diff --git a/.gitignore b/.gitignore index a0bc7ef..6fe3a61 100644 --- a/.gitignore +++ b/.gitignore @@ -109,3 +109,8 @@ ansible/*.retry ansible/roles/*\.*/ # Galaxy collections ansible/collections/**/ + +# Editors +*~ +.*.swp +.*sw? diff --git a/examples/container-clusters.yml b/examples/container-clusters.yml new file mode 100644 index 0000000..4d85d20 --- /dev/null +++ b/examples/container-clusters.yml @@ -0,0 +1,26 @@ +--- +############################################################################### +# Configuration of Magnum container clusters. + +# List of magnum cluster templates. Format is as required by the +# stackhpc.os-container-clusters role. +openstack_container_clusters_templates: + - "{{ openstack_container_clusters_template_k8s_fedora_coreos }}" + +# Kubernetes magnum cluster template. +openstack_container_clusters_template_k8s_fedora_coreos: + labels: "heat_container_agent_tag=ussuri-stable-1,kube_tag=v1.18.9,cloud_provider_tag=v1.18.2,monitoring_enabled=true,auto_scaling_enabled=true,auto_healing_enabled=true,auto_healing_controller=magnum-auto-healer,magnum_auto_healer_tag=latest,master_lb_floating_ip_enabled=true,cinder_csi_enabled=true,ingress_controller=octavia" + external-network: "external" + master-flavor: "m1.medium" + flavor: "m1.medium" + image: "FedoraCoreOS32" + name: "k8s-fedora-coreos-32" + coe: "kubernetes" + network-driver: "calico" + docker-storage_driver: "overlay2" + volume-driver: "cinder" + server-type: "vm" + master-lb-enabled: + floating-ip-enabled: + public: + dns-nameserver: "8.8.8.8" diff --git a/examples/flavors-ironic.yml b/examples/flavors-ironic.yml new file mode 100644 index 0000000..12d2d96 --- /dev/null +++ b/examples/flavors-ironic.yml @@ -0,0 +1,20 @@ +--- +############################################################################### +# Configuration of nova flavors for openstack. + +# List of nova flavors in the openstack demo project. Format is as required by the +# stackhpc.os-flavors role. +openstack_flavors: + - "{{ openstack_flavor_baremetal_A }}" + +# Bare metal compute node. +openstack_flavor_baremetal_A: + name: "baremetal-A" + ram: 65536 + disk: 0 + vcpus: 64 + extra_specs: + "resources:CUSTOM_BAREMETAL_A": 1 + "resources:VCPU": 0 + "resources:MEMORY_MB": 0 + "resources:DISK_GB": 0 diff --git a/examples/flavors.yml b/examples/flavors.yml new file mode 100644 index 0000000..cc4d362 --- /dev/null +++ b/examples/flavors.yml @@ -0,0 +1,43 @@ +--- +############################################################################### +# Configuration of nova flavors for openstack. + +# List of nova flavors in the openstack demo project. Format is as required by the +# stackhpc.os-flavors role. +openstack_flavors: + - "{{ openstack_flavor_m1_tiny }}" + - "{{ openstack_flavor_m1_small }}" + - "{{ openstack_flavor_m1_medium }}" + - "{{ openstack_flavor_m1_large }}" + - "{{ openstack_flavor_m1_xlarge }}" + +# Virtual machine flavors. +openstack_flavor_m1_tiny: + name: "m1.tiny" + ram: 512 + disk: 1 + vcpus: 1 + +openstack_flavor_m1_small: + name: "m1.small" + ram: 2048 + disk: 20 + vcpus: 1 + +openstack_flavor_m1_medium: + name: "m1.medium" + ram: 4096 + disk: 40 + vcpus: 2 + +openstack_flavor_m1_large: + name: "m1.large" + ram: 8192 + disk: 40 + vcpus: 4 + +openstack_flavor_m1_xlarge: + name: "m1.xlarge" + ram: 16384 + disk: 100 + vcpus: 8 diff --git a/examples/host-aggregates.yml b/examples/host-aggregates.yml new file mode 100644 index 0000000..9a647cd --- /dev/null +++ b/examples/host-aggregates.yml @@ -0,0 +1,17 @@ +--- +############################################################################### +# Configuration of nova host aggregates for openstack. + +# List of nova host aggregates. Format is as required by the +# stackhpc.os_host_aggregates role. + +openstack_host_aggregates: + - "{{ openstack_example_aggregate }}" + +openstack_example_aggregate: + name: "example_aggregate" + hosts: + - host1 + - host2 + metadata: + type: example_cluster diff --git a/examples/images.yml b/examples/images.yml new file mode 