Skip to content
Snippets Groups Projects
Select Git revision
  • 87-autoupdater-update
  • korthalsp
  • port_security_enabled
  • master default protected
  • 85-add-markdown-style-and-language-coretness-tests
  • 84-add-mypy-tests
  • 83-support-for-python3
  • 79-support-for-ansible-3-0-0-and-python3
  • 88-add-volume-backup-action
  • 65-action-instance-create-requires-shade
  • 81-replace-os_-_facts-depracted-modules-with-os_-_info-modules
  • 80-upgrade-yaml-files-to-new-standards
  • 82-add-funcional-tests
  • 66-ansible-2-8-x-compatibility
  • 29-add-action-to-disable-port-security-on-all-ports-in-project
  • 5.6.1
  • 5.6.0
  • 5.5.0
  • 5.4.2
  • 5.4.1
  • 5.4.0
  • 5.3.0
  • 5.2.0
  • 5.1.2
  • 5.1.1
  • 5.1.0
  • 5.0.0
  • 4.0.2
  • 4.0.1
  • 4.0.0
  • 3.1.0
  • 3.0.0
  • 2.1.0
  • 2.0.0
  • 1.2.0
35 results
Compare
Krzysztof Szymański's avatar
Merge branch '77-instance-creation-fails-if-user-has-no-authorized-keys' into 'master'
Krzysztof Szymański authored 
Resolve "instance creation fails if user has no authorized keys"

Closes #77

See merge request !77
7f39962b
History
Krzysztof Szymański's avatar 7f39962b
History
Name Last commit Last update
.gitlab/issue_templates
action_plugins
defaults
library
meta
tasks
templates
test_plugins
tests
vars
.gitlab-ci.yml
CHANGELOG.md
LICENSE.md
README.md
README.md

openstack

A role for provisioning infrastructure in OpenStack.

Requirements

Packages

Roles

  • ssh - if an instance uses an SSH proxy, ssh:set_arguments needs to be called before openstack:instance/wait (see Examples)

Role action

Role API

General Variables

  • openstack_cloud - identifier of the OpenStack cloud as specified in the clouds.ymlfile (in the case of using environmental variables, set this to envvars)

Action instance/create

Provisions instance.

Variables

  • openstack_instance_flavor - name of the flavor which should be used for this instance

  • One of those variables must be defined:

    • openstack_instance_image - source image name
    • openstack_instance_boot_volume - volume to boot from

  • (optional) openstack_instance_availability_zone - availability zone name (default: TASK)

  • openstack_instance_interfaces - network interfaces to which the instance should be connected, a list of network names (single strings) or objects containing one of the following values:

    • network_name - network name
    • network_id - network id
    • port_name - port name
    • port_id - port id

  • (optional) openstack_instance_volumes - a list of volumes (names or IDs) which will be attached to the instance

  • (optional) openstack_instance_security_groups - a list of security group names the instance will be member of. Note, that:

    • you cannot use this option if you have multiple ports attached to the instance (multiple port_* elements in openstack_instance_interfaces list). If you want to attach multiple ports this way, you should specify security groups in ports definition and leave this option unspecified.
    • if you have multiple networks attached to the instance (multiple network_* elements in openstack_instance_interfaces list), all security groups specified in this option will be attached to all ports created for this instance

  • openstack_instance_users - list of the system users which will be created on the instance:

    • name - username
    • (optional) comment - comment for user's account
    • (optional) sudoer - if user should be sudoer (default: no)
    • (optional) authorized_keys - list of authorized public keys for user

    This option should be used istead of deprecated openstack_instance_user and openstack_instance_ssh_keys options.

  • (deprecated) openstack_instance_user - name of the system user which will be created on the instance. You should use openstack_instance_users variable instead.

  • (deprecated) openstack_instance_ssh_keys - a list of authorized public keys for remote SSH login. You should use openstack_instance_users variable instead.

  • (optional) openstack_instance_floating_ip_name - floating IP address name to associate and/or create for an instance that has single (one, 1!) network interface (use openstack_project_floating_ips and openstack_project_ports combination when using multiple network interfaces)

  • (optional) openstack_instance_floating_ip_network - floating IP address external network name, required if action is also used to create floating IP address

  • (optional) openstack_instance_create_timeout - how long should ansible wait for instance to create (default: 180)

  • (optional) openstack_instance_cloud_config - custom data (in yaml format) that will get appended to the end of cloud-config file

  • (optional) openstack_instance_ansible_network - the name of the network which should be used for Ansible SSH communication (ansible_host is set to a suitable IP address in this network)

Facts

  • ansible_host - the IP address of the instance (floating if available)
  • openstack_facts.instance.volume_attachments - a list of volumes attached to the instance:
    • name - volume name
    • id - volume ID
  • openstack_facts.instance.addresses - a list of network addresses associated with the instance:
    • address - an IP address
    • network - OpenStack network name
    • type - address type (fixed or floating)

Action instance/destroy

Completely and irreversibly destroys the instance.

Action instance/reboot

Soft reboots the instance (and waits for the instance to become available again).

Action instance/wait

Wait for the instance boot process to complete (set_arguments action in ssh role must be called before this task).

Action network

Provisions networks, routers, ports and floating IP addresses.

