Merge pull request #25 from stackhpc/jph/designate

Add support for FQDNs, Designate and Dynamic Inventories

Author: jackhodgkiss

.terraform.lock.hcl

@@ -201,12 +201,13 @@ Finally run the ansible playbooks.
 You may need to run `fix-homedir-ownership.yml` if you are using an image that has `ansible_user` not owning their own home folder.
 You may also need to run `grow-control-host.yml` if you are using LVM images and the LVMs are too small to install Ansible.
 If not you can skip those playbook and proceed onto `deploy-openstack-config` which shall configure your Ansible control host in preparation for deployment.
-Be sure to replace `ansible_user` with the user you are using to connect to the Ansible control host.
+
 .. code-block:: console
 
-   ansible-playbook -i $(terraform output -raw ansible_control_access_ip_v4), ansible/fix-homedir-ownership.yml -e ansible_user=cloud-user
-   ansible-playbook -i $(terraform output -raw ansible_control_access_ip_v4), ansible/grow-control-host.yml -e ansible_user=cloud-user
-   ansible-playbook -i $(terraform output -raw ansible_control_access_ip_v4), ansible/deploy-openstack-config.yml -e ansible_user=cloud-user
+   ansible-playbook -i ansible/inventory.yml ansible/fix-homedir-ownership.yml
+   ansible-playbook -i ansible/inventory.yml ansible/add-fqdn.yml
+   ansible-playbook -i ansible/inventory.yml ansible/grow-control-host.yml
+   ansible-playbook -i ansible/inventory.yml ansible/deploy-openstack-config.yml
 
 Deploy OpenStack
 ----------------
@@ -219,7 +220,7 @@ If you choose to opt for automated method you must first SSH into your Ansible c
 
 .. code-block:: console
 
-   ssh ${ssh_user}@${ansible_ip}
+   ssh $(terraform output -raw ssh_user)@$(terraform output -raw ansible_control_access_ip_v4)
    ~/deploy-openstack.sh
 
 This script will go through the process of performing the following tasks
@@ -231,6 +232,23 @@ This script will go through the process of performing the following tasks
    * openstack configuration
    * tempest testing
 
+Accessing OpenStack
+-------------------
+
+After a successful deployment of OpenStack you make access the OpenStack API and Horizon by proxying your connection via the seed node, as it has an interface on the public network (192.168.39.X).
+Using software such as sshuttle will allow for easy access.
+
+.. code-block:: console
+
+   sshuttle -r $(terraform output -raw ssh_user)@$(terraform output -raw seed_access_ip_v4) 192.168.39.0/24
+
+You may also use sshuttle to proxy DNS via the multinode environment. Useful if you are working with Designate. 
+Important to node this will proxy all DNS requests from your machine to the first controller within the multinode environment.
+
+.. code-block:: console
+
+   sshuttle -r $(terraform output -raw ssh_user)@$(terraform output -raw seed_access_ip_v4) 192.168.39.0/24 --dns --to-ns 192.168.39.4
+
 Tear Down
 ---------
 

README.rst

@@ -0,0 +1,16 @@
+---
+- name: Add FQDN to hosts
+  hosts: all
+  gather_facts: false
+  vars_files:
+    - vars/defaults.yml
+  tasks:
+    - name: Ensure OS FQDN are added to /etc/hosts
+      ansible.builtin.lineinfile:
+        path: "/etc/hosts"
+        line: "{{ item }}"
+      loop:
+        - "192.168.37.2 internal.infra.mos.{{ root_domain }}"
+        - "192.168.39.2 public.infra.mos.{{ root_domain }}"
+      tags: hosts
+      become: true

ansible/add-fqdn.yml

@@ -1,6 +1,6 @@
 ---
 - name: Deploy OpenStack Configuration
-  hosts: all
+  hosts: ansible_control
   gather_facts: false
   vars_files:
     - vars/defaults.yml
@@ -17,20 +17,10 @@
           - vxlan_vni != None
         fail_msg: "Please provide a VXLAN VNI. A unique value from 1 to 100,000."
 
-    - name: Ensure Ansible host is reachable
-      ansible.builtin.wait_for_connection:
-
     - name: Gather facts about the host
       ansible.builtin.setup:
-
-    - name: Ensure hosts are reachable
-      ansible.builtin.command:
-        cmd: "ping -c 1 -w 2 {{ item.value }}"
-      loop: "{{ (lookup('file', 'files/admin-oc-networks.yml') | from_yaml).admin_oc_ips | dict2items }}"
-      changed_when: false
-      register: ping_results
-      retries: 3
-      until: ping_results is succeeded
+        gather_subset:
+          - user_dir
 
     - name: Ensure git is present
       ansible.builtin.package:
@@ -91,12 +81,17 @@
         dest: "{{ src_directory }}/{{ kayobe_config_name }}/etc/kayobe/environments/{{ kayobe_config_environment }}/inventory/hosts"
         mode: "0644"
 
