diff --git a/.gitignore b/.gitignore index fad56a9..550442f 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,9 @@ _secrets.yml _user_data*.txt tenant.ini.* *.retry +.eggs/ +.tox/ +ansible_otc.egg-info/ +doc/build/ +playbooks/test.* +playbooks/roles.yml diff --git a/.travis.yml b/.travis.yml index 12d7604..c4b772d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,18 +3,23 @@ sudo: required dist: xenial language: python -python: "2.7" +python: + - "2.7" + - "3.5" # Doc: https://docs.travis-ci.com/user/customizing-the-build#Build-Matrix +# https://docs.travis-ci.com/user/common-build-problems/ env: - ANSIBLE_VERSION=latest - ANSIBLE_VERSION=2.2.2.0 - ANSIBLE_VERSION=2.3.0.0 - ANSIBLE_VERSION=2.4.0.0 + - ANSIBLE_VERSION=2.5.0b2 branches: only: - - doc + - master + - dev before_install: - sudo apt-get update -qq @@ -22,15 +27,11 @@ before_install: install: # Install Ansible. - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi - - pip install ansible-lint + - pip install ansible-lint jmespath script: # Check the role/playbook's syntax. - ansible-lint . # Run the role/playbook with ansible-playbook. - # - ansible-playbook services.yml - - # check is the user is created or not - # - id -u testusername | grep -q "no" && (echo "user not found" && exit 1) || (echo "user found" && exit 0) - + - tests/tests.sh \ No newline at end of file diff --git a/BUILDSERVICE.md b/BUILDSERVICE.md deleted file mode 100644 index d835df9..0000000 --- a/BUILDSERVICE.md +++ /dev/null @@ -1,33 +0,0 @@ -Build your own images with ansible -================================== - -1. Download Ubuntu Cloud Image -2. Upload to IMS (private, generic name) -3. Boot VM with this image -4. Login ssh, install, configure, doing things -5. Shutdown VM -6. Upload VM image to IMS (private, customize name) - -Supported OS: -============= - -* Ubuntu 14.04 -* Ubuntu 16.04 - -Requirements: -============= - -** adjust buildservice_var.yml ** - -S3 credentials in _secrets.yml - -Usage: -====== - -``` -ansible-playbook -i hosts buildservice.yml -e "distro=trusty" --vault-password-file vaultpass.txt - -ansible-playbook -i hosts buildservice.yml -e "distro=xenial" --vault-password-file vaultpass.txt -``` - -Easy to adapt for other operating systems diff --git a/CONNECT.md b/CONNECT.md deleted file mode 100644 index 22fbffd..0000000 --- a/CONNECT.md +++ /dev/null @@ -1,137 +0,0 @@ -# OTC Connect Cheat Sheet - -How to connect to the Open Telekom Cloud ----------------------------------------- - -Install prerequisites as root on your Ubuntu 16.04 machine: - -``` -apt-get update -apt-get -y install curl git python-openstackclient python-pip python-jmespath python-netaddr libs3-2 jq -pip install python-otcclient -pip install ansible==2.2.0.0 -``` - -Follow instruction as normal user. You need always username, password, domain data. - - -# 1. Openstack-Client - -``` -mkdir -p ~/.config/openstack -touch ~/.config/openstack/clouds.yml -chmod 600 ~/.config/openstack/clouds.yml -vi ~/.config/openstack/clouds.yml -``` - -clouds.yml: -``` -clouds: - otc.10000: - auth: - auth_url: https://iam.eu-de.otc.t-systems.com:443/v3 - username: xxxxxx - password: xxxxxx - project_name: eu-de - project_domain_name: Default - user_domain_name: OTC-EU-DE-00000000001000010000 - region_name: eu-de - otc.19720: - auth: - auth_url: https://iam.eu-de.otc.t-systems.com:443/v3 - username: xxxxx - password: xxxxx - project_name: eu-de - project_domain_name: Default - user_domain_name: OTC-EU-DE-00000000001000019720 - region_name: eu-de - -``` - -For multiple mandants you can use different chapter. At least you need per chapter username, password,user_domain_name. -Region is limited to eu-de but can also adjust to other regions - -Test connection - -``` -openstack --os-cloud otc.19720 server list -``` - -# 2. Python OTC-Client - -``` -mkdir -p ~/.otc -touch ~/.otc/config -chmod 600 ~/.otc/config -vi ~/.otc/config -``` - -config: - -``` -[otc] -# otc_access_key_id = yyyyy -# otc_secret_access_key = yyyyy -username = xxxxx -apikey = xxxxx -domain = OTC-EU-DE-00000000001000019720 -``` - -otc_access_key_id/otc_secret_access_key are not necessary. *apikey* means password - -Test connection - -``` -otc ecs describe_instances -``` - -# 3. Bash OTC-Tools - -``` -git clone https://github.com/OpenTelekomCloud/otc-tools.git -touch ~/.otc_env.sh -chmod 600 ~/.otc_env.sh -vi ~/.otc_env.sh -``` - -Variables are set in shell env or in .otc_env.sh - -``` -OS_USERNAME=xxxxx -OS_PASSWORD=xxxxx -OS_USER_DOMAIN_NAME=OTC-EU-DE-00000000001000019720 -OS_PROJECT_NAME=eu-de -OS_AUTH_URL=https://iam.eu-de.otc.t-systems.com/v3 -``` - -Test connection - -``` -cd otc-tools -./otc.sh ecs list -cd ~ -``` - -# 4. Ansible for Open Telekom Cloud - -``` -git clone https://github.com/eumel8/ansible-otc.git -cd ansible-otc -cp secrets.yml _secrets.yml -ansible-vault edit _secrets.yml --vault-password-file vaultpass.txt -``` - -Adjust these lines - -``` -USERNAME: "xxxxx" -PASSWORD: "xxxxx" -DOMAIN: "OTC-EU-DE-00000000001000019720" -``` - -Test connection - -``` -ansible-playbook -i hosts ecs.yml --vault-password-file vaultpass.txt -``` - diff --git a/DNS.md b/DNS.md deleted file mode 100644 index 7297eff..0000000 --- a/DNS.md +++ /dev/null @@ -1,151 +0,0 @@ -# OTC DNS - the complete example - -DNS services are provided by OTC since months. Now the complete stack -is reworked so we can take a closer look on API service. - -![OTC Dashboard](/pictures/otc-dns.png) - -The service is located on the dashboard in the network services area. -There are 3 main features as you can see on the screen: - -* Public Zones -* Private Zones -* PTR-Records - -Private Zones and PTR-Records are completly new. If you have older -implementation with setup reverse zones, please update to the new one. -A good thing: it's simple! - -![OTC API](/pictures/otc-dns-api.png) - -Documentation can you found at https://docs.otc.t-systems.com/en-us/dns_dld/index.html - -Let's start to implement some DNS entries via API. We will do this with Ansible. - -First of all we need connection to OTC. Use the [Connect Cheat Sheet](https://github.com/eumel8/ansible-otc/blob/poc_dns_v2/CONNECT.md) - -It's a good idea to install openstack-client because ansible will use -the same os-client-config. - -``` -git clone -b poc_dns_v2 https://github.com/eumel8/ansible-otc.git -cd ansible-otc -cp secrets.yml _secrets.yml -``` -In _secrets.yml are only S3 credentials stored. You need to adjust *env.yml* -with the used profile name in clouds.yml. Ignore the *_secrets.yml* settings - -``` -# adjust account data here or in clouds.yml -USERNAME: "" -PASSWORD: "" -DOMAIN: "OTC-EU-DE-0000000000100000XXXX" -PROJECT_NAME: "eu-de" - -EC2_ACCESS_KEY: "" -EC2_SECRET_KEY: "" -EC2_URL: "https://obs.otc.t-systems.com" - -# endpoint urls -IAM_AUTH_URL: "https://iam.{{ PROJECT_NAME }}.otc.t-systems.com/v3" -AUTH_URL_ELB: "https://elb.{{ PROJECT_NAME }}.otc.t-systems.com/v1.0" -AUTH_URL_ECS_CLOUD: "https://ecs.{{ PROJECT_NAME }}.otc.t-systems.com/v1" -AUTH_URL_RDS: "https://rds.{{ PROJECT_NAME }}.otc.t-systems.com/rds/v1" -``` - -Service endpoint for DNS is provided by IAM, so it's not necessary to setup. - - -Imagine we have a dns.ini with the configuration of all resources of DNS: - -![dns.ini](/pictures/tenant-ini-dns.png) - -Formely the sections dnszones snd dnszonerecords were in tenant.ini file - -**Public** zones are isolated on OTC. You can host your zones there but there -is no registration service to catch new domains. This means you need to -delegate your elsewhere registered domains to the public OTC server: - -**ns1.open-telekom-cloud.com** and **ns2.open-telekom-cloud.com** - -Before you need to configure your zone in OTC (see below) because the domain -(and all sub-domain) are uniq bound to one tenant. If someone else has -configured the domain, you need the service desk to clarify. - -**Private zones** are only reachable in the selected VPC and with the resolver host **100.125.4.25** - -**Reverse DNS** (PTR records) are only provided for public ip (EIP). The -ip address must assigned to your tenant to set the PTR record. - -Related playbooks are *zone_create.yml*, *zonerecord_create.yml* and *ptrrecord_create.yml* - - -Lets start a virtual machine with a fixed private ip address and an allocated EIP: - -``` -ansible-playbook -i hosts tenant_create.yml -e "ecs_name=ansible-test101" -``` - -In this play we allocate all resources to bootstrap our ECS instance, set the floating ip -address and the reverse DNS - -``` -ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" -``` - -Here we create zones and zonerecords. API works asynchron so if job processing is slow -you need to repeat the step if the zone is not ready when zonerecords are added. - -Tests: -``` -$ host -t A ansible-test101.ansible.otc.telekomcloud2.com ns1.open-telekom-cloud.com -Using domain server: -Name: ns1.open-telekom-cloud.com -Address: 46.29.103.61#53 -Aliases: - -ansible-test101.ansible.otc.telekomcloud2.com has address 160.44.207.211 - -$ host -t A 160.44.207.211 ns1.open-telekom-cloud.com -Using domain server: -Name: ns1.open-telekom-cloud.com -Address: 46.29.103.61#53 -Aliases: - -211.207.44.160.in-addr.arpa domain name pointer ansible-test101.ansible.otc.telekomcloud2.com. - -$ host ansible-test101.ansible.internal.corp 100.125.4.25 -Using domain server: -Name: 100.125.4.25 -Address: 100.125.4.25#53 -Aliases: - -ansible-test101.ansible.internal.corp has address 192.168.0.101 - -``` - -Remove DNS reverse entry: - -``` -ansible-playbook -i hosts ptrrecord_delete.yml -e "public_ip_address=160.44.207.211" -``` - -Migrate your complete zones automatically - -Private zone: - -``` -ansible-playbook dns_transfer.yml -e "dns_server=127.0.0.1" -e "zone_name=internal.example.com" -e "zone_type=private" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" -ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" -``` - -Public zone: - -``` -ansible-playbook dns_transfer.yml -e "dns_server=127.0.0.1" -e "zone_name=external.example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" -ansible-playbook -i hosts dns_create.yml -``` - - -End of PoC. Look at the [other plays and roles](https://github.com/eumel8/ansible-otc) to interact with OTC API - diff --git a/README.md b/README.md index ef06ced..e7539c2 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,15 @@ Ansible for Open Telekom Cloud ============================== -[![Documentation Status](https://readthedocs.org/projects/ansible-otc/badge/?version=latest)](http://ansible-otc.readthedocs.io/en/latest/?badge=latest) -[![Build Status](https://travis-ci.org/eumel8/ansible-otc.svg?branch=doc)](https://travis-ci.org/eumel8/ansible-otc) +[![Documentation Status](https://readthedocs.org/projects/ansible-otc/badge/?version=latest)](http://ansible-otc.readthedocs.io/en/dev/?badge=latest) +[![Build Status](https://travis-ci.org/eumel8/ansible-otc.svg?branch=dev)](https://travis-ci.org/eumel8/ansible-otc) Intro ===== Deutsche Telekom offers since March 2016 an IaaS Service named Open Telekom Cloud (OTC). The service includes + * Virtual Private Cloud (VPC) * Elastic Cloud Server (ECS) * Elastic Load Balancer (ELB) @@ -17,531 +18,21 @@ Open Telekom Cloud (OTC). The service includes * Object Storage Service (OBS) * Dynamic Name Service (DNS) * Relational Database Service (RDS) + and other useful things. The portfolio will rapidly developed. Content ======= -Here are some roles to demonstrate how to interact with OTC-API. -ECS-API is origin developed by Huawei and described here: -http://support.hwclouds.com/en-us/api/ecs/en-us_topic_0020805967.html - -Roles -===== -|role | description| -|-------------|------------| -|dns_transfer | transfer a DNS zone | -|ecs | list virtual machines| -|ecs_create | create and start virtual machine| -|ecs_delete | delete a specific virtual machine| -|ecs_show | information about a specific virtual machine| -|eip | show elastic ip-addresses| -|eip_apply | apply a new elastic ip-address| -|eip_delete | delete elastic ip-address| -|elb | list elastic loadbalancers| -|elb_create | create elastic loadbalancer| -|elb_delete | delete elastic loadbalancer| -|elb_show | show elastic loadbalancer| -|elb_certificate | show elastic loadbalancer certificates| -|elb_certificate_create | create elastic loadbalancer certificate| -|elb_certificate_delete | delete elastic loadbalancer certificate| -|elb_healthcheck_create | create elastic loadbalancer healthcheck| -|elb_healthcheck_delete | delete elastic loadbalancer healthcheck| -|elb_healthcheck_show | show elastic loadbalancer healthcheck| -|elb_listener | list listener for elastic loadbalancer| -|elb_listener_create | create listener for elastic loadbalancer| -|elb_listener_delete | delete listener from elastic loadbalancer| -|elb_backends | list backends for elastic loadbalancer| -|elb_backends_create | create backends for elastic loadbalancer| -|elb_backends_delete | delete backends for elastic loadbalancer| -|enable_snat | enable SNAT on specific VPC| -|endpoints | discover API endpoints| -|evs | list volumes| -|evs_create | create a volume| -|evs_delete | delete a volume| -|evs_show | information about a specific volume| -|flavors | show flavors| -|images | show images| -|image_create | create an image | -|image_delete | delete an image | -|job | show job status| -|keypairs | show ssh keypairs| -|keypair_create | create a ssh keypair| -|keypair_delete | delete a ssh keypair| -|lookup_name | lookup id by name (set_fact image_id, vpc_id, subnet_id, secgroup_id, flavor_id)| -|os-client-config.yml | create os-client-config yml file| -|ptrrecord_create | create DNS PTR record for EIP| -|ptrrecord_delete | delete DNS PTR record for EIP| -|ptrrecords | show DNS PTR records for EIP| -|rds_versions | list provided database versions for RDS| -|rds_flavors | list provided flavors for selected database version in RDS| -|services | discover API services| -|s3 | show s3 buckets| -|s3_bucket_create | create s3 bucket| -|s3_bucket_delete | delete s3 bucket| -|s3_upload | upload files in s3 object store| -|secgroups | show security groups| -|secgroup_create | create security group| -|secgroup_delete | delete security group| -|secgrouprule_create | create security group rule| -|secgrouprule_delete | delete security group rule| -|subnet | show subnet| -|subnet_create | create subnet| -|subnet_delete | delete subnet| -|token | get auth token| -|vpc | show vpc| -|vpc_router | show vpc router info and set facts| -|vpc_create | create vpc| -|vpc_delete | delete vpc| -|zones | show DNS zones| -|zonerecords | show DNS zonerecords| -|zone_create | create DNS zone| -|zone_delete | delete DNS zone| -|zonerecord_create | create DNS zonerecord| -|zonerecord_delete | delete DNS zonerecord| - -Requirements -============ -* curl -* openssl -* base64 -* ansible==2.2.0.0 -* python-jmespath -* python-netaddr - - - *Ubuntu 14.04/16.04:* - - ``` - apt-get install software-properties-common - apt-get update - apt-cache policy ansible - apt-get install curl python-pip python-jmespath python-netaddr - pip install ansible==2.2.0.0 - ``` - - *OpenSuSE 13.2:* - - ``` - zypper ar http://download.opensuse.org/repositories/systemsmanagement/openSUSE_13.2/systemsmanagement.repo - zypper up - zypper install curl ansible python-jmespath python-netaddr - ``` - -(should work on all other *nix systems, check the right version of ansible!!!) - -* :exclamation: credentials on OTC (username, password, domain, S3 access/secret key) - -Files outside the repo -====================== -| filename | description| -|-------------------------------|------------| -|~/.config/openstack/clouds.yml | os-client configuration file for multiple openstack environments| - -Files -===== -| filename | description| -|----------------|------------| -|ajob | shell script to fetch job status from OTC| -|env.yml | profile to use in clouds.yml| -|secrets.yml | var file for S3 credentials and endpoints (ansible-vault)| -|vaultpass.txt | password file for ansible-vault. The default password is: linux :-)| -|hosts | host file for ansible (we use only localhost)| -|tenant.ini | configuration file for tenant| -|dns.ini | configuration file for dns| - - -os-client config -================ - -for more comfort and standardization we moved credential lookup from secrets.yml to clouds.yml (part of https://docs.openstack.org/developer/os-client-config/). If you already configured your OTC credentials there put your profile name in env.yml or use -``` - ansible-playbook -e "CLOUD=otc" ... -``` -if your profile named otc - -If you like to start with this feature run once os-client-config.yml and answer the question. A basic yml file with one -profile will created for you: - -``` -ansible-playbook os-client-config.yml -``` +Full documentation is using Sphinx and is now hosted on http://ansible-otc.readthedocs.io/en/latest/ -Starting up -=========== +For local build use: ``` - cp secrets.yml _secrets.yml + tox -edocs + pip install -r requirements.txt ``` - -:exclamation: **adjust your own data in this file before you using the examples:** - -list virtual machines (with secrets.yml) - - ansible-playbook -i hosts ecs.yml --vault-password-file vaultpass.txt - -list virtual machines (with clouds.yml) - - ansible-playbook -i hosts ecs.yml - -create and start virtual machine with file injection -(inject up to 5 max 1k base64 encoded files) - - ansible-playbook -i hosts ecs_create.yml -e "ecs_fileinject_1=/etc/hosts ecs_fileinject_data_1=$(base64 -w 0 hosts.txt) ecs_fileinject_2=/root/README.md2 ecs_fileinject_data_2=$(base64 -w 0 hallo.txt)" --vault-password-file vaultpass.txt - -create and start virtual machine with injection user_data -(inject max 32k base64 encoded user-data files) - - ansible-playbook -i hosts ecs_create.yml -e "ecs_user_data=$(base64 -w 0 user-data.txt)" --vault-password-file vaultpass.txt - -show virtual machine (single) - - ansible-playbook -i hosts ecs_show.yml -e "ecs_name=ansible-test01" - -delete virtual machine (only the machine) - - ansible-playbook -i hosts ecs_delete.yml -e "ecs_name=ansible-test01" - -delete virtual machine (delete also floating ip and attached volumes) - - ansible-playbook -i hosts ecs_delete.yml -e "ecs_name=test01-ansible delete_publicip=1 delete_volume=1" - -list elastic loadbalancers - - ansible-playbook -i hosts elb.yml - -create elastic loadbalancer (tenant.ini) - - ansible-playbook -i hosts elb_create.yml -e "elb_name=ansible-elb01" - -delete elastic loadbalancer - - ansible-playbook -i hosts elb_delete.yml -e "elb_name=ansible-elb01" - -show elastic loadbalancer - - ansible-playbook -i hosts elb_show.yml -e "elb_name=ansible-elb01" - -list elastic loadbalancer certificates - - ansible-playbook -i hosts elb_certificate.yml - -create elastic loadbalancer certificate (we hate comments in cert file) - - ansible-playbook -i hosts elb_certificate_create.yml -e "elb_certificate_name=ansible-cert elb_certificate_key_file=cert.key elb_certificate_certificate_file=cert.crt" - -delete elastic loadbalancer certificates - - ansible-playbook -i hosts elb_certificate_delete.yml -e "listener_certificate_name=ansible-cert" - -create elastic loadbalancer healthcheck (tenant.ini) - - ansible-playbook -i hosts elb_healthcheck_create.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" - -delete elastic loadbalancer healthcheck - - ansible-playbook -i hosts elb_healthcheck_delete.yml -e "elb_healthcheck_id=e12454b93f304b759be699cb0270648c" - -show elastic loadbalancer healthcheck - - ansible-playbook -i hosts elb_healthcheck_show.yml -e "elb_healthcheck_id=e12454b93f304b759be699cb0270648c" - -list listener for elastic loadbalancer - - ansible-playbook -i hosts elb_listener.yml -e "elb_name=ansible-elb01" - -create listener for elastic loadbalancer (tenant.ini) - - ansible-playbook -i hosts elb_listener_create.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" - -delete listener for elastic loadbalancer - - ansible-playbook -i hosts elb_listener_delete.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener03" - -list backends for elastic loadbalancer (tenant.ini) - - ansible-playbook -i hosts elb_backends.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" - -create backends for elastic loadbalancer - - ansible-playbook -i hosts elb_backends_create.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" -e "ecs_name=ansible-test01" -e "ecs_address=192.168.0.10" - -delete backends for elastic loadbalancer - - ansible-playbook -i hosts elb_backends_delete.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" -e "elb_backends_id=d15e2f8dd7d64d95a6b5c2a791cac408" - -enable SNAT on specific VPC - - ansible-playbook -i hosts snat_enable.yml -e "vpc_name=ansible-vpc1" -e "enable_snat=true" - -disable SNAT on specific VPC - - ansible-playbook -i hosts snat_enable.yml -e "vpc_name=ansible-vpc1" -e "enable_snat=false" - -discover API endpoints - - ansible-playbook -i hosts endpoints.yml - -list volumes - - ansible-playbook -i hosts evs.yml - -create a volume (tenant.ini) - - ansible-playbook -i hosts evs_create.yml -e "evs_name=ansible-evs01" - -delete a volume - - ansible-playbook -i hosts evs_delete.yml -e "evs_name=ansible-evs01" - -show information about a single volume - - ansible-playbook -i hosts evs_show.yml -e "evs_name=ansible-evs01" - -show flavors - - ansible-playbook -i hosts flavors.yml - -show elastic ip-addresses - - ansible-playbook -i hosts eip.yml - -apply a new elastic ip-address (bandwidth between 1-300 MBit/s) - - ansible-playbook -i hosts eip_apply.yml -e "eip_bandwidth_name=ansible-eip1" -e "eip_bandwidth_size=100" -e "public_ip_address=0.0.0.0" - -delete elastic ip-address - - ansible-playbook -i hosts eip_delete.yml -e "public_ip_address=160.44.195.18" - -show images - - ansible-playbook -i hosts images.yml - -create image (from stopped ecs instance) - - ansible-playbook -i hosts image_create.yml -e "image_name=ansible-image01" -e "ecs_name=ansible-test01" - -create image (from obs image_url :) - - ansible-playbook -i hosts image_create.yml -e "image_name=ansible-image02" -e "image_url=ansible1:/xenial-server-cloudimg-amd64-disk1.vmdk" -e "image_min_disk=12" - -delete an image (API return code is 204 when success, ansible expected 200 and may give an error) - - ansible-playbook -i hosts -e "image_id=af0a0bcf-7be3-4722-98ba-3350801a8cd5" image_delete.yml - -show job status - - ansible-playbook -e "job_id=2c9eb2c15693b00901571e32ad5e1755" -i hosts job.yml - - ./ajob 2c9eb2c15693b00901571e32ad5e1755 - -show keypairs - - ansible-playbook -i hosts keypairs.yml - -create keypair - - ansible-playbook -i hosts -e "ecs_adminkey=test-key" -e "keypair_file=~/.ssh/id_rsa.pub" keypair_create.yml - -delete keypair - - ansible-playbook -i hosts -e "ecs_adminkey=test-key" keypair_delete.yml - -lookup id by name (image) - - ansible-playbook -i hosts lookup_name.yml -e "image_name=Community_Ubuntu_16.04_TSI_latest" - -lookup id by name (flavor) - - ansible-playbook -i hosts lookup_name.yml -e "ecs_ram=2048" -e "ecs_vcpus=4" - -lookup id by name (subnet) - - ansible-playbook -i hosts lookup_name.yml -e "subnet_name=subnet-5831" - -lookup id by name (secgroup) - - ansible-playbook -i hosts lookup_name.yml -e "secgroup_name=bitnami-wordpress-56a9-securitygroup" - -lookup id by name (vpc) - - ansible-playbook -i hosts lookup_name.yml -e "vpc_name=vpc-4988" - -lookup id by name (eip) - - ansible-playbook -i hosts lookup_name.yml -e "public_ip_address=160.44.1.1" - -lookup id by name (zone) - - ansible-playbook -i hosts lookup_name.yml -e "zone_name=example.com." - -lookup id by name (ecs) - - ansible-playbook -i hosts lookup_name.yml -e "ecs_name=ansible-test01" - -lookup id by name (evs) - - ansible-playbook -i hosts lookup_name.yml -e "evs_name=ansible-evs01" - -lookup id by name (elb) - - ansible-playbook -i hosts lookup_name.yml -e "elb_name=ansible-elb01" - -lookup id by name (certificate) - - ansible-playbook -i hosts lookup_name.yml -e "listener_certificate_name=ansible-cert" - -lookup id by name (listener) - - ansible-playbook -i hosts lookup_name.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" - -create DNS PTR record for EIP - - ansible-playbook -i hosts ptrrecord_create.yml -e "public_ip_address=160.44.204.87" -e "ptr_name=ansible-test01.external.otc.telekomcloud.com" -e "ttl=300" - -delete DNS PTR record for EIP - - ansible-playbook -i hosts ptrrecord_delete.yml -e "public_ip_address=160.44.204.87" - -show DNS PTR records for EIP - - ansible-playbook -i hosts ptrrecords.yml - -list provided database versions for RDS - - ansible-playbook -i hosts rds_versions.yml - -list provided flavors for selected database version in RDS - - ansible-playbook -i hosts rds_flavors.yml -e "rds_version_id=286a34fc-a605-11e6-88fd-286ed488c9cb" - -discover API services - - ansible-playbook -i hosts services.yml - -show s3 buckets - - ansible-playbook -i hosts s3.yml --vault-password-file vaultpass.txt - -create s3 bucket - - ansible-playbook -i hosts -e "bucket=mybucket" s3_bucket_create.yml --vault-password-file vaultpass.txt - -delete s3 bucket - - ansible-playbook -i hosts -e "bucket=mybucket" s3_bucket_delete.yml --vault-password-file vaultpass.txt - -upload files in s3 object store (VHD, ZVHD, VMDK, QCOW2 are supported for otc image service) - - ansible-playbook -i hosts -e "bucket=mybucket" -e "object=xenial-server-cloudimg-amd64-disk1.vmdk" s3_upload.yml --vault-password-file vaultpass.txt - -show security groups - - ansible-playbook -i hosts secgroups.yml - -show security groups (only from one vpc) - - ansible-playbook -i hosts secgroups.yml -e "vpc_name=ansible-vpc01" - -create security group (subtask in tenant_create ecs section) - - .... - -delete security group - - ansible-playbook -i hosts secgroup_delete.yml -e "secgroup_id=6e8ac0a0-e0ec-4c4d-a786-9c9c946fd673" - -create security group rule (subtask in tenant_create ecs section) - - ... - -delete security group rule - - ansible-playbook -i hosts secgrouprule_delete.yml -e "secgrouprule_id=3c329359-fef5-402f-b29a-caac734065a1" - -show subnets - - ansible-playbook -i hosts subnet.yml - -create subnet (subtask in tenant_create ecs section) - - ... - -delete subnet - - ansible-playbook -i hosts subnet_delete.yml -e "vpc_name=ansible-vpc01" -e "subnet_name=ansible-subnet01" - -show vpc - - ansible-playbook -i hosts vpc.yml - -show vpc router info and set facts - - ansible-playbook -i hosts vpc_router.yml -e "vpc_name=ansible-vpc01" - -create vpc - - ansible-playbook -i hosts vpc_create.yml -e "vpc_name=ansible-vpc1" -e "vpc_net=192.168.0.0/16" - -delete vpc - - ansible-playbook -i hosts vpc_delete.yml -e "vpc_name=ansible-vpc01" - -show DNS zones - - ansible-playbook -i hosts zones.yml - -create DNS zone (name,type and ttl are mandatory) - - ansible-playbook -i hosts zone_create.yml -e "zone_type=public" -e "zone_name=example.com." -e "zone_description=example zone" -e "zone_email=example@example.com" -e "zone_ttl=86400" - -delete DNS zone - - ansible-playbook -i hosts zone_delete.yml -e "zone_id=ff80808257e2bb5e0157ec5ca2620234" - -show DNS zone records - - ansible-playbook -i hosts zonerecords.yml - -create DNS zonerecord (A-Record) possible values A,AAAA,MX,CNAME,PTR,TXT,NS - - ansible-playbook -i hosts zonerecord_create.yml -e "zone_id=ff80808257e2bb5e0157ec620968023a" -e "zonerecord_name=testserver.example.com." -e "zonerecord_type=A" -e "zonerecord_value=160.44.196.210" -e "zonerecord_ttl=86400" - -create DNS zonerecord (PTR-Record) - - see DNS PTR record section - -delete DNS zonerecord - - ansible-playbook -i hosts zonerecord_delete.yml -e "zone_id=ff80808257e2bb5e0157ec620968023a" -e "zonerecordid=ff80808257e2bb050157ec789b5e027e" - - -Full Working Example --------------------- - -configure your VM in tenant.ini and run all necessary roles to bootstrap a VM - - ansible-playbook -i hosts tenant_create.yml -e "ecs_name=ansible-test01" - -This playbook will create VPC,Subnet, SecurityGroup, SSH-Keypair, allocate Floating-IP and boostrap the VM. - -configure your DNS in dns.ini and deploy all zones and zonerecords - - ansible-playbook -i hosts dns_create.yml - -transfer your private dns zones to OTC using zone transfer (data stored in data.ini, needs zone transfer rights on dns_server) - - ansible-playbook dns_transfer.yml -e "dns_server=127.0.0.1" -e "zone_name=internal.example.com" -e "zone_type=private" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" - - ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" - -transfer your public dns zones to OTC using zone transfer - - ansible-playbook dns_transfer.yml -e "dns_server=127.0.0.1" -e "zone_name=external.example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" - - ansible-playbook -i hosts dns_create.yml Contributing ------------ diff --git a/VARIABLES.md b/VARIABLES.md deleted file mode 100644 index 351eacb..0000000 --- a/VARIABLES.md +++ /dev/null @@ -1,146 +0,0 @@ -|variable|description| -|------------------------------|---------------------------------------------| -|availability_zone| name of the availability zone (e.g. eu-de_01)| -|availability_zone_id| UUID of the availability zone (static)| -|backend_member_id| -|backend_member_ip| -|certificate_names| -|ecs| -|ecs_address| -|ecs_adminkey| name of ssh-key| -|ecs_adminpass| Admin password of ECS instance| -|ecs_fileinject_1| file to inject in ECS| -|ecs_fileinject_2| file to inject in ECS| -|ecs_fileinject_3| file to inject in ECS| -|ecs_fileinject_4| file to inject in ECS| -|ecs_fileinject_6| file to inject in ECS| -|ecs_fileinject_data_1| data of injected file in ECS| -|ecs_fileinject_data_2| data of injected file in ECS| -|ecs_fileinject_data_3| data of injected file in ECS| -|ecs_fileinject_data_4| data of injected file in ECS| -|ecs_fileinject_data_5| data of injected file in ECS| -|ecs_id| UUID of ECS instance| -|ecs_ipaddress| local ipaddress of ECS instance| -|ecs_name| name of ECS instance| -|ecs_publicip| EIP of ECS (0.0.0.0 to apply new address| -|ecs_publicfqdn| DNS PTR record FQDN| -|ecs_publicttl| DNS PTR record TTL| -|ecs_user_data| cloud-init user_data to inject in ECS| -|ecs_volumesize| size of ECS root volume in GB| -|ecs_volumetype| type of ECS root volume (SATA,SAS,SSD)| -|eip| Value of FloatingIP (EIP)| -|eip_bandwidth_name| Name of EIP bandwith resource| -|eip_bandwidth_size| Size of EIP bandwith (1-500 MBit/sec)| -|eip_id| UUID of floating ipaddress| -|elb| -|elb_availability_zone| -|elbbackends| -|elb_backends_id| -|elb_bandwidth| -|elbcertifcate| -|elbcertificate| -|elb_certificate_name| -|elbhealthcheck| -|elb_id| -|elblist| -|elblistener| -|elblistner| -|elb_name| name of ELB instance| -|elb_secgroup_name| -|elb_subnet_name| -|elb_type| -|enable_snat| -|evs| -|evs_availability_zone| -|evs_backup_id| -|evs_ims_id| -|evs_multiattach| EVS is shareble (true/false)| -|evs_scsi| EVS volume is scsi device instead vdb| -|evs_name| EVS name| -|evs_size| EVS size in GB| -|evs_volume_type| EVS volume type (SATA/SAS/SSD)| -|external_network_id| UUID of the external network| -|flavor_id| UUID of selected flavor| -|healthcheck_connect_port| -|healthcheck_interval| -|healthcheck_protocol| -|healthcheck_timeout| -|healthcheck_treshold| -|healthcheck_uri| -|image_create| -|image_delete| -|image_id| UUID of selected IMS image| -|image_min_disk| -|image_name| -|image_os_version| -|job_id| -|keypair| -|keypair_file| -|listener_backend_port| -|listener_backend_port:| -|listener_backend_protocol| -|listener_certificate_id| -|listener_certificate_name| -|listener_cookie_timeout| -|listener_id| -|listener_lb_algorithm| -|listener_name| -|listener_port| -|listener_protocol| -|listener_session_sticky| -|listener_sticky_session_type| -|listener_tcp_timeout| -|occ_profile_name| os-client-config profile name| -|occ_auth_url| os-client-config auth_url| -|occ_project_name| os-client-config project_name| -|occ_region_name| os-client-config region_name| -|occ_project_domain_name| os-client-config project_domain_name| -|occ_user_domain_name| os-client-config user_domain_name| -|occ_username| os-client-config username| -|occ_password| os-client-config password| -|ptr_name| name of PTR record for EIP| -|public_ip_address| -|router| -|router_id| -|secgroup| -|secgroup_id| -|secgroup_name| -|secgrouprule| -|secgroup_rule| -|secgrouprule_direction| -|secgrouprule_ethertype| -|secgrouprule_list| -|secgrouprule_port_range_max | -|secgrouprule_port_range_min| -|secgrouprule_protocol| -|secgrouprule_remote_group_id| -|secgrouprule_remote_ip_prefix| -|subnet| -|subnet_dhcp_enable| -|subnet_gateway| -|subnet_id| UUID of selected subnet| -|subnet_name| -|subnet_net| -|subnet_primary_dns| -|subnet_secondary_dns| -|token| -|ttl| TTL PTR records in sec| -|unhealthy_threshold| -|vpc| -|vpc_id| UUID of ECS instance| -|vpc_name| name of VPC| -|vpc_net| -|zone| -|zone_description| -|zone_email| -|zone_list| -|zone_name| -|zonerecord| -|zonerecord_description| -|zonerecord_list| -|zonerecord_name| -|zonerecord_ttl| -|zonerecord_type| -|zonerecord_value| -|zone_ttl| -|zone_type| diff --git a/WORKSHOP.md b/WORKSHOP.md deleted file mode 100644 index 92e0969..0000000 --- a/WORKSHOP.md +++ /dev/null @@ -1,141 +0,0 @@ -# Ansible OTC Workshop - -You need a valid connetion to OTC with ansible. See CONNECT.md section 4. - -## 1. List all running ECS instances (VMs) - -``` -ansible-playbook -i hosts ecs.yml --vault-password-file vaultpass.txt -``` - -## 2. List all available images (IMS) - -``` -ansible-playbook -i hosts images.yml --vault-password-file vaultpass.txt -``` - -## 3. List all available VPC (Network) - -``` -ansible-playbook -i hosts vpc.yml --vault-password-file vaultpass.txt -``` - -## 4. List all available Floating IP (EIP) - -``` -ansible-playbook -i hosts eip.yml --vault-password-file vaultpass.txt -``` - -## 5. List all available security groups (Network) - -``` -ansible-playbook -i hosts secgroups.yml --vault-password-file vaultpass.txt -``` - -## 6. Generate local ssh-key - -``` -ssh-keygen -``` - -## 7. Configure your ECS instance in tenant.ini - -To distinguish the resources, use your own namespace - -``` -# section name is instance name of the VM -[myecs] -# image name of the ECS instance. grab a valid name from the list below -image_name=Community_Ubuntu_16.04_TSI_latest -# volume type of the ECS instance. valid names are SATA, SAS or SSD -ecs_volumetype=SATA -# RAM in MB of the ECS instance -ecs_ram=2048 -# Count of vCPU of the ECS instance -ecs_vcpus=2 -# VPC name grapped by list. Or a new Virtual Private Cloud (VPC) -vpc_name=cloudcamp-vpc01 -# Setup a security group for the ECS instance and a set of rules -secgroup_name=cloudcamp-secgroup01 -secgroup_rule1=ingress;IPv4;icmp;;;0.0.0.0/0 -secgroup_rule2=ingress;IPv4;tcp;22;22;0.0.0.0/0 -# Network of the whole VPC -vpc_net=192.168.0.0/16 -# Name of the subnet inside the VPC where the ECS instance is running -subnet_name=cloudcamp-subnet01 -subnet_net=192.168.0.0/24 -# ipaddress of the subnet router -subnet_gateway=192.168.0.1 -# Should DHCP running inside the subnet -subnet_dhcp_enable=true -# Valid nameserver, will attached to the ecs instance as resolver -subnet_primary_dns=8.8.8.8 -subnet_secondary_dns=8.4.4.8 -# Availabilty Zone where the instance is runnig. Valid names are eu-de-01 and eu-de-02 -availability_zone=eu-de-01 -# Configure a static internal ipaddress (optional) -ecs_ipaddress=192.168.0.80 -# Configure a public floating ipaddress. Set value if address is known. 0.0.0.0 to apply a new one. If empty no floating ip will set -ecs_publicip=0.0.0.0 -# Name and site of the floating ipaddress (bandwidth in Mbit/sec) -eip_bandwidth_name=cloudcamp-eip1 -eip_bandwidth_size=100 -ecs_adminkey=my-key -# SSH-key to inject the ecs instance -keypair_file=~/.ssh/id_rsa.pub -``` - -Pitfalls: - -* ecs_ipaddress must be in subnet_net -* subnet_net must be in vpc_net -* names are often not unique. multiple ecs, security groups can have the same name - -## 8. Start and check your ECS instance - -``` -ansible-playbook -i hosts tenant_create.yml -e "ecs_name=myecs" --vault-password-file vaultpass.txt -``` - -ansible should work through the playbooks. Last task should output the JobID. -You can check the job status (use your own JobID) - -``` -./ajob "2c9eb2c55c913859015c9636c3a5151f" -``` - -When the status is SUCCESS ECS instance is running. -In ansible output below you find in eip_apply the new floating ip. -Test connectivity (use your own address): - - -``` -ping 160.44.xxx.xxx -``` - -Alternate way to catch the floating ip: - -* grab the list of ecs instances -* copy the ecs_id of your ecs instance -* in detail view of your ecs instance search for internal ipaddress -* grab the list of eip and compare association of internal and floating ipaddresses - -``` -ansible-playbook -i hosts -e ecs.yml --vault-password-file vaultpass.txt -ansible-playbook -i hosts -e "ecs_id="c814e303-7e66-4f08-ac70-18c8e27ca623"" -e "ecs_name=myecs" ecs_show.yml --vault-password-file vaultpass.txt -ansible-playbook -i hosts -e eip.yml --vault-password-file vaultpass.txt -``` - -## 9. SSH Login in your ECS instance - -``` -ssh -i .ssh/id_rsa ubuntu@160.44.xxx.xxx -exit -``` - -## 10. Delete ECS instance - -``` -ansible-playbook -i hosts -e "ecs_id=c814e303-7e66-4f08-ac70-18c8e27ca623" -e "ecs_name=myecs" -e "delete_publicip=1" -e "delete_volume=1" ecs_delete.yml --vault-password-file vaultpass.txt -``` - diff --git a/ajob b/ajob deleted file mode 100755 index fd7079b..0000000 --- a/ajob +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -# show otc job status - -ansible-playbook -e "job_id=$1" -i hosts job.yml --vault-password-file vaultpass.txt - diff --git a/backend_member_helper.yml b/backend_member_helper.yml deleted file mode 100644 index 1458b64..0000000 --- a/backend_member_helper.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: backend_member_helper diff --git a/buildservice_var.yml b/buildservice_var.yml deleted file mode 100644 index c0cf0d7..0000000 --- a/buildservice_var.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -ecs_name: "buildserver" -# distro: "xenial" -bucket: "buildservice" -availability_zone: "eu-de-01" -vpc_name: "buildserver-vpc01" -vpc_net: "192.168.0.0/16" -subnet_name: "buildserver-subnet01" -subnet_net: "192.168.0.0/24" -subnet_gateway: "192.168.0.1" -subnet_dhcp_enable: true -subnet_primary_dns: 8.8.8.8 -subnet_secondary_dns: 8.4.4.8 -secgroup_name: "buildserver-secgroup01" -secgroup_rules: - 1: - secgrouprule_direction: ingress - secgrouprule_ethertype: IPv4 - secgrouprule_protocol: tcp - secgrouprule_port_range_min: 22 - secgrouprule_port_range_max: 22 - secgrouprule_remote_ip_prefix: 0.0.0.0/0 - 2: - secgrouprule_direction: ingress - secgrouprule_ethertype: IPv4 - secgrouprule_protocol: icmp - secgrouprule_port_range_min: null - secgrouprule_port_range_max: null - secgrouprule_remote_ip_prefix: "0.0.0.0/0" -ecs_volumetype: "SSD" -ecs_ram: "2048" -ecs_vcpus: "2" -ecs_adminkey: "buildserver-key" -keypair_file: "~/.ssh/id_rsa.pub" -ecs_ipaddress: "192.168.0.100" -public_ip_address: "160.44.201.86" -eip_bandwidth_name: "buildserver-eip01" -eip_bandwidth_size: "500" diff --git a/dns.ini b/dns.ini deleted file mode 100644 index ebea02a..0000000 --- a/dns.ini +++ /dev/null @@ -1,12 +0,0 @@ -# usage dns (public zones): -# ansible-playbook -i hosts dns_create.yml -# usage dns (private usage, only in selected vpc): -# ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" -[dnszones] -# name; description; type (public/private); email-address; ttl (in sec) -zone1=ansible.internal.corp.;Core Zone internal services;private;nobody@example.com;86400 -zone2=example.com.;Core Zone public OTC services;public;nobody@example.com;86400 -[dnszonerecords] -# domain; description; name; type; ttl; value -zonerecord1=ansible.internal.corp.;;ansible-test01.ansible.internal.corp.;A;300;192.168.0.101 -zonerecord2=ansible.example.com.;;ansible-test01.example.com.;A;300;160.44.0.101 diff --git a/dns_create.yml b/dns_create.yml deleted file mode 100644 index 56dc0f5..0000000 --- a/dns_create.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - connection: local - roles: - - role: token - - role: lookup_name - - role: vpc_router - - role: zonerecord_helper diff --git a/doc/source/auth.rst b/doc/source/auth.rst new file mode 100644 index 0000000..79570bc --- /dev/null +++ b/doc/source/auth.rst @@ -0,0 +1,80 @@ +Authentification +================ + +As described in :ref:`Connect_Cheat_Sheet` there are different ways to +connect to the cloud. Ansible-OTC provides three ways: + + +Using Ansible Vault +------------------- + +The feature to store secrets is `Ansible Vault `__. +In Ansible-OTC is a files named *secrets.yml* which contains auth +credentials for OTC services:: + + # adjust account data here or in clouds.yml + USERNAME: "" + PASSWORD: "" + DOMAIN: "OTC-EU-DE-0000000000100000XXXX" + PROJECT_NAME: "eu-de" + + EC2_ACCESS_KEY: "" + EC2_SECRET_KEY: "" + EC2_URL: "https://obs.otc.t-systems.com" + + # endpoint urls + IAM_AUTH_URL: "https://iam.{{ PROJECT_NAME }}.otc.t-systems.com/v3" + AUTH_URL_ELB: "https://elb.{{ PROJECT_NAME }}.otc.t-systems.com/v1.0" + AUTH_URL_ECS_CLOUD: "https://ecs.{{ PROJECT_NAME }}.otc.t-systems.com/v1" + AUTH_URL_RDS: "https://rds.