ssh-keygen -t rsa
+After the script finishes, it will provide an openrc file that can be
+sourced to properly start using the cloud. It will be available under the
+opnfv host (in $HOME path), and on the the buildhost (in $XCI_DEVEL_ROOT path)
+
Advanced Usage
--------------
export OPNFV_RELENG_GIT_URL=https://gerrit.opnfv.org/gerrit/releng-xci.git
export OPENSTACK_BIFROST_GIT_URL=https://git.openstack.org/openstack/bifrost
export OPENSTACK_OSA_GIT_URL=https://git.openstack.org/openstack/openstack-ansible
+export OPENSTACK_OSA_OPENRC_GIT_URL=https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
export OPENSTACK_OSA_ETC_PATH=/etc/openstack_deploy
export OPNFV_HOST_IP=192.168.122.2
export OPNFV_XCI_PATH=$OPNFV_RELENG_PATH/xci
export DIB_OS_ELEMENT=${DIB_OS_ELEMENT:-ubuntu-minimal}
export DIB_OS_PACKAGES=${DIB_OS_PACKAGES:-"vlan,vim,less,bridge-utils,sudo,language-pack-en,iputils-ping,rsyslog,curl,python,debootstrap,ifenslave,ifenslave-2.6,lsof,lvm2,tcpdump,nfs-kernel-server,chrony,iptables"}
export EXTRA_DIB_ELEMENTS=${EXTRA_DIB_ELEMENTS:-"openssh-server"}
+# subject of the certificate
+export XCI_SSL_SUBJECT=${XCI_SSL_SUBJECT:-"/C=US/ST=California/L=San Francisco/O=IT/CN=xci.releng.opnfv.org"}
#-------------------------------------------------------------------------------
export XCI_DEVEL_ROOT=${XCI_DEVEL_ROOT:-"/tmp/.xci-deploy-env"}
export OPNFV_RELENG_PATH="${XCI_DEVEL_ROOT}/releng-xci"
+export OPENSTACK_OSA_OPENRC_PATH="${XCI_DEVEL_ROOT}/openstack-ansible-openstack_openrc"
export OPENSTACK_BIFROST_PATH="${XCI_DEVEL_ROOT}/bifrost"
export OPENSTACK_OSA_PATH="${XCI_DEVEL_ROOT}/openstack-ansible"
export OPNFV_SSH_HOST_KEYS_PATH="${XCI_DEVEL_ROOT}/ssh_host_keys"
## Sahara
sahara_api_workers_max: 2
sahara_api_workers: 1
+
+openrc_os_auth_url: "https://192.168.122.220:5000/v3"
+keystone_auth_admin_password: "opnfv-secret-password"
+openrc_os_password: "opnfv-secret-password"
+openrc_os_domain_name: "Default"
+openrc_cinder_endpoint_type: "publicURL"
+openrc_nova_endpoint_type: "publicURL"
+openrc_os_endpoint_type: "publicURL"
+openrc_clouds_yml_interface: "public"
+openrc_region_name: RegionOne
+haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
+keystone_service_adminuri_insecure: true
+keystone_service_internaluri_insecure: true
[python-devel]=python-devel
[venv]=python-virtualenv
[wget]=wget
+ [openssl]=openssl
)
EXTRA_PKG_DEPS=( python-xml )
# NOTE (cinerama): we can't install python without removing this package
[python-devel]=libpython-dev
[venv]=python-virtualenv
[wget]=wget
+ [openssl]=openssl
)
EXTRA_PKG_DEPS=()
elif [ -x '/usr/bin/dnf' ] || [ -x '/usr/bin/yum' ]; then
[python-devel]=python-devel
[venv]=python-virtualenv
[wget]=wget
+ [openssl]=openssl
)
EXTRA_PKG_DEPS=()
else
## Sahara
sahara_api_workers_max: 2
sahara_api_workers: 1
+
+openrc_os_auth_url: "https://192.168.122.3:5000/v3"