+    - name: Ensure root_domain is defined
+      ansible.builtin.lineinfile:
+        path: "{{ src_directory }}/{{ kayobe_config_name }}/etc/kayobe/environments/{{ kayobe_config_environment }}/inventory/group_vars/all/main.yml"
+        line: "root_domain: {{ root_domain }}"
+
     - name: Ensure hosts are added to /etc/hosts
-      become: true
       ansible.builtin.lineinfile:
         path: "/etc/hosts"
         line: "{{ item.value }}\t{{ item.key }}"
       loop: "{{ (lookup('file', 'files/admin-oc-networks.yml') | from_yaml).admin_oc_ips | dict2items }}"
+      become: true
 
     - name: Ensure VXLAN VNI has been set
       ansible.builtin.lineinfile:

ansible/deploy-openstack-config.yml

@@ -1,32 +1,26 @@
 ---
 - name: Fix Home Directory Ownership
   hosts: all
-  gather_facts: true
-  vars_files:
-    - files/admin-oc-networks.yml
+  gather_facts: false
   vars:
     # At the time of running this playbook the home directory is not owned by the user.
     # Therefore, we will not be permitted to store the Ansible temporary directory in the home folder.
     # This must be relocated to some where that can be written to by the remote user.
     ansible_remote_tmp: "/tmp/ansible"
   tasks:
     - name: Ensure hosts are reachable
-      ansible.builtin.command:
-        cmd: "ping -c 1 -w 2 {{ item.value }}"
-      loop:
-        "{{ (lookup('file', 'files/admin-oc-networks.yml') | from_yaml).admin_oc_ips | dict2items }}"
-      changed_when: false
-      register: ping_results
-      retries: 15
-      delay: 3
-      until: ping_results is succeeded
+      ansible.builtin.wait_for_connection:
 
-    - name: Ensure homedir of ansible control node is owned by cloud-user # noqa: no-changed-when
-      ansible.builtin.command:
-        cmd: "sudo chown -R cloud-user: ."
+    - name: Gather the home directory of the user
+      ansible.builtin.setup:
+        gather_subset:
+          - user_dir
 
-    - name: Ensure homedir of all nodes is owned by cloud-user # noqa: no-changed-when
-      ansible.builtin.command:
-        cmd: "ssh -oStrictHostKeyChecking=no cloud-user@{{ item.value }} sudo chown -R cloud-user: ."
-      loop: "{{ (lookup('file', 'files/admin-oc-networks.yml') | from_yaml).admin_oc_ips | dict2items }}"
-      delegate_to: localhost
+    - name: Ensure homedir is owned by {{ ansible_user }}
+      ansible.builtin.file:
+        dest: "{{ ansible_env.HOME }}"
+        state: directory
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: "0755"
+      become: true

ansible/fix-homedir-ownership.yml

@@ -1,6 +1,6 @@
 ---
 - name: Grow Control Host
-  hosts: all
+  hosts: ansible_control
   gather_facts: true
   vars_files:
     - vars/defaults.yml

ansible/grow-control-host.yml

@@ -0,0 +1 @@
+plugin: cloud.terraform.terraform_provider

ansible/inventory.yml

@@ -1,3 +1,5 @@
 ---
+collections:
+  - name: cloud.terraform
 roles:
-  - src: mrlesmithjr.manage-lvm
+  - src: mrlesmithjr.manage_lvm

ansible/requirements.yml

@@ -20,6 +20,8 @@ ssh_key_path:
 
 vxlan_vni:
 
+root_domain: sms-lab.cloud
+
 lvm_groups:
   - vgname: rootvg
     disks:

ansible/vars/defaults.yml

@@ -2,6 +2,14 @@ output "ansible_control_access_ip_v4" {
   value = openstack_compute_instance_v2.ansible_control.access_ip_v4
 }
 
+output "seed_access_ip_v4" {
+  value = openstack_compute_instance_v2.seed.access_ip_v4
+}
+
+output "ssh_user" {
+  value = var.ssh_user
+}
+
 resource "local_file" "hosts" {
   content = templatefile(
     "${path.module}/templates/hosts.tpl",
@@ -66,3 +74,39 @@ resource "local_file" "deploy_openstack" {
   filename        = "ansible/files/deploy-openstack.sh"
   file_permission = "0755"
 }
+
+resource "ansible_host" "control_host" {
+  name   = openstack_compute_instance_v2.ansible_control.access_ip_v4
+  groups = ["ansible_control"]
+}
+
+resource "ansible_host" "compute_host" {
+  for_each = { for host in openstack_compute_instance_v2.compute : host.name => host.access_ip_v4 }
+  name = each.value
+  groups = ["compute"]
+}
+
+resource "ansible_host" "controllers_hosts" {
+  for_each = { for host in openstack_compute_instance_v2.controller : host.name => host.access_ip_v4 }
+  name = each.value
+  groups = ["controllers"]
+}
+
+resource "ansible_host" "seed_host" {
+  name   = openstack_compute_instance_v2.seed.access_ip_v4
+  groups = ["seed"]
+}
+
+resource "ansible_host" "storage" {
+  for_each = { for host in openstack_compute_instance_v2.storage : host.name => host.access_ip_v4 }
+  name = each.value
+  groups = ["storage"]
+}
+
+resource "ansible_group" "cluster_group" {
+  name     = "cluster"
+  children = ["compute", "ansible_control", "controllers", "seed", "storage"]
+  variables = {
+    ansible_user = var.ssh_user
+  }
+}