{{ PROJECT_NAME }}.otc.t-systems.com/rds/v1" + + +The file is on the git repo. So copy the file first before you adjust your +credentials:: + + cp secrets.yml _secrets.yml + ansible-vault edit _secrets.yml + +We will looking for *_secrets.yml* file in the :ref:`otc_auth` + +Call the playbooks with vault param to encrypt the secret store:: + + ansible-playbook ecs.yml --vault-password-file vaultpass.txt + + +*vaultpass.txt* contains in this case the ansible-vault password. +The default password on our repo is: linux :-) + +os-client config +---------------- + +for more comfort and standardization we moved later credential lookup +from *secrets.yml* to *clouds.yml* (`refer os-client-config `__). +If you already configured your OTC credentials there put your profile name in env.yml or use + +:: + + ansible-playbook -e "CLOUD=otc" ... + +if your profile named otc + +If you like to start with this feature run once os-client-config.yml and answer the question. A basic yml file with one +profile will created for you:: + + + ansible-playbook os-client-config.yml + + +This will generate a file on *~/.config/openstack/clouds.yml* + +Environment variables +--------------------- + +Sometimes are requirements to never store auth credentials on local +disc (like Travis). For this use cases environment variables are also +supported on Ansible-OTC. This 4 variables are expected:: + + export OS_USERNAME=travis + export OS_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxxxxx + export OS_PROJECT_NAME=eu-de + export OS_USER_DOMAIN_NAME=OTC-EU-DE-00000000000000000000 diff --git a/doc/source/buildservice.rst b/doc/source/buildservice.rst index accccdb..5df9481 100644 --- a/doc/source/buildservice.rst +++ b/doc/source/buildservice.rst @@ -9,24 +9,33 @@ Build your own images with ansible 6. Upload VM image to IMS (private, customize name) Supported OS: -============= +------------- * Ubuntu 14.04 * Ubuntu 16.04 Requirements: -============= +------------- -** adjust buildservice_var.yml ** +** adjust vars/buildservice_var.yml:: -S3 credentials in _secrets.yml + vi vars/buildservice_var.yml + +** copy secret file to your own:: + + cp vars/secrets.yml vars/_secrets.yml + +** adjust S3 credentials:: + + ansible-vault edit vars/_secrets.yml --vault-password-file vars/vaultpass.txt ** Usage: -====== +------ - ansible-playbook -i hosts buildservice.yml -e "distro=trusty" --vault-password-file vaultpass.txt +:: + ansible-playbook buildservice.yml -e "distro=trusty" --vault-password-file vaultpass.txt - ansible-playbook -i hosts buildservice.yml -e "distro=xenial" --vault-password-file vaultpass.txt + ansible-playbook buildservice.yml -e "distro=xenial" --vault-password-file vaultpass.txt Easy to adapt for other operating systems diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst new file mode 100644 index 0000000..69ed4fe --- /dev/null +++ b/doc/source/changelog.rst @@ -0,0 +1 @@ +.. include:: ../../ChangeLog diff --git a/doc/source/conf.py b/doc/source/conf.py index 4f2bb94..0a6bb27 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -49,7 +49,7 @@ # General information about the project. project = u'ansible-otc' -copyright = u'2017, Frank Kloeker' +copyright = u'2018, Frank Kloeker' author = u'Frank Kloeker' # The version info for the project you're documenting, acts as replacement for @@ -57,9 +57,9 @@ # built documents. # # The short X.Y version. -version = u'0.1' +version = u'0.2' # The full version, including alpha/beta/rc tags. -release = u'0.1' +release = u'0.2' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/doc/source/config.rst b/doc/source/config.rst new file mode 100644 index 0000000..26ddf41 --- /dev/null +++ b/doc/source/config.rst @@ -0,0 +1,71 @@ +Configuration of Ansible-OTC +============================ + +Command line variables and variable files +----------------------------------------- + +Ansible can handle variables in different ways. The easiest way is to +pass variables on command line. This will always overwrite pre-defines. + +Two examples: + +create and start virtual machine with file injection +(inject up to 5 max 1k base64 encoded files):: + + ansible-playbook ecs_create.yml -e "ecs_fileinject_1=/etc/hosts ecs_fileinject_data_1=$(base64 -w 0 hosts.txt) ecs_fileinject_2=/root/README.md2 ecs_fileinject_data_2=$(base64 -w 0 hallo.txt)" --vault-password-file vaultpass.txt + +create and start virtual machine with injection user_data +(inject max 32k base64 encoded user-data files):: + + ansible-playbook ecs_create.yml -e "ecs_user_data=$(base64 -w 0 user-data.txt)" --vault-password-file vaultpass.txt + +You can also put the variables in an extra file and pass them on command +line:: + + ansible-playbook ecs_create.yml -e "@my_ecs_data.yml" + +More options are described on +`Ansible Lookups `__ + +INI file variables +------------------ + +A human readable form of configuration files in key=value format. The +INI file is divided into section. A section is a definition of an ECS +instance, or EVS/ELB, or DNS zone. +A [default] section on topic is valid for each other +section where values are overwritten. Example is in +playbooks/vars/tenant.ini + +YAML file variables +------------------- + +YAML are also human readable. The format is key:value, but the value can +also include another key, so you can group your items like:: + + default-default_of_whatever + + vms-vm1 + -vm2 + -vm3 + evs-evs1 + -evs2 + -evs3 + elb-elb1 + -elb2 + -elb3 + +Example is on playbooks/vars/tenant.yml + +JSON file variables +------------------- + +`JSON Schema `__ can be a very powerful tool +for configuration handling. Basically it's also a key:value store like +YAML or INI, but in JSON you can define your own schema. This includes +the definition of field types, like strings or values. It would be +useful if you know the schema definition of OTC API. Then you could copy +the schema one to one. Or you start with your own definition which +should be well considered. A basic example of using JSON is on +playbooks/vars/tenant.json + diff --git a/doc/source/connect.rst b/doc/source/connect.rst index ab1fe69..93e589c 100644 --- a/doc/source/connect.rst +++ b/doc/source/connect.rst @@ -8,8 +8,18 @@ How to connect to the Open Telekom Cloud Install prerequisites as root on your Ubuntu 16.04 machine:: +Using requirements file in ansible-otc repo:: + + apt-get update + apt-get -y install curl git python-pip libs3-2 jq + pip install pip -U + pip install -r https://raw.githubusercontent.com/eumel8/ansible-otc/dev/requirements.txt + +Alternate way:: + apt-get update apt-get -y install curl git python-openstackclient python-pip python-jmespath python-netaddr libs3-2 jq + pip install pip -U pip install python-otcclient pip install ansible==2.2.0.0 @@ -38,6 +48,7 @@ clouds.yml:: project_domain_name: Default user_domain_name: OTC-EU-DE-00000000001000010000 region_name: eu-de + identity_api_version: "3" otc.19720: auth: auth_url: https://iam.eu-de.otc.t-systems.com:443/v3 @@ -47,6 +58,7 @@ clouds.yml:: project_domain_name: Default user_domain_name: OTC-EU-DE-00000000001000019720 region_name: eu-de + identity_api_version: "3" @@ -122,9 +134,9 @@ Test connection:: source:: git clone https://github.com/eumel8/ansible-otc.git - cd ansible-otc - cp secrets.yml _secrets.yml - ansible-vault edit _secrets.yml --vault-password-file vaultpass.txt + cd ansible-otc/playbooks + cp vars/secrets.yml vars/_secrets.yml + ansible-vault edit vars/_secrets.yml --vault-password-file vars/vaultpass.txt Adjust these lines:: @@ -134,5 +146,4 @@ Adjust these lines:: Test connection:: - ansible-playbook -i hosts ecs.yml --vault-password-file vaultpass.txt - + ./grole otc_ecs; ansible-playbook roles.yml -e "localaction=list" --vault-password-file vaultpass.txt diff --git a/doc/source/dns.rst b/doc/source/dns.rst index 945d1c7..5cb468a 100644 --- a/doc/source/dns.rst +++ b/doc/source/dns.rst @@ -1,5 +1,5 @@ OTC DNS - the complete example -============================= +============================== DNS services are provided by OTC since months. Now the complete stack is reworked so we can take a closer look on API service. @@ -28,9 +28,9 @@ First of all we need connection to OTC. Use the :ref:`Connect_Cheat_Sheet` It's a good idea to install openstack-client because ansible will use the same os-client-config:: - git clone -b poc_dns_v2 https://github.com/eumel8/ansible-otc.git - cd ansible-otc - cp secrets.yml _secrets.yml + git clone https://github.com/eumel8/ansible-otc.git + cd ansible-otc/playbooks + cp vars/secrets.yml vars/_secrets.yml In _secrets.yml are only S3 credentials stored. You need to adjust *env.yml* with the used profile name in clouds.yml. Ignore the *_secrets.yml* settings @@ -77,20 +77,25 @@ configured the domain, you need the service desk to clarify. **Reverse DNS** (PTR records) are only provided for public ip (EIP). The ip address must assigned to your tenant to set the PTR record. -Related playbooks are *zone_create.yml*, *zonerecord_create.yml* and *ptrrecord_create.yml* +Related playbooks are *dns_ini.yml*, *dns_yml.yml* and *dns_json.yml* +All of them control the otc_dns role. Lets start a virtual machine with a fixed private ip address and an allocated EIP:: - ansible-playbook -i hosts tenant_create.yml -e "ecs_name=ansible-test101" + ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -In this play we allocate all resources to bootstrap our ECS instance, set the floating ip -address and the reverse DNS:: +In this play we setup a new DNS zone, make an A-Record for ECS, and +set PTR-Record (Reverse DNS):: - ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" + ansible-playbook dns_ini.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create" -Here we create zones and zonerecords. API works asynchron so if job processing is slow -you need to repeat the step if the zone is not ready when zonerecords are added. + ansible-playbook dns_ini.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "ecs_name=ansible-test01" -e "localaction=ptrcreate" + + +Here we create zones and zonerecords. API works asynchron so if job +processing is slow you need to repeat the step if the zone is not +ready when zonerecords are added. Tests:: @@ -118,24 +123,23 @@ Tests:: ansible-test101.ansible.internal.corp has address 192.168.0.101 - Remove DNS reverse entry:: - ansible-playbook -i hosts ptrrecord_delete.yml -e "public_ip_address=160.44.207.211" + ./grole otc_dns; ansible-playbook roles.yml -e "public_ip_address=160.44.207.211" -e "localaction=ptrdelete" - -Migrate your complete zones automatically +Migrate your complete zones automatically (required xfer permissions) Private zone:: - ansible-playbook dns_transfer.yml -e "dns_server=127.0.0.1" -e "zone_name=internal.example.com" -e "zone_type=private" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" - ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" + ansible-playbook dns_ini.yml -e "config=ini" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=ansible.internal.corp"" -e "zone_type=private" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" + ansible-playbook dns_ini.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create" Public zone:: - ansible-playbook dns_transfer.yml -e "dns_server=127.0.0.1" -e "zone_name=external.example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" - ansible-playbook -i hosts dns_create.yml + ansible-playbook dns_ini.yml -e "config=ini" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" + + ansible-playbook dns_ini.yml -e "zone_name=example.com" -e "localaction=create" End of PoC. Look at the `[other plays and roles]`__ to interact with OTC API diff --git a/doc/source/index.rst b/doc/source/index.rst index 6100852..d994067 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -1,21 +1,26 @@ -.. coni documentation master file, created by +.. ansible-otc documentation master file, created by sphinx-quickstart on Sat Nov 18 09:45:34 2017. You can adapt this file completely to your liking, but it should at least contain the root `toctree` directive. -Welcome to ansible-otc documentation! +Welcome to Ansible-OTC documentation! ===================================== .. toctree:: - :maxdepth: 1 + :maxdepth: 2 :caption: Contents: intro + install + auth + config connect workshop buildservice dns roles + changelog + authors Indices and tables ================== diff --git a/doc/source/install.rst b/doc/source/install.rst new file mode 100644 index 0000000..4eab69d --- /dev/null +++ b/doc/source/install.rst @@ -0,0 +1,30 @@ +Installrequirements +------------------- + +* curl +* openssl +* base64 +* ansible==2.2.0.0 +* python-jmespath +* python-netaddr + + + *Ubuntu 14.04/16.04:*:: + + apt-get install software-properties-common + apt-get update + apt-cache policy ansible + apt-get install curl python-pip python-jmespath python-netaddr + pip install ansible==2.2.0.0 + + *OpenSuSE 13.2:*:: + + zypper ar http://download.opensuse.org/repositories/systemsmanagement/openSUSE_13.2/systemsmanagement.repo + zypper up + zypper install curl ansible python-jmespath python-netaddr + +(should work on all other \*nix systems, check the right version of ansible!!!) + +credentials on OTC (username, password, domain, S3 access/secret key) + + diff --git a/doc/source/intro.rst b/doc/source/intro.rst index 6319ad7..2c88803 100644 --- a/doc/source/intro.rst +++ b/doc/source/intro.rst @@ -21,613 +21,10 @@ and other useful things. The portfolio will rapidly developed. Content ------- -Here are some roles to demonstrate how to interact with OTC-API. +Ansible-OTC are some roles to demonstrate how to interact with OTC-API. ECS-API is origin developed by Huawei and described `here `__ -Roles for lab -------------- - - -+------------------------+-------------------------------------------------+ -| role | description | -+========================+=================================================+ -| dns_transfer | transfer a DNS zone | -+------------------------+-------------------------------------------------+ -| ecs | list virtual machines | -+------------------------+-------------------------------------------------+ -| ecs_create | create and start virtual machine | -+------------------------+-------------------------------------------------+ -| ecs_delete | delete a specific virtual machine | -+------------------------+-------------------------------------------------+ -| ecs_show | information about a specific virtual machine | -+------------------------+-------------------------------------------------+ -| eip | show elastic ip-addresses | -+------------------------+-------------------------------------------------+ -| eip_apply | apply a new elastic ip-address | -+------------------------+-------------------------------------------------+ -| eip_delete | delete elastic ip-address | -+------------------------+-------------------------------------------------+ -| elb | list elastic loadbalancers | -+------------------------+-------------------------------------------------+ -| elb_create | create elastic loadbalancer | -+------------------------+-------------------------------------------------+ -| elb_delete | delete elastic loadbalancer | -+------------------------+-------------------------------------------------+ -| elb_show | show elastic loadbalancer | -+------------------------+-------------------------------------------------+ -| elb_certificate | show elastic loadbalancer certificates | -+------------------------+-------------------------------------------------+ -| elb_certificate_create | create elastic loadbalancer certificate | -+------------------------+-------------------------------------------------+ -| elb_certificate_delete | delete elastic loadbalancer certificate | -+------------------------+-------------------------------------------------+ -| elb_healthcheck_create | create elastic loadbalancer healthcheck | -+------------------------+-------------------------------------------------+ -| elb_healthcheck_delete | delete elastic loadbalancer healthcheck | -+------------------------+-------------------------------------------------+ -| elb_healthcheck_show | show elastic loadbalancer healthcheck | -+------------------------+-------------------------------------------------+ -| elb_listener | list listener for elastic loadbalancer | -+------------------------+-------------------------------------------------+ -| elb_listener_create | create listener for elastic loadbalancer | -+------------------------+-------------------------------------------------+ -| elb_listener_delete | delete listener from elastic loadbalancer | -+------------------------+-------------------------------------------------+ -| elb_backends | list backends for elastic loadbalancer | -+------------------------+-------------------------------------------------+ -| elb_backends_create | create backends for elastic loadbalancer | -+------------------------+-------------------------------------------------+ -| elb_backends_delete | delete backends for elastic loadbalancer | -+------------------------+-------------------------------------------------+ -| enable_snat | enable SNAT on specific VPC | -+------------------------+-------------------------------------------------+ -| endpoints | discover API endpoints | -+------------------------+-------------------------------------------------+ -| evs | list volumes | -+------------------------+-------------------------------------------------+ -| evs_create | create a volume | -+------------------------+-------------------------------------------------+ -| evs_delete | delete a volume | -+------------------------+-------------------------------------------------+ -| evs_show | information about a specific volume | -+------------------------+-------------------------------------------------+ -| flavors | show flavors | -+------------------------+-------------------------------------------------+ -| images | show images | -+------------------------+-------------------------------------------------+ -| image_create | create an image | -+------------------------+-------------------------------------------------+ -| image_delete | delete an image | -+------------------------+-------------------------------------------------+ -| job | show job status | -+------------------------+-------------------------------------------------+ -| keypairs | show ssh keypairs | -+------------------------+-------------------------------------------------+ -| keypair_create | create a ssh keypair | -+------------------------+-------------------------------------------------+ -| keypair_delete | delete a ssh keypair | -+------------------------+-------------------------------------------------+ -| lookup_name | lookup id by name | -+------------------------+-------------------------------------------------+ -| os-client-config.yml | create os-client-config yml file | -+------------------------+-------------------------------------------------+ -| ptrrecord_create | create DNS PTR record for EIP | -+------------------------+-------------------------------------------------+ -| ptrrecord_delete | delete DNS PTR record for EIP | -+------------------------+-------------------------------------------------+ -| ptrrecords | show DNS PTR records for EIP | -+------------------------+-------------------------------------------------+ -| rds_versions | list provided database versions for RDS | -+------------------------+-------------------------------------------------+ -| rds_flavors | list provid flavor for selected version in RDS | -+------------------------+-------------------------------------------------+ -| services | discover API services | -+------------------------+-------------------------------------------------+ -| s3 | show s3 buckets | -+------------------------+-------------------------------------------------+ -| s3_bucket_create | create s3 bucket | -+------------------------+-------------------------------------------------+ -| s3_bucket_delete | delete s3 bucket | -+------------------------+-------------------------------------------------+ -| s3_upload | upload files in s3 object store | -+------------------------+-------------------------------------------------+ -| secgroups | show security groups | -+------------------------+-------------------------------------------------+ -| secgroup_create | create security group | -+------------------------+-------------------------------------------------+ -| secgroup_delete | delete security group | -+------------------------+-------------------------------------------------+ -| secgrouprule_create | create security group rule | -+------------------------+-------------------------------------------------+ -| secgrouprule_delete | delete security group rule | -+------------------------+-------------------------------------------------+ -| subnet | show subnet | -+------------------------+-------------------------------------------------+ -| subnet_create | create subnet | -+------------------------+-------------------------------------------------+ -| subnet_delete | delete subnet | -+------------------------+-------------------------------------------------+ -| token | get auth token | -+------------------------+-------------------------------------------------+ -| vpc | show vpc | -+------------------------+-------------------------------------------------+ -| vpc_router | show vpc router info and set facts | -+------------------------+-------------------------------------------------+ -| vpc_create | create vpc | -+------------------------+-------------------------------------------------+ -| vpc_delete | delete vpc | -+------------------------+-------------------------------------------------+ -| zones | show DNS zones | -+------------------------+-------------------------------------------------+ -| zonerecords | show DNS zonerecords | -+------------------------+-------------------------------------------------+ -| zone_create | create DNS zone | -+------------------------+-------------------------------------------------+ -| zone_delete | delete DNS zone | -+------------------------+-------------------------------------------------+ -| zonerecord_create | create DNS zonerecord | -+------------------------+-------------------------------------------------+ -| zonerecord_delete | delete DNS zonerecord | -+------------------------+-------------------------------------------------+ - -Requirements ------------- - -* curl -* openssl -* base64 -* ansible==2.2.0.0 -* python-jmespath -* python-netaddr - - - *Ubuntu 14.04/16.04:*:: - - apt-get install software-properties-common - apt-get update - apt-cache policy ansible - apt-get install curl python-pip python-jmespath python-netaddr - pip install ansible==2.2.0.0 - - *OpenSuSE 13.2:*:: - - zypper ar http://download.opensuse.org/repositories/systemsmanagement/openSUSE_13.2/systemsmanagement.repo - zypper up - zypper install curl ansible python-jmespath python-netaddr - -(should work on all other \*nix systems, check the right version of ansible!!!) - -credentials on OTC (username, password, domain, S3 access/secret key) - - -Files outside the repo ----------------------- - - -+--------------------------------+-----------------------------------------------------------------+ -| filename | description | -+================================+=================================================================+ -| ~/.config/openstack/clouds.yml | os-client configuration file for multiple openstack environments| -+--------------------------------+-----------------------------------------------------------------+ - -Files ------ - -+-----------------+--------------------------------------------------------------------+ -| filename | description | -+=================+====================================================================+ -| ajob | shell script to fetch job status from OTC | -+------------------------+-------------------------------------------------+ -| env.yml | profile to use in clouds.yml | -+------------------------+-------------------------------------------------+ -| secrets.yml | var file for S3 credentials and endpoints (ansible-vault) | -+------------------------+-------------------------------------------------+ -| vaultpass.txt | password file for ansible-vault. The default password is: linux :-)| -+------------------------+-------------------------------------------------+ -| hosts | host file for ansible (we use only localhost) | -+------------------------+-------------------------------------------------+ -| tenant.ini | configuration file for tenant | -+------------------------+-------------------------------------------------+ -| dns.ini | configuration file for dns | -+-----------------+--------------------------------------------------------------------+ - - -os-client config ----------------- - -for more comfort and standardization we moved credential lookup from secrets.yml to clouds.yml (part of https://docs.openstack.org/developer/os-client-config/). If you already configured your OTC credentials there put your profile name in env.yml or use - -:: - - ansible-playbook -e "CLOUD=otc" ... - -if your profile named otc - -If you like to start with this feature run once os-client-config.yml and answer the question. A basic yml file with one -profile will created for you:: - - - ansible-playbook os-client-config.yml - - - -Starting up ------------ - -:: - - cp secrets.yml _secrets.yml - - -**adjust your own data in this file before you using the examples:** - -list virtual machines (with secrets.yml):: - - ansible-playbook -i hosts ecs.yml --vault-password-file vaultpass.txt - -list virtual machines (with clouds.yml):: - - ansible-playbook -i hosts ecs.yml - -create and start virtual machine with file injection -(inject up to 5 max 1k base64 encoded files):: - - ansible-playbook -i hosts ecs_create.yml -e "ecs_fileinject_1=/etc/hosts ecs_fileinject_data_1=$(base64 -w 0 hosts.txt) ecs_fileinject_2=/root/README.md2 ecs_fileinject_data_2=$(base64 -w 0 hallo.txt)" --vault-password-file vaultpass.txt - -create and start virtual machine with injection user_data -(inject max 32k base64 encoded user-data files):: - - ansible-playbook -i hosts ecs_create.yml -e "ecs_user_data=$(base64 -w 0 user-data.txt)" --vault-password-file vaultpass.txt - -show virtual machine (single):: - - ansible-playbook -i hosts ecs_show.yml -e "ecs_name=ansible-test01" - -delete virtual machine (only the machine):: - - ansible-playbook -i hosts ecs_delete.yml -e "ecs_name=ansible-test01" - -delete virtual machine (delete also floating ip and attached volumes):: - - ansible-playbook -i hosts ecs_delete.yml -e "ecs_name=test01-ansible delete_publicip=1 delete_volume=1" - -list elastic loadbalancers:: - - ansible-playbook -i hosts elb.yml - -create elastic loadbalancer (tenant.ini):: - - ansible-playbook -i hosts elb_create.yml -e "elb_name=ansible-elb01" - -delete elastic loadbalancer:: - - ansible-playbook -i hosts elb_delete.yml -e "elb_name=ansible-elb01" - -show elastic loadbalancer:: - - ansible-playbook -i hosts elb_show.yml -e "elb_name=ansible-elb01" - -list elastic loadbalancer certificates:: - - ansible-playbook -i hosts elb_certificate.yml - -create elastic loadbalancer certificate (we hate comments in cert file):: - - ansible-playbook -i hosts elb_certificate_create.yml -e "elb_certificate_name=ansible-cert elb_certificate_key_file=cert.key elb_certificate_certificate_file=cert.crt" - -delete elastic loadbalancer certificates:: - - ansible-playbook -i hosts elb_certificate_delete.yml -e "listener_certificate_name=ansible-cert" - -create elastic loadbalancer healthcheck (tenant.ini):: - - ansible-playbook -i hosts elb_healthcheck_create.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" - -delete elastic loadbalancer healthcheck:: - - ansible-playbook -i hosts elb_healthcheck_delete.yml -e "elb_healthcheck_id=e12454b93f304b759be699cb0270648c" - -show elastic loadbalancer healthcheck:: - - ansible-playbook -i hosts elb_healthcheck_show.yml -e "elb_healthcheck_id=e12454b93f304b759be699cb0270648c" - -list listener for elastic loadbalancer:: - - ansible-playbook -i hosts elb_listener.yml -e "elb_name=ansible-elb01" - -create listener for elastic loadbalancer (tenant.ini):: - - ansible-playbook -i hosts elb_listener_create.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" - -delete listener for elastic loadbalancer:: - - ansible-playbook -i hosts elb_listener_delete.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener03" - -list backends for elastic loadbalancer (tenant.ini):: - - ansible-playbook -i hosts elb_backends.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" - -create backends for elastic loadbalancer:: - - ansible-playbook -i hosts elb_backends_create.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" -e "ecs_name=ansible-test01" -e "ecs_address=192.168.0.10" - -delete backends for elastic loadbalancer:: - - ansible-playbook -i hosts elb_backends_delete.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" -e "elb_backends_id=d15e2f8dd7d64d95a6b5c2a791cac408" - -enable SNAT on specific VPC:: - - ansible-playbook -i hosts snat_enable.yml -e "vpc_name=ansible-vpc1" -e "enable_snat=true" - -disable SNAT on specific VPC:: - - ansible-playbook -i hosts snat_enable.yml -e "vpc_name=ansible-vpc1" -e "enable_snat=false" - -discover API endpoints:: - - ansible-playbook -i hosts endpoints.yml - -list volumes:: - - ansible-playbook -i hosts evs.yml - -create a volume (tenant.ini):: - - ansible-playbook -i hosts evs_create.yml -e "evs_name=ansible-evs01" - -delete a volume :: - - ansible-playbook -i hosts evs_delete.yml -e "evs_name=ansible-evs01" - -show information about a single volume:: - - ansible-playbook -i hosts evs_show.yml -e "evs_name=ansible-evs01" - -show flavors:: - - ansible-playbook -i hosts flavors.yml - -show elastic ip-addresses:: - - ansible-playbook -i hosts eip.yml - -apply a new elastic ip-address (bandwidth between 1-300 MBit/s):: - - ansible-playbook -i hosts eip_apply.yml -e "eip_bandwidth_name=ansible-eip1" -e "eip_bandwidth_size=100" -e "public_ip_address=0.0.0.0" - -delete elastic ip-address:: - - ansible-playbook -i hosts eip_delete.yml -e "public_ip_address=160.44.195.18" - -show images:: - - ansible-playbook -i hosts images.yml - -create image (from stopped ecs instance):: - - ansible-playbook -i hosts image_create.yml -e "image_name=ansible-image01" -e "ecs_name=ansible-test01" - -create image (from obs image_url :):: - - ansible-playbook -i hosts image_create.yml -e "image_name=ansible-image02" -e "image_url=ansible1:/xenial-server-cloudimg-amd64-disk1.vmdk" -e "image_min_disk=12" - -delete an image (API return code is 204 when success, ansible expected 200 and may give an error):: - - ansible-playbook -i hosts -e "image_id=af0a0bcf-7be3-4722-98ba-3350801a8cd5" image_delete.yml - -show job status:: - - ansible-playbook -e "job_id=2c9eb2c15693b00901571e32ad5e1755" -i hosts job.yml - - ./ajob 2c9eb2c15693b00901571e32ad5e1755 - -show keypairs:: - - ansible-playbook -i hosts keypairs.yml - -create keypair:: - - ansible-playbook -i hosts -e "ecs_adminkey=test-key" -e "keypair_file=~/.ssh/id_rsa.pub" keypair_create.yml - -delete keypair:: - - ansible-playbook -i hosts -e "ecs_adminkey=test-key" keypair_delete.yml - -lookup id by name (image):: - - ansible-playbook -i hosts lookup_name.yml -e "image_name=Community_Ubuntu_16.04_TSI_latest" - -lookup id by name (flavor):: - - ansible-playbook -i hosts lookup_name.yml -e "ecs_ram=2048" -e "ecs_vcpus=4" - -lookup id by name (subnet):: - - ansible-playbook -i hosts lookup_name.yml -e "subnet_name=subnet-5831" - -lookup id by name (secgroup):: - - ansible-playbook -i hosts lookup_name.yml -e "secgroup_name=bitnami-wordpress-56a9-securitygroup" - -lookup id by name (vpc):: - - ansible-playbook -i hosts lookup_name.yml -e "vpc_name=vpc-4988" - -lookup id by name (eip):: - - ansible-playbook -i hosts lookup_name.yml -e "public_ip_address=160.44.1.1" - -lookup id by name (zone):: - - ansible-playbook -i hosts lookup_name.yml -e "zone_name=example.com." - -lookup id by name (ecs):: - - ansible-playbook -i hosts lookup_name.yml -e "ecs_name=ansible-test01" - -lookup id by name (evs):: - - ansible-playbook -i hosts lookup_name.yml -e "evs_name=ansible-evs01" - -lookup id by name (elb):: - - ansible-playbook -i hosts lookup_name.yml -e "elb_name=ansible-elb01" - -lookup id by name (certificate):: - - ansible-playbook -i hosts lookup_name.yml -e "listener_certificate_name=ansible-cert" - -lookup id by name (listener):: - - ansible-playbook -i hosts lookup_name.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" - -create DNS PTR record for EIP:: - - ansible-playbook -i hosts ptrrecord_create.yml -e "public_ip_address=160.44.204.87" -e "ptr_name=ansible-test01.external.otc.telekomcloud.com" -e "ttl=300" - -delete DNS PTR record for EIP:: - - ansible-playbook -i hosts ptrrecord_delete.yml -e "public_ip_address=160.44.204.87" - -show DNS PTR records for EIP:: - - ansible-playbook -i hosts ptrrecords.yml - -list provided database versions for RDS:: - - ansible-playbook -i hosts rds_versions.yml - -list provided flavors for selected database version in RDS:: - - ansible-playbook -i hosts rds_flavors.yml -e "rds_version_id=286a34fc-a605-11e6-88fd-286ed488c9cb" - -discover API services:: - - ansible-playbook -i hosts services.yml - -show s3 buckets:: - - ansible-playbook -i hosts s3.yml --vault-password-file vaultpass.txt - -create s3 bucket:: - - ansible-playbook -i hosts -e "bucket=mybucket" s3_bucket_create.yml --vault-password-file vaultpass.txt - -delete s3 bucket:: - - ansible-playbook -i hosts -e "bucket=mybucket" s3_bucket_delete.yml --vault-password-file vaultpass.txt - -upload files in s3 object store (VHD, ZVHD, VMDK, QCOW2 are supported for otc image service):: - - ansible-playbook -i hosts -e "bucket=mybucket" -e "object=xenial-server-cloudimg-amd64-disk1.vmdk" s3_upload.yml --vault-password-file vaultpass.txt - -show security groups:: - - ansible-playbook -i hosts secgroups.yml - -show security groups (only from one vpc):: - - ansible-playbook -i hosts secgroups.yml -e "vpc_name=ansible-vpc01" - -create security group (subtask in tenant_create ecs section):: - - .... - -delete security group:: - - ansible-playbook -i hosts secgroup_delete.yml -e "secgroup_id=6e8ac0a0-e0ec-4c4d-a786-9c9c946fd673" - -create security group rule (subtask in tenant_create ecs section):: - - ... - -delete security group rule:: - - ansible-playbook -i hosts secgrouprule_delete.yml -e "secgrouprule_id=3c329359-fef5-402f-b29a-caac734065a1" - -show subnets:: - - ansible-playbook -i hosts subnet.yml - -create subnet (subtask in tenant_create ecs section):: - - ... - -delete subnet:: - - ansible-playbook -i hosts subnet_delete.yml -e "vpc_name=ansible-vpc01" -e "subnet_name=ansible-subnet01" - -show vpc:: - - ansible-playbook -i hosts vpc.yml - -show vpc router info and set facts:: - - ansible-playbook -i hosts vpc_router.yml -e "vpc_name=ansible-vpc01" - -create vpc:: - - ansible-playbook -i hosts vpc_create.yml -e "vpc_name=ansible-vpc1" -e "vpc_net=192.168.0.0/16" - -delete vpc:: - - ansible-playbook -i hosts vpc_delete.yml -e "vpc_name=ansible-vpc01" - -show DNS zones:: - - ansible-playbook -i hosts zones.yml - -create DNS zone (name,type and ttl are mandatory):: - - ansible-playbook -i hosts zone_create.yml -e "zone_type=public" -e "zone_name=example.com." -e "zone_description=example zone" -e "zone_email=example@example.com" -e "zone_ttl=86400" - -delete DNS zone:: - - ansible-playbook -i hosts zone_delete.yml -e "zone_id=ff80808257e2bb5e0157ec5ca2620234" - -show DNS zone records:: - - ansible-playbook -i hosts zonerecords.yml - -create DNS zonerecord (A-Record) possible values A,AAAA,MX,CNAME,PTR,TXT,NS:: - - ansible-playbook -i hosts zonerecord_create.yml -e "zone_id=ff80808257e2bb5e0157ec620968023a" -e "zonerecord_name=testserver.example.com." -e "zonerecord_type=A" -e "zonerecord_value=160.44.196.210" -e "zonerecord_ttl=86400" - -create DNS zonerecord (PTR-Record):: - - see DNS PTR record section - -delete DNS zonerecord :: - - ansible-playbook -i hosts zonerecord_delete.yml -e "zone_id=ff80808257e2bb5e0157ec620968023a" -e "zonerecordid=ff80808257e2bb050157ec789b5e027e" - - -Full Working Example --------------------- - -configure your VM in tenant.ini and run all necessary roles to bootstrap a VM:: - - ansible-playbook -i hosts tenant_create.yml -e "ecs_name=ansible-test01" - -This playbook will create VPC,Subnet, SecurityGroup, SSH-Keypair, allocate Floating-IP and boostrap the VM. - -configure your DNS in dns.ini and deploy all zones and zonerecords:: - - ansible-playbook -i hosts dns_create.yml - -transfer your private dns zones to OTC using zone transfer (data stored in data.ini, needs zone transfer rights on dns_server):: - - ansible-playbook dns_transfer.yml -e "dns_server=127.0.0.1" -e "zone_name=internal.example.com" -e "zone_type=private" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" - - ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" - -transfer your public dns zones to OTC using zone transfer:: - - ansible-playbook dns_transfer.yml -e "dns_server=127.0.0.1" -e "zone_name=external.example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" - - ansible-playbook -i hosts dns_create.yml - Contributing ------------ diff --git a/doc/source/roles.rst b/doc/source/roles.rst index 18a7fc6..001cc5b 100644 --- a/doc/source/roles.rst +++ b/doc/source/roles.rst @@ -1,4 +1,31 @@ Roles -===== +***** -.. include:: ../..//roles/ecs/README.rst +Variables: +========== + ++----------------------------------------------+----------------------------------------------+ +| Name | Description | ++==============================================+==============================================+ +| output=(long,short) | output format stdout (long,short) | ++----------------------------------------------+----------------------------------------------+ +| localaction=(create,show,update,list,delete) | action on the role | ++----------------------------------------------+----------------------------------------------+ + +Functions: +========== + +.. include:: ../../roles/otc_auth/README.rst +.. include:: ../../roles/otc_ims/README.rst +.. include:: ../../roles/otc_vpc/README.rst +.. include:: ../../roles/otc_subnet/README.rst +.. include:: ../../roles/otc_secgroup/README.rst +.. include:: ../../roles/otc_keypair/README.rst +.. include:: ../../roles/otc_eip/README.rst +.. include:: ../../roles/otc_ecs/README.rst +.. include:: ../../roles/otc_evs/README.rst +.. include:: ../../roles/otc_dns/README.rst +.. include:: ../../roles/otc_obs/README.rst +.. include:: ../../roles/otc_job/README.rst +.. include:: ../../roles/otc_elb/README.rst +.. include:: ../../roles/otc_rds/README.rst diff --git a/doc/source/workshop.rst b/doc/source/workshop.rst index 59485ec..d2fc043 100644 --- a/doc/source/workshop.rst +++ b/doc/source/workshop.rst @@ -3,114 +3,115 @@ Ansible OTC Workshop You need a valid connetion to OTC with ansible. See :ref:`Connect_Cheat_Sheet` section 4. -## 1. List all running ECS instances (VMs):: +All commands are working from:: - ansible-playbook -i hosts ecs.yml --vault-password-file vaultpass.txt + cd playbooks -## 2. List all available images (IMS):: +1. List all running ECS instances (VMs):: - ansible-playbook -i hosts images.yml --vault-password-file vaultpass.txt + ./grole otc_ecs; ansible-playbook roles.yml -e "localaction=list" -## 3. List all available VPC (Network):: +2. List all available images (IMS):: - ansible-playbook -i hosts vpc.yml --vault-password-file vaultpass.txt + ./grole otc_ims; ansible-playbook roles.yml -e "localaction=list" -## 4. List all available Floating IP (EIP):: +3. List all available VPC (Network):: - ansible-playbook -i hosts eip.yml --vault-password-file vaultpass.txt + ./grole otc_vpc; ansible-playbook roles.yml -e "localaction=list" -## 5. List all available security groups (Network):: +4. List all available Floating IP (EIP):: - ansible-playbook -i hosts secgroups.yml --vault-password-file vaultpass.txt + ./grole otc_eip; ansible-playbook roles.yml -e "localaction=list" -## 6. Generate local ssh-key:: +5. List all available security groups (Network):: + + ./grole otc_secgroups; ansible-playbook roles.yml -e "localaction=list" + +6. Generate local ssh-key:: ssh-keygen -## 7. Configure your ECS instance in tenant.ini - -To distinguish the resources, use your own namespace:: - - # section name is instance name of the VM - [myecs] - # image name of the ECS instance. grab a valid name from the list below - image_name=Community_Ubuntu_16.04_TSI_latest - # volume type of the ECS instance. valid names are SATA, SAS or SSD - ecs_volumetype=SATA - # RAM in MB of the ECS instance - ecs_ram=2048 - # Count of vCPU of the ECS instance - ecs_vcpus=2 - # VPC name grapped by list. Or a new Virtual Private Cloud (VPC) - vpc_name=cloudcamp-vpc01 - # Setup a security group for the ECS instance and a set of rules - secgroup_name=cloudcamp-secgroup01 - secgroup_rule1=ingress;IPv4;icmp;;;0.0.0.0/0 - secgroup_rule2=ingress;IPv4;tcp;22;22;0.0.0.0/0 - # Network of the whole VPC - vpc_net=192.168.0.0/16 - # Name of the subnet inside the VPC where the ECS instance is running - subnet_name=cloudcamp-subnet01 - subnet_net=192.168.0.0/24 - # ipaddress of the subnet router - subnet_gateway=192.168.0.1 - # Should DHCP running inside the subnet - subnet_dhcp_enable=true - # Valid nameserver, will attached to the ecs instance as resolver - subnet_primary_dns=8.8.8.8 - subnet_secondary_dns=8.4.4.8 - # Availabilty Zone where the instance is runnig. Valid names are eu-de-01 and eu-de-02 - availability_zone=eu-de-01 - # Configure a static internal ipaddress (optional) - ecs_ipaddress=192.168.0.80 - # Configure a public floating ipaddress. Set value if address is known. 