+keystone_auth_admin_password: "opnfv-secret-password"
+openrc_os_password: "opnfv-secret-password"
+openrc_os_domain_name: "Default"
+openrc_cinder_endpoint_type: "publicURL"
+openrc_nova_endpoint_type: "publicURL"
+openrc_os_endpoint_type: "publicURL"
+openrc_clouds_yml_interface: "public"
+openrc_region_name: RegionOne
+haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
+keystone_service_adminuri_insecure: true
+keystone_service_internaluri_insecure: true
## Sahara
sahara_api_workers_max: 2
sahara_api_workers: 1
+
+openrc_os_auth_url: "https://192.168.122.3:5000/v3"
+keystone_auth_admin_password: "opnfv-secret-password"
+openrc_os_password: "opnfv-secret-password"
+openrc_os_domain_name: "Default"
+openrc_cinder_endpoint_type: "publicURL"
+openrc_nova_endpoint_type: "publicURL"
+openrc_os_endpoint_type: "publicURL"
+openrc_clouds_yml_interface: "public"
+openrc_region_name: RegionOne
+haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
+keystone_service_adminuri_insecure: true
+keystone_service_internaluri_insecure: true
roles:
- role: remove-folders
- { role: clone-repository, project: "opnfv/releng-xci", repo: "{{ OPNFV_RELENG_GIT_URL }}", dest: "{{ OPNFV_RELENG_PATH }}", version: "{{ OPNFV_RELENG_VERSION }}" }
-
+ - { role: clone-repository, project: "openstack/openstack-ansible-openstack_openrc", repo: "{{ OPENSTACK_OSA_OPENRC_GIT_URL }}", dest: "{{ OPENSTACK_OSA_OPENRC_PATH }}", version: "master" }
- hosts: localhost
connection: local
gather_facts: false
copy:
src: "{{XCI_FLAVOR_ANSIBLE_FILE_PATH}}/flavor-vars.yml"
dest: "{{OPNFV_RELENG_PATH}}/xci/var"
+- hosts: localhost
+ connection: local
+ gather_facts: false
+ vars_files:
+ - ../var/{{ ansible_os_family }}.yml
+ - ../var/opnfv.yml
+ tasks:
+ - name: create certificate directory /etc/ssl/certs
+ file:
+ path: "/etc/ssl/certs"
+ state: directory
+ - name: create key directory /etc/ssl/private
+ file:
+ path: "/etc/ssl/private"
+ state: directory
+ - name: generate self signed certificate
+ command: openssl req -new -nodes -x509 -subj "{{ XCI_SSL_SUBJECT }}" -days 3650 -keyout "/etc/ssl/private/xci.key" -out "/etc/ssl/certs/xci.crt" -extensions v3_ca
+ become: true
command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml"
args:
chdir: "{{OPENSTACK_OSA_PATH}}/scripts"
+ - name: create certificate directory /etc/ssl/certs
+ file:
+ path: "/etc/ssl/certs"
+ state: directory
+ - name: create key directory /etc/ssl/private
+ file:
+ path: "/etc/ssl/private"
+ state: directory
+ - name: copy certificate to /etc/ssl/certs
+ copy:
+ src: "/etc/ssl/certs/xci.crt"
+ dest: "/etc/ssl/certs/"
+ become: true
+ - name: read remote key from /etc/ssl/private
+ set_fact:
+ xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}"
+ - name: copy key to /etc/ssl/private
+ copy:
+ content: "{{ xci_ssl_key }}"
+ dest: "/etc/ssl/private/xci.key"
+ become: true
+
- hosts: localhost
remote_user: root
