service ntp restart"
+
+- name: add the appropriate kernel modules
+ copy:
+ src: modules
+ dest: /etc/modules
diff --git a/deploy/adapters/ansible/roles/pre-prepare/templates/sources.list b/deploy/adapters/ansible/roles/pre-prepare/templates/sources.list
new file mode 100644
index 00000000..1c3ab410
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-prepare/templates/sources.list
@@ -0,0 +1,56 @@
+#
+
+# deb cdrom:[Ubuntu-Server 16.04.1 LTS _Xenial Xerus_ - Release amd64 (20160719)]/ xenial main restricted
+
+#deb cdrom:[Ubuntu-Server 16.04.1 LTS _Xenial Xerus_ - Release amd64 (20160719)]/ xenial main restricted
+
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution.
+deb http://hk.archive.ubuntu.com/ubuntu/ xenial main restricted
+# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb http://hk.archive.ubuntu.com/ubuntu/ xenial-updates main restricted
+# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial-updates main restricted
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team. Also, please note that software in universe WILL NOT receive any
+## review or updates from the Ubuntu security team.
+deb http://hk.archive.ubuntu.com/ubuntu/ xenial universe
+# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial universe
+deb http://hk.archive.ubuntu.com/ubuntu/ xenial-updates universe
+# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial-updates universe
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team, and may not be under a free licence. Please satisfy yourself as to
+## your rights to use the software. Also, please note that software in
+## multiverse WILL NOT receive any review or updates from the Ubuntu
+## security team.
+deb http://hk.archive.ubuntu.com/ubuntu/ xenial multiverse
+# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial multiverse
+deb http://hk.archive.ubuntu.com/ubuntu/ xenial-updates multiverse
+# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial-updates multiverse
+
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team.
+deb http://hk.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse
+# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse
+
+## Uncomment the following two lines to add software from Canonical's
+## 'partner' repository.
+## This software is not part of Ubuntu, but is offered by Canonical and the
+## respective vendors as a service to Ubuntu users.
+# deb http://archive.canonical.com/ubuntu xenial partner
+# deb-src http://archive.canonical.com/ubuntu xenial partner
+
+deb http://security.ubuntu.com/ubuntu xenial-security main restricted
+# deb-src http://security.ubuntu.com/ubuntu xenial-security main restricted
+deb http://security.ubuntu.com/ubuntu xenial-security universe
+# deb-src http://security.ubuntu.com/ubuntu xenial-security universe
+deb http://security.ubuntu.com/ubuntu xenial-security multiverse
+# deb-src http://security.ubuntu.com/ubuntu xenial-security multiverse
+
diff --git a/deploy/adapters/ansible/roles/pre-prepare/vars/main.yml b/deploy/adapters/ansible/roles/pre-prepare/vars/main.yml
new file mode 100644
index 00000000..66cf66bf
--- /dev/null
+++ b/deploy/adapters/ansible/roles/pre-prepare/vars/main.yml
@@ -0,0 +1,13 @@
+---
+packages:
+- bridge-utils
+- debootstrap
+- ifenslave
+- ifenslave-2.6
+- lsof
+- lvm2
+- ntp
+- ntpdate
+- sudo
+- vlan
+- tcpdump
diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml
new file mode 100644
index 00000000..f0b1051c
--- /dev/null
+++ b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml
@@ -0,0 +1,27 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: setup hosts
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \
+ export ANSIBLE_SCP_IF_SSH=y; \
+ cd /opt/openstack-ansible/playbooks; \
+ openstack-ansible setup-hosts.yml \
+ | tee -a /var/log/osa/host.log > /dev/null"
+
+- name: read the ansible log file
+ shell: cat /var/log/osa/host.log | tail -n 1000
+ register: setup_host_result
+
+- fail:
+ msg: "there are some task failed when setup host."
+ when: setup_host_result.stdout.find('failed=1') != -1
+
+- fail:
+ msg: "some host are unreachable."
+ when: setup_host_result.stdout.find('unreachable=1') != -1
diff --git a/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml
new file mode 100644
index 00000000..5b70aeef
--- /dev/null
+++ b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml
@@ -0,0 +1,27 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: setup infrastructure
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \
+ export ANSIBLE_SCP_IF_SSH=y; \
+ cd /opt/openstack-ansible/playbooks; \
+ openstack-ansible setup-infrastructure.yml \
+ | tee -a /var/log/osa/infrastructure.log > /dev/null"
+
+- name: read the ansible log file
+ shell: cat /var/log/osa/infrastructure.log | tail -n 1000
+ register: setup_infrastructure_result
+
+- fail:
+ msg: "there are some task failed when setup host."
+ when: setup_infrastructure_result.stdout.find('failed=1') != -1
+
+- fail:
+ msg: "some host are unreachable."
+ when: setup_infrastructure_result.stdout.find('unreachable=1') != -1
diff --git a/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml
new file mode 100644
index 00000000..e5770245
--- /dev/null
+++ b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml
@@ -0,0 +1,27 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: setup openstack
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \
+ export ANSIBLE_SCP_IF_SSH=y; \
+ cd /opt/openstack-ansible/playbooks; \
+ openstack-ansible setup-openstack.yml \
+ | tee -a /var/log/osa/openstack.log > /dev/null"
+
+- name: read the ansible log file
+ shell: cat /var/log/osa/openstack.log | tail -n 1000
+ register: setup_openstack_result
+
+- fail:
+ msg: "some task failed when setup host."
+ when: setup_openstack_result.stdout.find('failed=1') != -1
+
+- fail:
+ msg: "some host are unreachable."
+ when: setup_openstack_result.stdout.find('unreachable=1') != -1