0.0.0.0 to apply a new one. If empty no floating ip will set - ecs_publicip=0.0.0.0 - # Name and site of the floating ipaddress (bandwidth in Mbit/sec) - eip_bandwidth_name=cloudcamp-eip1 - eip_bandwidth_size=100 - ecs_adminkey=my-key - # SSH-key to inject the ecs instance - keypair_file=~/.ssh/id_rsa.pub - -Pitfalls: - -* ecs_ipaddress must be in subnet_net -* subnet_net must be in vpc_net -* names are often not unique. multiple ecs, security groups can have the same name - -## 8. Start and check your ECS instance:: - - ansible-playbook -i hosts tenant_create.yml -e "ecs_name=myecs" --vault-password-file vaultpass.txt - -ansible should work through the playbooks. Last task should output the JobID. -You can check the job status (use your own JobID) :: +7. Configure your ECS instance in vars/tenant.ini + + To distinguish the resources, use your own namespace:: + + # section name is instance name of the VM + [myecs] + # image name of the ECS instance. grab a valid name from the list below + image_name=Community_Ubuntu_16.04_TSI_latest + # volume type of the ECS instance. valid names are SATA, SAS or SSD + ecs_volumetype=SATA + # RAM in MB of the ECS instance + ecs_ram=2048 + # Count of vCPU of the ECS instance + ecs_vcpus=2 + # VPC name grapped by list. Or a new Virtual Private Cloud (VPC) + vpc_name=cloudcamp-vpc01 + # Setup a security group for the ECS instance and a set of rules + secgroups=["cloudcamp-secgroup01"] + # Network of the whole VPC + vpc_net=192.168.0.0/16 + # Name of the subnet inside the VPC where the ECS instance is running + subnet_name=cloudcamp-subnet01 + subnet_net=192.168.0.0/24 + # ipaddress of the subnet router + subnet_gateway=192.168.0.1 + # Should DHCP running inside the subnet + subnet_dhcp_enable=true + # Valid nameserver, will attached to the ecs instance as resolver + subnet_primary_dns=8.8.8.8 + subnet_secondary_dns=8.4.4.8 + # Availabilty Zone where the instance is runnig. Valid names are eu-de-01 and eu-de-02 + availability_zone=eu-de-01 + # Configure a static internal ipaddress (optional) + ecs_ipaddress=192.168.0.80 + # Configure a public floating ipaddress. Set value if address is known. 0.0.0.0 to apply a new one. If empty no floating ip will set + ecs_publicip=0.0.0.0 + # Name and site of the floating ipaddress (bandwidth in Mbit/sec) + eip_bandwidth_name=cloudcamp-eip1 + eip_bandwidth_size=100 + ecs_adminkey=my-key + # SSH-key to inject the ecs instance + keypair_file=~/.ssh/id_rsa.pub + [securitygroups] + cloudcamp-secgroup01=["ingress;IPv4;tcp;22;22;0.0.0.0/0", "ingress;IPv4;tcp;80;80;0.0.0.0/0"] + + Pitfalls: + + * ecs_ipaddress must be in subnet_net + * subnet_net must be in vpc_net + * names are often not unique. multiple ecs, security groups can have the same name + +8. Start and check your ECS instance:: + + ansible-playbook tenant_ini.yml -e "ecs_name=myecs" -e "localaction=create" + + ansible should work through the playbooks. Last task should output the JobID. + You can check the job status (use your own JobID) :: ./ajob "2c9eb2c55c913859015c9636c3a5151f" -When the status is SUCCESS ECS instance is running. -In ansible output below you find in eip_apply the new floating ip. -Test connectivity (use your own address):: + When the status is SUCCESS ECS instance is running. + In ansible output below you find in eip_apply the new floating ip. + Test connectivity (use your own address):: ping 160.44.xxx.xxx -Alternate way to catch the floating ip: + Alternate way to catch the floating ip: -* grab the list of ecs instances -* copy the ecs_id of your ecs instance -* in detail view of your ecs instance search for internal ipaddress -* grab the list of eip and compare association of internal and floating ipaddresses + * in detail view of your ecs instance search for internal ipaddress + * grab the list of eip and compare association of internal and floating ip-addresses -cmd:: + cmd:: - ansible-playbook -i hosts -e ecs.yml --vault-password-file vaultpass.txt - ansible-playbook -i hosts -e "ecs_id="c814e303-7e66-4f08-ac70-18c8e27ca623"" -e "ecs_name=myecs" ecs_show.yml --vault-password-file vaultpass.txt - ansible-playbook -i hosts -e eip.yml --vault-password-file vaultpass.txt + ./grole otc_ecs; ansible-playbook roles.yml -e "ecs_name=myecs" -e "localaction=list" + ./grole otc_eip; ansible-playbook roles.yml -e "localaction=list" -## 9. SSH Login in your ECS instance:: +9. SSH Login in your ECS instance:: ssh -i .ssh/id_rsa ubuntu@160.44.xxx.xxx exit -## 10. Delete ECS instance:: +10. Delete ECS instance:: - ansible-playbook -i hosts -e "ecs_id=c814e303-7e66-4f08-ac70-18c8e27ca623" -e "ecs_name=myecs" -e "delete_publicip=1" -e "delete_volume=1" ecs_delete.yml --vault-password-file vaultpass.txt + ./grole otc_ecs; ansible-playbook roles.yml -e "ecs_name=myecs" -e "localaction=delete" diff --git a/ecs.yml b/ecs.yml deleted file mode 100644 index 8377077..0000000 --- a/ecs.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: ecs diff --git a/ecs_create.yml b/ecs_create.yml deleted file mode 100644 index 2d1bfbb..0000000 --- a/ecs_create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: ecs_create diff --git a/ecs_delete.yml b/ecs_delete.yml deleted file mode 100644 index bf9dff6..0000000 --- a/ecs_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: ecs_delete diff --git a/ecs_show.yml b/ecs_show.yml deleted file mode 100644 index e642807..0000000 --- a/ecs_show.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: ecs_show diff --git a/eip.yml b/eip.yml deleted file mode 100644 index 85d557e..0000000 --- a/eip.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: eip diff --git a/eip_apply.yml b/eip_apply.yml deleted file mode 100644 index d85ea86..0000000 --- a/eip_apply.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: eip_apply diff --git a/eip_delete.yml b/eip_delete.yml deleted file mode 100644 index fcc018c..0000000 --- a/eip_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: eip_delete diff --git a/elb.yml b/elb.yml deleted file mode 100644 index a2c68da..0000000 --- a/elb.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: elb diff --git a/elb_backends.yml b/elb_backends.yml deleted file mode 100644 index c9785ea..0000000 --- a/elb_backends.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: elb_backends diff --git a/elb_backends_create.yml b/elb_backends_create.yml deleted file mode 100644 index a9abb41..0000000 --- a/elb_backends_create.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: elb_backends_create diff --git a/elb_backends_delete.yml b/elb_backends_delete.yml deleted file mode 100644 index d6e3146..0000000 --- a/elb_backends_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: elb_backends_delete diff --git a/elb_certificate.yml b/elb_certificate.yml deleted file mode 100644 index fe21c83..0000000 --- a/elb_certificate.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: elb_certificate diff --git a/elb_certificate_create.yml b/elb_certificate_create.yml deleted file mode 100644 index 9a2c215..0000000 --- a/elb_certificate_create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: elb_certificate_create diff --git a/elb_certificate_delete.yml b/elb_certificate_delete.yml deleted file mode 100644 index f74ba98..0000000 --- a/elb_certificate_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: elb_certificate_delete diff --git a/elb_create.yml b/elb_create.yml deleted file mode 100644 index 8dcf3a6..0000000 --- a/elb_create.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: elb_create diff --git a/elb_delete.yml b/elb_delete.yml deleted file mode 100644 index 06248ba..0000000 --- a/elb_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: elb_delete diff --git a/elb_healthcheck_create.yml b/elb_healthcheck_create.yml deleted file mode 100644 index a457833..0000000 --- a/elb_healthcheck_create.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: elb_healthcheck_create diff --git a/elb_healthcheck_delete.yml b/elb_healthcheck_delete.yml deleted file mode 100644 index 8945f84..0000000 --- a/elb_healthcheck_delete.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: elb_healthcheck_delete diff --git a/elb_healthcheck_show.yml b/elb_healthcheck_show.yml deleted file mode 100644 index 5c8d8ce..0000000 --- a/elb_healthcheck_show.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: elb_healthcheck_show diff --git a/elb_listener.yml b/elb_listener.yml deleted file mode 100644 index 8347929..0000000 --- a/elb_listener.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: elb_listener diff --git a/elb_listener_create.yml b/elb_listener_create.yml deleted file mode 100644 index 16c393d..0000000 --- a/elb_listener_create.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: elb_listener_create diff --git a/elb_listener_delete.yml b/elb_listener_delete.yml deleted file mode 100644 index 7772150..0000000 --- a/elb_listener_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: elb_listener_delete diff --git a/elb_show.yml b/elb_show.yml deleted file mode 100644 index c2ab054..0000000 --- a/elb_show.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: elb_show diff --git a/endpoints.yml b/endpoints.yml deleted file mode 100644 index 513a606..0000000 --- a/endpoints.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: endpoints diff --git a/evs.yml b/evs.yml deleted file mode 100644 index 9c75838..0000000 --- a/evs.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: evs diff --git a/evs_create.yml b/evs_create.yml deleted file mode 100644 index acaf066..0000000 --- a/evs_create.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: evs_create diff --git a/evs_delete.yml b/evs_delete.yml deleted file mode 100644 index 9e7e12f..0000000 --- a/evs_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: evs_delete diff --git a/evs_show.yml b/evs_show.yml deleted file mode 100644 index 682e7e8..0000000 --- a/evs_show.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: evs_show diff --git a/flavors.yml b/flavors.yml deleted file mode 100644 index 22772b7..0000000 --- a/flavors.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: flavors diff --git a/hosts b/hosts deleted file mode 100644 index 2302eda..0000000 --- a/hosts +++ /dev/null @@ -1 +0,0 @@ -localhost ansible_connection=local diff --git a/image_create.yml b/image_create.yml deleted file mode 100644 index 068fe27..0000000 --- a/image_create.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: image_create diff --git a/image_delete.yml b/image_delete.yml deleted file mode 100644 index d32dba8..0000000 --- a/image_delete.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: image_delete diff --git a/images.yml b/images.yml deleted file mode 100644 index 91b35df..0000000 --- a/images.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: images diff --git a/keypair_create.yml b/keypair_create.yml deleted file mode 100644 index 37e13d5..0000000 --- a/keypair_create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: keypair_create diff --git a/keypair_delete.yml b/keypair_delete.yml deleted file mode 100644 index ad89595..0000000 --- a/keypair_delete.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: keypair_delete diff --git a/keypairs.yml b/keypairs.yml deleted file mode 100644 index c76f822..0000000 --- a/keypairs.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: keypairs diff --git a/lookup_name.yml b/lookup_name.yml deleted file mode 100644 index ed9901c..0000000 --- a/lookup_name.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name diff --git a/pictures/otc-dns-api.png b/pictures/otc-dns-api.png deleted file mode 100644 index 32d4027..0000000 Binary files a/pictures/otc-dns-api.png and /dev/null differ diff --git a/pictures/otc-dns.png b/pictures/otc-dns.png deleted file mode 100644 index bebab26..0000000 Binary files a/pictures/otc-dns.png and /dev/null differ diff --git a/pictures/tenant-ini-dns.png b/pictures/tenant-ini-dns.png deleted file mode 100644 index 1b49e24..0000000 Binary files a/pictures/tenant-ini-dns.png and /dev/null differ diff --git a/playbooks/ajob b/playbooks/ajob new file mode 100755 index 0000000..a199dea --- /dev/null +++ b/playbooks/ajob @@ -0,0 +1,5 @@ +#!/bin/sh +# show otc job status + +ansible-playbook -e "job_id=$1" job.yml + diff --git a/playbooks/ansible.cfg b/playbooks/ansible.cfg new file mode 100644 index 0000000..51d344d --- /dev/null +++ b/playbooks/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path = ../roles diff --git a/playbooks/auth.yml b/playbooks/auth.yml new file mode 100644 index 0000000..8efd0eb --- /dev/null +++ b/playbooks/auth.yml @@ -0,0 +1,8 @@ +--- +- hosts: localhost + gather_facts: no + roles: + - role: ../roles/otc_auth + - role: ../roles/ecs + - role: ../roles/images + - role: ../roles/flavors diff --git a/buildservice.yml b/playbooks/buildservice.yml similarity index 62% rename from buildservice.yml rename to playbooks/buildservice.yml index 34d94f2..7f9ce1e 100644 --- a/buildservice.yml +++ b/playbooks/buildservice.yml @@ -3,7 +3,7 @@ gather_facts: no connection: local vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml vars: date: "{{ lookup('pipe', 'date +%Y%m%d') }}" tasks: @@ -18,27 +18,28 @@ connection: local vars: date: "{{ lookup('pipe', 'date +%Y%m%d') }}" - bucket: "buildservice" - ecs_name: "buildserver" object: "{{ distro }}-server-cloudimg-amd64-{{ date }}.vmdk" vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml roles: - - role: s3_bucket_create - - role: s3_upload + - role: otc_obs + localaction: "create" + - role: otc_obs + localaction: "upload" - hosts: localhost gather_facts: no connection: local vars: date: "{{ lookup('pipe', 'date +%Y%m%d') }}" - bucket: "buildservice" + bucket: "buildservice99" image_name: "{{ distro }}-server-cloudimg-amd64-{{ date }}" image_url: "{{ bucket }}:{{ distro }}-server-cloudimg-amd64-{{ date }}.vmdk" image_min_disk: 12 roles: - - role: token - - role: image_create + - role: otc_auth + - role: otc_ims + localaction: "create" tasks: - name: Check image status @@ -47,8 +48,9 @@ method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" when: image_name is defined register: ims_result until: (ims_result.content|from_json)|json_query('images[].status|[0]') == 'active' @@ -59,93 +61,73 @@ hosts: localhost gather_facts: no vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml roles: - - role: token - - role: lookup_name - - role: vpc_create + - role: otc_auth + - role: otc_vpc + localaction: "create" - name: Create Subnet hosts: localhost gather_facts: no connection: local vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml roles: - - role: token - - role: lookup_name - - role: subnet_create + - role: otc_auth + - role: otc_subnet + localaction: "create" - name: Create Secgroup hosts: localhost gather_facts: no vars_files: - - buildservice_var.yml - roles: - - role: token - - role: lookup_name - - role: secgroup_create - -- name: Create Secgrouprules - hosts: localhost - gather_facts: no - vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml + vars: + secgrouprules: "{{ securitygroups[secgroup_name] }}" roles: - - role: token - - role: lookup_name - tasks: - - name: secgrouprule_create role - include_role: - name: secgrouprule_create - vars: - secgrouprule_direction: "{{ item.value.secgrouprule_direction }}" - secgrouprule_ethertype: "{{ item.value.secgrouprule_ethertype }}" - secgrouprule_protocol: "{{ item.value.secgrouprule_protocol }}" - secgrouprule_port_range_min: "{{ item.value.secgrouprule_port_range_min }}" - secgrouprule_port_range_max: "{{ item.value.secgrouprule_port_range_max }}" - secgrouprule_remote_ip_prefix: "{{ item.value.secgrouprule_remote_ip_prefix }}" - with_dict: "{{ secgroup_rules }}" + - role: otc_auth + - role: otc_secgroup + localaction: "create" - name: Create Keypair hosts: localhost gather_facts: no vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml roles: - - role: token - - role: lookup_name - - role: keypair_create + - role: otc_auth + - role: otc_keypair + localaction: "create" - name: Create EIP hosts: localhost gather_facts: no vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml roles: - - role: token - - role: lookup_name - - role: eip_apply + - role: otc_auth + - role: otc_eip + localaction: "create" - name: Create ECS hosts: localhost gather_facts: no vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml vars: date: "{{ lookup('pipe', 'date +%Y%m%d') }}" image_name: "{{ distro }}-server-cloudimg-amd64-{{ date }}" roles: - - role: token - - role: lookup_name - - role: ecs_create - - role: job + - role: otc_auth + - role: otc_ecs + localaction: "create" - name: Switch to ECS hosts: localhost gather_facts: no vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml tasks: - name: Wait for ssh local_action: wait_for @@ -163,7 +145,7 @@ delegate_to: "{{ public_ip_address }}" - name: Doing things on ECS - shell: apt-get update; apt-get -y install git puppet; rm -rf modules; mkdir modules; git clone https://github.com/dev-sec/puppet-os-hardening.git modules/os_hardening; git clone https://github.com/thias/puppet-sysctl.git modules/sysctl; git clone https://github.com/puppetlabs/puppetlabs-stdlib.git modules/stdlib; puppet apply --modulepath ./modules -e "include os_hardening" + shell: apt-get update; apt-get -y install git puppet; rm -rf modules; mkdir modules; git clone -b 1.1.2 https://github.com/dev-sec/puppet-os-hardening.git modules/os_hardening; git clone https://github.com/thias/puppet-sysctl.git modules/sysctl; git clone https://github.com/puppetlabs/puppetlabs-stdlib.git modules/stdlib; puppet apply --modulepath ./modules -e "include os_hardening" remote_user: ubuntu become: true become_method: sudo @@ -186,8 +168,9 @@ ecs_name: "buildserver" ecs_body: "{\"server\": { \"name\": \"{{ ecs_name }}\" }}" roles: - - role: token - - role: lookup_name + - role: otc_auth + - role: otc_ecs + localaction: "lookup" tasks: - name: Check API if ECS is stopped uri: @@ -197,8 +180,9 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ ecs_body|to_json }}" register: ecs_status until: (ecs_status.content|from_json)|json_query('server.status') != 'ACTIVE' @@ -214,11 +198,11 @@ image_name: "buildservice-{{ distro }}-{{ date }}" image_job_id: "{{ (image_create.content|from_json)|json_query('job_id') }}" vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml roles: - - role: token - - role: lookup_name - - role: image_create + - role: otc_auth + - role: otc_ims + localaction: "create" tasks: - name: Request job status from API uri: @@ -226,8 +210,9 @@ method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" when: image_job_id is defined register: jobstatus until: (jobstatus.content|from_json)|json_query('status') == 'SUCCESS' @@ -241,8 +226,8 @@ ecs_name: "buildserver" delete_volume: true vars_files: - - buildservice_var.yml + - vars/buildservice_var.yml roles: - - role: token - - role: lookup_name - - role: ecs_delete + - role: otc_auth + - role: otc_ecs + localaction: "delete" diff --git a/playbooks/dns_ini.yml b/playbooks/dns_ini.yml new file mode 100644 index 0000000..31d01f4 --- /dev/null +++ b/playbooks/dns_ini.yml @@ -0,0 +1,22 @@ +--- +- hosts: localhost + gather_facts: no + vars: + tenant_ini: "vars/dns.ini" + # DNS + zone_description: "{{ lookup('ini','zone_description section={{ zone_name }} file={{ tenant_ini }}') | default(lookup('ini', 'zone_ttl section=DEFAULT file={{ tenant_ini }}') ) }}" + zone_type: "{{ lookup('ini','zone_type section={{ zone_name }} file={{ tenant_ini }}') | default(lookup('ini', 'zone_type section=DEFAULT file={{ tenant_ini }}') ) }}" + zone_email: "{{ lookup('ini','zone_email section={{ zone_name }} file={{ tenant_ini }}') | default(lookup('ini', 'zone_email section=DEFAULT file={{ tenant_ini }}') ) }}" + zone_ttl: "{{ lookup('ini','zone_ttl section={{ zone_name }} file={{ tenant_ini }}') | default(lookup('ini', 'zone_ttl section=DEFAULT file={{ tenant_ini }}') ) }}" + zone_records: "{{ lookup('ini','{{ zone_name }} section=dnszonerecords file={{ tenant_ini }}') }}" + + roles: + # create VM + - role: "otc_auth" + - role: "otc_dns" + localaction: "create" + # create internal DNS zone + # - role: "otc_vpc" + # localaction: "router" + # - role: "otc_dns" + # localaction: "create" diff --git a/playbooks/dns_json.yml b/playbooks/dns_json.yml new file mode 100644 index 0000000..644a48b --- /dev/null +++ b/playbooks/dns_json.yml @@ -0,0 +1,22 @@ +--- +- hosts: localhost + gather_facts: no + vars: + tenant_json: "vars/dns.json" + tenant_cf: "{{ lookup('file', tenant_json) | from_json }}" + # DNS + zone_description: "{{ tenant_cf['dnszones'][zone_name]['zone_description'] | default(tenant_cf['default']['zone_description']) }}" + zone_type: "{{ tenant_cf['dnszones'][zone_name]['zone_type'] | default(tenant_cf['default']['zone_type']) }}" + zone_email: "{{ tenant_cf['dnszones'][zone_name]['zone_email'] | default(tenant_cf['default']['zone_email']) }}" + zone_ttl: "{{ tenant_cf['dnszones'][zone_name]['zone_ttl'] | default(tenant_cf['default']['zone_ttl']) }}" + zone_records: "{{ tenant_cf['dnszonerecords'][zone_name] }}" + + roles: + - role: "otc_auth" + - role: "otc_dns" + localaction: "create" + # create internal DNS zone + # - role: "otc_vpc" + # localaction: "router" + # - role: "otc_dns" + # localaction: "create" diff --git a/playbooks/dns_yml.yml b/playbooks/dns_yml.yml new file mode 100644 index 0000000..fb4a5db --- /dev/null +++ b/playbooks/dns_yml.yml @@ -0,0 +1,22 @@ +--- +- hosts: localhost + gather_facts: no + vars_files: + - "vars/dns.yml" + vars: + # DNS + zone_description: "{{ dnszones[zone_name].zone_description | default(default.zone_description) }}" + zone_type: "{{ dnszones[zone_name].zone_type | default(default.zone_type) }}" + zone_email: "{{ dnszones[zone_name].zone_email | default(default.zone_email) }}" + zone_ttl: "{{ dnszones[zone_name].zone_ttl | default(default.zone_ttl) }}" + zone_records: "{{ dnszonerecords[zone_name] }}" + + roles: + - role: "otc_auth" + - role: "otc_dns" + localaction: "create" + # create internal DNS zone + # - role: "otc_vpc" + # localaction: "router" + # - role: "otc_dns" + # localaction: "create" diff --git a/playbooks/grole b/playbooks/grole new file mode 100755 index 0000000..d3d7e28 --- /dev/null +++ b/playbooks/grole @@ -0,0 +1,16 @@ +#!/bin/sh +# script to generate ansible playbook + +cat > roles.yml << EOF +--- +- hosts: localhost + gather_facts: no + + roles: + - role: "otc_auth" +EOF + +for var in "$@" +do + echo " - role: \"$var\"" >> roles.yml +done diff --git a/job.yml b/playbooks/job.yml similarity index 53% rename from job.yml rename to playbooks/job.yml index 43c3af0..375a439 100644 --- a/job.yml +++ b/playbooks/job.yml @@ -2,5 +2,5 @@ - hosts: localhost gather_facts: no roles: - - role: token - - role: job + - role: "otc_auth" + - role: "otc_job" diff --git a/os-client-config.yml b/playbooks/os-client-config.yml similarity index 100% rename from os-client-config.yml rename to playbooks/os-client-config.yml diff --git a/dns_transfer.yml b/playbooks/rds.yml similarity index 53% rename from dns_transfer.yml rename to playbooks/rds.yml index 21a97ac..1250ccc 100644 --- a/dns_transfer.yml +++ b/playbooks/rds.yml @@ -1,7 +1,7 @@ --- - hosts: localhost gather_facts: no - connection: local roles: - - role: dns_transfer + - role: "otc_auth" + - role: "otc_rds" diff --git a/s3.yml b/playbooks/s3.yml similarity index 69% rename from s3.yml rename to playbooks/s3.yml index fbc63af..6c7c963 100644 --- a/s3.yml +++ b/playbooks/s3.yml @@ -2,4 +2,4 @@ - hosts: localhost gather_facts: no roles: - - role: s3 + - role: "otc_obs" diff --git a/playbooks/tenant_ini.yml b/playbooks/tenant_ini.yml new file mode 100644 index 0000000..266b6c8 --- /dev/null +++ b/playbooks/tenant_ini.yml @@ -0,0 +1,89 @@ +--- +- hosts: localhost + gather_facts: no + vars: + tenant_ini: "vars/tenant.ini" + # ECS vars + availability_zone: "{{ lookup('ini', 'availability_zone section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'availability_zone section=DEFAULT file={{ tenant_ini }}') )}}" + ecs_adminkey: "{{ lookup('ini', 'ecs_adminkey section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'ecs_adminkey section=DEFAULT file={{ tenant_ini }}') ) }}" + ecs_volumesize: "{{ lookup('ini', 'ecs_volumesize section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'ecs_volumesize section=DEFAULT file={{ tenant_ini }}') ) }}" + ecs_volumetype: "{{ lookup('ini', 'ecs_volumetype section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'ecs_volumetype section=DEFAULT file={{ tenant_ini }}') ) }}" + ecs_ram: "{{ lookup('ini', 'ecs_ram section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'ecs_ram section=DEFAULT file={{ tenant_ini }}') ) }}" + ecs_vcpus: "{{ lookup('ini', 'ecs_vcpus section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'ecs_vcpus section=DEFAULT file={{ tenant_ini }}') ) }}" + ecs_ipaddress: "{{ lookup('ini', 'ecs_ipaddress section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'ecs_ipaddress section=DEFAULT file={{ tenant_ini }}') ) }}" + public_ip_address: "{{ lookup('ini', 'ecs_publicip section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'ecs_publicip section=DEFAULT file={{ tenant_ini }}') ) }}" + ptr_name: "{{ lookup('ini', 'ecs_publicfqdn section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'ecs_publicfqdn section=DEFAULT file={{ tenant_ini }}') ) }}" + ttl: "{{ lookup('ini', 'ecs_publicttl section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'ecs_publicttl section=DEFAULT file={{ tenant_ini }}') ) }}" + eip_bandwidth_name: "{{ lookup('ini', 'eip_bandwidth_name section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'eip_bandwidth_name section=DEFAULT file={{ tenant_ini }}') ) }}" + eip_bandwidth_size: "{{ lookup('ini', 'eip_bandwidth_size section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'eip_bandwidth_size section=DEFAULT file={{ tenant_ini }}') ) }}" + image_name: "{{ lookup('ini', 'image_name section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'image_name section=DEFAULT file={{ tenant_ini }}') ) }}" + keypair_file: "{{ lookup('ini', 'keypair_file section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'keypair_file section=DEFAULT file={{ tenant_ini }}') ) }}" + secgroups: "{{ lookup('ini', 'secgroups section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'secgroups section=DEFAULT file={{ tenant_ini }}') ) }}" + secgrouprules: "{{ lookup('ini','{{ secgroup_name }} section=securitygroups file={{ tenant_ini }}') }}" + subnet_name: "{{ lookup('ini', 'subnet_name section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'subnet_name section=DEFAULT file={{ tenant_ini }}') ) }}" + subnet_net: "{{ lookup('ini', 'subnet_net section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'subnet_net section=DEFAULT file={{ tenant_ini }}') ) }}" + subnet_gateway: "{{ lookup('ini', 'subnet_gateway section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'subnet_gateway section=DEFAULT file={{ tenant_ini }}') ) }}" + subnet_dhcp_enable: "{{ lookup('ini', 'subnet_dhcp_enable section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'subnet_dhcp_enable section=DEFAULT file={{ tenant_ini }}') ) }}" + subnet_primary_dns: "{{ lookup('ini', 'subnet_primary_dns section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'subnet_primary_dns section=DEFAULT file={{ tenant_ini }}') ) }}" + subnet_secondary_dns: "{{ lookup('ini', 'subnet_secondary_dns section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'subnet_secondary_dns section=DEFAULT file={{ tenant_ini }}') ) }}" + vpc_name: "{{ lookup('ini', 'vpc_name section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'vpc_name section=DEFAULT file={{ tenant_ini }}') ) }}" + vpc_net: "{{ lookup('ini', 'vpc_net section={{ ecs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'vpc_net section=DEFAULT file={{ tenant_ini }}') ) }}" + # EVS vars + evs_availability_zone: "{{ lookup('ini', 'evs_availability_zone section={{ evs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'evs_availability_zone section=DEFAULT file={{ tenant_ini }}') ) }}" + evs_volume_type: "{{ lookup('ini', 'evs_volume_type section={{ evs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'evs_volume_type section=DEFAULT file={{ tenant_ini }}') ) }}" + evs_size: "{{ lookup('ini', 'evs_size section={{ evs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'evs_size section=DEFAULT file={{ tenant_ini }}') ) }}" + evs_multiattach: "{{ lookup('ini', 'evs_multiattach section={{ evs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'evs_multiattach section=DEFAULT file={{ tenant_ini }}') ) }}" + evs_scsi: "{{ lookup('ini', 'evs_scsi section={{ evs_name }} file={{ tenant_ini }}') | default(lookup('ini', 'evs_scsi section=DEFAULT file={{ tenant_ini }}') ) }}" + # ELB vars + admin_state_up: "{{ lookup('ini', 'admin_state_up section={{ elb_name }} file={{ tenant_ini }}') | default(lookup('ini', 'admin_state_up section=DEFAULT file={{ tenant_ini }}') ) }}" + elb_availability_zone: "{{ lookup('ini', 'elb_availability_zone section={{ elb_name }} file={{ tenant_ini }}') | default(lookup('ini', 'elb_availability_zone section=DEFAULT file={{ tenant_ini }}') ) }}" + elb_bandwidth: "{{ lookup('ini', 'elb_bandwidth section={{ elb_name }} file={{ tenant_ini }}') | default(lookup('ini', 'elb_bandwidth section=DEFAULT file={{ tenant_ini }}') ) }}" + elb_type: "{{ lookup('ini', 'elb_type section={{ elb_name }} file={{ tenant_ini }}') | default(lookup('ini', 'elb_type section=DEFAULT file={{ tenant_ini }}') ) }}" + elb_secgroup_name: "{{ lookup('ini', 'elb_secgroup_name section={{ elb_name }} file={{ tenant_ini }}') | default(lookup('ini', 'elb_secgroup_name section=DEFAULT file={{ tenant_ini }}') ) }}" + elb_subnet_name: "{{ lookup('ini', 'elb_subnet_name section={{ elb_name }} file={{ tenant_ini }}') | default(lookup('ini', 'elb_subnet_name section=DEFAULT file={{ tenant_ini }}') ) }}" + elb_vpc_name: "{{ lookup('ini', 'elb_vpc_name section={{ elb_name }} file={{ tenant_ini }}') | default(lookup('ini', 'elb_vpc_name section=DEFAULT file={{ tenant_ini }}') ) }}" + # ELB listener vars + listener_protocol: "{{ lookup('ini', 'listener_protocol section={{ listener_name }} file={{ tenant_ini }}') | default(lookup('ini', 'listener_protocol section=DEFAULT file={{ tenant_ini }}') ) }}" + listener_port: "{{ lookup('ini', 'listener_port section={{ listener_name }} file={{ tenant_ini }}') | default(lookup('ini', 'listener_port section=DEFAULT file={{ tenant_ini }}') ) }}" + listener_backend_protocol: "{{ lookup('ini', 'listener_backend_protocol section={{ listener_name }} file={{ tenant_ini }}') | default(lookup('ini', 'listener_backend_protocol section=DEFAULT file={{ tenant_ini }}') ) }}" + listener_backend_port: "{{ lookup('ini', 'listener_backend_port section={{ listener_name }} file={{ tenant_ini }}') | default(lookup('ini', 'listener_backend_port section=DEFAULT file={{ tenant_ini }}') ) }}" + listener_lb_algorithm: "{{ lookup('ini', 'listener_lb_algorithm section={{ listener_name }} file={{ tenant_ini }}') | default(lookup('ini', 'listener_lb_algorithm section=DEFAULT file={{ tenant_ini }}') ) }}" + listener_certificate_name: "{{ lookup('ini', 'listener_certificate_name section={{ listener_name }} file={{ tenant_ini }}') | default('') ) }}" + listener_tcp_timeout: "{{ lookup('ini', 'listener_tcp_timeout section={{ listener_name }} file={{ tenant_ini }}') | default('') }}" + listener_cookie_timeout: "{{ lookup('ini', 'listener_cookie_timeout section={{ listener_name }} file={{ tenant_ini }}') | default('') }}" + listener_sticky_session_type: "{{ lookup('ini', 'listener_sticky_session_type section={{ listener_name }} file={{ tenant_ini }}') | default('') }}" + listener_session_sticky: "{{ lookup('ini', 'listener_session_sticky section={{ listener_name }} file={{ tenant_ini }}') | default('') }}" + # ELB healthcheck vars + healthcheck_connect_port: "{{ lookup('ini', 'healthcheck_connect_port section={{ listener_name }} file={{ tenant_ini }}') | default(lookup('ini', 'healthcheck_connect_port section=DEFAULT file={{ tenant_ini }}') ) }}" + healthcheck_interval: "{{ lookup('ini', 'healthcheck_interval section={{ listener_name }} file={{ tenant_ini }}') | default(lookup('ini', 'healthcheck_interval section=DEFAULT file={{ tenant_ini }}') ) }}" + healthcheck_protocol: "{{ lookup('ini', 'healthcheck_protocol section={{ listener_name }} file={{ tenant_ini }}') | default(lookup('ini', 'healthcheck_protocol section=DEFAULT file={{ tenant_ini }}') ) }}" + healthcheck_timeout: "{{ lookup('ini', 'healthcheck_timeout section={{ listener_name }} file={{ tenant_ini }}') | default(0) }}" + healthcheck_uri: "{{ lookup('ini', 'healthcheck_uri section={{ listener_name }} file={{ tenant_ini }}') | default('') }}" + unhealthy_threshold: "{{ lookup('ini', 'unhealthy_threshold section={{ listener_name }} file={{ tenant_ini }}') | default(0) }}" + # ELB backend member vars + backend_members: "{{ lookup('ini', 'backend_members section={{ listener_name }} file={{ tenant_ini }}') | default('') }}" + # DNS + zone_description: "{{ lookup('ini','zone_description section={{ zone_name }} file={{ tenant_ini }}') | default(lookup('ini', 'zone_ttl section=DEFAULT file={{ tenant_ini }}') ) }}" + zone_type: "{{ lookup('ini','zone_type section={{ zone_name }} file={{ tenant_ini }}') | default(lookup('ini', 'zone_type section=DEFAULT file={{ tenant_ini }}') ) }}" + zone_email: "{{ lookup('ini','zone_email section={{ zone_name }} file={{ tenant_ini }}') | default(lookup('ini', 'zone_email section=DEFAULT file={{ tenant_ini }}') ) }}" + zone_ttl: "{{ lookup('ini','zone_ttl section={{ zone_name }} file={{ tenant_ini }}') | default(lookup('ini', 'zone_ttl section=DEFAULT file={{ tenant_ini }}') ) }}" + zone_records: "{{ lookup('ini','{{ zone_name }} section=dnszonerecords file={{ tenant_ini }}') }}" + # playbook action + localaction: "create" + + roles: + # create VM + - role: "otc_auth" + - role: "otc_vpc" + - role: "otc_subnet" + - role: "otc_secgroup" + - role: "otc_keypair" + - role: "otc_eip" + - role: "otc_ecs" + - role: "otc_dns" + localaction: "ptrcreate" + # create internal DNS zone + - role: "otc_vpc" + localaction: "router" + - role: "otc_dns" + localaction: "create" diff --git a/playbooks/tenant_json.yml b/playbooks/tenant_json.yml new file mode 100644 index 0000000..6bb0cee --- /dev/null +++ b/playbooks/tenant_json.yml @@ -0,0 +1,88 @@ +--- +- hosts: localhost + gather_facts: no + vars: + # VPC,Subnet,Secgroup,ECS,EIP + tenant_json: "vars/tenant.json" + tenant_cf: "{{ lookup('file', tenant_json) | from_json }}" + image_name: "{{ tenant_cf['vms'][ecs_name]['image_name'] | default(tenant_cf['default']['image_name']) }}" + availability_zone: "{{ tenant_cf['vms'][ecs_name]['availability_zone'] | default(tenant_cf['default']['availability_zone']) }}" + vpc_name: "{{ tenant_cf['vms'][ecs_name]['vpc_name'] | default(tenant_cf['default']['vpc_name']) }}" + vpc_net: "{{ tenant_cf['vms'][ecs_name]['vpc_net'] | default(tenant_cf['default']['vpc_net']) }}" + subnet_name: "{{ tenant_cf['vms'][ecs_name]['subnet_name'] | default(tenant_cf['default']['subnet_name']) }}" + subnet_net: "{{ tenant_cf['vms'][ecs_name]['subnet_net'] | default(tenant_cf['default']['subnet_net']) }}" + subnet_gateway: "{{ tenant_cf['vms'][ecs_name]['subnet_gateway'] | default(tenant_cf['default']['subnet_gateway']) }}" + subnet_dhcp_enable: "{{ tenant_cf['vms'][ecs_name]['subnet_dhcp_enable'] | default(tenant_cf['default']['subnet_dhcp_enable']) }}" + subnet_primary_dns: "{{ tenant_cf['vms'][ecs_name]['subnet_primary_dns'] | default(tenant_cf['default']['subnet_primary_dns']) }}" + subnet_secondary_dns: "{{ tenant_cf['vms'][ecs_name]['subnet_secondary_dns'] | default(tenant_cf['default']['subnet_secondary_dns']) }}" + secgroups: "{{ tenant_cf['vms'][ecs_name]['secgroups'] | default(tenant_cf['default']['secgroups']) }}" + secgrouprules: "{{ tenant_cf['securitygroups'][secgroup_name] }}" + ecs_ipaddress: "{{ tenant_cf['vms'][ecs_name]['ecs_ipaddress'] | default(tenant_cf['default']['ecs_ipaddress']) }}" + public_ip_address: "{{ tenant_cf['vms'][ecs_name]['ecs_publicip'] }}" + ptr_name: "{{ tenant_cf['vms'][ecs_name]['ecs_publicfqdn'] }}" + eip_bandwidth_name: "{{ tenant_cf['vms'][ecs_name]['eip_bandwidth_name'] | default(tenant_cf['default']['eip_bandwidth_name']) }}" + eip_bandwidth_size: "{{ tenant_cf['vms'][ecs_name]['eip_bandwidth_size'] | default(tenant_cf['default']['eip_bandwidth_size']) }}" + ecs_volumetype: "{{ tenant_cf['vms'][ecs_name]['ecs_volumetype'] | default(tenant_cf['default']['ecs_volumetype']) }}" + ecs_ram: "{{ tenant_cf['vms'][ecs_name]['ecs_ram'] | default(tenant_cf['default']['ecs_ram']) }}" + ecs_vcpus: "{{ tenant_cf['vms'][ecs_name]['ecs_vcpus'] | default(tenant_cf['default']['ecs_vcpus']) }}" + ecs_adminkey: "{{ tenant_cf['vms'][ecs_name]['ecs_adminkey'] | default(tenant_cf['default']['ecs_adminkey']) }}" + keypair_file: "{{ tenant_cf['vms'][ecs_name]['keypair_file'] | default(tenant_cf['default']['keypair_file']) }}" + # EVS + evs_availability_zone: "{{ tenant_cf['volumes'][evs_name]['evs_availability_zone'] | default(tenant_cf['default']['evs_availability_zone']) }}" + evs_volume_type: "{{ tenant_cf['volumes'][evs_name]['evs_volume_type'] | default(tenant_cf['default']['evs_volume_type']) }}" + evs_size: "{{ tenant_cf['volumes'][evs_name]['evs_size'] | default(tenant_cf['default']['evs_size']) }}" + evs_multiattach: "{{ tenant_cf['volumes'][evs_name]['evs_multiattach'] | default(tenant_cf['default']['evs_multiattach']) }}" + evs_scsi: "{{ tenant_cf['volumes'][evs_name]['evs_scsi'] | default(tenant_cf['default']['evs_scsi']) }}" + # ELB vars + admin_state_up: "{{ tenant_cf['elb'][elb_name]['admin_state_up'] | default(tenant_cf['default']['admin_state_up']) }}" + elb_availability_zone: "{{ tenant_cf['elb'][elb_name]['elb_availability_zone'] | default(tenant_cf['default']['elb_availability_zone']) }}" + elb_bandwidth: "{{ tenant_cf['elb'][elb_name]['elb_bandwidth'] | default(tenant_cf['default']['elb_bandwith']) }}" + elb_type: "{{ tenant_cf['elb'][elb_name]['elb_type'] | default(tenant_cf['default']['elb_type']) }}" + elb_secgroup_name: "{{ tenant_cf['elb'][elb_name]['elb_secgroup_name'] | default(tenant_cf['default']['elb_secgroup_name']) }}" + elb_subnet_name: "{{ tenant_cf['elb'][elb_name]['elb_subnet_name'] | default(tenant_cf['default']['elb_subnet_name']) }}" + elb_vpc_name: "{{ tenant_cf['elb'][elb_name]['elb_vpc_name'] | default(tenant_cf['default']['elb_vpc_name']) }}" + # ELB listener vars + listener_protocol: "{{ tenant_cf['elblistener'][listener_name]['listener_protocol'] | default(tenant_cf['default']['listener_protocol']) }}" + listener_port: "{{ tenant_cf['elblistener']listener_name]['listener_port'] | default(tenant_cf['default']['listener_port']) }}" + listener_backend_protocol: "{{ tenant_cf['elblistener'][listener_name]['listener_backend_protocol'] | default(tenant_cf['default']['listener_backend_protocol']) }}" + listener_backend_port: "{{ tenant_cf['elblistener'][listener_name]['listener_backend_port'] | default(tenant_cf['default']['listener_backend_port']) }}" + listener_lb_algorithm: "{{ tenant_cf['elblistener'][listener_name]['listener_lb_algorithm'] | default(tenant_cf['default']['listener_lb_algorithm']) }}" + listener_certificate_name: "{{ tenant_cf['elblistener'][listener_name]['listener_certificate_name'] | default('') }}" + listener_tcp_timeout: "{{ tenant_cf['elblistener'][listener_name]['listener_tcp_timeout'] | default('') }}" + listener_cookie_timeout: "{{ tenant_cf['elblistener'][listener_name]['listener_cookie_timeout'] | default('') }}" + listener_sticky_session_type: "{{ tenant_cf['elblistener'][listener_name]['listener_sticky_session_type'] | default('') }}" + listener_session_sticky: "{{ tenant_cf['elblistener'][listener_name]['listener_session_sticky'] | default('') }}" + # ELB healthcheck vars + healthcheck_connect_port: "{{ tenant_cf['elblistener'][listener_name]['healthcheck_connect_port'] | default(tenant_cf['default']['healthcheck_connect_port']) }}" + healthcheck_interval: "{{ tenant_cf['elblistener'][listener_name]['healthcheck_interval'] | default(0) }}" + healthcheck_protocol: "{{ tenant_cf['elblistener'][listener_name]['healthcheck_protocol'] | default('') }}" + healthcheck_timeout: "{{ tenant_cf['elblistener'][listener_name]['healthcheck_timeout'] | default(0) }}" + healthcheck_uri: "{{ tenant_cf['elblistener'][listener_name]['healthcheck_uri'] | default('') }}" + unhealthy_threshold: "{{ tenant_cf['elblistener'][listener_name]['unhealthy_threshold'] | default(0) }}" + # ELB backend member vars + backend_members: "{{ tenant_cf['elblistener'][listener_name]['backend_members'] | default('') }}" + # DNS + zone_description: "{{ tenant_cf['dnszones'][zone_name]['zone_description'] | default(tenant_cf['default']['zone_description']) }}" + zone_type: "{{ tenant_cf['dnszones'][zone_name]['zone_type'] | default(tenant_cf['default']['zone_type']) }}" + zone_email: "{{ tenant_cf['dnszones'][zone_name]['zone_email'] | default(tenant_cf['default']['zone_email']) }}" + zone_ttl: "{{ tenant_cf['dnszones'][zone_name]['zone_ttl'] | default(tenant_cf['default']['zone_ttl']) }}" + zone_records: "{{ tenant_cf['dnszonerecords'][zone_name] }}" + # playbook action + localaction: "create" + + roles: + # create VM + - role: "otc_auth" + - role: "otc_vpc" + - role: "otc_subnet" + - role: "otc_secgroup" + - role: "otc_keypair" + - role: "otc_eip" + - role: "otc_ecs" + - role: "otc_dns" + localaction: "ptrcreate" + # create internal DNS zone + - role: "otc_vpc" + localaction: "router" + - role: "otc_dns" + localaction: "create" diff --git a/playbooks/tenant_yml.yml b/playbooks/tenant_yml.yml new file mode 100644 index 0000000..1b17e15 --- /dev/null +++ b/playbooks/tenant_yml.yml @@ -0,0 +1,88 @@ +--- +- hosts: localhost + gather_facts: no + vars_files: + - "vars/tenant.yml" + vars: + # VPC,Subnet,Secgroup,ECS,EIP + image_name: "{{ vms[ecs_name].image_name | default(default.image_name) }}" + availability_zone: "{{ vms[ecs_name].availability_zone | default(default.availability_zone) }}" + vpc_name: "{{ vms[ecs_name].vpc_name | default(default.vpc_name) }}" + vpc_net: "{{ vms[ecs_name].vpc_net | default(default.vpc_net) }}" + subnet_name: "{{ vms[ecs_name].subnet_name | default(default.subnet_name) }}" + subnet_net: "{{ vms[ecs_name].subnet_net | default(default.subnet_net) }}" + subnet_gateway: "{{ vms[ecs_name].subnet_gateway | default(default.subnet_gateway) }}" + subnet_dhcp_enable: "{{ vms[ecs_name].subnet_dhcp_enable | default(default.subnet_dhcp_enable) }}" + subnet_primary_dns: "{{ vms[ecs_name].subnet_primary_dns | default(default.subnet_primary_dns) }}" + subnet_secondary_dns: "{{ vms[ecs_name].subnet_secondary_dns | default(default.subnet_secondary_dns) }}" + secgroups: "{{ vms[ecs_name].secgroups | default(default.secgroups) }}" + secgrouprules: "{{ securitygroups[secgroup_name] }}" + ecs_ipaddress: "{{ vms[ecs_name].ecs_ipaddress | default(default.ecs_ipaddress) }}" + public_ip_address: "{{ vms[ecs_name].ecs_publicip }}" + ptr_name: "{{ vms[ecs_name].ecs_publicfqdn }}" + eip_bandwidth_name: "{{ vms[ecs_name].eip_bandwidth_name | default(default.eip_bandwidth_name) }}" + eip_bandwidth_size: "{{ vms[ecs_name].eip_bandwidth_size | default(default.eip_bandwidth_size) }}" + ecs_volumetype: "{{ vms[ecs_name].ecs_volumetype | default(default.ecs_volumetype) }}" + ecs_ram: "{{ vms[ecs_name].ecs_ram | default(default.ecs_ram) }}" + ecs_vcpus: "{{ vms[ecs_name].ecs_vcpus | default(default.ecs_vcpus) }}" + ecs_adminkey: "{{ vms[ecs_name].ecs_adminkey | default(default.ecs_adminkey) }}" + keypair_file: "{{ vms[ecs_name].keypair_file | default(default.keypair_file) }}" + # EVS + evs_availability_zone: "{{ volumes[evs_name].evs_availability_zone | default(default.evs_availability_zone) }}" + evs_volume_type: "{{ volumes[evs_name].evs_volume_type | default(default.evs_volume_type) }}" + evs_size: "{{ volumes[evs_name].evs_size | default(default.evs_size) }}" + evs_multiattach: "{{ volumes[evs_name].evs_multiattach | default(default.evs_multiattach) }}" + evs_scsi: "{{ volumes[evs_name].evs_scsi | default(default.evs_scsi) }}" + # ELB vars + admin_state_up: "{{ elb[elb_name].admin_state_up | default(default.admin_state_up) }}" + elb_availability_zone: "{{ elb[elb_name].elb_availability_zone | default(default.elb_availability_zone) }}" + elb_bandwidth: "{{ elb[elb_name].elb_bandwidth | default(default.elb_bandwith) }}" + elb_type: "{{ elb[elb_name].elb_type | default(default.elb_type) }}" + elb_secgroup_name: "{{ elb[elb_name].elb_secgroup_name | default(default.elb_secgroup_name) }}" + elb_subnet_name: "{{ elb[elb_name].elb_subnet_name | default(default.elb_subnet_name) }}" + elb_vpc_name: "{{ elb[elb_name].elb_vpc_name | default(default.elb_vpc_name) }}" + # ELB listener vars + listener_protocol: "{{ elblistener[listener_name].listener_protocol | default(default.listener_protocol) }}" + listener_port: "{{ elblistener[listener_name].listener_port | default(default.listener_port) }}" + listener_backend_protocol: "{{ elblistener[listener_name].listener_backend_protocol | default(default.listener_backend_protocol) }}" + listener_backend_port: "{{ elblistener[listener_name].listener_backend_port | default(default.listener_backend_port) }}" + listener_lb_algorithm: "{{ elblistener[listener_name].listener_lb_algorithm | default(default.listener_lb_algorithm) }}" + listener_certificate_name: "{{ elblistener[listener_name].listener_certificate_name | default('') }}" + listener_tcp_timeout: "{{ elblistener[listener_name].listener_tcp_timeout | default('') }}" + listener_cookie_timeout: "{{ elblistener[listener_name].listener_cookie_timeout | default('') }}" + listener_sticky_session_type: "{{ elblistener[listener_name].listener_sticky_session_type | default('') }}" + listener_session_sticky: "{{ elblistener[listener_name].listener_session_sticky | default('') }}" + # ELB healthcheck vars + healthcheck_connect_port: "{{ elblistener[listener_name].healthcheck_connect_port | default(default.healthcheck_connect_port) }}" + healthcheck_interval: "{{ elblistener[listener_name].healthcheck_interval | default(0) }}" + healthcheck_protocol: "{{ elblistener[listener_name].healthcheck_protocol | default('') }}" + healthcheck_timeout: "{{ elblistener[listener_name].healthcheck_timeout | default(0) }}" + healthcheck_uri: "{{ elblistener[listener_name].healthcheck_uri | default('') }}" + unhealthy_threshold: "{{ elblistener[listener_name].unhealthy_threshold | default(0) }}" + # ELB backend member vars + backend_members: "{{ elblistener[listener_name].backend_members | default('') }}" + # DNS vars + zone_description: "{{ dnszones[zone_name].zone_description | default(default.zone_description) }}" + zone_type: "{{ dnszones[zone_name].zone_type | default(default.zone_type) }}" + zone_email: "{{ dnszones[zone_name].zone_email | default(default.zone_email) }}" + zone_ttl: "{{ dnszones[zone_name].zone_ttl | default(default.zone_ttl) }}" + zone_records: "{{ dnszonerecords[zone_name] }}" + # playbook action + localaction: "create" + + roles: + # create VM + - role: "otc_auth" + - role: "otc_vpc" + - role: "otc_subnet" + - role: "otc_secgroup" + - role: "otc_keypair" + - role: "otc_eip" + - role: "otc_ecs" + - role: "otc_dns" + localaction: "ptrcreate" + # create internal DNS zone + - role: "otc_vpc" + localaction: "router" + - role: "otc_dns" + localaction: "create" diff --git a/playbooks/vars/buildservice_var.yml b/playbooks/vars/buildservice_var.yml new file mode 100644 index 0000000..f671366 --- /dev/null +++ b/playbooks/vars/buildservice_var.yml @@ -0,0 +1,29 @@ +--- +ecs_name: "buildserver" +# distro: "xenial" +bucket: "buildservice99" +availability_zone: "eu-de-01" +vpc_name: "buildserver-vpc01" +vpc_net: "192.168.0.0/16" +subnet_name: "buildserver-subnet01" +subnet_net: "192.168.0.0/24" +subnet_gateway: "192.168.0.1" +subnet_dhcp_enable: true +subnet_primary_dns: 8.8.8.8 +subnet_secondary_dns: 8.4.4.8 +secgroups: + - "buildserver-secgroup01" +securitygroups: + buildserver-secgroup01: + - "ingress;IPv4;tcp;22;22;0.0.0.0/0" + - "ingress;IPv4;icmp;;;0.0.0.0/0" + - "egress;IPv4;tcp;80;80;0.0.0.0/0" +ecs_volumetype: "SSD" +ecs_ram: "2048" +ecs_vcpus: "2" +ecs_adminkey: "buildserver-key" +keypair_file: "~/.ssh/id_rsa.pub" +ecs_ipaddress: "192.168.0.100" +public_ip_address: "80.158.16.33" +eip_bandwidth_name: "buildserver-eip01" +eip_bandwidth_size: "500" diff --git a/playbooks/vars/dns.ini b/playbooks/vars/dns.ini new file mode 100644 index 0000000..29090c7 --- /dev/null +++ b/playbooks/vars/dns.ini @@ -0,0 +1,14 @@ +[ansible.internal.corp] +zone_description=Core Zone internal services +zone_type=private +zone_email=nobody@example.com +zone_ttl=86400 +[ansible.otc.telekomcloud99.com] +zone_description=Core Zone public OTC services +zone_type=public +zone_email=nobody@example.com +zone_ttl=3600 +[dnszonerecords] +ansible.internal.corp=[ "ansible-test01.ansible.internal.corp;description;A;300;192.168.0.101", + "ansible-test02.ansible.internal.corp;description;A;300;192.168.0.102" ] +ansible.otc.telekomcloud99.com=[ "ansible-test01.ansible.otc.telekomcloud99.com;;A;300;80.158.23.253" ] diff --git a/playbooks/vars/dns.json b/playbooks/vars/dns.json new file mode 100644 index 0000000..aaf86ca --- /dev/null +++ b/playbooks/vars/dns.json @@ -0,0 +1,22 @@ +{ + "default": { + "vpc_name" : "ansible-vpc01", + "zone_email": "nobody@example.com", + "zone_ttl": "86400" + }, + "dnszones": { + "ansible.internal.corp": { + "zone_description": "Core Zone internal services", + "zone_type": "private" + }, + "ansible.otc.telekomcloud99.com": { + "zone_description": "Core Zone public OTC services", + "zone_type": "public" + } + }, + "dnszonerecords" : { + "ansible.internal.corp": [ "ansible-test01.ansible.internal.corp;description;A;300;192.168.0.101", + "ansible-test02.ansible.internal.corp;description;A;300;192.168.0.102" ], + "ansible.otc.telekomcloud99.com": [ "ansible-test01.example.com;;A;300;80.158.23.253" ] + } +} diff --git a/playbooks/vars/dns.yml b/playbooks/vars/dns.yml new file mode 100644 index 0000000..1ccd22e --- /dev/null +++ b/playbooks/vars/dns.yml @@ -0,0 +1,18 @@ +--- +dnszones: + ansible.internal.corp: + zone_description: "Core Zone internal services" + zone_type: "private" + zone_email: "nobody@example.com" + zone_ttl: 86400 + ansible.otc.telekomcloud99.com: + zone_description: "Core Zone public OTC services" + zone_type: "public" + zone_email: "nobody@example.com" + zone_ttl: 3600 +dnszonerecords: + ansible.internal.corp: + - "ansible-test01.ansible.internal.corp;description;A;300;192.168.0.101" + - "ansible-test02.ansible.internal.corp;description;A;300;192.168.0.102" + ansible.otc.telekomcloud99.com: + - "ansible-test01.ansible.otc.telekomcloud99.com;;A;300;160.44.0.101" diff --git a/env.yml b/playbooks/vars/env.yml similarity index 100% rename from env.yml rename to playbooks/vars/env.yml diff --git a/secrets.yml b/playbooks/vars/secrets.yml similarity index 100% rename from secrets.yml rename to playbooks/vars/secrets.yml diff --git a/playbooks/vars/tenant.ini b/playbooks/vars/tenant.ini new file mode 100644 index 0000000..85a8cb2 --- /dev/null +++ b/playbooks/vars/tenant.ini @@ -0,0 +1,98 @@ +[DEFAULT] +image_name=Community_Ubuntu_16.04_TSI_latest +availability_zone=eu-de-01 +evs_availability_zone=eu-de-01 +vpc_name=ansible-vpc01 +vpc_net=192.168.0.0/16 +subnet_name=ansible-subnet01 +subnet_net=192.168.0.0/24 +subnet_gateway=192.168.0.1 +subnet_dhcp_enable=true +subnet_primary_dns=8.8.8.8 +subnet_secondary_dns=8.4.4.8 +secgroups=ansible-secgroup01 +ecs_volumetype=SATA +ecs_ram=2048 +ecs_vcpus=2 +ecs_adminkey=ansible-key +keypair_file=~/.ssh/id_rsa.pub +zone_description=Core Zone internal services +zone_type=private +zone_email=nobody@example.com +zone_ttl=86400 +[ansible-test01] +image_name=Community_Ubuntu_16.04_TSI_latest +vpc_name=ansible-vpc01 +availability_zone=eu-de-01 +subnet_name=ansible-subnet02 +secgroups=["ansible-test01","default-ansible"] +ecs_ipaddress=192.168.0.101 +ecs_publicip=80.158.23.253 +ecs_publicfqdn=ansible-test01.ansible.otc.telekomcloud99.com +ecs_publicttl=300 +eip_bandwidth_name=ansible-eip01 +eip_bandwidth_size=500 +[ansible-test02] +image_name=Community_Ubuntu_14.04_TSI_latest +vpc_name=ansible-vpc01 +availability_zone=eu-de-01 +ecs_volumetype=SATA +ecs_ram=2048 +ecs_vcpus=4 +ecs_ipaddress=192.168.0.102 +[ansible-test03] +ecs_volumetype=SSD +ecs_ipaddress=192.168.0.103 +[securitygroups] +default-ansible=["ingress;IPv4;tcp;22;22;0.0.0.0/0", "ingress;IPv4;tcp;80;80;0.0.0.0/0"] +ansible-test01=["ingress;IPv4;tcp;22022;22022;0.0.0.0/0"] +[ansible-evs01] +evs_volume_type=SATA +evs_size=20 +# evs_multiattach=true +# evs_scsi=true +[ansible-elb01] +elb_type=External +elb_bandwidth=100 +admin_state_up=true +elb_availability_zone=eu_de-01 +elb_secgroup_name=ansible-secgroup02 +secgroup_rule1=ingress;IPv4;tcp;22;22;0.0.0.0/0 +secgroup_rule1=ingress;IPv4;tcp;80;80;0.0.0.0/0 +elb_subnet_name=ansible-subnet01 +elb_vpc_name=ansible-vpc01 +[ansible-listener01] +# HTTP, HTTPS, TCP +listener_protocol=TCP +listener_port=22 +listener_backend_protocol=TCP +listener_backend_port=22 +# source, roundrobin, leastconn +listener_lb_algorithm=source +#listener_certificate_name=ansible-cert +#listener_tcp_timeout= +#listener_cookie_timeout= +#listener_sticky_session_type=insert +#listener_session_sticky= +healthcheck_connect_port=22 +healthcheck_interval=5 +# HTTP, TCP +healthcheck_protocol=TCP +healthcheck_timeout=10 +#healthcheck_uri="/" +unhealthy_threshold=3 +backend_members=ansible-test01,ansible-test02 +[ansible.internal.corp] +zone_description=Core Zone internal services +zone_type=private +zone_email=nobody@example.com +zone_ttl=86400 +[ansible.otc.telekomcloud99.com] +zone_description=Core Zone public OTC services +zone_type=public +zone_email=nobody@example.com +zone_ttl=3600 +[dnszonerecords] +ansible.internal.corp=[ "ansible-test01.ansible.internal.corp;description;A;300;192.168.0.101", + "ansible-test02.ansible.internal.corp;description;A;300;192.168.0.102" ] +ansible.otc.telekomcloud99.com=[ "ansible-test01.ansible.otc.telekomcloud99.com;;A;300;80.158.23.253" ] diff --git a/playbooks/vars/tenant.json b/playbooks/vars/tenant.json new file mode 100644 index 0000000..068947d --- /dev/null +++ b/playbooks/vars/tenant.json @@ -0,0 +1,101 @@ +{ + "default": { + "image_name" : "Community_Ubuntu_16.04_TSI_latest", + "availability_zone" : "eu-de-01", + "evs_availability_zone" : "eu-de-01", + "vpc_name" : "ansible-vpc01", + "vpc_net" : "192.168.0.0/16", + "subnet_name" : "ansible-subnet01", + "subnet_net" : "192.168.0.0/24", + "subnet_gateway" : "192.168.0.1", + "subnet_dhcp_enable" : "true", + "subnet_primary_dns" : "8.8.8.8", + "subnet_secondary_dns" : "8.4.4.8", + "secgroups" : "ansible-secgroup01", + "ecs_volumetype" : "SATA", + "ecs_ram" : "2048", + "ecs_vcpus" : "2", + "ecs_adminkey" : "ansible-key", + "keypair_file" : "~/.ssh/id_rsa.pub", + "evs_scsi": false, + "evs_multiattach": false + }, + "volumes": { + "ansible-evs01" : { + "evs_volume_type": "SATA", + "evs_size": 20 + } + }, + "vms": { + "ansible-test01" : { + "vpc_name" : "ansible-vpc01", + "availability_zone" : "eu-de-01", + "subnet_name" : "ansible-subnet02", + "secgroups" : [ "default-ansible", "ansible-test01" ], + "ecs_ipaddress" : "192.168.0.101", + "ecs_publicip" : "80.158.23.253", + "ecs_publicfqdn" : "ansible-test01.ansible.otc.telekomcloud99.com", + "ecs_publicttl" : "300", + "eip_bandwidth_name" : "ansible-eip01", + "eip_bandwidth_size" : "500" + }, + "ansible-test02" : { + "image_name" : "Community_Ubuntu_14.04_TSI_latest", + "vpc_name" : "ansible-vpc01", + "availability_zone" : "eu-de-01", + "ecs_volumetype" : "SATA", + "ecs_ram" : "2048", + "ecs_vcpus" : "4", + "ecs_ipaddress" : "192.168.0.102" + } + }, + "securitygroups" : { + "default-ansible" : [ "ingress;IPv4;tcp;22;22;0.0.0.0/0", "ingress;IPv4;tcp;80;80;0.0.0.0/0" ], + "ansible-test01" : [ "ingress;IPv4;tcp;22022;22022;0.0.0.0/0" ] + }, + "elb": { + {"ansible-elb01": { + "elb_type" : "External", + "elb_bandwidth" : "100", + "admin_state_up" : "true", + "elb_availability_zone" : "eu_de-01", + "elb_secgroup_name" : "ansible-secgroup02", + "elb_subnet_name" : "ansible-subnet01", + "elb_vpc_name" : "ansible-vpc01" + } + }, + "elblistener": { + { "ansible-listener01": { + "listener_protocol" : "TCP", + "listener_port" : "22", + "listener_backend_protocol" : "TCP", + "listener_backend_port" : "22", + "listener_lb_algorithm" : "source", + "healthcheck_connect_port" : "22", + "healthcheck_interval" : "5", + "healthcheck_protocol" : "TCP", + "healthcheck_timeout" : "10", + "unhealthy_threshold" : "3", + "backend_members" : "ansible-test01,ansible-test02" + } + }, + "dnszones": { + "ansible.internal.corp": { + "zone_description": "Core Zone internal services", + "zone_type": "private", + "zone_email": "nobody@example.com", + "zone_ttl": "86400" + }, + "ansible.otc.telekomcloud99.com": { + "zone_description": "Core Zone public OTC services", + "zone_type": "public", + "zone_email": "nobody@example.com", + "zone_ttl": 3600 + } + }, + "dnszonerecords" : { + "ansible.internal.corp": [ "ansible-test01.ansible.internal.corp;description;A;300;192.168.0.101", + "ansible-test02.ansible.internal.corp;description;A;300;192.168.0.102" ], + "ansible.otc.telekomcloud99.com": [ "ansible-test01.example.com;;A;300;80.158.23.253" ] + } +} diff --git a/playbooks/vars/tenant.yml b/playbooks/vars/tenant.yml new file mode 100644 index 0000000..3240e61 --- /dev/null +++ b/playbooks/vars/tenant.yml @@ -0,0 +1,101 @@ +--- +default: + image_name: "Community_Ubuntu_16.04_TSI_latest" + availability_zone: "eu-de-01" + evs_availability_zone: "eu-de-01" + vpc_name: "ansible-vpc01" + vpc_net: "192.168.0.0/16" + subnet_name: "ansible-subnet01" + subnet_net: "192.168.0.0/24" + subnet_gateway: "192.168.0.1" + subnet_dhcp_enable: "true" + subnet_primary_dns: "8.8.8.8" + subnet_secondary_dns: "8.4.4.8" + secgroups: "ansible-secgroup01" + ecs_volumetype: "SATA" + ecs_ram: "2048" + ecs_vcpus: "2" + ecs_adminkey: "ansible-key" + keypair_file: "~/.ssh/id_rsa.pub" + evs_scsi: false + evs_multiattach: false + listener_certificate_name: "Ansible" + listener_sticky_session_type: "insert" + listener_tcp_timeout: 30 + listener_session_sticky: false + listener_port: 1 + listener_cookie_timeout: 60 +volumes: + ansible-evs01: + evs_volume_type: "SATA" + evs_size: "20" +vms: + ansible-test01: + vpc_name: "ansible-vpc01" + vpc_net: "192.168.0.0/16" + availability_zone: "eu-de-01" + subnet_name: "ansible-subnet01" + secgroups: + - "default-ansible" + - "ansible-test01" + ecs_ipaddress: "192.168.0.101" + ecs_publicip: "80.158.23.253" + ecs_publicfqdn: "ansible-test01.ansible.otc.telekomcloud99.com" + ecs_publicttl: "300" + eip_bandwidth_name: "ansible-eip01" + eip_bandwidth_size: "500" + ansible-test02: + image_name: "Community_Ubuntu_14.04_TSI_latest" + vpc_name: "ansible-vpc01" + availability_zone: "eu-de-01" + ecs_volumetype: "SATA" + ecs_ram: "2048" + ecs_vcpus: "4" + ecs_ipaddress: "192.168.0.102" +securitygroups: + default-ansible: + - "ingress;IPv4;tcp;22;22;0.0.0.0/0" + - "ingress;IPv4;tcp;80;80;0.0.0.0/0" + - "egress;IPv4;tcp;80;80;0.0.0.0/0" + - "egress;IPv4;tcp;443;443;0.0.0.0/0" + ansible-test01: + - "ingress;IPv4;tcp;22022;22022;0.0.0.0/0" +elb: + ansible-elb01: + elb_type: "External" + elb_bandwidth: 100 + admin_state_up: true + elb_availability_zone: eu_de-01 + elb_secgroup_name: "ansible-secgroup01" + elb_subnet_name: "ansible-subnet01" + elb_vpc_name: "ansible-vpc01" +elblistener: + ansible-listener01: + listener_protocol: "TCP" + listener_porto: 22 + listener_backend_protocol: "TCP" + listener_backend_port: 22 + listener_lb_algorithm: "source" + healthcheck_connect_port: 22 + healthcheck_interval: 5 + healthcheck_protocol: "TCP" + healthcheck_timeout: 10 + unhealthy_threshold: 3 + backend_members: "ansible-test01,ansible-test02" +dnszones: + ansible.internal.corp: + zone_description: "Core Zone internal services" + zone_type: "private" + zone_email: "nobody@example.com" + zone_ttl: 86400 + ansible.otc.telekomcloud99.com: + zone_description: "Core Zone public OTC services" + zone_type: "public" + zone_email: "nobody@example.com" + zone_ttl: 3600 +dnszonerecords: + ansible.internal.corp: + - "ansible-test01.ansible.internal.corp;description;A;300;192.168.0.101" + - "ansible-test02.ansible.internal.corp;description;A;300;192.168.0.102" + ansible.otc.telekomcloud99.com: + - "ansible-test01.ansible.otc.telekomcloud99.com;;A;300;160.44.0.101" diff --git a/vaultpass.txt b/playbooks/vars/vaultpass.txt similarity index 100% rename from vaultpass.txt rename to playbooks/vars/vaultpass.txt diff --git a/ptrrecord_create.yml b/ptrrecord_create.yml deleted file mode 100644 index 97d86d5..0000000 --- a/ptrrecord_create.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: ptrrecord_create diff --git a/ptrrecord_delete.yml b/ptrrecord_delete.yml deleted file mode 100644 index 75d3991..0000000 --- a/ptrrecord_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: ptrrecord_delete diff --git a/ptrrecords.yml b/ptrrecords.yml deleted file mode 100644 index ce26d9a..0000000 --- a/ptrrecords.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: ptrrecords diff --git a/rds_flavors.yml b/rds_flavors.yml deleted file mode 100644 index fddb0b4..0000000 --- a/rds_flavors.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: rds_flavors diff --git a/rds_versions.yml b/rds_versions.yml deleted file mode 100644 index c3795d1..0000000 --- a/rds_versions.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: rds_versions diff --git a/requirements.txt b/requirements.txt index 624c351..cda76d7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,3 +4,8 @@ pbr>=2.0 # Apache-2.0 sphinx>=1.6.2 # BSD +ansible==2.3.0.0 +jmespath +# OpenStack CLI for Tests +python-openstackclient==3.14.0 +otcclient diff --git a/roles/dns_transfer/tasks/main.yml b/roles/dns_transfer/tasks/main.yml deleted file mode 100644 index 296af46..0000000 --- a/roles/dns_transfer/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Call dig to catch zone information - shell: dig {{ zone_name }} @{{ dns_server }} axfr - register: zone_data - -- name: Create tenant_dns.ini file - template: - src: tenant_dns.ini.j2 - dest: ./dns.ini - force: yes - backup: yes diff --git a/roles/dns_transfer/templates/tenant_dns.ini.j2 b/roles/dns_transfer/templates/tenant_dns.ini.j2 deleted file mode 100644 index afcf921..0000000 --- a/roles/dns_transfer/templates/tenant_dns.ini.j2 +++ /dev/null @@ -1,22 +0,0 @@ -# usage dns (public zones): -# ansible-playbook -i hosts dns_create.yml -# usage dns (private usage, only in selected vpc): -# ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" -[dnszones] -# name; description; type (public/private); email-address; ttl (in sec) -zone1={{ zone_name }}.;Ansible generated DNS Zone;{{ zone_type }};{{ zone_email }};{{ zone_ttl }} -[dnszonerecords] -# domain; description; name; type; ttl; value -{% set zcount = 1 %} -{% for record in zone_data.stdout_lines %} -{% set record_clean = record | regex_replace('(\\s+)', ';') %} -{% set pattern = "^(.*);(.*);(.*);(.*);(.*)$" %} -{% set fqdn = record_clean | regex_replace(pattern, "\\1" ) %} -{% set ttl = record_clean | regex_replace(pattern, "\\2" ) %} -{% set rtyp = record_clean | regex_replace(pattern, "\\4" ) %} -{% set value = record_clean | regex_replace(pattern, "\\5" ) %} -{% if rtyp in ['A','CNAME','MX'] -%} -zonerecord{{ zcount }}={{ zone_name }}.;;{{ fqdn }};{{ rtyp }};{{ ttl }};{{ value }} -{% set zcount = zcount + 1 %} -{% endif %} -{% endfor %} diff --git a/roles/ecs/README.rst b/roles/ecs/README.rst deleted file mode 100644 index cdc3196..0000000 --- a/roles/ecs/README.rst +++ /dev/null @@ -1,4 +0,0 @@ -ECS ROLE -======== - -Hier geht alles mit ECS diff --git a/roles/ecs_create/tasks/main.yml b/roles/ecs_create/tasks/main.yml deleted file mode 100644 index f999999..0000000 --- a/roles/ecs_create/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/cloudservers" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - register: ecs - when: - - ecs_name is defined - - image_id is defined - - flavor_id is defined - - listener_name is undefined - -- set_fact: - job_id: "{{ (ecs.content|from_json)|json_query('job_id') }}" - when: ecs is defined and ecs.content|length != 0 - -- debug: - msg: "{{ job_id }}" - when: job_id is defined diff --git a/roles/ecs_delete/tasks/main.yml b/roles/ecs_delete/tasks/main.yml deleted file mode 100644 index 6b35e14..0000000 --- a/roles/ecs_delete/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/cloudservers/delete" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - register: ecs - -- debug: - msg: "{{ ecs }}" diff --git a/roles/ecs_show/tasks/main.yml b/roles/ecs_show/tasks/main.yml deleted file mode 100644 index e26ef81..0000000 --- a/roles/ecs_show/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_ECS }}/servers/{{ ecs_id }}" - method: PUT - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - register: ecs - -- debug: - msg: "{{ ecs }}" diff --git a/roles/elb_backends/tasks/main.yml b/roles/elb_backends/tasks/main.yml deleted file mode 100644 index 9d9e1ca..0000000 --- a/roles/elb_backends/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners/{{ listener_id}}/members?limit=10&marker=0" - method: GET - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: elblistener - -- debug: - msg: "{{ elblistener }}" diff --git a/roles/elb_backends_create/tasks/main.yml b/roles/elb_backends_create/tasks/main.yml deleted file mode 100644 index 6face08..0000000 --- a/roles/elb_backends_create/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners/{{ listener_id }}/members" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - register: elbbackends - -- debug: - msg: "{{ elbbackends }}" diff --git a/roles/elb_backends_create/templates/request.json.j2 b/roles/elb_backends_create/templates/request.json.j2 deleted file mode 100644 index 489889f..0000000 --- a/roles/elb_backends_create/templates/request.json.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[ -{ - "server_id": "{{ ecs_id }}", - "address": "{{ ecs_address }}" -} -] diff --git a/roles/elb_backends_delete/templates/request.json.j2 b/roles/elb_backends_delete/templates/request.json.j2 deleted file mode 100644 index debdc53..0000000 --- a/roles/elb_backends_delete/templates/request.json.j2 +++ /dev/null @@ -1,8 +0,0 @@ -{ -"removeMember": -[ -{ -"id": "{{ elb_backends_id }}" -} -] -} diff --git a/roles/elb_certificate/tasks/main.yml b/roles/elb_certificate/tasks/main.yml deleted file mode 100644 index 7822c36..0000000 --- a/roles/elb_certificate/tasks/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/certificate" - method: GET - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: elbcertificate - -- set_fact: - certificate_names: "{{ (elbcertificate.content|from_json)|json_query('certificates[].name') }}" - -- debug: -# msg: "{{ elbcertificate }}" - msg: "{{ certificate_names }}" - when: elbcertificate is defined diff --git a/roles/elb_healthcheck_show/tasks/main.yml b/roles/elb_healthcheck_show/tasks/main.yml deleted file mode 100644 index 9c9cd99..0000000 --- a/roles/elb_healthcheck_show/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/healthcheck/{{ elb_healthcheck_id }}" - method: GET - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: elbhealthcheck - -- debug: - msg: "{{ elbhealthcheck }}" diff --git a/roles/elb_listener/tasks/main.yml b/roles/elb_listener/tasks/main.yml deleted file mode 100644 index c7ad643..0000000 --- a/roles/elb_listener/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners?loadbalancer_id={{ elb_id}}" - method: GET - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: elblistener - when: elb_id is defined - -- debug: - msg: "{{ elblistener }}" diff --git a/roles/endpoints/tasks/main.yml b/roles/endpoints/tasks/main.yml deleted file mode 100644 index 054ff6a..0000000 --- a/roles/endpoints/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Request endpoints list from AUTH API - uri: - url: "{{ IAM_AUTH_URL }}/endpoints" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: endpointlist - -- debug: - msg: "{{ endpointlist.json }}" diff --git a/roles/evs_show/tasks/main.yml b/roles/evs_show/tasks/main.yml deleted file mode 100644 index 571059c..0000000 --- a/roles/evs_show/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Request volumes list from API - uri: - url: "{{ AUTH_URL_EVS }}/volumes/{{ evs_id }}" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: volume - -- debug: - msg: "{{ volume.json }}" diff --git a/roles/flavors/tasks/main.yml b/roles/flavors/tasks/main.yml deleted file mode 100644 index 47448b7..0000000 --- a/roles/flavors/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Request flavor list from API - uri: - url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/cloudservers/flavors" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: flavorlist - -- debug: - msg: "{{ flavorlist.json }}" diff --git a/roles/lookup_name/tasks/main.yml b/roles/lookup_name/tasks/main.yml deleted file mode 100644 index d62b27c..0000000 --- a/roles/lookup_name/tasks/main.yml +++ /dev/null @@ -1,303 +0,0 @@ -- name: Set fact for availability_zone_id (eu_de-01) - set_fact: - availability_zone_id: "bf84aba586ce4e948da0b97d9a7d62fb" - when: - - elb_name is defined - - listener_name is undefined - - elb_availability_zone is defined and elb_availability_zone == "eu_de-01" - -- name: Set fact for availability_zone_id (eu_de-02) - set_fact: - availability_zone_id: "bf84aba586ce4e948da0b97d9a7d62fc" - when: - - elb_name is defined - - listener_name is undefined - - elb_availability_zone is defined and elb_availability_zone == "eu_de-02" - -- name: Request images list from API - uri: - url: "{{ AUTH_URL_IMS }}/v2/cloudimages?name={{ image_name }}" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: ims_result - when: - - ecs_name is defined - - image_name is defined - -- name: Set fact image_id if image_name is defined - set_fact: - image_id: "{{ (ims_result.content|from_json)|json_query('images[].id|[0]') }}" - when: - - ecs_name is defined - - image_name is defined - -- name: Request vpc list from API - uri: - url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/vpcs" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: vpc_result - when: - - ecs_name is defined - - vpc_name is defined - -- name: Set fact vpc_id if vpc_name is defined - set_fact: - vpc_id: "{{ (vpc_result.content|from_json)|json_query(\"vpcs[?name=='\" + vpc_name + \"'].id|[0]\") }}" - when: - - ecs_name is defined - - vpc_name is defined - -- name: Request subnet list from API for elb - uri: - url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: - - elb_name is defined - - listener_name is undefined - - elb_subnet_name is defined - register: subnet_result - -- name: Set fact for subnet_name if elb_subnet_name is defined - set_fact: - subnet_name: "{{ elb_subnet_name }}" - when: - - elb_name is defined - - listener_name is undefined - - elb_subnet_name is defined and elb_subnet_name|length != 0 - -- name: Request subnet list from API for ecs - uri: - url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: - - ecs_name is defined - - subnet_name is defined - register: subnet_result - -- name: Set fact for subnet_id if subnet_name is defined - set_fact: - subnet_id: "{{ (subnet_result.content|from_json)|json_query(\"subnets[?name=='\" + subnet_name + \"'].id|[0]\") }}" - when: - - ecs_name is defined - - subnet_name is defined and subnet_name|length != 0 - -- name: Request secgroup list from API for elb - uri: - url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: - - elb_name is defined - - listener_name is undefined - - elb_secgroup_name is defined - register: secgroup_result - -- name: Set fact secgroup_name if elb_secgroup_name is defined - set_fact: - secgroup_name: "{{ elb_secgroup_name }}" - when: - - elb_name is defined - - listener_name is undefined - - elb_secgroup_name is defined - -- name: Request secgroup list from API for ecs - uri: - url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: - - ecs_name is defined - - secgroup_name is defined - register: secgroup_result - -- name: Set fact for secgroup_id if secgroup_name is defined - set_fact: - secgroup_id: "{{ (secgroup_result.content|from_json)|json_query(\"security_groups[?name=='\" + secgroup_name + \"'].id|[0]\") }}" - when: - - ecs_name is defined - - secgroup_name is defined and secgroup_name| length != 0 - -- name: Request flavor list from API - uri: - url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/cloudservers/flavors" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: flavor_result - when: - - ecs_name is defined - - (ecs_ram is defined and ecs_ram|length != 0) and (ecs_vcpus is defined and ecs_vcpus|length != 0) - -- name: Set fact flavor_id if ecs_ram or ecs_vcpus is defined - set_fact: - flavor_id: "{{ (flavor_result.content|from_json)|json_query('sort_by(flavors, &ram)|[?ram>=`' + ecs_ram + '` && vcpus>=`' + ecs_vcpus + '`].id|[0]') }}" - when: - - ecs_name is defined - - (ecs_ram is defined and ecs_ram |length != 0) or (ecs_vcpus is defined and ecs_vcpus|length != 0) - -- name: Request keypair list from API - uri: - url: "{{ AUTH_URL_ECS }}/os-keypairs" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: keypairlist_result - when: - - ecs_name is defined - - ecs_adminkey is defined - -- name: Set fact ecs_adminkey_name if ecs_adminkey is defined - set_fact: - ecs_adminkey_name: "{{ (keypairlist_result.content|from_json)|json_query(\"keypairs[?keypair.name=='\" + ecs_adminkey + \"'].keypair.name\") }}" - when: - - ecs_name is defined - - ecs_adminkey is defined and ecs_adminkey|length != 0 - -- name: Request floatingip list from API - uri: - url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/publicips" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: floatingiplist_result - -- name: Set fact eip_id for eip if public_ip_address is defined - set_fact: - eip_id: "{{ (floatingiplist_result.content|from_json)|json_query(\"publicips[?public_ip_address=='\" + public_ip_address + \"'].id|[0]\") }}" - when: - - ecs_name is defined - - (public_ip_address is defined and public_ip_address | ipaddr) - -- name: Request zone list from API - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: zone_name is defined - register: zonelist_result - -- name: Set fact zone_id for dns if zone_name is defined - set_fact: - zone_id: "{{ (zonelist_result.content|from_json)|json_query(\"zones[?name=='\" + zone_name + \"'].id|[0]\") }}" - when: zone_name is defined - -- name: Request ecs list from API - uri: - url: "{{ AUTH_URL_ECS }}/servers" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: ecs_result - when: ecs_name is defined - -- name: Set fact ecs_id for ecs if ecs_name is defined - set_fact: - ecs_id: "{{ (ecs_result.content|from_json)|json_query(\"servers[?name=='\" + ecs_name + \"'].id|[0]\") }}" - when: ecs_name is defined - -- name: Request evs list from API - uri: - url: "{{ AUTH_URL_EVS }}/cloudvolumes" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: evs_result - when: evs_name is defined - -- name: Set fact evs_id if evs_name is defined - set_fact: - evs_id: "{{ (evs_result.content|from_json)|json_query(\"volumes[?name=='\" + evs_name + \"'].id|[0]\") }}" - when: evs_name is defined - -- name: Request elb list from API - uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers" - method: GET - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: elb_result - when: elb_name is defined - -- name: Set fact elb_id for elb if elb_name is defined - set_fact: - elb_id: "{{ (elb_result.content|from_json)|json_query(\"loadbalancers[?name=='\" + elb_name + \"'].id|[0]\") }}" - when: elb_name is defined - -- name: Request elb certificate list from API - uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/certificate" - method: GET - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: listener_certificate_result - when: - - elb_name is defined - - listener_certificate_name is defined and listener_certificate_name|length != 0 - -- name: Set fact listener_certificate_id for elb if listener_certificate_name is defined - set_fact: - listener_certificate_id: "{{ (listener_certificate_result.content|from_json)|json_query(\"certificates[?name=='\" + listener_certificate_name + \"'].id|[0]\") }}" - when: - - elb_name is defined - - listener_certificate_name is defined and listener_certificate_name|length != 0 - -- name: Request elb listener from API - uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners?loadbalancer_id={{ elb_id}}" - method: GET - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: listener_result - when: elb_id is defined - -- name: Set fact listener_id for elb if listener_name is defined - set_fact: - listener_id: "{{ (listener_result.content|from_json)|json_query(\"[?name=='\" + listener_name + \"'].id|[0]\") }}" - when: listener_name is defined - -# - debug: -# msg: "{{ evs_id }}" -# when: evs_id is defined diff --git a/roles/otc_auth/README.rst b/roles/otc_auth/README.rst new file mode 100644 index 0000000..8c994c3 --- /dev/null +++ b/roles/otc_auth/README.rst @@ -0,0 +1,47 @@ +otc_auth +======== + +OTC role for authentification. + +Supports: + +* os-client-config +* env variables + +Variables: +^^^^^^^^^^ + ++--------------+---------------------------------------------+ +| Name | Description | ++==============+=============================================+ +| USERNAME | cloud username | +| | env variable or content of os-client config | ++--------------+---------------------------------------------+ +| PASSWORD | cloud password | +| | env variable or content of os-client config | ++--------------+---------------------------------------------+ +| PROJECTNAME | cloud project name, e.g. eu-de | +| | env variable or content of os-client config | ++--------------+---------------------------------------------+ +| DOMAIN | cloud user domain, e.g. OTC-eu-de-0012345 | +| | env variable or content of os-client config | ++--------------+---------------------------------------------+ + +Functions: +^^^^^^^^^^ + +Create:: + + role otc_auth + +Read:: + + n/a + +Update:: + + n/a + +Delete:: + + n/a diff --git a/roles/otc_auth/tasks/main.yml b/roles/otc_auth/tasks/main.yml new file mode 100644 index 0000000..3de0715 --- /dev/null +++ b/roles/otc_auth/tasks/main.yml @@ -0,0 +1,41 @@ +- name: Load auth variable file from os-client config or ansible-vault secret + include_vars: "{{ item }}" + with_first_found: + - files: + - "vars/env.yml" + - "vars/_secrets.yml" + skip: true + tags: + - always + +- name: Check if os-client config exists + vars: + user_home: "{{ lookup('env','HOME') }}" + stat: + path: "{{ user_home }}/.config/openstack/clouds.yml" + register: osclientconfigfile + tags: + - always + +- name: Get token with env variables + include: token.yml + vars: + USERNAME: "{{ lookup('env','OS_USERNAME') }}" + PASSWORD: "{{ lookup('env','OS_PASSWORD') }}" + PROJECT_NAME: "{{ lookup('env','OS_PROJECT_NAME') }}" + DOMAIN: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}" + when: not osclientconfigfile.stat.exists + tags: + - always + +- name: Get token with os-client config + include: token.yml + vars: + os_client_config: "{{ lookup('file', osclientconfigfile.stat.path)|from_yaml }}" + USERNAME: "{{ os_client_config['clouds'][CLOUD]['auth']['username'] }}" + PASSWORD: "{{ os_client_config['clouds'][CLOUD]['auth']['password'] }}" + PROJECT_NAME: "{{ os_client_config['clouds'][CLOUD]['auth']['project_name'] }}" + DOMAIN: "{{ os_client_config['clouds'][CLOUD]['auth']['user_domain_name'] }}" + when: osclientconfigfile.stat.exists + tags: + - always diff --git a/roles/token/tasks/main.yml b/roles/otc_auth/tasks/token.yml similarity index 60% rename from roles/token/tasks/main.yml rename to roles/otc_auth/tasks/token.yml index c41c77f..0db4f1c 100644 --- a/roles/token/tasks/main.yml +++ b/roles/otc_auth/tasks/token.yml @@ -1,32 +1,17 @@ -- name: Load auth variable file from os-client config or ansible-vault secret - include_vars: "{{ item }}" - with_first_found: - - "env.yml" - - "_secrets.yml" - -- name: Set fact user home - set_fact: - user_home: "{{ lookup('env','HOME') }}" - -- stat: - path: "{{ user_home }}/.config/openstack/clouds.yml" - register: osclientconfigfile - -- name: Set fact os-client config file - set_fact: - os_client_config: "{{ lookup('file', osclientconfigfile.stat.path)|from_yaml }}" - when: osclientconfigfile.stat.exists - -- name: Set facts from os-client-config - set_fact: - USERNAME: "{{ os_client_config['clouds'][CLOUD]['auth']['username'] }}" - PASSWORD: "{{ os_client_config['clouds'][CLOUD]['auth']['password'] }}" - PROJECT_NAME: "{{ os_client_config['clouds'][CLOUD]['auth']['project_name'] }}" - DOMAIN: "{{ os_client_config['clouds'][CLOUD]['auth']['user_domain_name'] }}" - when: osclientconfigfile.stat.exists - -- name: Set fact generic endpoints +- name: Fail when cloud variables not set + fail: + msg: "Cloud auth variables not set (USERNAME,PASSWORD,DOMAIN,PROJECT_NAME..)" + when: + - not USERNAME + - not PASSWORD + - not DOMAIN + - not PROJECT_NAME + tags: + - always + +- name: Set facts generic endpoints set_fact: + PROJECT_NAME: "{{ PROJECT_NAME }}" IAM_AUTH_URL: "https://iam.{{ PROJECT_NAME }}.otc.t-systems.com/v3" AUTH_URL_ELB: "https://elb.{{ PROJECT_NAME }}.otc.t-systems.com/v1.0" AUTH_URL_ECS_CLOUD: "https://ecs.{{ PROJECT_NAME }}.otc.t-systems.com/v1" @@ -41,13 +26,17 @@ status_code: 201 return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" + headers: + Content-Type: "application/json" body: "{{ lookup('template', 'request.json.j2',convert_data=True)|to_json }}" - register: token + register: uritoken + +- name: Set fact token + set_fact: + token: "{{ uritoken }}" - name: Set facts dynamic endpoints set_fact: -# OS_USER_DOMAIN_ID: "{{ (token.content|from_json)['token']['user']['domain']['id'] }}" OS_USER_DOMAIN_ID: "{{ (token.content|from_json)|json_query('token.user.domain.id') }}" PROJECT_ID: "{{ (token.content|from_json)|json_query('token.project.id') }}" AUTH_URL_DNS: "{{ (token.content|from_json)|json_query('token.catalog[?type==`dns`].endpoints[].url|[0]') }}" @@ -59,5 +48,5 @@ AUTH_URL_IMS: "{{ (token.content|from_json)|json_query('token.catalog[?type==`image`].endpoints[].url|[0]') }}" IAM_AUTH_URL: "https://iam.{{ PROJECT_NAME }}.otc.t-systems.com/v3" -# - debug: -# msg: "{{ token }}" +#- debug: +# msg: "{{ token }}" diff --git a/roles/token/templates/request.json.j2 b/roles/otc_auth/templates/request.json.j2 similarity index 100% rename from roles/token/templates/request.json.j2 rename to roles/otc_auth/templates/request.json.j2 diff --git a/roles/otc_dns/README.rst b/roles/otc_dns/README.rst new file mode 100644 index 0000000..20d777d --- /dev/null +++ b/roles/otc_dns/README.rst @@ -0,0 +1,91 @@ +otc_dns +======= + +OTC role for DNS. This role creates zones, zone records and reverse +entries (PTR records). +With as transfer option it's possible to fetch zone information from +existing DNS and write an OTC DNS config file in ini, yml, or json +format. This action required xfer rights on the source DNS server. + +Variables: +^^^^^^^^^^ + ++-------------------------+---------------------------------------------+ +| Name | Description | ++=========================+=============================================+ +| zone_name | name of DNS zone | ++-------------------------+---------------------------------------------+ +| zone_id | id of DNS zone | ++-------------------------+---------------------------------------------+ +| zone_description | Description of DNS zone | ++-------------------------+---------------------------------------------+ +| zone_type | DNS zone type (public/private) | ++-------------------------+---------------------------------------------+ +| zone_email | Email address of SOA | ++-------------------------+---------------------------------------------+ +| zone_ttl | DNS zone TTL in sec | ++-------------------------+---------------------------------------------+ +| zone_records | List of zone records | ++-------------------------+---------------------------------------------+ +| ptr_name | FQDN for PTR record | ++-------------------------+---------------------------------------------+ +| config | Format for Zonetransfer (ini,yml,json) | ++-------------------------+---------------------------------------------+ + + +Functions: +^^^^^^^^^^ + +create (public):: + + ansible-playbook dns_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create" + + ansible-playbook dns_ini.