100644 index 0000000..d879250 --- /dev/null +++ b/examples/images.yml @@ -0,0 +1,40 @@ +--- +############################################################################### +# Configuration of Glance software images. + +# List of Glance images. Format is as required by the stackhpc.os-images role. +openstack_images: + - "{{ openstack_image_centos_stream8 }}" + +openstack_image_centos_stream8: + name: "CentOS-stream8" + type: raw + elements: + - "centos" + - "cloud-init" + - "selinux-permissive" + - "dhcp-all-interfaces" + - "vm" + - "grub2" + - "stable-interface-names" + is_public: True + env: + YUM: dnf + DIB_RELEASE: "8-stream" + properties: + os_type: "linux" + os_distro: "centos" + os_version: "8-stream" + +# List of Diskimage Builder (DIB) elements paths to include in image builds. +openstack_image_elements: + - "{{ openstack_image_stackhpc_elements }}/elements" + +# This creates a git checkout in the local user's home directory +openstack_image_stackhpc_elements: "{{ ansible_env.PWD }}/stackhpc-image-elements" + +# List of Diskimage Builder (DIB) elements Git repositories to use in image +# builds. +openstack_image_git_elements: + - repo: "https://github.com/stackhpc/stackhpc-image-elements.git" + local: "{{ openstack_image_stackhpc_elements }}" diff --git a/examples/networks-ironic.yml b/examples/networks-ironic.yml new file mode 100644 index 0000000..8e26207 --- /dev/null +++ b/examples/networks-ironic.yml @@ -0,0 +1,150 @@ +--- +############################################################################### +# Configuration of networks, subnets and routers for openstack. + +# List of networks in the openstack system. Format is as required by the +# stackhpc.os-networks role. +openstack_networks: + - "{{ openstack_network_internal }}" + - "{{ openstack_network_provision }}" + - "{{ openstack_network_cleaning }}" + - "{{ openstack_network_inspection }}" + +# openstack internal network name. +openstack_network_internal_name: "internal" + +# openstack internal network. +openstack_network_internal: + name: "{{ openstack_network_internal_name }}" + project: "admin" + provider_network_type: "vlan" + provider_physical_network: "physnet1" + provider_segmentation_id: 65 + shared: false + # Subnet configuration. + subnets: + - "{{ openstack_subnet_internal }}" + +# openstack internal subnet. +openstack_subnet_internal: + name: "{{ openstack_network_internal_name }}" + project: "admin" + cidr: "10.65.0.0/16" + enable_dhcp: false + allocation_pool_start: "10.65.0.2" + allocation_pool_end: "10.65.0.4" + +# openstack provision network name. +openstack_network_provision_name: "provision-net" + +# openstack provision network. +openstack_network_provision: + name: "{{ openstack_network_provision_name }}" + project: "admin" + provider_network_type: "vlan" + provider_physical_network: "physnet1" + provider_segmentation_id: 69 + shared: false + # Subnet configuration. + subnets: + - "{{ openstack_subnet_provision }}" + +# openstack provision subnet. +openstack_subnet_provision: + name: "{{ openstack_network_provision_name }}" + project: "admin" + cidr: "10.69.0.0/16" + enable_dhcp: false + allocation_pool_start: "10.69.0.1" + allocation_pool_end: "10.69.0.1" + +# openstack cleaning network name. +openstack_network_cleaning_name: "cleaning-net" + +# openstack cleaning network. +openstack_network_cleaning: + name: "{{ openstack_network_cleaning_name }}" + project: "admin" + provider_network_type: "vlan" + provider_physical_network: "physnet1" + provider_segmentation_id: 70 + shared: false + # Subnet configuration. + subnets: + - "{{ openstack_subnet_cleaning }}" + +# openstack cleaning subnet. +openstack_subnet_cleaning: + name: "{{ openstack_network_cleaning_name }}" + project: "admin" + cidr: "10.70.0.0/16" + enable_dhcp: false + allocation_pool_start: "10.70.0.1" + allocation_pool_end: "10.70.0.1" + +# openstack inspection network name. +openstack_network_inspection_name: "inspection-net" + +# openstack inspection network. +openstack_network_inspection: + name: "{{ openstack_network_inspection_name }}" + project: "admin" + provider_network_type: "vlan" + provider_physical_network: "physnet1" + provider_segmentation_id: 71 + shared: false + # Subnet configuration. + subnets: + - "{{ openstack_subnet_inspection }}" + +# openstack inspection subnet. +openstack_subnet_inspection: + name: "{{ openstack_network_inspection_name }}" + project: "admin" + cidr: "10.71.0.0/16" + enable_dhcp: false + allocation_pool_start: "10.71.0.1" + allocation_pool_end: "10.71.0.1" + +# List of routers in the openstack demo project. Format is as required by the +# stackhpc.os-networks role. +openstack_routers: + - "{{ openstack_router_provision }}" + - "{{ openstack_router_cleaning }}" + - "{{ openstack_router_inspection }}" + +# openstack bare metal provisioning router. +openstack_router_provision: + - name: "provision" + project: "admin" + interfaces: + - net: "{{ openstack_network_internal_name }}" + subnet: "{{ openstack_network_internal_name }}" + portip: "10.65.0.2" + - net: "provision-net" + subnet: "provision-net" + portip: "10.69.0.1" + +# openstack bare metal cleaning router. +openstack_router_cleaning: + - name: "cleaning" + project: "admin" + interfaces: + - net: "{{ openstack_network_internal_name }}" + subnet: "{{ openstack_network_internal_name }}" + portip: "10.65.0.3" + - net: "cleaning-net" + subnet: "cleaning-net" + portip: "10.70.0.1" + +# openstack bare metal inspection router. +openstack_router_inspection: + - name: "inspection" + project: "admin" + interfaces: + - net: "{{ openstack_network_internal_name }}" + subnet: "{{ openstack_network_internal_name }}" + portip: "10.65.0.4" + - net: "inspection-net" + subnet: "inspection-net" + portip: "10.71.0.1" diff --git a/examples/networks.yml b/examples/networks.yml new file mode 100644 index 0000000..f6e6c12 --- /dev/null +++ b/examples/networks.yml @@ -0,0 +1,137 @@ +--- +############################################################################### +# Configuration of networks, subnets and routers for openstack. + +# List of networks in the openstack system. Format is as required by the +# stackhpc.os-networks role. +openstack_networks: + - "{{ openstack_network_external }}" + - "{{ openstack_network_demo_vxlan }}" + - "{{ openstack_network_demo_vlan }}" + - "{{ openstack_network_demo_provider }}" + +# openstack external network name. +openstack_network_external_name: "external" + +# openstack external network. +openstack_network_external: + name: "{{ openstack_network_external_name }}" + project: "admin" + provider_network_type: "vlan" + provider_physical_network: "physnet1" + provider_segmentation_id: 60 + shared: true + external: true + # Subnet configuration. + subnets: + - "{{ openstack_subnet_external }}" + +# openstack external subnet. +openstack_subnet_external: + name: "{{ openstack_network_external_name }}" + project: "admin" + cidr: "10.60.0.0/16" + gateway_ip: "10.60.255.1" + allocation_pool_start: "10.60.2.0" + allocation_pool_end: "10.60.5.255" + +# openstack demo VXLAN network name. +openstack_network_demo_vxlan_name: "demo-vxlan" + +# openstack demo VXLAN network. +openstack_network_demo_vxlan: + name: "{{ openstack_network_demo_vxlan_name }}" + project: demo + provider_network_type: "vxlan" + shared: false + # Subnet configuration. + subnets: + - "{{ openstack_subnet_demo_vxlan }}" + +# openstack demo VXLAN subnet. +openstack_subnet_demo_vxlan: + name: "{{ openstack_network_demo_vxlan_name }}" + project: demo + cidr: "10.1.0.0/24" + gateway_ip: "10.1.0.1" + allocation_pool_start: "10.1.0.2" + allocation_pool_end: "10.1.0.254" + +# openstack demo VLAN network name. +openstack_network_demo_vlan_name: "demo-vlan" + +# openstack demo VLAN network. +openstack_network_demo_vlan: + name: "{{ openstack_network_demo_vlan_name }}" + project: demo + provider_network_type: "vlan" + provider_physical_network: "physnet1" + shared: false + # Subnet configuration. + subnets: + - "{{ openstack_subnet_demo_vlan }}" + +# openstack demo VLAN subnet. +openstack_subnet_demo_vlan: + name: "{{ openstack_network_demo_vlan_name }}" + project: demo + cidr: "10.0.0.0/24" + gateway_ip: "10.0.0.1" + allocation_pool_start: "10.0.0.2" + allocation_pool_end: "10.0.0.254" + +# openstack demo provider VLAN network name. +openstack_network_demo_provider_name: "demo-provider" + +# openstack demo provider VLAN +openstack_network_demo_provider: + name: "{{ openstack_network_demo_provider_name }}" + project: demo + provider_network_type: "vlan" + provider_physical_network: "physnet1" + provider_segmentation_id: 100 + shared: false + # Subnet configuration. + subnets: + - "{{ openstack_subnet_demo_provider }}" + +# openstack demo provider VLAN subnet +openstack_subnet_demo_provider: + name: "{{ openstack_network_demo_provider_name }}" + project: demo + cidr: "10.100.0.0/16" + gateway_ip: "10.100.0.1" + allocation_pool_start: "10.100.1.0" + allocation_pool_end: "10.100.99.255" + host_routes: + - destination: "10.66.0.0/16" + nexthop: "10.100.0.2" + +# List of routers in the openstack demo project. Format is as required by the +# stackhpc.os-networks role. +openstack_routers: + - "{{ openstack_router_demo }}" + +# openstack demo router. +openstack_router_demo: + - name: demo + project: demo + interfaces: + - "{{ openstack_network_demo_vlan_name }}" + - "{{ openstack_network_demo_vxlan_name }}" + - "{{ openstack_network_demo_provider_name }}" + network: "{{ openstack_network_external_name }}" + +# List of security groups in the openstack demo project. +# Format is as required by the stackhpc.os-networks role. +openstack_security_groups: + # Default security group for the openstack demo project. + - name: default + project: demo + rules: + # Allow ICMP (for ping, etc.). + - protocol: icmp + # Allow SSH. + - protocol: tcp + port_range_min: 22 + port_range_max: 22 diff --git a/examples/projects.yml b/examples/projects.yml new file mode 100644 index 0000000..ab5250d --- /dev/null +++ b/examples/projects.yml @@ -0,0 +1,72 @@ +--- +############################################################################### +# Configuration of OpenStack user environment for OpenStack. + +# List of OpenStack projects. Format is as required by the stackhpc.os-projects +# role. +openstack_projects: + - "{{ openstack_demo_project }}" + +# Definition of the openstack demo project. Format is as required by the +# stackhpc.os-projects role. +openstack_demo_project: + name: demo + description: OpenStack demo project + project_domain: default + user_domain: default + users: "{{ openstack_demo_users }}" + quotas: "{{ openstack_unlimited_quotas }}" + +# List of users in the openstack ResOps team. Format is as required by the +# stackhpc.os-projects role. +openstack_demo_users: + - name: alice + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + + email: alice@example.com + roles: "{{ openstack_admin_roles }}" + - name: bob + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + + email: bob@example.com + roles: "{{ openstack_user_roles }}" + +# List of roles to apply to admin users in the openstack demo project. +openstack_admin_roles: + - admin + - heat_stack_owner + # This allows a user admin access to octavia APIs. + # https://docs.openstack.org/octavia/latest/configuration/policy.html + - load-balancer_admin + +# List of roles to apply to regular users in the openstack demo project. +openstack_user_roles: + - member + - heat_stack_owner + # This allows a user read and write access to octavia APIs. + # https://docs.openstack.org/octavia/latest/configuration/policy.html + - load-balancer_member + # This allows a user read access to Barbican secrets. + # https://docs.openstack.org/barbican/latest/admin/access_control.html + - observer + +# Dict of quotas to set for projects with unlimited resource quotas +openstack_unlimited_quotas: + backup_gigabytes: -1 + backups: -1 + cores: -1 + fixed_ips: -1 + floatingip: -1 + gigabytes: -1 + injected_file_size: -1 + injected_files: -1 + instances: -1 + key_pairs: -1 + per_volume_gigabytes: -1 + ram: -1 + security_group: -1 + security_group_rule: -1 + snapshots: -1 + volumes: -1