vars_files:
shell: "/bin/cat {{ OPNFV_SSH_HOST_KEYS_PATH }}/opnfv/root/.ssh/id_rsa.pub >> ../file/authorized_keys"
- name: Append public keys to authorized_keys
shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> ../file/authorized_keys"
+
+- hosts: opnfv
+ gather_facts: no
+ remote_user: root
+ vars_files:
+ - ../var/{{ ansible_os_family }}.yml
+ - ../var/flavor-vars.yml
+ - ../var/opnfv.yml
+ - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/user_variables.yml"
+ roles:
+ - role: "openstack-ansible-openstack_openrc"
+ tasks:
+ - name: add extra insecure flag to generated openrc
+ blockinfile:
+ dest: "{{ ansible_env.HOME }}/openrc"
+ block: |
+ export OS_INSECURE=true
+
+ - name: fetch generated openrc
+ fetch:
+ src: "{{ ansible_env.HOME }}/openrc"
+ dest: "{{ XCI_DEVEL_ROOT }}/"
+ flat: true
##############################################################################
OPNFV_RELENG_GIT_URL: "{{ lookup('env','OPNFV_RELENG_GIT_URL') }}"
OPNFV_RELENG_PATH: "{{ lookup('env','OPNFV_RELENG_PATH') }}"
+XCI_DEVEL_ROOT: "{{ lookup('env','XCI_DEVEL_ROOT') }}"
OPNFV_RELENG_DEV_PATH: "{{ lookup('env','OPNFV_RELENG_DEV_PATH') }}"
OPNFV_RELENG_VERSION: "{{ lookup('env','OPNFV_RELENG_VERSION') }}"
OPENSTACK_BIFROST_GIT_URL: "{{ lookup('env','OPENSTACK_BIFROST_GIT_URL') }}"
OPENSTACK_BIFROST_DEV_PATH: "{{ lookup('env','OPENSTACK_BIFROST_DEV_PATH') }}"
OPENSTACK_BIFROST_VERSION: "{{ lookup('env','OPENSTACK_BIFROST_VERSION') }}"
OPENSTACK_OSA_GIT_URL: "{{ lookup('env','OPENSTACK_OSA_GIT_URL') }}"
+OPENSTACK_OSA_OPENRC_GIT_URL: "{{ lookup('env', 'OPENSTACK_OSA_OPENRC_GIT_URL') }}"
OPENSTACK_OSA_PATH: "{{ lookup('env','OPENSTACK_OSA_PATH') }}"
+OPENSTACK_OSA_OPENRC_PATH: "{{ lookup('env', 'OPENSTACK_OSA_OPENRC_PATH') }}"
OPENSTACK_OSA_DEV_PATH: "{{ lookup('env','OPENSTACK_OSA_DEV_PATH') }}"
OPENSTACK_OSA_VERSION: "{{ lookup('env','OPENSTACK_OSA_VERSION') }}"
OPENSTACK_OSA_ETC_PATH: "{{ lookup('env','OPENSTACK_OSA_ETC_PATH') }}"
OPNFV_HOST_IP: "{{ lookup('env','OPNFV_HOST_IP') }}"
OPNFV_SSH_HOST_KEYS_PATH: "{{ lookup('env', 'OPNFV_SSH_HOST_KEYS_PATH') }}"
XCI_EXTRA_VARS_PATH: "{{ lookup('env', 'XCI_EXTRA_VARS_PATH') }}"
+XCI_SSL_SUBJECT: "{{ lookup('env', 'XCI_SSL_SUBJECT') }}"
#-------------------------------------------------------------------------------
echo "Info: Configuring opnfv deployment host for openstack-ansible"
echo "-----------------------------------------------------------------------"
-cd $OPNFV_XCI_PATH/playbooks
-ansible-playbook $ANSIBLE_VERBOSITY -i inventory configure-opnfvhost.yml
+cd ${XCI_DEVEL_ROOT}
+ansible-playbook $ANSIBLE_VERBOSITY -i ${OPNFV_XCI_PATH}/playbooks/inventory ${OPNFV_XCI_PATH}/playbooks/configure-opnfvhost.yml
echo "-----------------------------------------------------------------------"
echo "Info: Configured opnfv deployment host for openstack-ansible"
Code Review / releng-xci.git / commitdiff