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create" + + ansible-playbook dns_json.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create" + +create (internal):: + + ansible-playbook dns_yml.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create" + + ansible-playbook dns_ini.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create" + + ansible-playbook dns_json.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create" + + +ptrcreate:: + + ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "ecs_name=ansible-test01" -e "localaction=ptrcreate" + +ptrdelete:: + + ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "ecs_name=ansible-test01" -e "localaction=ptrdelete" + + +show:: + + ./grole otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=show" + + ./grole otc_vpc otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "vpc_name=ansible-vpc01" -e "localaction=show" + + +list:: + + ./grole otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=list" + + ./grole otc_vpc otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=list" + + +delete:: + + ./grole otc_dns; ansible-playbook roles.yml ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=delete" + + ./grole otc_vpc otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=delete" + +transfer:: + + ansible-playbook dns_ini.yml -e "config=ini" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" + + ansible-playbook dns_yml.yml -e "config=yml" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" + + ansible-playbook dns_json.yml -e "config=json" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400" diff --git a/roles/otc_dns/tasks/create.yml b/roles/otc_dns/tasks/create.yml new file mode 100644 index 0000000..61d5613 --- /dev/null +++ b/roles/otc_dns/tasks/create.yml @@ -0,0 +1,35 @@ +- name: Lookup zone_id + include: lookup.yml + +- name: Delete current zone + include: delete.yml + when: zone_id is defined + +- name: Send request to API (create zone) + uri: + url: "{{ AUTH_URL_DNS }}/v2/zones" + method: POST + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203 + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" + register: zone + when: zone_name is defined + +- debug: + msg: "{{ zone }}" + +- pause: + minutes: 1 + +- name: Create zonerecords + include: zonerecord_create.yml + with_items: + - "{{ zone_records }}" + loop_control: + loop_var: zone_record diff --git a/roles/otc_dns/tasks/delete.yml b/roles/otc_dns/tasks/delete.yml new file mode 100644 index 0000000..d0afa8a --- /dev/null +++ b/roles/otc_dns/tasks/delete.yml @@ -0,0 +1,18 @@ +- name: Lookup zone_id + include: lookup.yml + +- name: Send request to API (delete zone) + uri: + url: "{{ AUTH_URL_DNS }}/v2/zones/{{ zone_id }}" + method: DELETE + return_content: yes + validate_certs: yes + status_code: 200,201,202,203 + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: zone_id is defined and zone_id|length != 0 + register: zone + +- debug: var=zone.json + when: zone is defined diff --git a/roles/otc_dns/tasks/deletegrouploop.yml b/roles/otc_dns/tasks/deletegrouploop.yml new file mode 100644 index 0000000..625a5aa --- /dev/null +++ b/roles/otc_dns/tasks/deletegrouploop.yml @@ -0,0 +1,35 @@ +- name: Send request to API (list security groups) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - secgroup_name is defined + register: secgroup_result + +- name: Set fact for secgroup_id if secgroup_name is defined + set_fact: + secgroup_id: "{{ (secgroup_result.content|from_json)|json_query(\"security_groups[?name=='\" + secgroup_name + \"'].id|[0]\") }}" + when: + - secgroup_name is defined and secgroup_name| length != 0 + +- name: Send request to API (delete security group) + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/security-groups/{{ secgroup_id }}" + method: DELETE + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,204 + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: secgroup + +- debug: + msg: "{{ secgroup }}" diff --git a/roles/otc_dns/tasks/list.yml b/roles/otc_dns/tasks/list.yml new file mode 100644 index 0000000..0fd992b --- /dev/null +++ b/roles/otc_dns/tasks/list.yml @@ -0,0 +1,30 @@ +- name: Send request to API (list public zone) + uri: + url: "{{ AUTH_URL_DNS }}/v2/zones?type=public" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: zonelist_public + +- name: Send request to API (list private zones) + uri: + url: "{{ AUTH_URL_DNS }}/v2/zones?type=private" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: zonelist_private + +- name: Set fact zonelist + set_fact: + zonelist: "{{ zonelist_public.json.zones }} + {{ zonelist_private.json.zones }}" + +- name: List zones + debug: + msg: "{{ zonelist }}" + when: zonelist is defined diff --git a/roles/otc_dns/tasks/lookup.yml b/roles/otc_dns/tasks/lookup.yml new file mode 100644 index 0000000..da54b16 --- /dev/null +++ b/roles/otc_dns/tasks/lookup.yml @@ -0,0 +1,44 @@ +- name: Send request to API (list public zones) + uri: + url: "{{ AUTH_URL_DNS }}/v2/zones?type=public" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: zone_name is defined + register: zonelist_public + +- name: Send request to API (list private zones) + uri: + url: "{{ AUTH_URL_DNS }}/v2/zones?type=private" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: zone_name is defined + register: zonelist_private + +- name: Set fact zonelist_result + set_fact: + zonelist_result: "{{ zonelist_public.json.zones }} + {{ zonelist_private.json.zones }}" + when: zone_name is defined + +- name: Debug zone_name + debug: + msg: "{{ zone_name }}" + +- name: Set fact zone_id for dns if zone_name is defined + vars: + zonenamedot: "{{ zone_name }}." + set_fact: + zone_id: "{{ zonelist_result|json_query(\"[?name=='\" + zonenamedot + \"'].id|[0]\") }}" + when: zone_name is defined + +- name: Debug zone_id + debug: + msg: "{{ zone_id }}" + when: zone_id is defined diff --git a/roles/otc_dns/tasks/main.yml b/roles/otc_dns/tasks/main.yml new file mode 100644 index 0000000..1ace94d --- /dev/null +++ b/roles/otc_dns/tasks/main.yml @@ -0,0 +1,62 @@ +- name: Get Zone list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - zonelist + +- name: Get PTR list + include: ptr_list.yml + when: + - localaction is defined and localaction == "ptrlist" + tags: + - ptrlist + +- name: Transfer Zone to OTC + include: transfer.yml + when: + - localaction is defined and localaction == "transfer" + tags: + - transfer + +- name: Get Zone detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - zoneshow + +- name: Create Zone + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - zonecreate + +- name: Create PTR + include: ptr_create.yml + when: + - localaction is defined and localaction == "ptrcreate" + tags: + - ptrcreate + +- name: Create Zonerecords + include: zonerecord_create.yml + when: + - localaction is defined and localaction == "zonerecordcreate" + tags: + - zonerecordscreate + +- name: Delete Zone + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - zonedelete + +- name: Delete PTR + include: ptr_delete.yml + when: + - localaction is defined and localaction == "ptrdelete" + tags: + - ptrdelete diff --git a/roles/otc_dns/tasks/ptr_create.yml b/roles/otc_dns/tasks/ptr_create.yml new file mode 100644 index 0000000..f655bed --- /dev/null +++ b/roles/otc_dns/tasks/ptr_create.yml @@ -0,0 +1,37 @@ +- name: Send request to API (list EIP) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/publicips" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: floatingiplist_result + +- name: Set fact eip_id if public_ip_address is defined + set_fact: + eip_id: "{{ (floatingiplist_result.content|from_json)|json_query(\"publicips[?public_ip_address=='\" + public_ip_address + \"'].id|[0]\") }}" + when: + - (public_ip_address is defined and public_ip_address | ipaddr) + +- name: Send request to API (create ptr) + uri: + url: "{{ AUTH_URL_DNS }}/v2/reverse/floatingips/{{ PROJECT_NAME }}:{{ eip_id }}" + method: PATCH + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,400 + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'ptr_create.json.j2')|to_json }}" + register: ptrrecord + when: + - (ptr_name is defined and ptr_name | length != 0) + - eip_id is defined + +- debug: + msg: "{{ ptrrecord }}" diff --git a/roles/otc_dns/tasks/ptr_delete.yml b/roles/otc_dns/tasks/ptr_delete.yml new file mode 100644 index 0000000..46a8e75 --- /dev/null +++ b/roles/otc_dns/tasks/ptr_delete.yml @@ -0,0 +1,37 @@ +- name: Send request to API (list EIP) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/publicips" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: floatingiplist_result + +- name: Set fact eip_id if public_ip_address is defined + set_fact: + eip_id: "{{ (floatingiplist_result.content|from_json)|json_query(\"publicips[?public_ip_address=='\" + public_ip_address + \"'].id|[0]\") }}" + when: + - (public_ip_address is defined and public_ip_address | ipaddr) + + +- name: Send request to API (delete ptr) + uri: + url: "{{ AUTH_URL_DNS }}/v2/reverse/floatingips/{{ PROJECT_NAME }}:{{ eip_id }}" + method: PATCH + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,400,404 + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: '{ "ptrdname": null }' + register: ptrrecord + when: + - eip_id is defined and eip_id|length != 0 + +- debug: + msg: "{{ ptrrecord }}" diff --git a/roles/ptrrecords/tasks/main.yml b/roles/otc_dns/tasks/ptr_list.yml similarity index 63% rename from roles/ptrrecords/tasks/main.yml rename to roles/otc_dns/tasks/ptr_list.yml index f236f01..6fa1bee 100644 --- a/roles/ptrrecords/tasks/main.yml +++ b/roles/otc_dns/tasks/ptr_list.yml @@ -1,4 +1,4 @@ -- name: send ptrrecord request to API +- name: Send request to API (list ptr) uri: url: "{{ AUTH_URL_DNS }}/v2/reverse/floatingips" method: GET @@ -6,8 +6,9 @@ return_content: yes validate_certs: yes status_code: 200,201,202,203,400 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: ptrrecord - debug: diff --git a/roles/otc_dns/tasks/show.yml b/roles/otc_dns/tasks/show.yml new file mode 100644 index 0000000..6e94b6f --- /dev/null +++ b/roles/otc_dns/tasks/show.yml @@ -0,0 +1,17 @@ +- name: Lookup zone_id + include: lookup.yml + +- name: Send request to API (show zone) + uri: + url: "{{ AUTH_URL_DNS }}/v2/zones/{{ zone_id }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: zone_id is defined + register: zone + +- debug: var=zone.json + when: zone is defined diff --git a/roles/otc_dns/tasks/transfer.yml b/roles/otc_dns/tasks/transfer.yml new file mode 100644 index 0000000..3669e8e --- /dev/null +++ b/roles/otc_dns/tasks/transfer.yml @@ -0,0 +1,28 @@ +--- +- name: Call dig to catch zone information + shell: dig +noall +answer {{ zone_name }} @{{ dns_server }} axfr | grep -E '(\s+)(A|AAAA|CNAME|MX)' + register: zone_data + +- name: Create dns.ini file + template: + src: dns.ini.j2 + dest: ./dns.ini + force: yes + backup: yes + when: config == "ini" + +- name: Create dns.yml file + template: + src: dns.yml.j2 + dest: ./dns.yml + force: yes + backup: yes + when: config == "yml" + +- name: Create dns.json file + template: + src: dns.json.j2 + dest: ./dns.json + force: yes + backup: yes + when: config == "json" diff --git a/roles/otc_dns/tasks/zonerecord_create.yml b/roles/otc_dns/tasks/zonerecord_create.yml new file mode 100644 index 0000000..c8eecf5 --- /dev/null +++ b/roles/otc_dns/tasks/zonerecord_create.yml @@ -0,0 +1,21 @@ +- name: Lookup zone_id + include: lookup.yml + +- name: send request to API (create zonerecords) + vars: + zonerecord_part: "{{ item.split(';') }}" + uri: + url: "{{ AUTH_URL_DNS }}/v2/zones/{{ zone_id }}/recordsets" + method: POST + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,400 + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'zonerecord_create.json.j2')|to_json }}" + register: zonerecord + with_items: + - "{{ zone_records }}" diff --git a/roles/zone_create/templates/request.json.j2 b/roles/otc_dns/templates/create.json.j2 similarity index 53% rename from roles/zone_create/templates/request.json.j2 rename to roles/otc_dns/templates/create.json.j2 index a467fab..697d594 100644 --- a/roles/zone_create/templates/request.json.j2 +++ b/roles/otc_dns/templates/create.json.j2 @@ -1,19 +1,19 @@ { - "name": "{{ zone_name }}", -{% if zone_description is defined %} + "name": "{{ zone_name }}.", +{% if zone_description is defined %} "description": "{{ zone_description }}", -{% endif %} -{% if zone_type is defined %} +{% endif %} +{% if zone_type is defined %} "zone_type": "{{ zone_type }}", -{% endif %} -{% if zone_type == "private" %} +{% endif %} +{% if zone_type == "private" %} "router": { "router_id": "{{ router_id }}", "router_region": "{{ PROJECT_NAME }}" }, -{% endif %} -{% if zone_email is defined %} +{% endif %} +{% if zone_email is defined %} "email": "{{ zone_email }}", -{% endif %} +{% endif %} "ttl": {{ zone_ttl }} } diff --git a/roles/otc_dns/templates/dns.ini.j2 b/roles/otc_dns/templates/dns.ini.j2 new file mode 100644 index 0000000..f4bcabb --- /dev/null +++ b/roles/otc_dns/templates/dns.ini.j2 @@ -0,0 +1,23 @@ +# usage dns (public zones): +# ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create" +# usage dns (private usage, only in selected vpc): +# ansible-playbook tenant_ini.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create" +[{{ zone_name }}] +zone_description=Ansible generated DNS Zone +zone_type={{ zone_type }} +zone_email={{ zone_email }} +zone_ttl={{ zone_ttl }} +[dnszonerecords] +{{ zone_name }}=[ {% for record in zone_data.stdout_lines %} +{% set record_clean = record | regex_replace('(\\s+)', ';') %} +{% set pattern = "^(.*);(.*);(.*);(.*);(.*)$" %} +{% set fqdn = record_clean | regex_replace(pattern, "\\1" ) %} +{% set ttl = record_clean | regex_replace(pattern, "\\2" ) %} +{% set rtyp = record_clean | regex_replace(pattern, "\\4" ) %} +{% set value = record_clean | regex_replace(pattern, "\\5" ) %} +{% if loop.last %} +"{{ fqdn }};;{{ rtyp }};{{ ttl }};{{ value }}" +{% else %} +"{{ fqdn }};;{{ rtyp }};{{ ttl }};{{ value }}", +{% endif %} +{% endfor %}] diff --git a/roles/otc_dns/templates/dns.json.j2 b/roles/otc_dns/templates/dns.json.j2 new file mode 100644 index 0000000..063b8a7 --- /dev/null +++ b/roles/otc_dns/templates/dns.json.j2 @@ -0,0 +1,25 @@ +"dnszones": { + "{{ zone_name }}": { + "zone_description": "Ansible generated DNS Zone", + "zone_type": "{{ zone_type }}", + "zone_email": "{{ zone_email }}", + "zone_ttl": "{{ zone_ttl }}" + } +}, +"dnszonerecords": { + "{{ zone_name }}": [{% for record in zone_data.stdout_lines %} +{% set record_clean = record | regex_replace('(\\s+)', ';') %} +{% set pattern = "^(.*);(.*);(.*);(.*);(.*)$" %} +{% set fqdn = record_clean | regex_replace(pattern, "\\1" ) %} +{% set ttl = record_clean | regex_replace(pattern, "\\2" ) %} +{% set rtyp = record_clean | regex_replace(pattern, "\\4" ) %} +{% set value = record_clean | regex_replace(pattern, "\\5" ) %} +{% if loop.last %} +"{{ fqdn }};;{{ rtyp }};{{ ttl }};{{ value }}" +{% else %} +"{{ fqdn }};;{{ rtyp }};{{ ttl }};{{ value }}", +{% endif %} +{% endfor %}] +} + + diff --git a/roles/otc_dns/templates/dns.yml.j2 b/roles/otc_dns/templates/dns.yml.j2 new file mode 100644 index 0000000..c4d783a --- /dev/null +++ b/roles/otc_dns/templates/dns.yml.j2 @@ -0,0 +1,21 @@ +# usage dns (public zones): +# ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create" +# usage dns (private usage, only in selected vpc): +# ansible-playbook tenant_ini.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create" +dnszones: + {{ zone_name }}: + zone_description: "Ansible generated DNS Zone" + zone_type: "{{ zone_type }}" + zone_email: "{{ zone_email }}" + zone_ttl: {{ zone_ttl }} +dnszonerecords: + {{ zone_name }}: +{% for record in zone_data.stdout_lines %} +{% set record_clean = record | regex_replace('(\\s+)', ';') %} +{% set pattern = "^(.*);(.*);(.*);(.*);(.*)$" %} +{% set fqdn = record_clean | regex_replace(pattern, "\\1" ) %} +{% set ttl = record_clean | regex_replace(pattern, "\\2" ) %} +{% set rtyp = record_clean | regex_replace(pattern, "\\4" ) %} +{% set value = record_clean | regex_replace(pattern, "\\5" ) %} + - "{{ fqdn }};;{{ rtyp }};{{ ttl }};{{ value }}" +{% endfor %} diff --git a/roles/ptrrecord_create/templates/request.json.j2 b/roles/otc_dns/templates/ptr_create.json.j2 similarity index 85% rename from roles/ptrrecord_create/templates/request.json.j2 rename to roles/otc_dns/templates/ptr_create.json.j2 index f6c31fc..30d5c7b 100644 --- a/roles/ptrrecord_create/templates/request.json.j2 +++ b/roles/otc_dns/templates/ptr_create.json.j2 @@ -5,5 +5,5 @@ {% if ttl is defined and ttl|length != 0 %} "ttl": {{ ttl }}, {% endif %} - "ptrdname": "{{ ptr_name }}" + "ptrdname": "{{ ptr_name }}." } diff --git a/roles/zonerecord_helper/templates/request.json.j2 b/roles/otc_dns/templates/rule_create.json.j2 similarity index 63% rename from roles/zonerecord_helper/templates/request.json.j2 rename to roles/otc_dns/templates/rule_create.json.j2 index 8681f0d..f0fadc3 100644 --- a/roles/zonerecord_helper/templates/request.json.j2 +++ b/roles/otc_dns/templates/rule_create.json.j2 @@ -3,13 +3,15 @@ "direction": "{{ secgrouprule_part[0] }}", "ethertype": "{{ secgrouprule_part[1] }}", "protocol": "{{ secgrouprule_part[2] }}", -{% if secgrouprule_part[3]|length != 0 %} +{% if secgrouprule_part[3] is defined and secgrouprule_part[3]|length != 0 %} "port_range_min": {{ secgrouprule_part[3] }}, {% endif %} -{% if secgrouprule_part[4]|length != 0 %} +{% if secgrouprule_part[4] is defined and secgrouprule_part[4]|length != 0 %} "port_range_max": {{ secgrouprule_part[4] }}, {% endif %} +{% if secgrouprule_part[5] is defined and secgrouprule_part[5]|length != 0 %} "remote_ip_prefix": "{{ secgrouprule_part[5] }}", +{% endif %} "security_group_id": "{{ secgroup_id }}", } } diff --git a/roles/otc_dns/templates/zonerecord_create.json.j2 b/roles/otc_dns/templates/zonerecord_create.json.j2 new file mode 100644 index 0000000..e751071 --- /dev/null +++ b/roles/otc_dns/templates/zonerecord_create.json.j2 @@ -0,0 +1,9 @@ +{ + "name": "{{ zonerecord_part[0] }}.", +{% if zonerecord_part[1] is defined and zonerecord_part[1]|length != 0 %} + "description": "{{ zonerecord_part[1] }}", +{% endif %} + "type": "{{ zonerecord_part[2] }}", + "ttl": {{ zonerecord_part[3] }}, + "records": [ "{{ zonerecord_part[4] }}" ] +} diff --git a/roles/otc_ecs/README.rst b/roles/otc_ecs/README.rst new file mode 100644 index 0000000..85fbfc4 --- /dev/null +++ b/roles/otc_ecs/README.rst @@ -0,0 +1,64 @@ +otc_ecs +======= + +OTC role for ECS. + +Variables: +^^^^^^^^^^ + ++---------------------------+---------------------------------------------------------------+ +| Name | Description | ++===========================+===============================================================+ +| localaction=flavors | show flavors | ++---------------------------+---------------------------------------------------------------+ +| ecs_name | name of ECS | ++---------------------------+---------------------------------------------------------------+ +| ecs_id | id of ECS | ++---------------------------+---------------------------------------------------------------+ +| ecs_volumetype | Volume type of ECS (SATA,SSD,SAS) | ++---------------------------+---------------------------------------------------------------+ +| ecs_volumesize | Size of ECS volume in GB (or image default) | ++---------------------------+---------------------------------------------------------------+ +| ecs_ram | RAM size of ECS | ++---------------------------+---------------------------------------------------------------+ +| ecs_vcpus | CPU core of ECS | ++---------------------------+---------------------------------------------------------------+ +| ecs_ipaddress | IP address of ECS | ++---------------------------+---------------------------------------------------------------+ +| ecs_fileinject_[1-5] | Personal data (file injection) | +| | up to 5 files | +| | example: ansible-playbook -e "ecs_fileinject_1=/etc/hosts \ | +| | ecs_fileinject_data_1=$(base64 -w 0 hosts.txt)" | ++---------------------------+---------------------------------------------------------------+ +| ecs_fileinject_data_[1-5] | Personal data (file injection) | ++---------------------------+---------------------------------------------------------------+ +| ecs_user_data | cloud-init user data file | +| | example [...] -e "ecs_user_data=$(base64 -w 0 user-data.txt)" | ++---------------------------+---------------------------------------------------------------+ +| ecs_adminpass | Admin password ECS | ++---------------------------+---------------------------------------------------------------+ +| ecs_adminkey | SSH key name of ECS | ++---------------------------+---------------------------------------------------------------+ + +Functions: +^^^^^^^^^^ + +Create:: + + ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create" + + ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create" + + ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create" + +Show:: + + ./grole otc_ecs; ansible-playbook roles.yml -e "ecs_name=ansible-test01" -e "localaction=show" + +List:: + + ./grole otc_ecs; ansible-playbook roles.yml -e "localaction=list" + +Delete:: + + ./grole otc_ecs; ansible-playbook roles.yml -e "ecs_name=ansible-test01" -e "localaction=delete" diff --git a/roles/otc_ecs/tasks/create.yml b/roles/otc_ecs/tasks/create.yml new file mode 100644 index 0000000..80753a9 --- /dev/null +++ b/roles/otc_ecs/tasks/create.yml @@ -0,0 +1,49 @@ +- name: Lookup flavor_id + include: lookup.yml + +- name: Lookup vpc_id + include: ../../otc_vpc/tasks/lookup.yml + +- name: Lookup image_id + include: ../../otc_ims/tasks/lookup.yml + +- name: Lookup subnet_id + include: ../../otc_subnet/tasks/lookup.yml + +- name: Lookup eip_id + include: ../../otc_eip/tasks/lookup.yml + +- name: Lookup secgroup_id + include: ../../otc_secgroup/tasks/lookup.yml + with_items: + - "{{ secgroups }}" + loop_control: + loop_var: secgroup_name + +- name: Send request to API (create ECS) + uri: + url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/cloudservers" + method: POST + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" + register: ecs + when: + - ecs_name is defined + - image_id is defined + - flavor_id is defined + +- name: Set fact job_id + set_fact: + job_id: "{{ (ecs.content|from_json)|json_query('job_id') }}" + when: ecs is defined and ecs.content|length != 0 + +- name: Output of job_id + debug: + msg: "{{ job_id }}" + when: job_id is defined diff --git a/roles/otc_ecs/tasks/delete.yml b/roles/otc_ecs/tasks/delete.yml new file mode 100644 index 0000000..23848a6 --- /dev/null +++ b/roles/otc_ecs/tasks/delete.yml @@ -0,0 +1,20 @@ +- name: Send request to API (delete ECS) + uri: + url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/cloudservers/delete" + method: POST + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'delete.json.j2')|to_json }}" + when: ecs_id is defined and ecs_id|length != 0 + register: ecs + +- pause: + minutes: 1 + +- debug: + msg: "{{ ecs }}" diff --git a/roles/otc_ecs/tasks/flavors.yml b/roles/otc_ecs/tasks/flavors.yml new file mode 100644 index 0000000..363b2a5 --- /dev/null +++ b/roles/otc_ecs/tasks/flavors.yml @@ -0,0 +1,24 @@ +- name: Send request to API (list flavors) + uri: + url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/cloudservers/flavors" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: flavorlist + tags: + - flavors + +- name: Debug output flavor long list + debug: + msg: "{{ flavorlist.content }}" + when: + - output is defined and output == "long" + +- name: Debug output flavors short list + debug: + msg: "[ ] {% for flavor in flavorlist.json.flavors %}[{{ flavor.id }} {{ flavor.name }} {{ flavor.vcpus }} {{ flavor.ram }}]{% endfor %}" + when: + - output is undefined diff --git a/roles/ecs/tasks/main.yml b/roles/otc_ecs/tasks/list.yml similarity index 53% rename from roles/ecs/tasks/main.yml rename to roles/otc_ecs/tasks/list.yml index 1efa0b5..2fb05f6 100644 --- a/roles/ecs/tasks/main.yml +++ b/roles/otc_ecs/tasks/list.yml @@ -1,11 +1,12 @@ -- name: Request ecs list from AUTH API +- name: Send request to API (list ECS) uri: url: "{{ AUTH_URL_ECS }}/servers" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: ecslist - debug: diff --git a/roles/otc_ecs/tasks/lookup.yml b/roles/otc_ecs/tasks/lookup.yml new file mode 100644 index 0000000..6c1f306 --- /dev/null +++ b/roles/otc_ecs/tasks/lookup.yml @@ -0,0 +1,77 @@ +- name: Send request to API (list ECS for lookup) + uri: + url: "{{ AUTH_URL_ECS }}/servers" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: ecs_result + when: ecs_name is defined + +- name: Set fact ecs_id for ecs if ecs_name is defined + set_fact: + ecs_id: "{{ (ecs_result.content|from_json)|json_query(\"servers[?name=='\" + ecs_name + \"'].id|[0]\") }}" + when: ecs_name is defined + +- name: Send request to API (list flavor for lookup) + uri: + url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/cloudservers/flavors" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: flavor_result + when: + - ecs_name is defined + - (ecs_ram is defined and ecs_ram|length != 0) and (ecs_vcpus is defined and ecs_vcpus|length != 0) + +- name: Set fact flavor_id if ecs_ram or ecs_vcpus is defined + set_fact: + flavor_id: "{{ (flavor_result.content|from_json)|json_query('sort_by(flavors, &ram)|[?ram>=`' + ecs_ram + '` && vcpus>=`' + ecs_vcpus + '`].id|[0]') }}" + when: + - ecs_name is defined + - (ecs_ram is defined and ecs_ram |length != 0) or (ecs_vcpus is defined and ecs_vcpus|length != 0) + +# this code below is duplicated to the ref roles +# - name: Send request to API (list images for lookup) +# uri: +# url: "{{ AUTH_URL_IMS }}/v2/cloudimages?name={{ image_name }}" +# method: GET +# return_content: yes +# validate_certs: yes +# headers: +# Content-Type: "application/json" +# X-Auth-Token: "{{ token['x_subject_token'] }}" +# register: ims_result +# when: +# - image_name is defined +# +# - name: Set fact image_id if image_name is defined +# set_fact: +# image_id: "{{ (ims_result.content|from_json)|json_query('images[].id|[0]') }}" +# when: +# - image_name is defined +# +# - name: Send request to API (list subnet for lookup) +# uri: +# url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" +# method: GET +# return_content: yes +# validate_certs: yes +# headers: +# Content-Type: "application/json" +# X-Auth-Token: "{{ token['x_subject_token'] }}" +# when: +# - subnet_name is defined +# register: subnet_result +# +# - name: Set fact for subnet_id if subnet_name is defined +# set_fact: +# subnet_id: "{{ (subnet_result.content|from_json)|json_query(\"subnets[?name=='\" + subnet_name + \"'].id|[0]\") }}" +# when: +# - subnet_name is defined and subnet_name|length != 0 +# diff --git a/roles/otc_ecs/tasks/main.yml b/roles/otc_ecs/tasks/main.yml new file mode 100644 index 0000000..62aeda8 --- /dev/null +++ b/roles/otc_ecs/tasks/main.yml @@ -0,0 +1,41 @@ +- name: Get flavors + include: flavors.yml + when: + - localaction is defined and localaction == "flavors" + tags: + - flavors + +- name: Get ECS list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - ecslist + +- name: Lookup ecs_id + include: lookup.yml + when: + - ecs_name is defined + tags: + - ecslookup + +- name: Get ECS detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - ecsshow + +- name: Create ECS + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - ecscreate + +- name: Delete ECS + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - ecsdelete diff --git a/roles/otc_ecs/tasks/show.yml b/roles/otc_ecs/tasks/show.yml new file mode 100644 index 0000000..e082386 --- /dev/null +++ b/roles/otc_ecs/tasks/show.yml @@ -0,0 +1,19 @@ +- name: Lookup ecs_id + include: lookup.yml + +- name: Send request to API (show ECS) + uri: + url: "{{ AUTH_URL_ECS }}/servers/{{ ecs_id }}" + method: PUT + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'show.json.j2')|to_json }}" + register: ecs + +- debug: + msg: "{{ ecs }}" diff --git a/roles/ecs_create/templates/request.json.j2 b/roles/otc_ecs/templates/create.json.j2 similarity index 91% rename from roles/ecs_create/templates/request.json.j2 rename to roles/otc_ecs/templates/create.json.j2 index dc16312..05e8e1a 100644 --- a/roles/ecs_create/templates/request.json.j2 +++ b/roles/otc_ecs/templates/create.json.j2 @@ -4,7 +4,7 @@ "name": "{{ ecs_name }}", "imageRef": "{{ image_id }}", "root_volume": { -{% if ecs_volumesize |length != 0 %} +{% if ecs_volumesize is defined and ecs_volumesize|length != 0 %} "size": "{{ ecs_volumesize }}", {% endif %} "volumetype": "{{ ecs_volumetype }}" @@ -12,13 +12,15 @@ "flavorRef": "{{ flavor_id }}", "vpcid": "{{ vpc_id }}", "security_groups": [ +{% for secgroup_id in secgroup_ids %} { "id": "{{ secgroup_id }}" - } + }, +{% endfor %} ], "nics": [ { -{% if ecs_ipaddress |length != 0 %} +{% if ecs_ipaddress is defined and ecs_ipaddress|length != 0 %} "ip_address": "{{ ecs_ipaddress }}", {% endif %} "subnet_id": "{{ subnet_id }}" diff --git a/roles/ecs_delete/templates/request.json.j2 b/roles/otc_ecs/templates/delete.json.j2 similarity index 100% rename from roles/ecs_delete/templates/request.json.j2 rename to roles/otc_ecs/templates/delete.json.j2 diff --git a/roles/ecs_show/templates/request.json.j2 b/roles/otc_ecs/templates/show.json.j2 similarity index 100% rename from roles/ecs_show/templates/request.json.j2 rename to roles/otc_ecs/templates/show.json.j2 diff --git a/roles/otc_eip/README.rst b/roles/otc_eip/README.rst new file mode 100644 index 0000000..ae435e2 --- /dev/null +++ b/roles/otc_eip/README.rst @@ -0,0 +1,39 @@ +otc_eip +======= + +OTC role for floating ip (EIP). + +Variables: +^^^^^^^^^^ + ++-------------------------+-----------------------------------------------------------+ +| Name | Description | ++=========================+===========================================================+ +| public_ip_address | Public ip address (alreay allocated or new | ++-------------------------+-----------------------------------------------------------+ +| eip_id | id of EIP | ++-------------------------+-----------------------------------------------------------+ +| eip_bandwidth_name | Bandwith name of EIP | ++-------------------------+-----------------------------------------------------------+ +| eip_bandwidth_size | Bandwith size of EIP (5-500 Mbit/s | ++-------------------------+-----------------------------------------------------------+ + + +Functions: +^^^^^^^^^^ + +Create:: + + ansible-playbook tenant_yml.yml -e "public_ip_address=0.0.0.0" -e "localaction=create" + +Show:: + + ./grole otc_eip; ansible-playbook roles.yml -e "public_ip_address=160.44.1.1" -e "localaction=show" + +List:: + + ./grole otc_eip; ansible-playbook roles.yml -e "localaction=list" + +Delete:: + + ./grole otc_eip; ansible-playbook roles.yml -e "public_ip_address=160.44.1.1" -e "localaction=delete" diff --git a/roles/eip_apply/tasks/main.yml b/roles/otc_eip/tasks/create.yml similarity index 70% rename from roles/eip_apply/tasks/main.yml rename to roles/otc_eip/tasks/create.yml index d30f767..a48a4b8 100644 --- a/roles/eip_apply/tasks/main.yml +++ b/roles/otc_eip/tasks/create.yml @@ -1,4 +1,4 @@ -- name: Send request to API +- name: Send request to API (create EIP) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/publicips" method: POST @@ -6,9 +6,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" when: public_ip_address == "0.0.0.0" register: eip diff --git a/roles/eip_delete/tasks/main.yml b/roles/otc_eip/tasks/delete.yml similarity index 59% rename from roles/eip_delete/tasks/main.yml rename to roles/otc_eip/tasks/delete.yml index 25c44f3..d29ec5f 100644 --- a/roles/eip_delete/tasks/main.yml +++ b/roles/otc_eip/tasks/delete.yml @@ -1,4 +1,7 @@ -- name: Send request to API +- name: Lookup eip_id + include: lookup.yml + +- name: Send request to API (delete EIP) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/publicips/{{ eip_id }}" method: DELETE @@ -7,8 +10,9 @@ return_content: yes validate_certs: yes status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: eip - debug: diff --git a/roles/eip/tasks/main.yml b/roles/otc_eip/tasks/list.yml similarity index 58% rename from roles/eip/tasks/main.yml rename to roles/otc_eip/tasks/list.yml index 1c69fe2..8f4f471 100644 --- a/roles/eip/tasks/main.yml +++ b/roles/otc_eip/tasks/list.yml @@ -1,11 +1,12 @@ -- name: Request floatingip list from API +- name: Send request to API (list EIP) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/publicips" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: floatingiplist - debug: diff --git a/roles/otc_eip/tasks/lookup.yml b/roles/otc_eip/tasks/lookup.yml new file mode 100644 index 0000000..93c7dde --- /dev/null +++ b/roles/otc_eip/tasks/lookup.yml @@ -0,0 +1,16 @@ +- name: Send request to API (list eip for lookup) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/publicips" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: floatingiplist_result + +- name: Set fact eip_id for eip if public_ip_address is defined + set_fact: + eip_id: "{{ (floatingiplist_result.content|from_json)|json_query(\"publicips[?public_ip_address=='\" + public_ip_address + \"'].id|[0]\") }}" + when: + - (public_ip_address is defined and public_ip_address | ipaddr) diff --git a/roles/otc_eip/tasks/main.yml b/roles/otc_eip/tasks/main.yml new file mode 100644 index 0000000..25c23e9 --- /dev/null +++ b/roles/otc_eip/tasks/main.yml @@ -0,0 +1,27 @@ +- name: Get EIP list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - eiplist + +- name: Get EIP detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - eipshow + +- name: Create EIP + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - eipcreate + +- name: Delete EIP + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - eipdelete diff --git a/roles/otc_eip/tasks/show.yml b/roles/otc_eip/tasks/show.yml new file mode 100644 index 0000000..2eb05a3 --- /dev/null +++ b/roles/otc_eip/tasks/show.yml @@ -0,0 +1,16 @@ +- name: Lookup eip_id + include: lookup.yml + +- name: Send request to API (show EIP) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/publicips/{{ eip_id}}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: floatingipdetails + +- debug: + msg: "{{ floatingipdetails.json }}" diff --git a/roles/eip_apply/templates/request.json.j2 b/roles/otc_eip/templates/create.json.j2 similarity index 100% rename from roles/eip_apply/templates/request.json.j2 rename to roles/otc_eip/templates/create.json.j2 diff --git a/roles/otc_elb/README.rst b/roles/otc_elb/README.rst new file mode 100644 index 0000000..5afa0c6 --- /dev/null +++ b/roles/otc_elb/README.rst @@ -0,0 +1,121 @@ +otc_elb +======= + +OTC role for Elastic Load Balancer (ELB). + +Variables: +^^^^^^^^^^ + ++------------------------------------+---------------------------------------------------------------+ +| Name | Description | ++====================================+===============================================================+ +| localaction="list" | List ELB | ++------------------------------------+---------------------------------------------------------------+ +| localaction="show" | Show ELB resources | ++------------------------------------+---------------------------------------------------------------+ +| localaction="create" | Create ELB | ++------------------------------------+---------------------------------------------------------------+ +| localaction="elblistenercreate" | Create ELB Listener | ++------------------------------------+---------------------------------------------------------------+ +| localaction="elbhealthcheckcreate" | Create ELB Healthcheck | ++------------------------------------+---------------------------------------------------------------+ +| localaction="elbcertificatecreate" | Create ELB Certificate | ++------------------------------------+---------------------------------------------------------------+ +| localaction="elbbackendcreate" | Create ELB Backend | ++------------------------------------+---------------------------------------------------------------+ +| localaction="delete" | Delete ELB | ++------------------------------------+---------------------------------------------------------------+ +| localaction="elblistenerdelete" | Delete ELB Listener | ++------------------------------------+---------------------------------------------------------------+ +| localaction="elbhealthcheckdelete" | Delete ELB Healthcheck | ++------------------------------------+---------------------------------------------------------------+ +| localaction="elbcertificatedelete" | Delete ELB certificate | ++------------------------------------+---------------------------------------------------------------+ +| localaction="elbbackenddelete" | Delete ELB Backend | ++------------------------------------+---------------------------------------------------------------+ +| elb_name | name of ELB | ++------------------------------------+---------------------------------------------------------------+ +| elb_id | id of ELB | ++------------------------------------+---------------------------------------------------------------+ +| admin_state_up | state of the ELB | ++------------------------------------+---------------------------------------------------------------+ +| elb_availability_zone | Availability zone where ELB is located | ++------------------------------------+---------------------------------------------------------------+ +| elb_bandwidth | Bandwidth of the ELB | ++------------------------------------+---------------------------------------------------------------+ +| elb_type | Typ of ELB (internal or external | ++------------------------------------+---------------------------------------------------------------+ +| elb_secgroup_name | Security Group bound on ELB | ++------------------------------------+---------------------------------------------------------------+ +| elb_subnet_name | Subnet of ELB | ++------------------------------------+---------------------------------------------------------------+ +| elb_vpc_name | VPC of ELB | ++------------------------------------+---------------------------------------------------------------+ +| listener_protocol | Listener protocol (HTTP, HTTPS, TCP) | ++------------------------------------+---------------------------------------------------------------+ +| listener_port | Listener Port | ++------------------------------------+---------------------------------------------------------------+ +| listener_backend_protocol | Listener Backend Protocol (HTTP, HTTPS, TCP) | ++------------------------------------+---------------------------------------------------------------+ +| listener_backend_port | Listener Backend Port | ++------------------------------------+---------------------------------------------------------------+ +| listener_lb_algorithm | Listener Algorithm (source, roundrobin, leastconn) | ++------------------------------------+---------------------------------------------------------------+ +| listener_certificate_name | Listener SSL Certificate Name | ++------------------------------------+---------------------------------------------------------------+ +| listener_tcp_timeout | Listener TCP timeout | ++------------------------------------+---------------------------------------------------------------+ +| listener_cookie_timeout | Listener Timeout for Cookies | ++------------------------------------+---------------------------------------------------------------+ +| listener_sticky_session_type | Listener Sticky Session Type (insert if Cookie used) | ++------------------------------------+---------------------------------------------------------------+ +| listener_session_sticky | Listener Session Sticky (true or false) | ++------------------------------------+---------------------------------------------------------------+ +| healthcheck_connect_port | Connect Port for the health check | ++------------------------------------+---------------------------------------------------------------+ +| healthcheck_interval | Interval for the health check | ++------------------------------------+---------------------------------------------------------------+ +| healthcheck_protocol | Protocol for the health check | ++------------------------------------+---------------------------------------------------------------+ +| healthcheck_timeout | Timeout for the health check | ++------------------------------------+---------------------------------------------------------------+ +| healthcheck_uri | URI for the health check (HTTP/HTTPS) | ++------------------------------------+---------------------------------------------------------------+ +| unhealthy_threshold | Treshold for unhealthy state | ++------------------------------------+---------------------------------------------------------------+ +| backend_members | Backend member for the ELB Listener | ++------------------------------------+---------------------------------------------------------------+ + +Functions: +^^^^^^^^^^ + +Create:: + + ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "localaction=create" + + ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=elblistenercreate" + + ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=elbhealthcheckcreate" + ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=elbbackendcreate" + + +note: similar with ini, and json conf + +Show:: + + ./grole otc_elb; ansible-playbook roles.yml -e "elb_name=ansible-elb01" -e "localaction=show" + +List:: + + ./grole otc_elb; ansible-playbook roles.yml -e "localaction=list" + +Delete:: + + ./grole otc_elb; ansible-playbook roles.yml -e "elb_name=ansible-elb01" -e "localaction=delete" + + ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "localaction=delete" + + ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=elblistenerdelete" + + ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=elbhealthcheckdelete" + ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=elbbackenddelete" diff --git a/roles/backend_member_helper/tasks/main.yml b/roles/otc_elb/tasks/backends_create.yml similarity index 76% rename from roles/backend_member_helper/tasks/main.yml rename to roles/otc_elb/tasks/backends_create.yml index 45de9ab..720763f 100644 --- a/roles/backend_member_helper/tasks/main.yml +++ b/roles/otc_elb/tasks/backends_create.yml @@ -4,8 +4,9 @@ method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: ecs_result when: listener_name is defined @@ -17,8 +18,9 @@ method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: ecs when: backend_members is defined with_items: @@ -38,9 +40,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'backends_create.json.j2')|to_json }}" register: elbbackends with_together: - "{{ backend_member_id }}" diff --git a/roles/elb_backends_delete/tasks/main.yml b/roles/otc_elb/tasks/backends_delete.yml similarity index 79% rename from roles/elb_backends_delete/tasks/main.yml rename to roles/otc_elb/tasks/backends_delete.yml index 9aa0e2d..2942110 100644 --- a/roles/elb_backends_delete/tasks/main.yml +++ b/roles/otc_elb/tasks/backends_delete.yml @@ -6,8 +6,9 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'request.json.j2')|to_json }}" register: elbbackends when: listener_id is defined diff --git a/roles/elb_certificate_create/tasks/main.yml b/roles/otc_elb/tasks/certificate_create.yml similarity index 68% rename from roles/elb_certificate_create/tasks/main.yml rename to roles/otc_elb/tasks/certificate_create.yml index 969f8ca..bbd27d8 100644 --- a/roles/elb_certificate_create/tasks/main.yml +++ b/roles/otc_elb/tasks/certificate_create.yml @@ -6,7 +6,7 @@ shell: awk '$1=$1' ORS='\\n' {{ elb_certificate_key_file }} register: elb_certificate_key -- name: Send request to API +- name: Send request to API (Create ELB Certificate) uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/certificate" method: POST @@ -14,9 +14,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'certificate_create.json.j2')|to_json }}" register: elbcertificate - debug: diff --git a/roles/elb_certificate_delete/tasks/main.yml b/roles/otc_elb/tasks/certificate_delete.yml similarity index 81% rename from roles/elb_certificate_delete/tasks/main.yml rename to roles/otc_elb/tasks/certificate_delete.yml index 2680259..cdc44f3 100644 --- a/roles/elb_certificate_delete/tasks/main.yml +++ b/roles/otc_elb/tasks/certificate_delete.yml @@ -6,8 +6,9 @@ return_content: yes validate_certs: yes status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: elbcertifcate when: listener_certificate_id is defined diff --git a/roles/elb_create/tasks/main.yml b/roles/otc_elb/tasks/create.yml similarity index 60% rename from roles/elb_create/tasks/main.yml rename to roles/otc_elb/tasks/create.yml index 905f94e..4f08636 100644 --- a/roles/elb_create/tasks/main.yml +++ b/roles/otc_elb/tasks/create.yml @@ -1,4 +1,4 @@ -- name: Send request to API +- name: Send request to API (create ELB) uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers" method: POST @@ -6,9 +6,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" when: - listener_name is undefined - vpc_id is defined diff --git a/roles/elb_delete/tasks/main.yml b/roles/otc_elb/tasks/delete.yml similarity index 54% rename from roles/elb_delete/tasks/main.yml rename to roles/otc_elb/tasks/delete.yml index 040adb8..9d1438d 100644 --- a/roles/elb_delete/tasks/main.yml +++ b/roles/otc_elb/tasks/delete.yml @@ -1,12 +1,16 @@ -- name: Send request to API +#- name: Lookup elb_id +# include: lookup.yml + +- name: Send request to API (delete ELB) uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers/{{ elb_id }}" method: DELETE follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: elb - debug: diff --git a/roles/elb_healthcheck_create/tasks/main.yml b/roles/otc_elb/tasks/healthcheck_create.yml similarity index 57% rename from roles/elb_healthcheck_create/tasks/main.yml rename to roles/otc_elb/tasks/healthcheck_create.yml index 62410ac..c0bc9c9 100644 --- a/roles/elb_healthcheck_create/tasks/main.yml +++ b/roles/otc_elb/tasks/healthcheck_create.yml @@ -1,4 +1,4 @@ -- name: Send request to API +- name: Send request to API (Create ELB Healthcheck) uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/healthcheck" method: POST @@ -6,9 +6,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'healthcheck_create.json.j2')|to_json }}" register: elbhealthcheck when: listener_id is defined and listener_id|length != 0 diff --git a/roles/elb_healthcheck_delete/tasks/main.yml b/roles/otc_elb/tasks/healthcheck_delete.yml similarity index 75% rename from roles/elb_healthcheck_delete/tasks/main.yml rename to roles/otc_elb/tasks/healthcheck_delete.yml index 7f89e14..226990a 100644 --- a/roles/elb_healthcheck_delete/tasks/main.yml +++ b/roles/otc_elb/tasks/healthcheck_delete.yml @@ -6,8 +6,9 @@ return_content: yes validate_certs: yes status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: elbhealthcheck - debug: diff --git a/roles/elb/tasks/main.yml b/roles/otc_elb/tasks/list.yml similarity index 60% rename from roles/elb/tasks/main.yml rename to roles/otc_elb/tasks/list.yml index 82e01cd..ff813f0 100644 --- a/roles/elb/tasks/main.yml +++ b/roles/otc_elb/tasks/list.yml @@ -1,12 +1,13 @@ -- name: Send request to API +- name: Send request to API (list ELB) uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers" method: GET follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: elblist - debug: diff --git a/roles/elb_listener_create/tasks/main.yml b/roles/otc_elb/tasks/listener_create.yml similarity index 59% rename from roles/elb_listener_create/tasks/main.yml rename to roles/otc_elb/tasks/listener_create.yml index 853cc72..88d99ff 100644 --- a/roles/elb_listener_create/tasks/main.yml +++ b/roles/otc_elb/tasks/listener_create.yml @@ -1,4 +1,4 @@ -- name: Send request to API +- name: Send request to API (create elb_listener) uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners" method: POST @@ -6,9 +6,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'listener_create.json.j2')|to_json }}" register: elblistner when: - elb_id is defined diff --git a/roles/elb_listener_delete/tasks/main.yml b/roles/otc_elb/tasks/listener_delete.yml similarity index 74% rename from roles/elb_listener_delete/tasks/main.yml rename to roles/otc_elb/tasks/listener_delete.yml index 55d59a1..b42a354 100644 --- a/roles/elb_listener_delete/tasks/main.yml +++ b/roles/otc_elb/tasks/listener_delete.yml @@ -6,8 +6,9 @@ return_content: yes validate_certs: yes status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: elblistener - debug: diff --git a/roles/otc_elb/tasks/lookup.yml b/roles/otc_elb/tasks/lookup.yml new file mode 100644 index 0000000..26d27d9 --- /dev/null +++ b/roles/otc_elb/tasks/lookup.yml @@ -0,0 +1,89 @@ +- name: Send request to API (list elb) + uri: + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers" + method: GET + follow_redirects: all + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: elb_result + when: elb_name is defined + +- name: Set fact elb_id for elb if elb_name is defined + set_fact: + elb_id: "{{ (elb_result.content|from_json)|json_query(\"loadbalancers[?name=='\" + elb_name + \"'].id|[0]\") }}" + when: elb_name is defined + +- name: Send request to API (list VPC for lookup elb_vpc_name) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/vpcs" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: elb_vpc_result + +- name: Set fact vpc_id if vpc_name is defined + set_fact: + vpc_id: "{{ (elb_vpc_result.content|from_json)|json_query(\"vpcs[?name=='\" + elb_vpc_name + \"'].id|[0]\") }}" + when: + - elb_vpc_name is defined + +- name: Send request to API (list subnet for lookup elb_subnet_name) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - elb_subnet_name is defined + register: elb_subnet_result + +- name: Set fact for subnet_id if elb_subnet_name is defined + set_fact: + subnet_id: "{{ (elb_subnet_result.content|from_json)|json_query(\"subnets[?name=='\" + elb_subnet_name + \"'].id|[0]\") }}" + when: + - elb_subnet_name is defined and elb_subnet_name|length != 0 + +- name: Send Request to API (list elb certificates) + uri: + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/certificate" + method: GET + follow_redirects: all + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: listener_certificate_result + +- name: Set fact listener_certificate_id for elb if listener_certificate_name is defined + set_fact: + listener_certificate_id: "{{ (listener_certificate_result.content|from_json)|json_query(\"certificates[?name=='\" + listener_certificate_name + \"'].id|[0]\") }}" + when: + - listener_name is defined + +- name: Send Request to API (list elb listener) + uri: + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners?loadbalancer_id={{ elb_id}}" + method: GET + follow_redirects: all + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: listener_result + when: elb_id is defined + +- name: Set fact listener_id for elb if listener_name is defined + set_fact: + listener_id: "{{ (listener_result.content|from_json)|json_query(\"[?name=='\" + listener_name + \"'].id|[0]\") }}" + when: listener_name is defined diff --git a/roles/otc_elb/tasks/main.yml b/roles/otc_elb/tasks/main.yml new file mode 100644 index 0000000..2a01665 --- /dev/null +++ b/roles/otc_elb/tasks/main.yml @@ -0,0 +1,91 @@ +- name: Get ELB list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - elblist + +- name: Lookup elb_id + include: lookup.yml + when: + - elb_name is defined + tags: + - elblookup + +- name: Get ELB detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - elbshow + +- name: Create ELB + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - elbcreate + +- name: Create ELB Listener + include: listener_create.yml + when: + - localaction is defined and localaction == "elblistenercreate" + tags: + - elblistenercreate + +- name: Create ELB Healthcheck + include: healthcheck_create.yml + when: + - localaction is defined and localaction == "elbhealthcheckcreate" + tags: + - elbhealthcheckcreate + +- name: Create ELB Certificate + include: certificate_create.yml + when: + - localaction is defined and localaction == "elbcertificatecreate" + tags: + - elbcertificatecreate + +- name: Create ELB Backends + include: backends_create.yml + when: + - localaction is defined and localaction == "elbbackendcreate" + tags: + - elbbackendcreate + +- name: Delete ELB + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - elbdelete + +- name: Delete ELB Listener + include: listener_delete.yml + when: + - localaction is defined and localaction == "elblistenerdelete" + tags: + - elblistenerdelete + +- name: Delete ELB Healthcheck + include: healthcheck_delete.yml + when: + - localaction is defined and localaction == "elbhealthcheckdelete" + tags: + - elbhealthcheckdelete + +- name: Delete ELB Certificate + include: certificate_delete.yml + when: + - localaction is defined and localaction == "elbcertificatedelete" + tags: + - elbcertificatedelete + +- name: Delete ELB Backends + include: backends_delete.yml + when: + - localaction is defined and localaction == "elbbackenddelete" + tags: + - elbbackenddelete + diff --git a/roles/elb_show/tasks/main.yml b/roles/otc_elb/tasks/show.yml similarity index 57% rename from roles/elb_show/tasks/main.yml rename to roles/otc_elb/tasks/show.yml index c8f8772..bb6b4c1 100644 --- a/roles/elb_show/tasks/main.yml +++ b/roles/otc_elb/tasks/show.yml @@ -1,12 +1,16 @@ -- name: Send request to API +- name: Lookup elb_id + include: lookup.yml + +- name: Send request to API (show ELB) uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers/{{ elb_id }}" method: GET follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: elb when: elb_id is defined diff --git a/roles/backend_member_helper/templates/request.json.j2 b/roles/otc_elb/templates/backends_create.json.j2 similarity index 100% rename from roles/backend_member_helper/templates/request.json.j2 rename to roles/otc_elb/templates/backends_create.json.j2 diff --git a/roles/elb_certificate_create/templates/request.json.j2 b/roles/otc_elb/templates/certificate_create.json.j2 similarity index 100% rename from roles/elb_certificate_create/templates/request.json.j2 rename to roles/otc_elb/templates/certificate_create.json.j2 diff --git a/roles/elb_create/templates/request.json.j2 b/roles/otc_elb/templates/create.json.j2 similarity index 100% rename from roles/elb_create/templates/request.json.j2 rename to roles/otc_elb/templates/create.json.j2 diff --git a/roles/otc_elb/templates/delete.json.j2 b/roles/otc_elb/templates/delete.json.j2 new file mode 100644 index 0000000..9f0bc0e --- /dev/null +++ b/roles/otc_elb/templates/delete.json.j2 @@ -0,0 +1,17 @@ +{ + "servers": [ + { + "id": "{{ ecs_id }}" + } + ], +{% if delete_publicip is defined %} + "delete_publicip": true, +{% else %} + "delete_publicip": false, +{% endif %} +{% if delete_volume is defined %} + "delete_volume": true +{% else %} + "delete_volume": false +{% endif %} +} diff --git a/roles/elb_healthcheck_create/templates/request.json.j2 b/roles/otc_elb/templates/healthcheck_create.json.j2 similarity index 100% rename from roles/elb_healthcheck_create/templates/request.json.j2 rename to roles/otc_elb/templates/healthcheck_create.json.j2 diff --git a/roles/elb_listener_create/templates/request.json.j2 b/roles/otc_elb/templates/listener_create.json.j2 similarity index 88% rename from roles/elb_listener_create/templates/request.json.j2 rename to roles/otc_elb/templates/listener_create.json.j2 index 0e725cc..8012164 100644 --- a/roles/elb_listener_create/templates/request.json.j2 +++ b/roles/otc_elb/templates/listener_create.json.j2 @@ -8,17 +8,17 @@ {% if listener_certificate_id is defined and listener_certificate_id|length != 0 %} "certificate_id": "{{ listener_certificate_id }}", {% endif %} -{% if listener_session_sticky is defined and listener_session_sticky|length != 0 %} +{% if listener_session_sticky is defined and listener_session_sticky|bool %} "session_sticky": "{{ listener_session_sticky }}", {% endif %} {% if listener_sticky_session_type is defined and listener_sticky_session_type|length != 0 %} "sticky_session_type": "{{ listener_sticky_session_type }}", {% endif %} {% if listener_cookie_timeout is defined and listener_cookie_timeout|length != 0 %} - "cookie_timeout": "{{ listener_cookie_timeout }}", + "cookie_timeout": {{ listener_cookie_timeout }}, {% endif %} {% if listener_tcp_timeout is defined and listener_tcp_timeout|length != 0 %} - "tcp_timeout": "{{ listener_tcp_timeout }}", + "tcp_timeout": {{ listener_tcp_timeout }}, {% endif %} "lb_algorithm": "{{ listener_lb_algorithm }}" } diff --git a/roles/otc_elb/templates/show.json.j2 b/roles/otc_elb/templates/show.json.j2 new file mode 100644 index 0000000..cebb36f --- /dev/null +++ b/roles/otc_elb/templates/show.json.j2 @@ -0,0 +1,5 @@ +{ + "server": { + "name": "{{ ecs_name }}" + } +} diff --git a/roles/otc_evs/README.rst b/roles/otc_evs/README.rst new file mode 100644 index 0000000..506a1f1 --- /dev/null +++ b/roles/otc_evs/README.rst @@ -0,0 +1,49 @@ +otc_evs +======= + +OTC role for Elastic Volume Service (EVS). + +Variables: +^^^^^^^^^^ + ++-------------------------+-----------------------------------------------------------+ +| Name | Description | ++=========================+===========================================================+ +| evs_availability_zone | Availability Zone for EVS | ++-------------------------+-----------------------------------------------------------+ +| evs_id | id of EVS | ++-------------------------+-----------------------------------------------------------+ +| evs_name | name of EVS | ++-------------------------+-----------------------------------------------------------+ +| evs_volume_type | Volume type of EVS (SATA,SSD,SAS) | ++-------------------------+-----------------------------------------------------------+ +| evs_size | Volume size in GB | ++-------------------------+-----------------------------------------------------------+ +| evs_ims_id | ims_id from which the volume should created | ++-------------------------+-----------------------------------------------------------+ +| evs_backup_id | backup_id from which the volume should created | ++-------------------------+-----------------------------------------------------------+ +| evs_scsi | hw passthrough enabled | ++-------------------------+-----------------------------------------------------------+ +| evs_multiattach | multi attache enabled | ++-------------------------+-----------------------------------------------------------+ + + +Functions: +^^^^^^^^^^ + +Create:: + + ansible-playbook tenant_yml.yml -e "evs_name=ansible-evs01" -e "localaction=create" + +Show:: + + ./grole otc_evs; ansible-playbook roles.yml -e "evs_name=ansible-evs01" -e "localaction=show" + +List:: + + ./grole otc_evs; ansible-playbook roles.yml -e "localaction=list" + +Delete:: + + ./grole otc_evs; ansible-playbook roles.yml -e "evs_name=ansible-evs01" -e "localaction=delete" diff --git a/roles/evs_create/tasks/main.yml b/roles/otc_evs/tasks/create.yml similarity index 50% rename from roles/evs_create/tasks/main.yml rename to roles/otc_evs/tasks/create.yml index 46c0467..57e60f6 100644 --- a/roles/evs_create/tasks/main.yml +++ b/roles/otc_evs/tasks/create.yml @@ -1,4 +1,4 @@ -- name: Send request to API +- name: Send request to API (create EVS) uri: url: "{{ AUTH_URL_EVS }}/cloudvolumes" method: POST @@ -6,9 +6,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" register: evs - debug: diff --git a/roles/evs_delete/tasks/main.yml b/roles/otc_evs/tasks/delete.yml similarity index 57% rename from roles/evs_delete/tasks/main.yml rename to roles/otc_evs/tasks/delete.yml index 92e8bd8..e775d30 100644 --- a/roles/evs_delete/tasks/main.yml +++ b/roles/otc_evs/tasks/delete.yml @@ -1,4 +1,7 @@ -- name: Send request to API +- name: Lookup evs_id + include: lookup.yml + +- name: Send request to API (delete EVS) uri: url: "{{ AUTH_URL_EVS }}/cloudvolumes/{{ evs_id }}" method: DELETE @@ -7,8 +10,9 @@ return_content: yes validate_certs: yes status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: evs - debug: diff --git a/roles/evs/tasks/main.yml b/roles/otc_evs/tasks/list.yml similarity index 55% rename from roles/evs/tasks/main.yml rename to roles/otc_evs/tasks/list.yml index 7e7d223..9bf977a 100644 --- a/roles/evs/tasks/main.yml +++ b/roles/otc_evs/tasks/list.yml @@ -1,11 +1,12 @@ -- name: Request volumes list from API +- name: Send request to API (list EVS) uri: url: "{{ AUTH_URL_EVS }}/cloudvolumes" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: volumeslist - debug: diff --git a/roles/otc_evs/tasks/lookup.yml b/roles/otc_evs/tasks/lookup.yml new file mode 100644 index 0000000..9790fc3 --- /dev/null +++ b/roles/otc_evs/tasks/lookup.yml @@ -0,0 +1,16 @@ +- name: Send request to API (list evs for lookup) + uri: + url: "{{ AUTH_URL_EVS }}/cloudvolumes" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: evs_result + when: evs_name is defined + +- name: Set fact evs_id if evs_name is defined + set_fact: + evs_id: "{{ (evs_result.content|from_json)|json_query(\"volumes[?name=='\" + evs_name + \"'].id|[0]\") }}" + when: evs_name is defined diff --git a/roles/otc_evs/tasks/main.yml b/roles/otc_evs/tasks/main.yml new file mode 100644 index 0000000..dff104f --- /dev/null +++ b/roles/otc_evs/tasks/main.yml @@ -0,0 +1,27 @@ +- name: Get EVS list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - evslist + +- name: Get EVS detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - evsshow + +- name: Create EVS + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - evscreate + +- name: Delete EVS + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - evsdelete diff --git a/roles/otc_evs/tasks/show.yml b/roles/otc_evs/tasks/show.yml new file mode 100644 index 0000000..57b602b --- /dev/null +++ b/roles/otc_evs/tasks/show.yml @@ -0,0 +1,16 @@ +- name: Lookup evs_id + include: lookup.yml + +- name: Send request to API (show EVS) + uri: + url: "{{ AUTH_URL_EVS }}/volumes/{{ evs_id }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: volume + +- debug: + msg: "{{ volume.json }}" diff --git a/roles/evs_create/templates/request.json.j2 b/roles/otc_evs/templates/create.json.j2 similarity index 82% rename from roles/evs_create/templates/request.json.j2 rename to roles/otc_evs/templates/create.json.j2 index 8acf059..58a3863 100644 --- a/roles/evs_create/templates/request.json.j2 +++ b/roles/otc_evs/templates/create.json.j2 @@ -12,12 +12,12 @@ {% if evs_backup_id is defined %} "backup_id": "{{ evs_backup_id }}", {% endif %} -{% if evs_scsi is defined and evs_scsi|length != 0 %} +{% if evs_scsi is defined and evs_scsi == "true" %} "metadata": { "hw:passthrough": {{ evs_scsi }} }, {% endif %} -{% if evs_multiattach is defined and evs_multiattach|length != 0 %} +{% if evs_multiattach is defined and evs_multiattach == "true" %} "multiattach": {{ evs_multiattach }}, {% endif %} "count": 1 diff --git a/roles/otc_ims/README.rst b/roles/otc_ims/README.rst new file mode 100644 index 0000000..f35c1a0 --- /dev/null +++ b/roles/otc_ims/README.rst @@ -0,0 +1,47 @@ +otc_ims +======= + +OTC role for Image. + +Variables: +^^^^^^^^^^ + ++-------------------------+-----------------------------------------------------------+ +| Name | Description | ++=========================+===========================================================+ +| image_name | name of image | ++-------------------------+-----------------------------------------------------------+ +| image_id | id of image | ++-------------------------+-----------------------------------------------------------+ +| image_url | s3 source url for image upload | +| | : | +| | ansible1:/xenial-server-cloudimg-amd64-disk1.vmdk | ++-------------------------+-----------------------------------------------------------+ +| ecs_id | ecs_id as source for image creation (ECS must be stopped) | ++-------------------------+-----------------------------------------------------------+ +| image_min_disk | minimal disk size for image creation (in GB) | ++-------------------------+-----------------------------------------------------------+ +| image_os_version | os_version of the created image | ++-------------------------+-----------------------------------------------------------+ + + +Functions: +^^^^^^^^^^ + +Create:: + + ansible-playbook tenant_yml.yml -e "image_name=ansible-image01" -e "image_url=ansible1:/xenial-server-cloudimg-amd64-disk1.vmdk" -e "image_min_disk=12" "localaction=create" + + ansible-playbook tenant_yml.yml -e "image_name=ansible-image01" -e "ecs_id=12345678901234567890" -e "image_min_disk=12" "localaction=create" + +Show:: + + ./grole otc_evs; ansible-playbook roles.yml -e "image_name=Community_Ubuntu_16.04_TSI_latest" -e "localaction=show" + +List:: + + ./grole otc_evs; ansible-playbook roles.yml -e "localaction=list" + +Delete:: + + ./grole otc_evs; ansible-playbook roles.yml -e "image_name=ansible-image01" -e "localaction=delete" diff --git a/roles/image_create/tasks/main.yml b/roles/otc_ims/tasks/create.yml similarity index 58% rename from roles/image_create/tasks/main.yml rename to roles/otc_ims/tasks/create.yml index 427367d..127c2fe 100644 --- a/roles/image_create/tasks/main.yml +++ b/roles/otc_ims/tasks/create.yml @@ -1,4 +1,4 @@ -- name: Send request to API +- name: Send request to API (create image) uri: url: "{{ AUTH_URL_IMS }}/v2/cloudimages/action" method: POST @@ -6,9 +6,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" register: image_create when: image_name is defined diff --git a/roles/image_delete/tasks/main.yml b/roles/otc_ims/tasks/delete.yml similarity index 53% rename from roles/image_delete/tasks/main.yml rename to roles/otc_ims/tasks/delete.yml index f9c14b6..79ed83d 100644 --- a/roles/image_delete/tasks/main.yml +++ b/roles/otc_ims/tasks/delete.yml @@ -1,12 +1,16 @@ -- name: Send request to API +- name: Lookup image_id + include: lookup.yml + +- name: Send request to API (delete image) uri: url: "{{ AUTH_URL_IMS }}/v2/images/{{ image_id }}" method: DELETE follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: image_delete - debug: diff --git a/roles/images/tasks/main.yml b/roles/otc_ims/tasks/list.yml similarity index 55% rename from roles/images/tasks/main.yml rename to roles/otc_ims/tasks/list.yml index d93988c..30b61ba 100644 --- a/roles/images/tasks/main.yml +++ b/roles/otc_ims/tasks/list.yml @@ -1,11 +1,12 @@ -- name: Request images list from API +- name: Send request to API (list image) uri: url: "{{ AUTH_URL_IMS }}/v2/cloudimages" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: imageslist - debug: diff --git a/roles/otc_ims/tasks/lookup.yml b/roles/otc_ims/tasks/lookup.yml new file mode 100644 index 0000000..0327b13 --- /dev/null +++ b/roles/otc_ims/tasks/lookup.yml @@ -0,0 +1,18 @@ +- name: Send request to API (list images for lookup) + uri: + url: "{{ AUTH_URL_IMS }}/v2/cloudimages?name={{ image_name }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: ims_result + when: + - image_name is defined + +- name: Set fact image_id if image_name is defined + set_fact: + image_id: "{{ (ims_result.content|from_json)|json_query('images[].id|[0]') }}" + when: + - image_name is defined diff --git a/roles/otc_ims/tasks/main.yml b/roles/otc_ims/tasks/main.yml new file mode 100644 index 0000000..8db2fb6 --- /dev/null +++ b/roles/otc_ims/tasks/main.yml @@ -0,0 +1,27 @@ +- name: Get Image list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - imagelist + +- name: Get Image detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - imageshow + +- name: Create Image + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - imagecreate + +- name: Delete Image + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - imagedelete diff --git a/roles/otc_ims/tasks/show.yml b/roles/otc_ims/tasks/show.yml new file mode 100644 index 0000000..634752e --- /dev/null +++ b/roles/otc_ims/tasks/show.yml @@ -0,0 +1,18 @@ +- name: Lookup image_id + include: lookup.yml + +- name: Send request to API (show image) + uri: + url: "{{ AUTH_URL_IMS }}/v2/images/{{ image_id }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: imagedetail + when: + - image_id is defined + +- debug: + msg: "{{ imagedetail.json }}" diff --git a/roles/image_create/templates/request.json.j2 b/roles/otc_ims/templates/create.json.j2 similarity index 100% rename from roles/image_create/templates/request.json.j2 rename to roles/otc_ims/templates/create.json.j2 diff --git a/roles/otc_job/README.rst b/roles/otc_job/README.rst new file mode 100644 index 0000000..37501fa --- /dev/null +++ b/roles/otc_job/README.rst @@ -0,0 +1,35 @@ +otc_job +======= + +OTC role for Job Control. Print out the status and some +messages about OTC jobs, e.g. building ECS. + +Variables: +^^^^^^^^^^ + ++--------------+---------------------------------------------+ +| Name | Description | ++==============+=============================================+ +| job_id | Job ID to lookup | ++--------------+---------------------------------------------+ + +Functions: +^^^^^^^^^^ + +Create:: + + n/a + +Read:: + + ansible-playbook -e "job_id=1234567890" job.yml + + ./ajob "1234567890" + +Update:: + + n/a + +Delete:: + + n/a diff --git a/roles/job/tasks/main.yml b/roles/otc_job/tasks/main.yml similarity index 75% rename from roles/job/tasks/main.yml rename to roles/otc_job/tasks/main.yml index 85be2ad..4f51aaf 100644 --- a/roles/job/tasks/main.yml +++ b/roles/otc_job/tasks/main.yml @@ -4,8 +4,9 @@ method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" when: job_id is defined register: jobstatus diff --git a/roles/otc_keypair/README.rst b/roles/otc_keypair/README.rst new file mode 100644 index 0000000..5a7e721 --- /dev/null +++ b/roles/otc_keypair/README.rst @@ -0,0 +1,41 @@ +otc_keypair +=========== + +OTC role for ssh keys. + +Variables: +^^^^^^^^^^ + ++-------------------------+-----------------------------------------------------------+ +| Name | Description | ++=========================+===========================================================+ +| ecs_adminkey | Name of the ssh key (to upload) | ++-------------------------+-----------------------------------------------------------+ +| ecs_adminkey_name | Lookup name of ssh key | ++-------------------------+-----------------------------------------------------------+ +| keypair_file | File to upload as ssh key | ++-------------------------+-----------------------------------------------------------+ + + +Functions: +^^^^^^^^^^ + +Create:: + + ./grole otc_keypair; ansible-playbook roles.yml -e "ecs_adminkey=ansible-key01" -e "keypair_file=.ssh/authorized_keys" -e "localaction=create" + + ansible-playbook tenant_yml.yml -e "ecs_adminkey=ansible-key01" -e "keypair_file=.ssh/authorized_keys" -e "localaction=create" + +note: keypair will be created during ECS creating worklflow + +Show:: + + ./grole otc_keypair; ansible-playbook roles.yml -e "ecs_adminkey=ansible-key01" -e "localaction=show" + +List:: + + ./grole otc_keypair; ansible-playbook roles.yml -e "localaction=list" + +Delete:: + + ./grole otc_keypair; ansible-playbook roles.yml -e "ecs_adminkey=ansible-key01" -e "localaction=delete" diff --git a/roles/keypair_create/tasks/main.yml b/roles/otc_keypair/tasks/create.yml similarity index 71% rename from roles/keypair_create/tasks/main.yml rename to roles/otc_keypair/tasks/create.yml index e48ed66..ac2f68c 100644 --- a/roles/keypair_create/tasks/main.yml +++ b/roles/otc_keypair/tasks/create.yml @@ -6,7 +6,7 @@ register: keypair_file_content when: keypair_file_stat.stat.exists -- name: Send request to API +- name: Send request to API (create keypair) uri: url: "{{ AUTH_URL_ECS }}/os-keypairs" method: POST @@ -14,9 +14,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" when: - keypair_file_stat.stat.exists - (not ecs_adminkey_name or ecs_adminkey_name is undefined) diff --git a/roles/keypair_delete/tasks/main.yml b/roles/otc_keypair/tasks/delete.yml similarity index 50% rename from roles/keypair_delete/tasks/main.yml rename to roles/otc_keypair/tasks/delete.yml index e0874de..3763886 100644 --- a/roles/keypair_delete/tasks/main.yml +++ b/roles/otc_keypair/tasks/delete.yml @@ -1,4 +1,4 @@ -- name: Send request to API +- name: Send request to API (delete keypair) uri: url: "{{ AUTH_URL_ECS }}/os-keypairs/{{ ecs_adminkey }}" method: DELETE @@ -6,9 +6,12 @@ return_content: yes validate_certs: yes status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: keypair + when: ecs_adminkey_name is defined and ecs_adminkey_name|length != 0 +# ignore_errors: true - debug: msg: "{{ keypair }}" diff --git a/roles/keypairs/tasks/main.yml b/roles/otc_keypair/tasks/list.yml similarity index 55% rename from roles/keypairs/tasks/main.yml rename to roles/otc_keypair/tasks/list.yml index a79c50c..ecb137d 100644 --- a/roles/keypairs/tasks/main.yml +++ b/roles/otc_keypair/tasks/list.yml @@ -1,11 +1,12 @@ -- name: Request keypair list from API +- name: Send request to API (keypair list) uri: url: "{{ AUTH_URL_ECS }}/os-keypairs" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: keypairlist - debug: diff --git a/roles/otc_keypair/tasks/lookup.yml b/roles/otc_keypair/tasks/lookup.yml new file mode 100644 index 0000000..8cf0c1d --- /dev/null +++ b/roles/otc_keypair/tasks/lookup.yml @@ -0,0 +1,19 @@ +- name: Send request to API (list keypair) + uri: + url: "{{ AUTH_URL_ECS }}/os-keypairs" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: keypairlist_result + when: + - ecs_adminkey is defined + +- name: Set fact ecs_adminkey_name if ecs_adminkey is defined + set_fact: + ecs_adminkey_name: "{{ (keypairlist_result.content|from_json)|json_query(\"keypairs[?keypair.name=='\" + ecs_adminkey + \"'].keypair.name\") }}" + when: + - ecs_adminkey is defined and ecs_adminkey|length != 0 + diff --git a/roles/otc_keypair/tasks/main.yml b/roles/otc_keypair/tasks/main.yml new file mode 100644 index 0000000..cd02772 --- /dev/null +++ b/roles/otc_keypair/tasks/main.yml @@ -0,0 +1,34 @@ +- name: Get Keypair list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - keypairlist + +- name: Keypair lookup + include: lookup.yml +# when: +# - localaction is defined and localaction == "lookup" + tags: + - keypairlookup + +- name: Get Keypair detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - keypairshow + +- name: Create Keypair + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - keypaircreate + +- name: Delete Keypair + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - keypairdelete diff --git a/roles/otc_keypair/tasks/show.yml b/roles/otc_keypair/tasks/show.yml new file mode 100644 index 0000000..8972ff2 --- /dev/null +++ b/roles/otc_keypair/tasks/show.yml @@ -0,0 +1,13 @@ +- name: Send request to API (keypair show) + uri: + url: "{{ AUTH_URL_ECS }}/os-keypairs/{{ ecs_adminkey }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: keypairdetail + +- debug: + msg: "{{ keypairdetail.json }}" diff --git a/roles/keypair_create/templates/request.json.j2 b/roles/otc_keypair/templates/create.json.j2 similarity index 100% rename from roles/keypair_create/templates/request.json.j2 rename to roles/otc_keypair/templates/create.json.j2 diff --git a/roles/otc_obs/README.rst b/roles/otc_obs/README.rst new file mode 100644 index 0000000..54a89cc --- /dev/null +++ b/roles/otc_obs/README.rst @@ -0,0 +1,47 @@ +otc_obs +======= + +OTC role for Object Storage Service (OBS). +This role requires curl, libxml2-utils, and openssl installed. + +Authentification will be done with environment variables (e.g. EC2...) +or ansible-vault file in 'vars/_secrets.yml' or 'vars/secrets.yml'. +Dependly on that ansible-playbook must be called with vault param. + + +Variables: +^^^^^^^^^^ + ++-------------------------+-----------------------------------------------------------+ +| Name | Description | ++=========================+===========================================================+ +| EC2_ACCESS_KEY | OBS access key | ++-------------------------+-----------------------------------------------------------+ +| EC2_SECRET_KEY | OBS secret key | ++-------------------------+-----------------------------------------------------------+ +| EC2_URL | OBS URL (default https://obs.otc.t-systems.com) | ++-------------------------+-----------------------------------------------------------+ +| bucket | s3 bucket name | ++-------------------------+-----------------------------------------------------------+ +| object | data to upload | ++-------------------------+-----------------------------------------------------------+ + +Functions: +^^^^^^^^^^ + +list OBS buckets:: + + ansible-playbook s3.yml -e "localaction=list" --vault-password-file vars/vaultpass.txt + +create OBS bucket:: + + ansible-playbook s3.yml -e "bucket=mybucket" -e "localaction=create" --vault-password-file vars/vaultpass.txt + +delete OBS bucket:: + + ansible-playbook s3.yml -e "bucket=mybucket" -e "localaction=delete" --vault-password-file vars/vaultpass.txt + +upload files in OBS (VHD, ZVHD, VMDK, QCOW2 are supported for otc image service):: + + ansible-playbook s3.yml -e "bucket=mybucket" -e "object=xenial-server-cloudimg-amd64-disk1.vmdk" -e "localaction=upload" --vault-password-file vars/vaultpass.txt + diff --git a/roles/otc_obs/tasks/auth.yml b/roles/otc_obs/tasks/auth.yml new file mode 100644 index 0000000..e22fd00 --- /dev/null +++ b/roles/otc_obs/tasks/auth.yml @@ -0,0 +1,9 @@ +- name: Load auth variable file from ansible-vault secret + include_vars: "{{ item }}" + with_first_found: + - files: + - "vars/_secrets.yml" + - "vars/secrets.yml" + skip: true + tags: + - always diff --git a/roles/otc_obs/tasks/create.yml b/roles/otc_obs/tasks/create.yml new file mode 100644 index 0000000..a73b916 --- /dev/null +++ b/roles/otc_obs/tasks/create.yml @@ -0,0 +1,25 @@ +- name: Lookup OBS credentials + include: auth.yml + +- name: create timestamp + shell: LC_ALL=en TZ=GMT date +"%a, %d %b %Y %T %z" + register: sigdate + +- name: create signature + vars: + EC2_URL: "https://obs.otc.t-systems.com" + EC2_ACCESS_KEY: "{{ lookup('env','EC2_ACCESS_KEY') }}" + EC2_SECRET_KEY: "{{ lookup('env','EC2_SECRET_KEY') }}" + shell: bash -c 'echo -en "PUT\n\n\n\nx-amz-date:{{ sigdate.stdout }}\n/{{ bucket }}" | openssl sha1 -hmac {{ EC2_SECRET_KEY }} -binary | base64' + register: signature + +- name: curl request create bucket + vars: + EC2_URL: "https://obs.otc.t-systems.com" + EC2_ACCESS_KEY: "{{ lookup('env','EC2_ACCESS_KEY') }}" + EC2_SECRET_KEY: "{{ lookup('env','EC2_SECRET_KEY') }}" + command: 'curl -X PUT -H "Authorization: AWS {{ EC2_ACCESS_KEY }}:{{ signature.stdout }}" -H "x-amz-date: {{ sigdate.stdout }}" {{ EC2_URL }}/{{ bucket }}' + register: curlresponse + +- debug: + msg: "{{ curlresponse.stdout_lines }}" diff --git a/roles/otc_obs/tasks/delete.yml b/roles/otc_obs/tasks/delete.yml new file mode 100644 index 0000000..e23579d --- /dev/null +++ b/roles/otc_obs/tasks/delete.yml @@ -0,0 +1,25 @@ +- name: Lookup OBS credentials + include: auth.yml + +- name: create timestamp + shell: LC_ALL=en TZ=GMT date +"%a, %d %b %Y %T %z" + register: sigdate + +- name: create signature + vars: + EC2_URL: "https://obs.otc.t-systems.com" + EC2_ACCESS_KEY: "{{ lookup('env','EC2_ACCESS_KEY') }}" + EC2_SECRET_KEY: "{{ lookup('env','EC2_SECRET_KEY') }}" + shell: bash -c 'echo -en "DELETE\n\n\n\nx-amz-date:{{ sigdate.stdout }}\n/{{ bucket }}" | openssl sha1 -hmac {{ EC2_SECRET_KEY }} -binary | base64' + register: signature + +- name: curl request delete data + vars: + EC2_URL: "https://obs.otc.t-systems.com" + EC2_ACCESS_KEY: "{{ lookup('env','EC2_ACCESS_KEY') }}" + EC2_SECRET_KEY: "{{ lookup('env','EC2_SECRET_KEY') }}" + command: 'curl -X DELETE -H "Authorization: AWS {{ EC2_ACCESS_KEY }}:{{ signature.stdout }}" -H "x-amz-date: {{ sigdate.stdout }}" {{ EC2_URL }}/{{ bucket }}' + register: curlresponse + +- debug: + msg: "{{ curlresponse.stdout_lines }}" diff --git a/roles/otc_obs/tasks/list.yml b/roles/otc_obs/tasks/list.yml new file mode 100644 index 0000000..578ae6b --- /dev/null +++ b/roles/otc_obs/tasks/list.yml @@ -0,0 +1,29 @@ +- name: Lookup OBS credentials + include: auth.yml + +- name: create timestamp + shell: LC_ALL=en TZ=GMT date +"%a, %d %b %Y %T %z" + register: sigdate + +- name: create signature + vars: + EC2_URL: "https://obs.otc.t-systems.com" + EC2_ACCESS_KEY: "{{ lookup('env','EC2_ACCESS_KEY') }}" + EC2_SECRET_KEY: "{{ lookup('env','EC2_SECRET_KEY') }}" + shell: bash -c 'echo -en "GET\n\n\n\nx-amz-date:{{ sigdate.stdout }}\n/" | openssl sha1 -hmac {{ EC2_SECRET_KEY }} -binary | base64' + register: signature + +- name: curl request + vars: + EC2_URL: "https://obs.otc.t-systems.com" + EC2_ACCESS_KEY: "{{ lookup('env','EC2_ACCESS_KEY') }}" + EC2_SECRET_KEY: "{{ lookup('env','EC2_SECRET_KEY') }}" + command: 'curl -H "Authorization: AWS {{ EC2_ACCESS_KEY }}:{{ signature.stdout }}" -H "x-amz-date: {{ sigdate.stdout }}" {{ EC2_URL }}' + register: curlresponse + +- name: xmllint output + shell: echo '{{ curlresponse.stdout }}' | xmllint --format - + register: xmlout + +- debug: + msg: "{{ xmlout.stdout_lines }}" diff --git a/roles/otc_obs/tasks/main.yml b/roles/otc_obs/tasks/main.yml new file mode 100644 index 0000000..cd85adf --- /dev/null +++ b/roles/otc_obs/tasks/main.yml @@ -0,0 +1,27 @@ +- name: Get Bucket lists + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - obslist + +- name: Uplpad data OBS + include: upload.yml + when: + - localaction is defined and localaction == "upload" + tags: + - obsupload + +- name: Create OBS bucket + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - obscreate + +- name: Delete OBS bucket + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - obsdelete diff --git a/roles/otc_obs/tasks/upload.yml b/roles/otc_obs/tasks/upload.yml new file mode 100644 index 0000000..87b8cc0 --- /dev/null +++ b/roles/otc_obs/tasks/upload.yml @@ -0,0 +1,25 @@ +- name: Lookup OBS credentials + include: auth.yml + +- name: create timestamp + shell: LC_ALL=en TZ=GMT date +"%a, %d %b %Y %T %z" + register: sigdate + +- name: create signature + vars: + EC2_URL: "https://obs.otc.t-systems.com" + EC2_ACCESS_KEY: "{{ lookup('env','EC2_ACCESS_KEY') }}" + EC2_SECRET_KEY: "{{ lookup('env','EC2_SECRET_KEY') }}" + shell: bash -c 'echo -en "PUT\n\n\n\nx-amz-date:{{ sigdate.stdout }}\n/{{ bucket }}/{{ object }}" | openssl