Variables

  • (optional) openstack_project_networks - a list of required OpenStack networks:

    • name - network name
    • subnet_name - sub-network name
    • subnet_cidr - IP address range for the sub-network (e.g. "192.168.0.0/24")
    • (optional) subnet_gateway - set specific router ip for subnet. If not specified, the first address will be used. If "none", no gateway will be assigned for this subnet.
    • (optional) nameservers - a list of DNS servers (default: ["153.19.250.100", "153.19.0.50"])
    • (optional) subnet_enable_dhcp - controlls if subnet will have DHCP provided by OpenStack (default omit - DHCP will be enabled). When DHCP is disabled, OpenStack will reserve IP addresses from the allocation pool configured below, but it will not automatically assign addresses to virtual machines' operating systems.
    • (optional) subnet_allocation_pool_start - first ip that will be assigned by DHCP (default omit)
    • (optional) subnet_allocation_pool_end - last ip that will be assigned by DHCP (default omit)

  • (optional) openstack_project_routers - a list of required OpenStack routers:

    • name - router name
    • (optional) network - name or ID of the external gateway network
    • (optional) interfaces - a list of sub-networks to attach to the router (e.g. ["my-network-subnet"])

  • (optional) openstack_project_ports - a list of OpenStack network ports:

    • name - port name

    • network - name or ID of network this port should belong to. Please note that it is impossible to change the network of the existing port.

    • (optional) mac_address - a mac address that will be assigned to the interface (e.g. "aa:bb:cc:dd:ee:ff"). Please note that it is impossible to change MAC address of the existing port.

    • (optional) security_groups - a list of security groups names for this port (e.g. ["ssh-group", "foo-group"])

    • (optional) addresses - a list of IP addresses of this port, a list of IP addresses (single strings) or objects containing one of the following values:

      • ip_address - IP address
      • subnetwork_name - subnetwork name
      • subnetwork_id - subnetwork id

      If addresses list is not specified, the IP address that belongs to specified network (in network property) will be automatically assigned to this port.

    • (optional) allowed_address_pairs - by default all outgoing traffic from the OpenStack port must match port's IP address and MAC address to prevent nasty things. But sometimes you may need to leave the VM with other MAC/IP, e.g. when deploying multiple VMs that share the same VIP (like in keepalived). In this case you must define additional address pairs (IP and MAC addresses) that can leave the port. To do so, specify this option as the list of dictionaries in following format:

      • ip_address - additional IP address that can leave this port.
      • (optional) mac_address - additional MAC address that can leave this port. If not specified, the current MAC address of this port will be used.

  • (optional) openstack_project_floating_ips - a list of floating IP addresses, ensures that specified floating IP addresses exist and are associated with provided ports:

    • name - name of the floating IP address
    • (optional) network - external network name, required if action is used to create floating IP address
    • (optional) port - port name, required if action is used to associate floating IP with specified port

Additional information

Complete openstack_project_ports usage example:

openstack_project_ports:
  - name: "my-foo-port"
    network: "my-external-network"
    security_groups: ["my-ssh-group"]
    addresses: ["10.0.0.10"]
    allowed_address_pairs:
      - ip_address: "10.0.0.11"
      - ip_address: "10.0.0.12"
        mac_address: "aa:bb:cc:dd:ee:ff"
  - name: "my-bar-port"
	network: "my-internal-network"
	mac_address: "ff:dd:aa:bb:cc:11"
    addresses:
      - "10.0.0.1"
      - ip_address: "10.0.0.2"
      - subnetwork_name: "my-internal-subnetwork"

Facts

  • openstack_facts.routers with the list of routers facts. Only routers listed in openstack_project_routers list are present. For a full list of facts see the os_router ansible module specification.
  • openstack_facts.networks with the list of networks facts. Only networks listed in openstack_project_networks are present. For a full list of facts see the os_network ansible module documentation.
  • openstack_facts.subnets with the list of subnets facts. Only subnets listed in openstack_project_networks are present. List of facts:
    • facts from the os_subnets_facts module
    • created_at - subnet creation time
    • updated_at - subnet last modification time
    • description - description of a subnet
    • host_routes - additional network routes

Action security

Provisions security groups.

Variables

  • (optional) openstack_project_security_groups - a list of OpenStack network security groups:
    • name - security group name
    • description - security group description
    • (optional) rules - a list of security rules for allowed network traffic:
      • (optional) port_range_min - starting port number (use only when tcp/udp specified in protocol field)
      • (optional) port_range_max - last port number (use only when tcp/udp specified in protocol field)
      • direction - traffic direction (ingress or egress)
      • (optional) protocol - network protocol (one of: "tcp", "udp", "icmp", "112", default: any protocol)
      • (optional) remote_ip_prefix - remote IP address range (e.g. "0.0.0.0/0") (exclusive with remote_group)
      • (optional) remote_group - name of a remote security group (exclusive with remote_ip_prefix)

Action volume

Provisions volumes.

Variables

  • (optional) openstack_project_volumes - a list of persistent volumes which will be used by the application:
    • name - volume name
    • (optional) description - volume description
    • size - volume size in GiB
    • (optional) snapshot_id - volume snapshot id to create from
    • (optional) image - image name or id for boot from volume
  • (optional) openstack_project_volume_create_timeout - how long should ansible wait for volume to create (default 180)

Examples

Provisioning infrastructure

---
- name: "provision OpenStack infrastructure"
  hosts: "localhost"
  tasks:
    - include_role: { name: "openstack", tasks_from: "security" }

    - include_role: { name: "openstack", tasks_from: "network" }

    - include_role: { name: "openstack", tasks_from: "volume" }

- name: "provision OpenStack instances"
  hosts: "openstack-instances"
  gather_facts: no
  tasks:
    - include_role: { name: "openstack", tasks_from: "instance/create" }

Waiting for the instances to boot

---
- name: "discover facts about OpenStack instances"
  hosts: "openstack-instances"
  gather_facts: no
  tasks:
    - include_role: { name: "openstack", tasks_from: "instance/create" }

    - include_role: { name: "ssh", tasks_from: "set_arguments" } # an external role for managing SSH

    - include_role: { name: "openstack", tasks_from: "instance/wait" }

License

MIT

Author Information

Academic Computer Centre in Gdansk (CI TASK)

task.gda.pl