sha1 -hmac {{ EC2_SECRET_KEY }} -binary | base64' + register: signature + +- name: curl request upload data + vars: + EC2_URL: "https://obs.otc.t-systems.com" + EC2_ACCESS_KEY: "{{ lookup('env','EC2_ACCESS_KEY') }}" + EC2_SECRET_KEY: "{{ lookup('env','EC2_SECRET_KEY') }}" + command: 'curl -X PUT -H "Authorization: AWS {{ EC2_ACCESS_KEY }}:{{ signature.stdout }}" -H "x-amz-date: {{ sigdate.stdout }}" -T {{ object }} {{ EC2_URL }}/{{ bucket }}/{{ object }}' + register: curlresponse + +- debug: + msg: "{{ curlresponse.stdout_lines }}" diff --git a/roles/otc_rds/README.rst b/roles/otc_rds/README.rst new file mode 100644 index 0000000..f6a4b93 --- /dev/null +++ b/roles/otc_rds/README.rst @@ -0,0 +1,25 @@ +otc_rds (WIP) +============= + +OTC role for RDS. + +Variables: +^^^^^^^^^^ + ++-------------------------+-----------------------------------------------------------+ +| Name | Description | ++=========================+===========================================================+ +| rds_version_id | ID of the RDS version (to use to fetch flavor | ++-------------------------+-----------------------------------------------------------+ + + +Functions: +^^^^^^^^^^ + +Version:: + + ansible-playbook rds.yml -e "localaction=version" + +Flavor:: + + ansible-playbook rds.yml -e "localaction=flavor" -e "rds_version_id=fb6d2f7d-b431-41ec-a73f-b6bead3e73f0" diff --git a/roles/rds_flavors/tasks/main.yml b/roles/otc_rds/tasks/flavor.yml similarity index 62% rename from roles/rds_flavors/tasks/main.yml rename to roles/otc_rds/tasks/flavor.yml index f1f7160..aee145f 100644 --- a/roles/rds_flavors/tasks/main.yml +++ b/roles/otc_rds/tasks/flavor.yml @@ -4,10 +4,11 @@ method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_Accept: "application/json" - HEADER_X-Language: "en-us" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + X-Language: "en-us" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: rds_flavors - debug: diff --git a/roles/otc_rds/tasks/main.yml b/roles/otc_rds/tasks/main.yml new file mode 100644 index 0000000..f9ff647 --- /dev/null +++ b/roles/otc_rds/tasks/main.yml @@ -0,0 +1,13 @@ +- name: Get RDS flavor list + include: flavor.yml + when: + - localaction is defined and localaction == "flavor" + tags: + - rdsflavor + +- name: Get RDS version list + include: version.yml + when: + - localaction is defined and localaction == "version" + tags: + - rdsversion diff --git a/roles/rds_versions/tasks/main.yml b/roles/otc_rds/tasks/version.yml similarity index 62% rename from roles/rds_versions/tasks/main.yml rename to roles/otc_rds/tasks/version.yml index 90f5fdf..1cf2833 100644 --- a/roles/rds_versions/tasks/main.yml +++ b/roles/otc_rds/tasks/version.yml @@ -4,10 +4,11 @@ method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_Accept: "application/json" - HEADER_X-Language: "en-us" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + X-Language: "en-us" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: rds_mysql_versions - name: Request rds list from API for postgresql @@ -16,10 +17,11 @@ method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_Accept: "application/json" - HEADER_X-Language: "en-us" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + Accept: "application/json" + X-Language: "en-us" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: rds_postgresql_versions - debug: diff --git a/roles/otc_secgroup/README.rst b/roles/otc_secgroup/README.rst new file mode 100644 index 0000000..f37b85d --- /dev/null +++ b/roles/otc_secgroup/README.rst @@ -0,0 +1,54 @@ +otc_secgroup +============ + +OTC role for security groups. This role creates security groups defined +for an ECS and creates the rules. The rules are defined in an extra section. +Standard rules will be removed before the defined rules are created. + +Variables: +^^^^^^^^^^ + ++-------------------------+---------------------------------------------+ +| Name | Description | ++=========================+=============================================+ +| secgroup_name | name of Secgroup | ++-------------------------+---------------------------------------------+ +| secgroup_id | id of Secgroup | ++-------------------------+---------------------------------------------+ +| secgroup_ids | list of secgroup_ids (to bind on ECS | ++-------------------------+---------------------------------------------+ +| secgroups | list of secgroups in ecs section | ++-------------------------+---------------------------------------------+ +| secgrouprules | list of rules for a security group | ++-------------------------+---------------------------------------------+ +| secgrouprule_id | id of a secgroup rule | ++-------------------------+---------------------------------------------+ + +Functions: +^^^^^^^^^^ + +Create:: + + ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create" + + ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create" + + ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create" + +note: subnet will create during ECS creating workflow + +Show:: + + ./grole otc_secgroup; ansible-playbook roles.yml -e "secgroup_name=ansible-secgroup01" -e "localaction=show" + +List:: + + ./grole otc_secgroup; ansible-playbook roles.yml -e "localaction=list" + + ./grole otc_secgroup; ansible-playbook roles.yml -e "vpc_id=1234567891234567890" -e "localaction=list" + + ./grole otc_vpc otc_secgroup; ansible-playbook roles.yml -e "vpc_name=ansible-vpc01" -e "localaction=list" + +Delete:: + + ./grole otc_secgroup; ansible-playbook roles.yml -e "secgroup_name=ansible-secgroup01" -e "localaction=delete" diff --git a/roles/otc_secgroup/tasks/create.yml b/roles/otc_secgroup/tasks/create.yml new file mode 100644 index 0000000..91da012 --- /dev/null +++ b/roles/otc_secgroup/tasks/create.yml @@ -0,0 +1,27 @@ +- name: Send request to API (create security group) +# vars: +# secgroup_name: "{{ item }}" + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" + method: POST + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" + when: secgroups is defined + register: secgroupcreate + with_items: + - "{{ secgroups }}" + loop_control: + loop_var: secgroup_name + +- name: Create securiy group rules + include: rule_create.yml + with_items: + - "{{ secgroups }}" + loop_control: + loop_var: secgroup_name diff --git a/roles/otc_secgroup/tasks/delete.yml b/roles/otc_secgroup/tasks/delete.yml new file mode 100644 index 0000000..09d25c3 --- /dev/null +++ b/roles/otc_secgroup/tasks/delete.yml @@ -0,0 +1,6 @@ +- name: Loop over Secgroup List + vars: + secgroup_name: "{{ item }}" + include: deletegrouploop.yml + with_items: + - "{{ secgroups }}" diff --git a/roles/otc_secgroup/tasks/deletegrouploop.yml b/roles/otc_secgroup/tasks/deletegrouploop.yml new file mode 100644 index 0000000..fafba6c --- /dev/null +++ b/roles/otc_secgroup/tasks/deletegrouploop.yml @@ -0,0 +1,37 @@ +- name: Send request to API (list security groups) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - secgroup_name is defined + register: secgroup_result + +- name: Set fact for secgroup_id if secgroup_name is defined + set_fact: + secgroup_id: "{{ (secgroup_result.content|from_json)|json_query(\"security_groups[?name=='\" + secgroup_name + \"'].id|[0]\") }}" + when: + - secgroup_name is defined and secgroup_name| length != 0 + +- name: Send request to API (delete security group) + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/security-groups/{{ secgroup_id }}" + method: DELETE + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,204 + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: secgroup + when: (secgroup_id is defined and secgroup_id| length != 0) + + +- debug: + msg: "{{ secgroup }}" diff --git a/roles/secgroups/tasks/main.yml b/roles/otc_secgroup/tasks/list.yml similarity index 62% rename from roles/secgroups/tasks/main.yml rename to roles/otc_secgroup/tasks/list.yml index c149679..9bc9ab6 100644 --- a/roles/secgroups/tasks/main.yml +++ b/roles/otc_secgroup/tasks/list.yml @@ -1,22 +1,24 @@ -- name: Request secgroup list with search criteria from API +- name: Send request to API (list security groups for search vpc_id) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups?vpc_id={{ vpc_id }}" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: secgrouplistvpc when: vpc_id is defined -- name: Request secgroup list from API +- name: Send request to API (list security groups) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: secgrouplist when: vpc_id is not defined diff --git a/roles/otc_secgroup/tasks/lookup.yml b/roles/otc_secgroup/tasks/lookup.yml new file mode 100644 index 0000000..88b64e0 --- /dev/null +++ b/roles/otc_secgroup/tasks/lookup.yml @@ -0,0 +1,30 @@ +- name: Send request to API (list security groups) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - secgroup_name is defined + register: secgroup_result + +- name: Set fact for secgroup_id if secgroup_name is defined + set_fact: + secgroup_id: "{{ (secgroup_result.content|from_json)|json_query(\"security_groups[?name=='\" + secgroup_name + \"'].id|[0]\") }}" + when: + - secgroup_name is defined and secgroup_name| length != 0 + +- name: Set empty fact secgroup_ids + set_fact: + secgroup_ids: [] + when: + - secgroup_ids is not defined + +- name: Set fact for secgroup_ids if secgroup_id is defined + set_fact: + secgroup_ids: "{{ secgroup_ids }} + [ '{{ secgroup_id }}' ]" + when: + - secgroup_id is defined and secgroup_id| length != 0 diff --git a/roles/otc_secgroup/tasks/main.yml b/roles/otc_secgroup/tasks/main.yml new file mode 100644 index 0000000..0107d02 --- /dev/null +++ b/roles/otc_secgroup/tasks/main.yml @@ -0,0 +1,34 @@ +- name: Get Secgroup list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - secgrouplist + +- name: Get Secgroup detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - secgroupshow + +- name: Create Secgroup + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - secgroupcreate + +- name: Create Secgrouprule + include: rule_create.yml + when: + - localaction is defined and localaction == "rulecreate" + tags: + - secgrouprulecreate + +- name: Delete Secgroup + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - secgroupdelete diff --git a/roles/otc_secgroup/tasks/rule_create.yml b/roles/otc_secgroup/tasks/rule_create.yml new file mode 100644 index 0000000..ddecf50 --- /dev/null +++ b/roles/otc_secgroup/tasks/rule_create.yml @@ -0,0 +1,73 @@ +- name: Send request to API (security group list) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - secgroup_name is defined + register: secgroup_result + +- name: Set fact for secgroup_id if secgroup_name is defined + set_fact: + secgroup_id: "{{ (secgroup_result.content|from_json)|json_query(\"security_groups[?name=='\" + secgroup_name + \"'].id|[0]\") }}" + when: + - secgroup_name is defined and secgroup_name| length != 0 + +- name: Send request to API (securiy group rule list) + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/security-group-rules?security_group_id={{ secgroup_id }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - secgroup_id is defined + register: secgrouprule_result + +- name: Send request to API (remove security group default rules) + vars: + secgrouprule_id: "{{ item }}" + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/security-group-rules/{{ secgrouprule_id }}" + method: DELETE + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,204 + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: secgroup_rule + when: + - secgrouprule_result is defined + with_items: + - "{{ secgrouprule_result.json|json_query('security_group_rules[].id') }}" + +- name: Send request to API (create security group rule) + vars: + secgrouprule_part: "{{ item.split(';') }}" + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/security-group-rules" + method: POST + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,204,409 + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'rule_create.json.j2')|to_json }}" + register: secgrouprule + when: + - secgroup_id is defined + - secgrouprules is defined + with_items: + - "{{ secgrouprules }}" diff --git a/roles/otc_secgroup/tasks/show.yml b/roles/otc_secgroup/tasks/show.yml new file mode 100644 index 0000000..4950f99 --- /dev/null +++ b/roles/otc_secgroup/tasks/show.yml @@ -0,0 +1,20 @@ +- name: Lookup secgroup_id + include: lookup.yml + +- name: Send request to API (show security group) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups/{{ secgroup_id }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: secgroupdetail + when: + - secgroup_id is defined + +- debug: + msg: "{{ secgroupdetail.json }}" + when: + - secgroup_id is defined diff --git a/roles/secgroup_create/templates/request.json.j2 b/roles/otc_secgroup/templates/create.json.j2 similarity index 100% rename from roles/secgroup_create/templates/request.json.j2 rename to roles/otc_secgroup/templates/create.json.j2 diff --git a/roles/secgrouprule_helper/templates/request.json.j2 b/roles/otc_secgroup/templates/rule_create.json.j2 similarity index 63% rename from roles/secgrouprule_helper/templates/request.json.j2 rename to roles/otc_secgroup/templates/rule_create.json.j2 index 8681f0d..f0fadc3 100644 --- a/roles/secgrouprule_helper/templates/request.json.j2 +++ b/roles/otc_secgroup/templates/rule_create.json.j2 @@ -3,13 +3,15 @@ "direction": "{{ secgrouprule_part[0] }}", "ethertype": "{{ secgrouprule_part[1] }}", "protocol": "{{ secgrouprule_part[2] }}", -{% if secgrouprule_part[3]|length != 0 %} +{% if secgrouprule_part[3] is defined and secgrouprule_part[3]|length != 0 %} "port_range_min": {{ secgrouprule_part[3] }}, {% endif %} -{% if secgrouprule_part[4]|length != 0 %} +{% if secgrouprule_part[4] is defined and secgrouprule_part[4]|length != 0 %} "port_range_max": {{ secgrouprule_part[4] }}, {% endif %} +{% if secgrouprule_part[5] is defined and secgrouprule_part[5]|length != 0 %} "remote_ip_prefix": "{{ secgrouprule_part[5] }}", +{% endif %} "security_group_id": "{{ secgroup_id }}", } } diff --git a/roles/otc_subnet/README.rst b/roles/otc_subnet/README.rst new file mode 100644 index 0000000..06a23f8 --- /dev/null +++ b/roles/otc_subnet/README.rst @@ -0,0 +1,40 @@ +otc_subnet +========== + +OTC role for Subnet. + +Variables: +^^^^^^^^^^ + ++-------------------------+---------------------------------------------+ +| Name | Description | ++=========================+=============================================+ +| subnet_name | name of Subnet | ++-------------------------+---------------------------------------------+ +| subnet_id | id of Subnet | ++-------------------------+---------------------------------------------+ + +Functions: +^^^^^^^^^^ + +Create:: + + ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create" + + ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create" + + ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create" + +note: subnet will create during ECS creating workflow + +Show:: + + ./grole otc_subnet; ansible-playbook roles.yml -e "subnet_name=ansible-subnet01" -e "localaction=show" + +List:: + + ./grole otc_subnet; ansible-playbook roles.yml -e "localaction=list" + +Delete:: + + ./grole otc_subnet; ansible-playbook roles.yml -e "subnet_name=ansible-subnet01" -e "localaction=delete" diff --git a/roles/otc_subnet/tasks/create.yml b/roles/otc_subnet/tasks/create.yml new file mode 100644 index 0000000..42fd92b --- /dev/null +++ b/roles/otc_subnet/tasks/create.yml @@ -0,0 +1,19 @@ +- name: Send request to API (create subnet) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" + method: POST + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" + when: + - subnet_name is defined + - not subnet_id or subnet_id is undefined + register: subnet + +- debug: + msg: "{{ subnet }}" diff --git a/roles/subnet_delete/tasks/main.yml b/roles/otc_subnet/tasks/delete.yml similarity index 54% rename from roles/subnet_delete/tasks/main.yml rename to roles/otc_subnet/tasks/delete.yml index 59d703e..59d9f2e 100644 --- a/roles/subnet_delete/tasks/main.yml +++ b/roles/otc_subnet/tasks/delete.yml @@ -1,4 +1,7 @@ -- name: Send request to API +- name: Lookup subnet_id + include: lookup.yml + +- name: Send request to API (delete subnet) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/vpcs/{{ vpc_id }}/subnets/{{ subnet_id }}" method: DELETE @@ -7,9 +10,11 @@ return_content: yes validate_certs: yes status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: subnet + when: subnet_id is defined and subnet_id|length != 0 - debug: msg: "{{ subnet }}" diff --git a/roles/subnet/tasks/main.yml b/roles/otc_subnet/tasks/list.yml similarity index 55% rename from roles/subnet/tasks/main.yml rename to roles/otc_subnet/tasks/list.yml index 3ee2d53..33a279c 100644 --- a/roles/subnet/tasks/main.yml +++ b/roles/otc_subnet/tasks/list.yml @@ -1,11 +1,12 @@ -- name: Request subnet list from API +- name: Request subnet list from API (list subnet) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: subnetlist - debug: diff --git a/roles/otc_subnet/tasks/lookup.yml b/roles/otc_subnet/tasks/lookup.yml new file mode 100644 index 0000000..163490c --- /dev/null +++ b/roles/otc_subnet/tasks/lookup.yml @@ -0,0 +1,38 @@ +- name: Send request to API (list subnet for lookup) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - subnet_name is defined + register: subnet_result + +- name: Set fact for subnet_id if subnet_name is defined + set_fact: + subnet_id: "{{ (subnet_result.content|from_json)|json_query(\"subnets[?name=='\" + subnet_name + \"'].id|[0]\") }}" + when: + - subnet_name is defined and subnet_name|length != 0 + +# duplicated code +- name: Send request to API (list VPC for lookup) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/vpcs" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: vpc_result + when: + - vpc_name is defined + +- name: Set fact vpc_id if vpc_name is defined + set_fact: + vpc_id: "{{ (vpc_result.content|from_json)|json_query(\"vpcs[?name=='\" + vpc_name + \"'].id|[0]\") }}" + when: + - vpc_name is defined diff --git a/roles/otc_subnet/tasks/main.yml b/roles/otc_subnet/tasks/main.yml new file mode 100644 index 0000000..753b1c3 --- /dev/null +++ b/roles/otc_subnet/tasks/main.yml @@ -0,0 +1,34 @@ +- name: Get Subnet list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - subnetlist + +- name: Get Subnet detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - subnetshow + +- name: Get subnet_id + include: lookup.yml + when: + - subnet_name is defined + tags: + - subnetlookup + +- name: Create Subnet + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - subnetcreate + +- name: Delete Subnet + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - subnetdelete diff --git a/roles/otc_subnet/tasks/show.yml b/roles/otc_subnet/tasks/show.yml new file mode 100644 index 0000000..73261b9 --- /dev/null +++ b/roles/otc_subnet/tasks/show.yml @@ -0,0 +1,18 @@ +- name: Lookup subnet_id + include: lookup.yml + +- name: Send request to API (show subnet) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets/{{ subnet_id }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: subnetdetail + when: + - subnet_id is defined + +- debug: + msg: "{{ subnetdetail.json }}" diff --git a/roles/subnet_create/templates/request.json.j2 b/roles/otc_subnet/templates/create.json.j2 similarity index 100% rename from roles/subnet_create/templates/request.json.j2 rename to roles/otc_subnet/templates/create.json.j2 diff --git a/roles/otc_vpc/README.rst b/roles/otc_vpc/README.rst new file mode 100644 index 0000000..3bfcb0a --- /dev/null +++ b/roles/otc_vpc/README.rst @@ -0,0 +1,46 @@ +otc_vpc +======= + +OTC role for VPC. + +Variables: +^^^^^^^^^^ + ++-------------------------+---------------------------------------------+ +| Name | Description | ++=========================+=============================================+ +| localaction=router | Information about VPC Router as fact | ++-------------------------+---------------------------------------------+ +| localaction=snat | Configure SNAT on VPC | ++-------------------------+---------------------------------------------+ +| enable_snat=true|false | Enable or disable SNAT | ++-------------------------+---------------------------------------------+ +| vpc_name | name of VPC | ++-------------------------+---------------------------------------------+ +| vpc_id | id of VPC | ++-------------------------+---------------------------------------------+ + +Functions: +^^^^^^^^^^ + +Create:: + + ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create" + + ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create" + + ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create" + +note: VPC will create during ECS creating workflow + +Show:: + + ./grole otc_vpc; ansible-playbook roles.yml -e "vpc_name=ansible-vpc01" -e "localaction=show" + +List:: + + ./grole otc_vpc; ansible-playbook roles.yml -e "localaction=list" + +Delete:: + + ./grole otc_vpc; ansible-playbook roles.yml -e "vpc_name=ansible-vpc01" -e "localaction=delete" diff --git a/roles/vpc_create/tasks/main.yml b/roles/otc_vpc/tasks/create.yml similarity index 58% rename from roles/vpc_create/tasks/main.yml rename to roles/otc_vpc/tasks/create.yml index d7b005c..48ccb93 100644 --- a/roles/vpc_create/tasks/main.yml +++ b/roles/otc_vpc/tasks/create.yml @@ -1,4 +1,4 @@ -- name: Send request to API +- name: Send request to API (create VPC) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/vpcs" method: POST @@ -6,9 +6,10 @@ follow_redirects: all return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'create.json.j2')|to_json }}" when: - not vpc_id or vpc_id is undefined - vpc_name is defined diff --git a/roles/vpc_delete/tasks/main.yml b/roles/otc_vpc/tasks/delete.yml similarity index 55% rename from roles/vpc_delete/tasks/main.yml rename to roles/otc_vpc/tasks/delete.yml index a1c476a..9d90ce5 100644 --- a/roles/vpc_delete/tasks/main.yml +++ b/roles/otc_vpc/tasks/delete.yml @@ -1,4 +1,7 @@ -- name: Send request to API +- name: Lookup vpc_id + include: lookup.yml + +- name: Send request to API (delete VPC) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/vpcs/{{ vpc_id}}" method: DELETE @@ -7,10 +10,11 @@ return_content: yes validate_certs: yes status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: vpc - when: vpc_id is defined + when: vpc_id is defined and vpc_id|length != 0 - debug: msg: "{{ vpc }}" diff --git a/roles/vpc/tasks/main.yml b/roles/otc_vpc/tasks/list.yml similarity index 56% rename from roles/vpc/tasks/main.yml rename to roles/otc_vpc/tasks/list.yml index d8a536b..8d2e9c1 100644 --- a/roles/vpc/tasks/main.yml +++ b/roles/otc_vpc/tasks/list.yml @@ -1,11 +1,12 @@ -- name: Request vpc list from AUTH API +- name: Send request to API (list VPC) uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/vpcs" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" register: vpclist - debug: diff --git a/roles/otc_vpc/tasks/lookup.yml b/roles/otc_vpc/tasks/lookup.yml new file mode 100644 index 0000000..e1b7237 --- /dev/null +++ b/roles/otc_vpc/tasks/lookup.yml @@ -0,0 +1,18 @@ +- name: Send request to API (list VPC for lookup) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/vpcs" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: vpc_result + when: + - vpc_name is defined + +- name: Set fact vpc_id if vpc_name is defined + set_fact: + vpc_id: "{{ (vpc_result.content|from_json)|json_query(\"vpcs[?name=='\" + vpc_name + \"'].id|[0]\") }}" + when: + - vpc_name is defined diff --git a/roles/otc_vpc/tasks/main.yml b/roles/otc_vpc/tasks/main.yml new file mode 100644 index 0000000..c9ec0d2 --- /dev/null +++ b/roles/otc_vpc/tasks/main.yml @@ -0,0 +1,48 @@ +- name: Get VPC list + include: list.yml + when: + - localaction is defined and localaction == "list" + tags: + - vpclist + +- name: Configure SNAT on VPC + include: snat.yml + when: + - localaction is defined and localaction == "snat" + tags: + - vpcsnat + +- name: Get VPC Router Info + include: router.yml + when: + - localaction is defined and localaction == "router" + tags: + - vpcrouter + +- name: Get vpc_id + include: lookup.yml + when: + - vpc_name is defined + tags: + - vpclookup + +- name: Get VPC detail + include: show.yml + when: + - localaction is defined and localaction == "show" + tags: + - vpcshow + +- name: Create VPC + include: create.yml + when: + - localaction is defined and localaction == "create" + tags: + - vpccreate + +- name: Delete VPC + include: delete.yml + when: + - localaction is defined and localaction == "delete" + tags: + - vpcdelete diff --git a/roles/vpc_router/tasks/main.yml b/roles/otc_vpc/tasks/router.yml similarity index 85% rename from roles/vpc_router/tasks/main.yml rename to roles/otc_vpc/tasks/router.yml index 1df517e..37de79d 100644 --- a/roles/vpc_router/tasks/main.yml +++ b/roles/otc_vpc/tasks/router.yml @@ -1,11 +1,15 @@ -- name: Request router from API +- name: Lookup vpc_id + include: lookup.yml + +- name: Send request to API (list routers) uri: url: "{{ AUTH_URL_VPC }}/v2.0/routers/{{ vpc_id }}" method: GET return_content: yes validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" when: - vpc_id is defined register: routerlist diff --git a/roles/otc_vpc/tasks/show.yml b/roles/otc_vpc/tasks/show.yml new file mode 100644 index 0000000..0b31c1f --- /dev/null +++ b/roles/otc_vpc/tasks/show.yml @@ -0,0 +1,18 @@ +- name: Lookup vpc_id + include: lookup.yml + +- name: Send request to API (show VPC) + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/vpcs/{{ vpc_id }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + register: vpcdetail + when: + - vpc_id is defined + +- debug: + msg: "{{ vpcdetail.json }}" diff --git a/roles/otc_vpc/tasks/snat.yml b/roles/otc_vpc/tasks/snat.yml new file mode 100644 index 0000000..2abbb98 --- /dev/null +++ b/roles/otc_vpc/tasks/snat.yml @@ -0,0 +1,40 @@ +- name: Lookup vpc_id + include: lookup.yml + +- name: Send request to API (list router for SNAT) + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/routers/{{ vpc_id }}" + method: GET + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - vpc_id is defined + register: routerlist + +- set_fact: + external_network_id: "{{ (routerlist.content|from_json)|json_query('router.external_gateway_info.network_id') }}" + when: routerlist is defined + +- name: Send request to API (set SNAT) + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/routers/{{ vpc_id }}" + method: PUT + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + headers: + Content-Type: "application/json" + X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'snat.json.j2')|to_json }}" + when: + - vpc_id is defined + - enable_snat is defined + - external_network_id|length != 0 + register: router + +- debug: + msg: "{{ router }}" diff --git a/roles/vpc_create/templates/request.json.j2 b/roles/otc_vpc/templates/create.json.j2 similarity index 100% rename from roles/vpc_create/templates/request.json.j2 rename to roles/otc_vpc/templates/create.json.j2 diff --git a/roles/snat_enable/templates/request.json.j2 b/roles/otc_vpc/templates/snat.json.j2 similarity index 100% rename from roles/snat_enable/templates/request.json.j2 rename to roles/otc_vpc/templates/snat.json.j2 diff --git a/roles/ptrrecord_create/tasks/main.yml b/roles/ptrrecord_create/tasks/main.yml deleted file mode 100644 index 42f29a5..0000000 --- a/roles/ptrrecord_create/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: send ptrrecord request to API - uri: - url: "{{ AUTH_URL_DNS }}/v2/reverse/floatingips/{{ PROJECT_NAME }}:{{ eip_id }}" - method: PATCH - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203,400 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - register: ptrrecord - when: - - (ptr_name is defined and ptr_name | length != 0) - - eip_id is defined - -- debug: - msg: "{{ ptrrecord }}" diff --git a/roles/ptrrecord_delete/tasks/main.yml b/roles/ptrrecord_delete/tasks/main.yml deleted file mode 100644 index 004f6eb..0000000 --- a/roles/ptrrecord_delete/tasks/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: send ptrrecord request to API - uri: - url: "{{ AUTH_URL_DNS }}/v2/reverse/floatingips/{{ PROJECT_NAME }}:{{ eip_id }}" - method: PATCH - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203,400 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: '{ "ptrdname": null }' - register: ptrrecord - when: - - eip_id is defined - -- debug: - msg: "{{ ptrrecord }}" diff --git a/roles/ptrrecords/templates/request.json.j2 b/roles/ptrrecords/templates/request.json.j2 deleted file mode 100644 index f6c31fc..0000000 --- a/roles/ptrrecords/templates/request.json.j2 +++ /dev/null @@ -1,9 +0,0 @@ -{ -{% if description is defined and description|length != 0 %} - "description": "{{ description }}", -{% endif %} -{% if ttl is defined and ttl|length != 0 %} - "ttl": {{ ttl }}, -{% endif %} - "ptrdname": "{{ ptr_name }}" -} diff --git a/roles/s3/tasks/main.yml b/roles/s3/tasks/main.yml deleted file mode 100644 index b253e19..0000000 --- a/roles/s3/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ -- include_vars: _secrets.yml - -- name: create timestamp - shell: LC_ALL=en date +"%a, %d %b %Y %T %z" - register: sigdate - -- name: create signature - shell: echo -en "GET\n\n\n\nx-amz-date:{{ sigdate.stdout }}\n/" | openssl sha1 -hmac {{ EC2_SECRET_KEY }} -binary | base64 - register: signature - -- name: curl request - command: 'curl -H "Authorization: AWS {{ EC2_ACCESS_KEY }}:{{ signature.stdout }}" -H "x-amz-date: {{ sigdate.stdout }}" {{ EC2_URL }}' - register: curlresponse - -- name: xmllint output - shell: echo '{{ curlresponse.stdout }}' | xmllint --format - - register: xmlout - -- debug: - msg: "{{ xmlout.stdout_lines }}" diff --git a/roles/s3_bucket_create/tasks/main.yml b/roles/s3_bucket_create/tasks/main.yml deleted file mode 100644 index b43796e..0000000 --- a/roles/s3_bucket_create/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- include_vars: _secrets.yml - -- name: create timestamp - shell: LC_ALL=en date +"%a, %d %b %Y %T %z" - register: sigdate - -- name: create signature - shell: echo -en "PUT\n\n\n\nx-amz-date:{{ sigdate.stdout }}\n/{{ bucket }}" | openssl sha1 -hmac {{ EC2_SECRET_KEY }} -binary | base64 - register: signature - -- name: curl request - command: 'curl -X PUT -H "Authorization: AWS {{ EC2_ACCESS_KEY }}:{{ signature.stdout }}" -H "x-amz-date: {{ sigdate.stdout }}" {{ EC2_URL }}/{{ bucket }}' - register: curlresponse - -- debug: - msg: "{{ curlresponse.stdout_lines }}" diff --git a/roles/s3_bucket_delete/tasks/main.yml b/roles/s3_bucket_delete/tasks/main.yml deleted file mode 100644 index 527511b..0000000 --- a/roles/s3_bucket_delete/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- include_vars: _secrets.yml - -- name: create timestamp - shell: LC_ALL=en date +"%a, %d %b %Y %T %z" - register: sigdate - -- name: create signature - shell: echo -en "DELETE\n\n\n\nx-amz-date:{{ sigdate.stdout }}\n/{{ bucket }}" | openssl sha1 -hmac {{ EC2_SECRET_KEY }} -binary | base64 - register: signature - -- name: curl request - command: 'curl -X DELETE -H "Authorization: AWS {{ EC2_ACCESS_KEY }}:{{ signature.stdout }}" -H "x-amz-date: {{ sigdate.stdout }}" {{ EC2_URL }}/{{ bucket }}' - register: curlresponse - -- debug: - msg: "{{ curlresponse.stdout_lines }}" diff --git a/roles/s3_upload/tasks/main.yml b/roles/s3_upload/tasks/main.yml deleted file mode 100644 index 8af4145..0000000 --- a/roles/s3_upload/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- include_vars: _secrets.yml - -- name: create timestamp - shell: LC_ALL=en date +"%a, %d %b %Y %T %z" - register: sigdate - -- name: create signature - shell: echo -en "PUT\n\n\n\nx-amz-date:{{ sigdate.stdout }}\n/{{ bucket }}/{{ object }}" | openssl sha1 -hmac {{ EC2_SECRET_KEY }} -binary | base64 - register: signature - -- name: curl request - command: 'curl -X PUT -H "Authorization: AWS {{ EC2_ACCESS_KEY }}:{{ signature.stdout }}" -H "x-amz-date: {{ sigdate.stdout }}" -T {{ object }} {{ EC2_URL }}/{{ bucket }}/{{ object }}' - register: curlresponse - -- debug: - msg: "{{ curlresponse.stdout_lines }}" diff --git a/roles/secgroup_create/tasks/main.yml b/roles/secgroup_create/tasks/main.yml deleted file mode 100644 index ed80bca..0000000 --- a/roles/secgroup_create/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - when: (not secgroup_id and secgroup_name is defined) - register: secgroup - -- debug: - msg: "{{ secgroup_id }}" - when: secgroup_id is defined diff --git a/roles/secgroup_delete/tasks/main.yml b/roles/secgroup_delete/tasks/main.yml deleted file mode 100644 index 1bc1d31..0000000 --- a/roles/secgroup_delete/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_VPC }}/v2.0/security-groups/{{ secgroup_id }}" - method: DELETE - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: secgroup - -- debug: - msg: "{{ secgroup }}" diff --git a/roles/secgrouprule_create/tasks/main.yml b/roles/secgrouprule_create/tasks/main.yml deleted file mode 100644 index ef61286..0000000 --- a/roles/secgrouprule_create/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_VPC }}/v2.0/security-group-rules" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203,204,409 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - register: secgrouprule - when: secgrouprule_direction is defined - -- debug: - msg: "{{ secgrouprule }}" diff --git a/roles/secgrouprule_create/templates/request.json.j2 b/roles/secgrouprule_create/templates/request.json.j2 deleted file mode 100644 index 1102306..0000000 --- a/roles/secgrouprule_create/templates/request.json.j2 +++ /dev/null @@ -1,27 +0,0 @@ -{ - "security_group_rule": { - "direction": "{{ secgrouprule_direction }}", -{% if secgrouprule_ethertype is defined and secgrouprule_ethertype|length != 0 %} - "ethertype": "{{ secgrouprule_ethertype }}", -{% endif %} -{% if secgrouprule_ethertype is defined and secgrouprule_ethertype|length != 0 %} - "ethertype": "{{ secgrouprule_ethertype }}", -{% endif %} -{% if secgrouprule_protocol is defined and secgrouprule_protocol|length != 0 %} - "protocol": "{{ secgrouprule_protocol }}", -{% endif %} -{% if secgrouprule_port_range_min is defined and secgrouprule_port_range_min|length != 0 %} - "port_range_min": {{ secgrouprule_port_range_min }}, -{% endif %} -{% if secgrouprule_port_range_max is defined and secgrouprule_port_range_max|length != 0 %} - "port_range_max": {{ secgrouprule_port_range_max }}, -{% endif %} -{% if secgrouprule_remote_ip_prefix is defined and secgrouprule_remote_ip_prefix|length != 0 %} - "remote_ip_prefix": "{{ secgrouprule_remote_ip_prefix }}", -{% endif %} -{% if secgrouprule_remote_group_id is defined and secgrouprule_remote_group_id|length != 0 %} - "remote_group_id": "{{ secgrouprule_remote_group_id }}", -{% endif %} - "security_group_id": "{{ secgroup_id }}", - } -} diff --git a/roles/secgrouprule_delete/tasks/main.yml b/roles/secgrouprule_delete/tasks/main.yml deleted file mode 100644 index 87c1f12..0000000 --- a/roles/secgrouprule_delete/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_VPC }}/v2.0/security-group-rules/{{ secgrouprule_id }}" - method: DELETE - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203,204 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: secgroup_rule - -- debug: - msg: "{{ secgroup_rule }}" diff --git a/roles/secgrouprule_helper/tasks/main.yml b/roles/secgrouprule_helper/tasks/main.yml deleted file mode 100644 index a486150..0000000 --- a/roles/secgrouprule_helper/tasks/main.yml +++ /dev/null @@ -1,45 +0,0 @@ -- name: switch ecs or elb - set_fact: - ecs_name: "{{ elb_name }}" - when: - - elb_name is defined -# - listener_name is undefined - -- name: fetch secgroup rules from ini - set_fact: - secgrouprules: "{{ item }}" - with_ini: secgroup_rule[1-9] section={{ ecs_name }} file=tenant.ini re=true - register: secgrouprule_reg - when: - - ecs_name is defined -# - listener_name is undefined - -- name: make a list from secgroup rules - set_fact: - secgrouprule_list: "{{ secgrouprule_reg.results | map(attribute='ansible_facts.secgrouprules') | list }}" - when: secgrouprule_reg is defined - -- name: send request to API - vars: - secgrouprule_part: "{{ item.split(';') }}" - uri: - url: "{{ AUTH_URL_VPC }}/v2.0/security-group-rules" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203,204,409 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - register: secgrouprule - when: - - secgroup_id is defined - - secgrouprule_reg is defined - with_items: - - "{{ secgrouprule_list }}" - -# - debug: -# msg: "{{ secgrouprule }}" -# msg: "{{ secgrouprule_list[1] }}" diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml deleted file mode 100644 index 9a20eae..0000000 --- a/roles/services/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Request services list from AUTH API - uri: - url: "{{ IAM_AUTH_URL }}/services" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: servicelist - -- debug: - msg: "{{ servicelist.json }}" diff --git a/roles/snat_enable/tasks/main.yml b/roles/snat_enable/tasks/main.yml deleted file mode 100644 index 2937d28..0000000 --- a/roles/snat_enable/tasks/main.yml +++ /dev/null @@ -1,42 +0,0 @@ -- name: Request router from API - uri: - url: "{{ AUTH_URL_VPC }}/v2.0/routers/{{ vpc_id }}" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: - - vpc_id is defined - register: routerlist - -- set_fact: -# router_id: "{{ (routerlist.content|from_json)|json_query('router.id') }}" -# router_name: "{{ (routerlist.content|from_json)|json_query('router.name') }}" -# router_status: "{{ (routerlist.content|from_json)|json_query('router.status') }}" -# router_admin_state_up: "{{ (routerlist.content|from_json)|json_query('router.admin_state_up') }}" -# router_routes: "{{ (routerlist.content|from_json)|json_query('router.routes[]') }}" -# router_tenant_id: "{{ (routerlist.content|from_json)|json_query('router.tenant_id') }}" - external_network_id: "{{ (routerlist.content|from_json)|json_query('router.external_gateway_info.network_id') }}" -# external_network_snat_state: "{{ (routerlist.content|from_json)|json_query('router.external_gateway_info.enable_snat') }}" - when: routerlist is defined - -- name: Send request to API - uri: - url: "{{ AUTH_URL_VPC }}/v2.0/routers/{{ vpc_id }}" - method: PUT - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - when: - - vpc_id is defined - - enable_snat is defined - - external_network_id|length != 0 - register: router - -- debug: - msg: "{{ router }}" diff --git a/roles/subnet_create/tasks/main.yml b/roles/subnet_create/tasks/main.yml deleted file mode 100644 index df7cd53..0000000 --- a/roles/subnet_create/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - when: (not subnet_id and subnet_name is defined) - register: subnet - -- debug: - msg: "{{ subnet }}" diff --git a/roles/zone_create/tasks/main.yml b/roles/zone_create/tasks/main.yml deleted file mode 100644 index 3f181ef..0000000 --- a/roles/zone_create/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - register: zone - when: zone_name is defined - -- debug: - msg: "{{ zone }}" diff --git a/roles/zone_delete/tasks/main.yml b/roles/zone_delete/tasks/main.yml deleted file mode 100644 index 692e423..0000000 --- a/roles/zone_delete/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: Request delete zone from API - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones/{{ zone_id }}" - method: DELETE - return_content: yes - validate_certs: yes - status_code: 200,201,202,203 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: zone_id is defined - register: zone - -- debug: var=zone.json - when: zone is defined diff --git a/roles/zonerecord_create/tasks/main.yml b/roles/zonerecord_create/tasks/main.yml deleted file mode 100644 index 72f663d..0000000 --- a/roles/zonerecord_create/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -- name: Send request to API - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones/{{ zone_id }}/recordsets" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'request.json.j2')|to_json }}" - register: zonerecord - when: zonerecord_type is defined - -- debug: - msg: "{{ zonerecord }}" diff --git a/roles/zonerecord_create/templates/request.json.j2 b/roles/zonerecord_create/templates/request.json.j2 deleted file mode 100644 index 30ba736..0000000 --- a/roles/zonerecord_create/templates/request.json.j2 +++ /dev/null @@ -1,9 +0,0 @@ -{ - "name": "{{ zonerecord_name }}", -{% if zonerecord_description is defined %} - "description": "{{ zonerecord_description }}", -{% endif %} - "type": "{{ zonerecord_type }}", - "ttl": {{ zonerecord_ttl }}, - "records": [ "{{ zonerecord_value }}" ] -} diff --git a/roles/zonerecord_delete/tasks/main.yml b/roles/zonerecord_delete/tasks/main.yml deleted file mode 100644 index 521eaa2..0000000 --- a/roles/zonerecord_delete/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: Request delete zonerecord from API - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones/{{ zone_id }}/recordsets/{{ zonerecordid}}" - method: DELETE - return_content: yes - validate_certs: yes - status_code: 200,201,202,203 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: zonerecordid is defined - register: zonerecord - -- debug: var=zonerecord.json - when: zonerecord is defined diff --git a/roles/zonerecord_helper/tasks/main.yml b/roles/zonerecord_helper/tasks/main.yml deleted file mode 100644 index 63eaade..0000000 --- a/roles/zonerecord_helper/tasks/main.yml +++ /dev/null @@ -1,66 +0,0 @@ -- name: fetch zonerecords from ini - set_fact: - zonerecords: "{{ item }}" - with_ini: zonerecord[1-99] section=dnszonerecords file=dns.ini re=true - register: zonerecord_reg - -- name: make a list from zonerecords - set_fact: - zonerecord_list: "{{ zonerecord_reg.results | map(attribute='ansible_facts.zonerecords') | list }}" - -- name: fetch zones from ini - set_fact: - zones: "{{ item }}" - with_ini: zone[1-99] section=dnszones file=dns.ini re=true - register: zone_reg - -- name: make a list from zones - set_fact: - zone_list: "{{ zone_reg.results | map(attribute='ansible_facts.zones') | list }}" - -- name: Send zone request to API - vars: - zone_list_part: "{{ item.split(';') }}" - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203,400 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'zone.json.j2')|to_json }}" - register: zone - with_items: - - "{{ zone_list }}" - -- name: Request zone list from API - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: zonelist_result - -- name: send zonerecord request to API - vars: - zonerecord_part: "{{ item.split(';') }}" - zone_id: "{{ (zonelist_result.content|from_json)|json_query(\"zones[?name=='\" + zonerecord_part[0] + \"'].id|[0]\") }}" - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones/{{ zone_id }}/recordsets" - method: POST - body_format: raw - follow_redirects: all - return_content: yes - validate_certs: yes - status_code: 200,201,202,203,400 - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - body: "{{ lookup('template', 'zonerecord.json.j2')|to_json }}" - register: zonerecord - with_items: - - "{{ zonerecord_list }}" diff --git a/roles/zonerecord_helper/templates/zone.json.j2 b/roles/zonerecord_helper/templates/zone.json.j2 deleted file mode 100644 index 3d0ff2e..0000000 --- a/roles/zonerecord_helper/templates/zone.json.j2 +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "{{ zone_list_part[0] }}", -{% if zone_list_part[1]|length != 0 %} - "description": "{{ zone_list_part[1] }}", -{% endif %} -{% if zone_list_part[2]|length != 0 %} - "zone_type": "{{ zone_list_part[2] }}", -{% endif %} -{% if zone_list_part[2] == "private" %} - "router": { - "router_id": "{{ router_id }}", - "router_region": "{{ PROJECT_NAME }}" - }, -{% endif %} -{% if zone_list_part[3]|length != 0 %} - "email": "{{ zone_list_part[3] }}", -{% endif %} - "ttl": {{ zone_list_part[4] }} -} diff --git a/roles/zonerecord_helper/templates/zonerecord.json.j2 b/roles/zonerecord_helper/templates/zonerecord.json.j2 deleted file mode 100644 index bae71aa..0000000 --- a/roles/zonerecord_helper/templates/zonerecord.json.j2 +++ /dev/null @@ -1,9 +0,0 @@ -{ - "name": "{{ zonerecord_part[2] }}", -{% if zonerecord_part[1]|length != 0 %} - "description": "{{ zonerecord_part[1] }}", -{% endif %} - "type": "{{ zonerecord_part[3] }}", - "ttl": {{ zonerecord_part[4] }}, - "records": [ "{{ zonerecord_part[5] }}" ] -} diff --git a/roles/zonerecords/tasks/main.yml b/roles/zonerecords/tasks/main.yml deleted file mode 100644 index 66bf1a0..0000000 --- a/roles/zonerecords/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Request zonerecords from API - uri: - url: "{{ AUTH_URL_DNS }}/recordsets" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: zonerecords - -- debug: var=zonerecords.json - when: zonerecords is defined diff --git a/roles/zones/tasks/main.yml b/roles/zones/tasks/main.yml deleted file mode 100644 index 83dd006..0000000 --- a/roles/zones/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ -- name: Request single zone from API - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones/{{ zone_id }}" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: zone_id is defined - register: zone - -- debug: var=zone.json - when: zone is defined - -- name: Request zone list from API - uri: - url: "{{ AUTH_URL_DNS }}/v2/zones" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: zone_id is undefined - register: zonelist - -- debug: var=zonelist.json - when: zonelist is defined diff --git a/s3_bucket_create.yml b/s3_bucket_create.yml deleted file mode 100644 index 337ad52..0000000 --- a/s3_bucket_create.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: s3_bucket_create diff --git a/s3_bucket_delete.yml b/s3_bucket_delete.yml deleted file mode 100644 index 469b814..0000000 --- a/s3_bucket_delete.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: s3_bucket_delete diff --git a/s3_upload.yml b/s3_upload.yml deleted file mode 100644 index 001f51a..0000000 --- a/s3_upload.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: s3_upload diff --git a/secgroup_create.yml b/secgroup_create.yml deleted file mode 100644 index 437ba37..0000000 --- a/secgroup_create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: secgroup_create diff --git a/secgroup_delete.yml b/secgroup_delete.yml deleted file mode 100644 index ef876b1..0000000 --- a/secgroup_delete.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: secgroup_delete diff --git a/secgrouprule.yml b/secgrouprule.yml deleted file mode 100644 index f73d890..0000000 --- a/secgrouprule.yml +++ /dev/null @@ -1,12 +0,0 @@ -# direction ingress or egress -secgrouprule_direction: "egress" -# ethertype IPv4 or IPv6 -secgrouprule_ethertype: "IPv4" -# protocol tcp, udp or icmp -secgrouprule_protocol: "tcp" -# ports (single or range) -secgrouprule_port_range_min: 8081 -secgrouprule_port_range_max: 8088 -# destination target (ip net or security group id) -secgrouprule_remote_ip_prefix: "0.0.0.0/0" -# secgrouprule_remote_group_id: diff --git a/secgrouprule_create.yml b/secgrouprule_create.yml deleted file mode 100644 index 15079aa..0000000 --- a/secgrouprule_create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: secgrouprule_create diff --git a/secgrouprule_delete.yml b/secgrouprule_delete.yml deleted file mode 100644 index 3fd0fd0..0000000 --- a/secgrouprule_delete.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: secgrouprule_delete diff --git a/secgrouprule_helper.yml b/secgrouprule_helper.yml deleted file mode 100644 index 73382ac..0000000 --- a/secgrouprule_helper.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: secgrouprule_helper diff --git a/secgroups.yml b/secgroups.yml deleted file mode 100644 index ac17e47..0000000 --- a/secgroups.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: secgroups diff --git a/services.yml b/services.yml deleted file mode 100644 index 1120ff0..0000000 --- a/services.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: services diff --git a/snat_enable.yml b/snat_enable.yml deleted file mode 100644 index 0e8860e..0000000 --- a/snat_enable.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: snat_enable diff --git a/subnet.yml b/subnet.yml deleted file mode 100644 index 0f97c07..0000000 --- a/subnet.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: subnet diff --git a/subnet_create.yml b/subnet_create.yml deleted file mode 100644 index b419940..0000000 --- a/subnet_create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: subnet_create diff --git a/subnet_delete.yml b/subnet_delete.yml deleted file mode 100644 index da093d6..0000000 --- a/subnet_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: subnet_delete diff --git a/tenant.ini b/tenant.ini deleted file mode 100644 index 813f1f7..0000000 --- a/tenant.ini +++ /dev/null @@ -1,116 +0,0 @@ -# ini file for tenant configuration -# each block for each vm -# usage ecs: -# ansible-playbook -i hosts tenant_create.yml -e "ecs_name=ansible-test01" -# ansible-playbook -i hosts tenant_delete.yml -e "ecs_name=ansible-test01" -# usage evs: -# ansible-playbook -i hosts evs_create.yml -e "evs_name=ansible-evs01" -# usage elb (listener, healthcheck, backendmembers) -# ansible-playbook -i hosts tenant_create.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -# -[DEFAULT] -image_name=Community_Ubuntu_16.04_TSI_latest -availability_zone=eu-de-01 -evs_availability_zone=eu-de-01 -vpc_name=ansible-vpc01 -vpc_net=192.168.0.0/16 -subnet_name=ansible-subnet01 -subnet_net=192.168.0.0/24 -subnet_gateway=192.168.0.1 -subnet_dhcp_enable=true -subnet_primary_dns=8.8.8.8 -subnet_secondary_dns=8.4.4.8 -secgroup_name=ansible-secgroup01 -secgroup_rule1=ingress;IPv4;tcp;22;22;0.0.0.0/0 -ecs_volumetype=SATA -ecs_ram=2048 -ecs_vcpus=2 -ecs_adminkey=ansible-key -keypair_file=~/.ssh/id_rsa.pub -[ansible-test01] -secgroup_name=ansible-secgroup01 -secgroup_rule1=ingress;IPv4;tcp;22;22;0.0.0.0/0 -secgroup_rule2=ingress;IPv4;tcp;80;80;0.0.0.0/0 -secgroup_rule3=egress;IPv4;tcp;80;80;0.0.0.0/0 -secgroup_rule4=ingress;IPv4;icmp;;;0.0.0.0/0 -ecs_ipaddress=192.168.0.101 -ecs_publicip=160.44.201.86 -ecs_publicfqdn=ansible-test01.ansible.otc.telekomcloud2.com. -ecs_publicttl=300 -eip_bandwidth_name=ansible-eip01 -eip_bandwidth_size=100 -[ansible-test02] -image_name=Community_Ubuntu_14.04_TSI_latest -ecs_volumetype=SATA -ecs_ram=2048 -ecs_vcpus=4 -ecs_ipaddress=192.168.0.102 -[ansible-test03] -ecs_volumetype=SSD -ecs_ipaddress=192.168.0.103 -# ecs_publicip=0.0.0.0 -# eip_bandwidth_name=ansible-eip1 -# eip_bandwidth_size=100 -[console] -image_name=Community_Ubuntu_16.04_TSI_latest -ecs_volumetype=SATA -ecs_ram=2048 -ecs_vcpus=2 -vpc_name=cloudcamp-vpc01 -secgroup_name=cloudcamp-secgroup01 -secgroup_rule1=ingress;IPv4;tcp;22;22;0.0.0.0/0 -secgroup_rule2=ingress;IPv4;tcp;80;80;0.0.0.0/0 -secgroup_rule3=ingress;IPv4;tcp;443;443;0.0.0.0/0 -secgroup_rule4=egress;IPv4;tcp;22;22;0.0.0.0/0 -secgroup_rule5=egress;IPv4;tcp;80;80;0.0.0.0/0 -secgroup_rule6=egress;IPv4;tcp;443;443;0.0.0.0/0 -secgroup_rule7=ingress;IPv4;icmp;;;0.0.0.0/0 -vpc_net=192.168.0.0/16 -subnet_name=cloudcamp-subnet01 -subnet_net=192.168.0.0/24 -subnet_gateway=192.168.0.1 -subnet_dhcp_enable=true -subnet_primary_dns=8.8.8.8 -subnet_secondary_dns=8.4.4.8 -availability_zone=eu-de-01 -ecs_ipaddress=192.168.0.87 -ecs_publicip=160.44.204.87 -eip_bandwidth_name=cloudcamp-eip1 -eip_bandwidth_size=100 -ecs_adminkey=eumel-key -keypair_file=~/.ssh/id_rsa.pub -[ansible-evs01] -evs_volume_type=SATA -evs_size=20 -# evs_multiattach=true -# evs_scsi=true -[ansible-elb01] -elb_type=External -elb_bandwidth=100 -admin_state_up=true -elb_availability_zone=eu_de-01 -elb_secgroup_name=ansible-secgroup02 -secgroup_rule1=ingress;IPv4;tcp;22;22;0.0.0.0/0 -secgroup_rule1=ingress;IPv4;tcp;80;80;0.0.0.0/0 -elb_subnet_name=ansible-subnet01 -[ansible-listener01] -# HTTP, HTTPS, TCP -listener_protocol=TCP -listener_port=22 -listener_backend_protocol=TCP -listener_backend_port=22 -# source, roundrobin, leastconn -listener_lb_algorithm=source -#listener_certificate_name=ansible-cert -#listener_tcp_timeout= -#listener_cookie_timeout= -#listener_sticky_session_type=insert -#listener_session_sticky= -healthcheck_connect_port=22 -healthcheck_interval=5 -# HTTP, TCP -healthcheck_protocol=TCP -healthcheck_timeout=10 -#healthcheck_uri="/" -unhealthy_threshold=3 -backend_members=ansible-test01,ansible-test02 diff --git a/tenant_create.yml b/tenant_create.yml deleted file mode 100644 index 4cc0860..0000000 --- a/tenant_create.yml +++ /dev/null @@ -1,126 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: vpc_create - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: subnet_create - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: secgroup_create - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: secgrouprule_helper - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: keypair_create - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: eip_apply - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var.yml - roles: - - role: token - - role: ptrrecord_create - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: ecs_create - - role: job - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: elb_create - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: elb_listener_create - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: lookup_name - - role: elb_healthcheck_create - -- hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: lookup_name - - role: backend_member_helper - when: backend_members is defined diff --git a/tenant_delete.yml b/tenant_delete.yml deleted file mode 100644 index 1877f01..0000000 --- a/tenant_delete.yml +++ /dev/null @@ -1,92 +0,0 @@ ---- -- name: Delete DNS PTR record - hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: ptrrecord_delete - ignore_errors: yes - -- name: Delete ECS - hosts: localhost - gather_facts: no - connection: local - vars: - delete_volume: true -# delete_publicip: true - ecs_job_id: "{{ (ecs.content|from_json)|json_query('job_id') }}" - roles: - - role: token - - role: lookup_name - - role: ecs_delete - tasks: - - name: Request job status from API - uri: - url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/jobs/{{ ecs_job_id }}" - method: GET - return_content: yes - validate_certs: yes - HEADER_Content-Type: "application/json" - HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: ecs_job_id is defined - register: jobstatus - until: (jobstatus.content|from_json)|json_query('status') == 'SUCCESS' - retries: 50 - delay: 10 - - -- name: Delete keypair - hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: keypair_delete - ignore_errors: yes - -- name: Delete Secgroup - hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: secgroup_delete - ignore_errors: yes - -- name: Delete Subnet - hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: subnet_delete - ignore_errors: yes - -- name: Delete VPC - hosts: localhost - gather_facts: no - connection: local - vars_files: - - tenant_var_default.yml - - tenant_var.yml - roles: - - role: token - - role: lookup_name - - role: vpc_delete - ignore_errors: yes diff --git a/tenant_var.yml b/tenant_var.yml deleted file mode 100644 index 9664545..0000000 --- a/tenant_var.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# DNS vars -# zone_description: "{{ lookup('ini', 'zone_description section={{ zone_name }} file=tenant.ini') }}" -# zone_email: "{{ lookup('ini', 'zone_email section={{ zone_name }} file=tenant.ini') }}" -# zone_ttl: "{{ lookup('ini', 'zone_ttl section={{ zone_name }} file=tenant.ini') }}" -# zonerecord_type: "{{ lookup('ini', 'zonerecord_type section={{ zonerecord_name }} file=tenant.ini') }}" -# zonerecord_value: "{{ lookup('ini', 'zonerecord_value section={{ zonerecord_name }} file=tenant.ini') }}" -# zonerecord_ttl: "{{ lookup('ini', 'zonerecord_ttl section={{ zonerecord_name }} file=tenant.ini') }}" -# ECS vars - availability_zone: "{{ lookup('ini', 'availability_zone section={{ ecs_name }} file=tenant.ini') }}" - ecs_adminkey: "{{ lookup('ini', 'ecs_adminkey section={{ ecs_name }} file=tenant.ini') }}" - ecs_volumesize: "{{ lookup('ini', 'ecs_volumesize section={{ ecs_name }} file=tenant.ini') }}" - ecs_volumetype: "{{ lookup('ini', 'ecs_volumetype section={{ ecs_name }} file=tenant.ini') }}" - ecs_ram: "{{ lookup('ini', 'ecs_ram section={{ ecs_name }} file=tenant.ini') }}" - ecs_vcpus: "{{ lookup('ini', 'ecs_vcpus section={{ ecs_name }} file=tenant.ini') }}" - ecs_ipaddress: "{{ lookup('ini', 'ecs_ipaddress section={{ ecs_name }} file=tenant.ini') }}" - public_ip_address: "{{ lookup('ini', 'ecs_publicip section={{ ecs_name }} file=tenant.ini') }}" - ptr_name: "{{ lookup('ini', 'ecs_publicfqdn section={{ ecs_name }} file=tenant.ini') }}" - ttl: "{{ lookup('ini', 'ecs_publicttl section={{ ecs_name }} file=tenant.ini') }}" - eip_bandwidth_name: "{{ lookup('ini', 'eip_bandwidth_name section={{ ecs_name }} file=tenant.ini') }}" - eip_bandwidth_size: "{{ lookup('ini', 'eip_bandwidth_size section={{ ecs_name }} file=tenant.ini') }}" - image_name: "{{ lookup('ini', 'image_name section={{ ecs_name }} file=tenant.ini') }}" - keypair_file: "{{ lookup('ini', 'keypair_file section={{ ecs_name }} file=tenant.ini') }}" - secgroup_name: "{{ lookup('ini', 'secgroup_name section={{ ecs_name }} file=tenant.ini') }}" - subnet_name: "{{ lookup('ini', 'subnet_name section={{ ecs_name }} file=tenant.ini') }}" - subnet_net: "{{ lookup('ini', 'subnet_net section={{ ecs_name }} file=tenant.ini') }}" - subnet_gateway: "{{ lookup('ini', 'subnet_gateway section={{ ecs_name }} file=tenant.ini') }}" - subnet_dhcp_enable: "{{ lookup('ini', 'subnet_dhcp_enable section={{ ecs_name }} file=tenant.ini') }}" - subnet_primary_dns: "{{ lookup('ini', 'subnet_primary_dns section={{ ecs_name }} file=tenant.ini') }}" - subnet_secondary_dns: "{{ lookup('ini', 'subnet_secondary_dns section={{ ecs_name }} file=tenant.ini') }}" - vpc_name: "{{ lookup('ini', 'vpc_name section={{ ecs_name }} file=tenant.ini') }}" - vpc_net: "{{ lookup('ini', 'vpc_net section={{ ecs_name }} file=tenant.ini') }}" -# EVS vars - evs_availability_zone: "{{ lookup('ini', 'evs_availability_zone section={{ evs_name }} file=tenant.ini') }}" - evs_volume_type: "{{ lookup('ini', 'evs_volume_type section={{ evs_name }} file=tenant.ini') }}" - evs_size: "{{ lookup('ini', 'evs_size section={{ evs_name }} file=tenant.ini') }}" - evs_multiattach: "{{ lookup('ini', 'evs_multiattach section={{ evs_name }} file=tenant.ini') }}" - evs_scsi: "{{ lookup('ini', 'evs_scsi section={{ evs_name }} file=tenant.ini') }}" -# ELB vars - admin_state_up: "{{ lookup('ini', 'admin_state_up section={{ elb_name }} file=tenant.ini') }}" - elb_availability_zone: "{{ lookup('ini', 'elb_availability_zone section={{ elb_name }} file=tenant.ini') }}" - elb_bandwidth: "{{ lookup('ini', 'elb_bandwidth section={{ elb_name }} file=tenant.ini') }}" - elb_type: "{{ lookup('ini', 'elb_type section={{ elb_name }} file=tenant.ini') }}" - elb_secgroup_name: "{{ lookup('ini', 'elb_secgroup_name section={{ elb_name }} file=tenant.ini') }}" - elb_subnet_name: "{{ lookup('ini', 'elb_subnet_name section={{ elb_name }} file=tenant.ini') }}" -# ELB listener vars - listener_protocol: "{{ lookup('ini', 'listener_protocol section={{ listener_name }} file=tenant.ini') }}" - listener_port: "{{ lookup('ini', 'listener_port section={{ listener_name }} file=tenant.ini') }}" - listener_backend_protocol: "{{ lookup('ini', 'listener_backend_protocol section={{ listener_name }} file=tenant.ini') }}" - listener_backend_port: "{{ lookup('ini', 'listener_backend_port section={{ listener_name }} file=tenant.ini') }}" - listener_lb_algorithm: "{{ lookup('ini', 'listener_lb_algorithm section={{ listener_name }} file=tenant.ini') }}" - listener_certificate_name: "{{ lookup('ini', 'listener_certificate_name section={{ listener_name }} file=tenant.ini') }}" - listener_tcp_timeout: "{{ lookup('ini', 'listener_tcp_timeout section={{ listener_name }} file=tenant.ini') }}" - listener_cookie_timeout: "{{ lookup('ini', 'listener_cookie_timeout section={{ listener_name }} file=tenant.ini') }}" - listener_sticky_session_type: "{{ lookup('ini', 'listener_sticky_session_type section={{ listener_name }} file=tenant.ini') }}" - listener_session_sticky: "{{ lookup('ini', 'listener_session_sticky section={{ listener_name }} file=tenant.ini') }}" -# ELB healthcheck vars - healthcheck_connect_port: "{{ lookup('ini', 'healthcheck_connect_port section={{ listener_name }} file=tenant.ini') }}" - healthcheck_interval: "{{ lookup('ini', 'healthcheck_interval section={{ listener_name }} file=tenant.ini') }}" - healthcheck_protocol: "{{ lookup('ini', 'healthcheck_protocol section={{ listener_name }} file=tenant.ini') }}" - healthcheck_timeout: "{{ lookup('ini', 'healthcheck_timeout section={{ listener_name }} file=tenant.ini') }}" - healthcheck_uri: "{{ lookup('ini', 'healthcheck_uri section={{ listener_name }} file=tenant.ini') }}" - unhealthy_threshold: "{{ lookup('ini', 'unhealthy_threshold section={{ listener_name }} file=tenant.ini') }}" -# ELB backend member - backend_members: "{{ lookup('ini', 'backend_members section={{ listener_name }} file=tenant.ini') }}" diff --git a/tenant_var_default.yml b/tenant_var_default.yml deleted file mode 100644 index eb629ab..0000000 --- a/tenant_var_default.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - availability_zone_default: "{{ lookup('ini', 'availability_zone section=DEFAULT file=tenant.ini') }}" - ecs_adminkey_default: "{{ lookup('ini', 'ecs_adminkey section=DEFAULT file=tenant.ini') }}" - ecs_volumesize_default: "{{ lookup('ini', 'ecs_volumesize section=DEFAULT file=tenant.ini') }}" - ecs_volumetype_default: "{{ lookup('ini', 'ecs_volumetype section=DEFAULT file=tenant.ini') }}" - ecs_ram_default: "{{ lookup('ini', 'ecs_ram section=DEFAULT file=tenant.ini') }}" - ecs_vcpus_default: "{{ lookup('ini', 'ecs_vcpus section=DEFAULT file=tenant.ini') }}" - eip_bandwidth_name_default: "{{ lookup('ini', 'eip_bandwidth_name section=DEFAULT file=tenant.ini') }}" - eip_bandwidth_size_default: "{{ lookup('ini', 'eip_bandwidth_size section=DEFAULT file=tenant.ini') }}" - image_name_default_default: "{{ lookup('ini', 'image_name section=DEFAULT file=tenant.ini') }}" - keypair_file_default: "{{ lookup('ini', 'keypair_file section=DEFAULT file=tenant.ini') }}" - secgroup_name_default: "{{ lookup('ini', 'secgroup_name section=DEFAULT file=tenant.ini') }}" - subnet_name_default: "{{ lookup('ini', 'subnet_name section=DEFAULT file=tenant.ini') }}" - subnet_net_default: "{{ lookup('ini', 'subnet_net section=DEFAULT file=tenant.ini') }}" - subnet_gateway_default: "{{ lookup('ini', 'subnet_gateway section=DEFAULT file=tenant.ini') }}" - subnet_dhcp_enable_default: "{{ lookup('ini', 'subnet_dhcp_enable section=DEFAULT file=tenant.ini') }}" - subnet_primary_dns_default: "{{ lookup('ini', 'subnet_primary_dns section=DEFAULT file=tenant.ini') }}" - subnet_secondary_dns_default: "{{ lookup('ini', 'subnet_secondary_dns section=DEFAULT file=tenant.ini') }}" - vpc_name_default: "{{ lookup('ini', 'vpc_name section=DEFAULT file=tenant.ini') }}" - vpc_net_default: "{{ lookup('ini', 'vpc_net section=DEFAULT file=tenant.ini') }}" - evs_availability_zone_default: "{{ lookup('ini', 'evs_availability_zone section=DEFAULT file=tenant.ini') }}" - evs_volume_type_default: "{{ lookup('ini', 'evs_volume_type section=DEFAULT file=tenant.ini') }}" - evs_size_default: "{{ lookup('ini', 'evs_size section=DEFAULT file=tenant.ini') }}" - evs_multiattach_default: "{{ lookup('ini', 'evs_multiattach section=DEFAULT file=tenant.ini') }}" - evs_scsi_default: "{{ lookup('ini', 'evs_scsi section=DEFAULT file=tenant.ini') }}" diff --git a/tests/ansible.cfg b/tests/ansible.cfg new file mode 100644 index 0000000..51d344d --- /dev/null +++ b/tests/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path = ../roles diff --git a/tests/create_test.yml b/tests/create_test.yml new file mode 100644 index 0000000..876beec --- /dev/null +++ b/tests/create_test.yml @@ -0,0 +1,70 @@ +--- +- hosts: localhost + gather_facts: no + vars: + # VPC,Subnet,Secgroup,ECS,EIP + tenant_json: "vars/tenant.json" + tenant_cf: "{{ lookup('file', tenant_json) | from_json }}" + image_name: "{{ tenant_cf['vms'][ecs_name]['image_name'] | default(tenant_cf['default']['image_name']) }}" + availability_zone: "{{ tenant_cf['vms'][ecs_name]['availability_zone'] | default(tenant_cf['default']['availability_zone']) }}" + vpc_name: "{{ tenant_cf['vms'][ecs_name]['vpc_name'] | default(tenant_cf['default']['vpc_name']) }}" + vpc_net: "{{ tenant_cf['vms'][ecs_name]['vpc_net'] | default(tenant_cf['default']['vpc_net']) }}" + subnet_name: "{{ tenant_cf['vms'][ecs_name]['subnet_name'] | default(tenant_cf['default']['subnet_name']) }}" + subnet_net: "{{ tenant_cf['vms'][ecs_name]['subnet_net'] | default(tenant_cf['default']['subnet_net']) }}" + subnet_gateway: "{{ tenant_cf['vms'][ecs_name]['subnet_gateway'] | default(tenant_cf['default']['subnet_gateway']) }}" + subnet_dhcp_enable: "{{ tenant_cf['vms'][ecs_name]['subnet_dhcp_enable'] | default(tenant_cf['default']['subnet_dhcp_enable']) }}" + subnet_primary_dns: "{{ tenant_cf['vms'][ecs_name]['subnet_primary_dns'] | default(tenant_cf['default']['subnet_primary_dns']) }}" + subnet_secondary_dns: "{{ tenant_cf['vms'][ecs_name]['subnet_secondary_dns'] | default(tenant_cf['default']['subnet_secondary_dns']) }}" + secgroups: "{{ tenant_cf['vms'][ecs_name]['secgroups'] | default(tenant_cf['default']['secgroups']) }}" + secgrouprules: "{{ tenant_cf['securitygroups'][secgroup_name] }}" + ecs_ipaddress: "{{ tenant_cf['vms'][ecs_name]['ecs_ipaddress'] | default(tenant_cf['default']['ecs_ipaddress']) }}" + public_ip_address: "{{ tenant_cf['vms'][ecs_name]['ecs_publicip'] }}" + ptr_name: "{{ tenant_cf['vms'][ecs_name]['ecs_publicfqdn'] }}" + eip_bandwidth_name: "{{ tenant_cf['vms'][ecs_name]['eip_bandwidth_name'] | default(tenant_cf['default']['eip_bandwidth_name']) }}" + eip_bandwidth_size: "{{ tenant_cf['vms'][ecs_name]['eip_bandwidth_size'] | default(tenant_cf['default']['eip_bandwidth_size']) }}" + ecs_volumetype: "{{ tenant_cf['vms'][ecs_name]['ecs_volumetype'] | default(tenant_cf['default']['ecs_volumetype']) }}" + ecs_ram: "{{ tenant_cf['vms'][ecs_name]['ecs_ram'] | default(tenant_cf['default']['ecs_ram']) }}" + ecs_vcpus: "{{ tenant_cf['vms'][ecs_name]['ecs_vcpus'] | default(tenant_cf['default']['ecs_vcpus']) }}" + ecs_adminkey: "{{ tenant_cf['vms'][ecs_name]['ecs_adminkey'] | default(tenant_cf['default']['ecs_adminkey']) }}" + keypair_file: "{{ tenant_cf['vms'][ecs_name]['keypair_file'] | default(tenant_cf['default']['keypair_file']) }}" + # EVS + evs_availability_zone: "{{ tenant_cf['volumes'][evs_name]['evs_availability_zone'] | default(tenant_cf['default']['evs_availability_zone']) }}" + evs_volume_type: "{{ tenant_cf['volumes'][evs_name]['evs_volume_type'] | default(tenant_cf['default']['evs_volume_type']) }}" + evs_size: "{{ tenant_cf['volumes'][evs_name]['evs_size'] | default(tenant_cf['default']['evs_size']) }}" + evs_multiattach: "{{ tenant_cf['volumes'][evs_name]['evs_multiattach'] | default(tenant_cf['default']['evs_multiattach']) }}" + evs_scsi: "{{ tenant_cf['volumes'][evs_name]['evs_scsi'] | default(tenant_cf['default']['evs_scsi']) }}" + # DNS + zone_description: "{{ tenant_cf['dnszones'][zone_name]['zone_description'] | default(tenant_cf['default']['zone_description']) }}" + zone_type: "{{ tenant_cf['dnszones'][zone_name]['zone_type'] | default(tenant_cf['default']['zone_type']) }}" + zone_email: "{{ tenant_cf['dnszones'][zone_name]['zone_email'] | default(tenant_cf['default']['zone_email']) }}" + zone_ttl: "{{ tenant_cf['dnszones'][zone_name]['zone_ttl'] | default(tenant_cf['default']['zone_ttl']) }}" + zone_records: "{{ tenant_cf['dnszonerecords'][zone_name] }}" + # playbook action + localaction: "create" + + roles: + # create VM + - role: "otc_auth" + - role: "otc_vpc" + - role: "otc_subnet" + - role: "otc_secgroup" + - role: "otc_keypair" + - role: "otc_eip" + - role: "otc_ecs" + - role: "otc_dns" + localaction: "ptrcreate" + # create internal DNS zone + - role: "otc_vpc" + localaction: "router" + - role: "otc_dns" + localaction: "create" + zone_name: "travis.otc.telekomcloud99.com" + + tasks: + - name: Wait 300 seconds for port 22 to become open and contain "OpenSSH" + wait_for: + port: 22 + host: '{{ public_ip_address }}' + search_regex: OpenSSH + delay: 10 + connection: local diff --git a/tests/delete_test.yml b/tests/delete_test.yml new file mode 100644 index 0000000..3b1464c --- /dev/null +++ b/tests/delete_test.yml @@ -0,0 +1,61 @@ +--- +- hosts: localhost + gather_facts: no + vars: + # VPC,Subnet,Secgroup,ECS,EIP + tenant_json: "vars/tenant.json" + tenant_cf: "{{ lookup('file', tenant_json) | from_json }}" + image_name: "{{ tenant_cf['vms'][ecs_name]['image_name'] | default(tenant_cf['default']['image_name']) }}" + availability_zone: "{{ tenant_cf['vms'][ecs_name]['availability_zone'] | default(tenant_cf['default']['availability_zone']) }}" + vpc_name: "{{ tenant_cf['vms'][ecs_name]['vpc_name'] | default(tenant_cf['default']['vpc_name']) }}" + vpc_net: "{{ tenant_cf['vms'][ecs_name]['vpc_net'] | default(tenant_cf['default']['vpc_net']) }}" + subnet_name: "{{ tenant_cf['vms'][ecs_name]['subnet_name'] | default(tenant_cf['default']['subnet_name']) }}" + subnet_net: "{{ tenant_cf['vms'][ecs_name]['subnet_net'] | default(tenant_cf['default']['subnet_net']) }}" + subnet_gateway: "{{ tenant_cf['vms'][ecs_name]['subnet_gateway'] | default(tenant_cf['default']['subnet_gateway']) }}" + subnet_dhcp_enable: "{{ tenant_cf['vms'][ecs_name]['subnet_dhcp_enable'] | default(tenant_cf['default']['subnet_dhcp_enable']) }}" + subnet_primary_dns: "{{ tenant_cf['vms'][ecs_name]['subnet_primary_dns'] | default(tenant_cf['default']['subnet_primary_dns']) }}" + subnet_secondary_dns: "{{ tenant_cf['vms'][ecs_name]['subnet_secondary_dns'] | default(tenant_cf['default']['subnet_secondary_dns']) }}" + secgroups: "{{ tenant_cf['vms'][ecs_name]['secgroups'] | default(tenant_cf['default']['secgroups']) }}" + secgrouprules: "{{ tenant_cf['securitygroups'][secgroup_name] }}" + ecs_ipaddress: "{{ tenant_cf['vms'][ecs_name]['ecs_ipaddress'] | default(tenant_cf['default']['ecs_ipaddress']) }}" + public_ip_address: "{{ tenant_cf['vms'][ecs_name]['ecs_publicip'] }}" + ptr_name: "{{ tenant_cf['vms'][ecs_name]['ecs_publicfqdn'] }}" + eip_bandwidth_name: "{{ tenant_cf['vms'][ecs_name]['eip_bandwidth_name'] | default(tenant_cf['default']['eip_bandwidth_name']) }}" + eip_bandwidth_size: "{{ tenant_cf['vms'][ecs_name]['eip_bandwidth_size'] | default(tenant_cf['default']['eip_bandwidth_size']) }}" + ecs_volumetype: "{{ tenant_cf['vms'][ecs_name]['ecs_volumetype'] | default(tenant_cf['default']['ecs_volumetype']) }}" + ecs_ram: "{{ tenant_cf['vms'][ecs_name]['ecs_ram'] | default(tenant_cf['default']['ecs_ram']) }}" + ecs_vcpus: "{{ tenant_cf['vms'][ecs_name]['ecs_vcpus'] | default(tenant_cf['default']['ecs_vcpus']) }}" + ecs_adminkey: "{{ tenant_cf['vms'][ecs_name]['ecs_adminkey'] | default(tenant_cf['default']['ecs_adminkey']) }}" + keypair_file: "{{ tenant_cf['vms'][ecs_name]['keypair_file'] | default(tenant_cf['default']['keypair_file']) }}" + # EVS + evs_availability_zone: "{{ tenant_cf['volumes'][evs_name]['evs_availability_zone'] | default(tenant_cf['default']['evs_availability_zone']) }}" + evs_volume_type: "{{ tenant_cf['volumes'][evs_name]['evs_volume_type'] | default(tenant_cf['default']['evs_volume_type']) }}" + evs_size: "{{ tenant_cf['volumes'][evs_name]['evs_size'] | default(tenant_cf['default']['evs_size']) }}" + evs_multiattach: "{{ tenant_cf['volumes'][evs_name]['evs_multiattach'] | default(tenant_cf['default']['evs_multiattach']) }}" + evs_scsi: "{{ tenant_cf['volumes'][evs_name]['evs_scsi'] | default(tenant_cf['default']['evs_scsi']) }}" + # DNS + zone_description: "{{ tenant_cf['dnszones'][zone_name]['zone_description'] | default(tenant_cf['default']['zone_description']) }}" + zone_type: "{{ tenant_cf['dnszones'][zone_name]['zone_type'] | default(tenant_cf['default']['zone_type']) }}" + zone_email: "{{ tenant_cf['dnszones'][zone_name]['zone_email'] | default(tenant_cf['default']['zone_email']) }}" + zone_ttl: "{{ tenant_cf['dnszones'][zone_name]['zone_ttl'] | default(tenant_cf['default']['zone_ttl']) }}" + zone_records: "{{ tenant_cf['dnszonerecords'][zone_name] }}" + # playbook action + localaction: "delete" + + roles: + # create VM + - role: "otc_auth" + - role: "otc_ecs" + - role: "otc_keypair" + - role: "otc_secgroup" + - role: "otc_subnet" + - role: "otc_vpc" + # create internal DNS zone + - role: "otc_dns" + localaction: "ptrlist" + - role: "otc_dns" + zone_name: "travis.otc.telekomcloud99.com" + localaction: "delete" + - role: "otc_dns" + localaction: "ptrdelete" + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..217198f --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,9 @@ +--- +- hosts: localhost + gather_facts: no + roles: + - role: ../roles/otc_auth + - role: ../roles/otc_ims + - role: ../roles/otc_ecs +# tasks: +# - include: ../roles/otc_ecs/tasks/flavors.yml diff --git a/tests/tests.sh b/tests/tests.sh new file mode 100755 index 0000000..8de3d3c --- /dev/null +++ b/tests/tests.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +cd tests + +# test otc_ims: show image +ansible-playbook test.yml -e "image_name=Community_Ubuntu_16.04_TSI_latest" -e "localaction=show" +# test otc_ecs: show flavors +ansible-playbook test.yml -e "localaction=flavors" +# test ecs list +# ansible-playbook test.yml -e "localaction=list" +# e2e test +# ansible-playbook create_test.yml -e "ecs_name=travis-test01" +# ansible-playbook delete_test.yml -e "ecs_name=travis-test01" diff --git a/tests/vars/dns.json b/tests/vars/dns.json new file mode 100644 index 0000000..aaf86ca --- /dev/null +++ b/tests/vars/dns.json @@ -0,0 +1,22 @@ +{ + "default": { + "vpc_name" : "ansible-vpc01", + "zone_email": "nobody@example.com", + "zone_ttl": "86400" + }, + "dnszones": { + "ansible.internal.corp": { + "zone_description": "Core Zone internal services", + "zone_type": "private" + }, + "ansible.otc.telekomcloud99.com": { + "zone_description": "Core Zone public OTC services", + "zone_type": "public" + } + }, + "dnszonerecords" : { + "ansible.internal.corp": [ "ansible-test01.ansible.internal.corp;description;A;300;192.168.0.101", + "ansible-test02.ansible.internal.corp;description;A;300;192.168.0.102" ], + "ansible.otc.telekomcloud99.com": [ "ansible-test01.example.com;;A;300;80.158.23.253" ] + } +} diff --git a/tests/vars/env.yml b/tests/vars/env.yml new file mode 100644 index 0000000..7bacc4e --- /dev/null +++ b/tests/vars/env.yml @@ -0,0 +1 @@ +CLOUD: "otc" diff --git a/tests/vars/tenant.ini b/tests/vars/tenant.ini new file mode 100644 index 0000000..90693f1 --- /dev/null +++ b/tests/vars/tenant.ini @@ -0,0 +1,67 @@ +[DEFAULT] +image_name=Community_Ubuntu_16.04_TSI_latest +availability_zone=eu-de-01 +evs_availability_zone=eu-de-01 +vpc_name=travis-vpc01 +vpc_net=192.168.0.0/16 +subnet_name=travis-subnet01 +subnet_net=192.168.0.0/24 +subnet_gateway=192.168.0.1 +subnet_dhcp_enable=true +subnet_primary_dns=8.8.8.8 +subnet_secondary_dns=8.4.4.8 +secgroups=travis-secgroup01 +ecs_volumetype=SATA +ecs_ram=2048 +ecs_vcpus=2 +ecs_adminkey=travis-key +keypair_file=~/.ssh/id_rsa.pub +zone_description=Core Zone internal services +zone_type=private +zone_email=nobody@example.com +zone_ttl=86400 +[travis-test01] +image_name=Community_Ubuntu_16.04_TSI_latest +vpc_name=travis-vpc01 +availability_zone=eu-de-01 +subnet_name=travis-subnet02 +secgroups=["travis-test01","default-travis"] +ecs_ipaddress=192.168.0.101 +ecs_publicip=80.158.23.253 +ecs_publicfqdn=travis-test01.travis.otc.telekomcloud99.com +ecs_publicttl=300 +eip_bandwidth_name=travis-eip01 +eip_bandwidth_size=500 +[travis-test02] +image_name=Community_Ubuntu_14.04_TSI_latest +vpc_name=travis-vpc01 +availability_zone=eu-de-01 +ecs_volumetype=SATA +ecs_ram=1024 +ecs_vcpus=1 +ecs_ipaddress=192.168.0.102 +[travis-test03] +ecs_volumetype=SSD +ecs_ipaddress=192.168.0.103 +[securitygroups] +default-travis=["ingress;IPv4;tcp;22;22;0.0.0.0", "ingress;IPv4;tcp;80;80;0.0.0.0"] +travis-test01=["ingress;IPv4;tcp;22022;22022;0.0.0.0"] +[travis-evs01] +evs_volume_type=SATA +evs_size=20 +# evs_multiattach=true +# evs_scsi=true +[travis.internal.corp] +zone_description=Core Zone internal services +zone_type=private +zone_email=nobody@example.com +zone_ttl=86400 +[travis.otc.telekomcloud99.com] +zone_description=Core Zone public OTC services +zone_type=public +zone_email=nobody@example.com +zone_ttl=3600 +[dnszonerecords] +travis.internal.corp=[ "travis-test01.travis.internal.corp;description;A;300;192.168.0.101", + "travis-test02.travis.internal.corp;description;A;300;192.168.0.102" ] +travis.otc.telekomcloud99.com=[ "travis-test01.travis.otc.telekomcloud99.com;;A;300;80.158.23.253" ] diff --git a/tests/vars/tenant.json b/tests/vars/tenant.json new file mode 100644 index 0000000..bce7b5a --- /dev/null +++ b/tests/vars/tenant.json @@ -0,0 +1,75 @@ +{ + "default": { + "image_name" : "Community_Ubuntu_16.04_TSI_latest", + "availability_zone" : "eu-de-01", + "evs_availability_zone" : "eu-de-01", + "vpc_name" : "travis-vpc01", + "vpc_net" : "192.168.0.0/16", + "subnet_name" : "travis-subnet01", + "subnet_net" : "192.168.0.0/24", + "subnet_gateway" : "192.168.0.1", + "subnet_dhcp_enable" : "true", + "subnet_primary_dns" : "8.8.8.8", + "subnet_secondary_dns" : "8.4.4.8", + "secgroups" : "travis-secgroup01", + "ecs_volumetype" : "SATA", + "ecs_ram" : "2048", + "ecs_vcpus" : "2", + "ecs_adminkey" : "travis-key", + "keypair_file" : "~/.ssh/id_rsa.pub", + "evs_scsi": false, + "evs_multiattach": false + }, + "volumes": { + "travis-evs01" : { + "evs_volume_type": "SATA", + "evs_size": 20 + } + }, + "vms": { + "travis-test01" : { + "vpc_name" : "travis-vpc01", + "availability_zone" : "eu-de-01", + "subnet_name" : "travis-subnet01", + "secgroups" : [ "default-travis", "travis-test01" ], + "ecs_ipaddress" : "192.168.0.101", + "ecs_publicip" : "80.158.17.98", + "ecs_publicfqdn" : "travis-test01.travis.otc.telekomcloud99.com", + "ecs_publicttl" : "300", + "eip_bandwidth_name" : "travis-eip01", + "eip_bandwidth_size" : "500" + }, + "travis-test02" : { + "image_name" : "Community_Ubuntu_14.04_TSI_latest", + "vpc_name" : "travis-vpc01", + "availability_zone" : "eu-de-02", + "ecs_volumetype" : "SATA", + "ecs_ram" : "1024", + "ecs_vcpus" : "1", + "ecs_ipaddress" : "192.168.0.102" + } + }, + "securitygroups" : { + "default-travis" : [ "ingress;IPv4;tcp;22;22;0.0.0.0", "ingress;IPv4;tcp;80;80;0.0.0.0" ], + "travis-test01" : [ "ingress;IPv4;tcp;22022;22022;0.0.0.0" ] + }, + "dnszones": { + "travis.internal.corp": { + "zone_description": "Core Zone internal services", + "zone_type": "private", + "zone_email": "nobody@example.com", + "zone_ttl": "86400" + }, + "travis.otc.telekomcloud99.com": { + "zone_description": "Core Zone public OTC services", + "zone_type": "public", + "zone_email": "nobody@example.com", + "zone_ttl": 3600 + } + }, + "dnszonerecords" : { + "travis.internal.corp": [ "travis-test01.travis.internal.corp;description;A;300;192.168.0.101", + "travis-test02.travis.internal.corp;description;A;300;192.168.0.102" ], + "travis.otc.telekomcloud99.com": [ "travis-test01.travis.otc.telekomcloud99.com;;A;300;80.158.17.98" ] + } +} diff --git a/tests/vars/tenant.yml b/tests/vars/tenant.yml new file mode 100644 index 0000000..4a1bd95 --- /dev/null +++ b/tests/vars/tenant.yml @@ -0,0 +1,73 @@ +--- +default: + image_name: "Community_Ubuntu_16.04_TSI_latest" + availability_zone: "eu-de-01" + evs_availability_zone: "eu-de-01" + vpc_name: "travis-vpc01" + vpc_net: "192.168.0.0/16" + subnet_name: "travis-subnet01" + subnet_net: "192.168.0.0/24" + subnet_gateway: "192.168.0.1" + subnet_dhcp_enable: "true" + subnet_primary_dns: "8.8.8.8" + subnet_secondary_dns: "8.4.4.8" + secgroups: "travis-secgroup01" + ecs_volumetype: "SATA" + ecs_ram: "2048" + ecs_vcpus: "2" + ecs_adminkey: "travis-key" + keypair_file: "~/.ssh/id_rsa.pub" + evs_scsi: false + evs_multiattach: false +volumes: + travis-evs01: + evs_volume_type: "SATA" + evs_size: "20" +vms: + travis-test01: + vpc_name: "travis-vpc01" + vpc_net: "192.168.0.0/16" + availability_zone: "eu-de-01" + subnet_name: "travis-subnet02" + secgroups: + - "default-travis" + - "travis-test01" + ecs_ipaddress: "192.168.0.101" + ecs_publicip: "80.158.23.253" + ecs_publicfqdn: "travis-test01.travis.otc.telekomcloud99.com" + ecs_publicttl: "300" + eip_bandwidth_name: "travis-eip01" + eip_bandwidth_size: "500" + travis-test02: + image_name: "Community_Ubuntu_14.04_TSI_latest" + vpc_name: "travis-vpc01" + availability_zone: "eu-de-02" + ecs_volumetype: "SATA" + ecs_ram: "1024" + ecs_vcpus: "1" + ecs_ipaddress: "192.168.0.102" +securitygroups: + default-travis: + - "ingress;IPv4;tcp;22;22;0.0.0.0" + - "ingress;IPv4;tcp;80;80;0.0.0.0" + - "egress;IPv4;tcp;80;80;0.0.0.0" + - "egress;IPv4;tcp;443;443;0.0.0.0" + travis-test01: + - "ingress;IPv4;tcp;22022;22022;0.0.0.0" +dnszones: + travis.internal.corp: + zone_description: "Core Zone internal services" + zone_type: "private" + zone_email: "nobody@example.com" + zone_ttl: 86400 + travis.otc.telekomcloud99.com: + zone_description: "Core Zone public OTC services" + zone_type: "public" + zone_email: "nobody@example.com" + zone_ttl: 3600 +dnszonerecords: + travis.internal.corp: + - "travis-test01.travis.internal.corp;description;A;300;192.168.0.101" + - "travis-test02.travis.internal.corp;description;A;300;192.168.0.102" + travis.otc.telekomcloud99.com: + - "travis-test01.travis.otc.telekomcloud99.com;;A;300;160.44.0.101" diff --git a/vpc.yml b/vpc.yml deleted file mode 100644 index 5ee5485..0000000 --- a/vpc.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: vpc diff --git a/vpc_create.yml b/vpc_create.yml deleted file mode 100644 index 5825b7f..0000000 --- a/vpc_create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: vpc_create diff --git a/vpc_delete.yml b/vpc_delete.yml deleted file mode 100644 index d19b6b7..0000000 --- a/vpc_delete.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: vpc_delete diff --git a/vpc_router.yml b/vpc_router.yml deleted file mode 100644 index fdef5f5..0000000 --- a/vpc_router.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: lookup_name - - role: vpc_router diff --git a/zone_create.yml b/zone_create.yml deleted file mode 100644 index dfdad45..0000000 --- a/zone_create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: zone_create diff --git a/zone_delete.yml b/zone_delete.yml deleted file mode 100644 index 86a3785..0000000 --- a/zone_delete.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: zone_delete diff --git a/zonerecord_create.yml b/zonerecord_create.yml deleted file mode 100644 index b3ff6f4..0000000 --- a/zonerecord_create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: zonerecord_create diff --git a/zonerecord_delete.yml b/zonerecord_delete.yml deleted file mode 100644 index 4a6c413..0000000 --- a/zonerecord_delete.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: zonerecord_delete diff --git a/zonerecords.yml b/zonerecords.yml deleted file mode 100644 index 39ab94e..0000000 --- a/zonerecords.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: zonerecords diff --git a/zones.yml b/zones.yml deleted file mode 100644 index 9624cbe..0000000 --- a/zones.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - role: token - - role: zones