From f4594e91075d01c5ef8f8d09d0c838a3c27fe1f3 Mon Sep 17 00:00:00 2001
From: Stuart Grace <stuart.grace@bbc.co.uk>
Date: Tue, 8 Aug 2017 18:20:22 +0100
Subject: [PATCH] Add setup of OpenStack with flavors, images, etc

Added playbook which replicates the actions of openstack-service-setup.sh
which was present in earlier versions. This creates a sample set of
flavors, Linux images, networks, security group rules and a router so
OpenStack is ready to use.

The data controlling what is created is all in the file
   multi-node-aio/playbooks/vars/openstack-service-config.yml

Change-Id: Ib1999f215aabadb23a3ebeb55fbce4a2caf69030
---
 multi-node-aio/README.rst                     |   4 +
 multi-node-aio/build.sh                       |   1 +
 .../playbooks/openstack-image-setup.yml       |  25 +++
 .../playbooks/openstack-service-setup.yml     | 101 +++++++++++++
 multi-node-aio/playbooks/site.yml             |   6 +-
 .../vars/openstack-service-config.yml         | 143 ++++++++++++++++++
 6 files changed, 279 insertions(+), 1 deletion(-)
 create mode 100644 multi-node-aio/playbooks/openstack-image-setup.yml
 create mode 100644 multi-node-aio/playbooks/openstack-service-setup.yml
 create mode 100644 multi-node-aio/playbooks/vars/openstack-service-config.yml

diff --git a/multi-node-aio/README.rst b/multi-node-aio/README.rst
index 14dc37b9..9863b29a 100644
--- a/multi-node-aio/README.rst
+++ b/multi-node-aio/README.rst
@@ -132,6 +132,10 @@ Instruct the system to run the OSA playbooks, if you want to deploy other OSA
 powered cloud, you can set it to false:
   ``RUN_OSA=${RUN_OSA:-true}``
 
+Instruct the system to configure the completed OpenStack deployment with some
+example flavors, images, networks, etc.:
+  ``CONFIGURE_OPENSTACK=${CONFIGURE_OPENSTACK:-true}``
+
 
 Re-kicking VM(s)
 ----------------
diff --git a/multi-node-aio/build.sh b/multi-node-aio/build.sh
index 974f9e40..5664c8a2 100755
--- a/multi-node-aio/build.sh
+++ b/multi-node-aio/build.sh
@@ -33,5 +33,6 @@ ansible-playbook -vv \
                  -e http_proxy=${http_proxy:-''} \
                  -e run_osa=${RUN_OSA:-"true"} \
                  -e pre_config_osa=${PRE_CONFIG_OSA:-"true"} \
+                 -e configure_openstack=${CONFIGURE_OPENSTACK:-"true"} \
                  --force-handlers \
                  playbooks/site.yml
diff --git a/multi-node-aio/playbooks/openstack-image-setup.yml b/multi-node-aio/playbooks/openstack-image-setup.yml
new file mode 100644
index 00000000..4d4cfeea
--- /dev/null
+++ b/multi-node-aio/playbooks/openstack-image-setup.yml
@@ -0,0 +1,25 @@
+---
+# These tasks are included in openstack-service-setup.yml playbook and
+# are repeated for each required image file.
+
+- name: Download system image file
+  get_url:
+    url: "{{ item.url }}"
+    dest: "/tmp/os_image_{{ item.name }}"
+    timeout: 600   # big files might take a while to download
+
+- name: Install system image
+  os_image:
+    endpoint_type: internal
+    cloud: default
+    state: present
+    is_public: true
+    name: "{{ item.name }}"
+    filename: "/tmp/os_image_{{ item.name }}"
+    disk_format: "{{ item.format }}"
+
+- name: Clean up temp file
+  file:
+    path: "/tmp/os_image_{{ item.name }}"
+    state: absent
+
diff --git a/multi-node-aio/playbooks/openstack-service-setup.yml b/multi-node-aio/playbooks/openstack-service-setup.yml
new file mode 100644
index 00000000..4fa0e7f9
--- /dev/null
+++ b/multi-node-aio/playbooks/openstack-service-setup.yml
@@ -0,0 +1,101 @@
+---
+#
+# Playbook to populate a newly deployed OpenStack cloud with some flavors, images, etc.
+#
+# Runs against the Utility container on infra1, relying on the clouds.yaml file
+# left there by the OpenStack-Ansible playbooks to specify the API endpoint and
+# auth parameters to use.
+#
+- name: OpenStack service setup
+  hosts: utility_all[0]
+  user: root
+  environment: "{{ deployment_environment_variables | default({}) }}"
+
+# All the data is found in this file:
+  vars_files:
+    - vars/openstack-service-config.yml
+
+  tasks:
+
+  - name: Ensure python-shade library is present to run ansible os_xxx modules
+    apt:
+      name: python-shade
+      state: present
+
+  - name: Create flavors of nova VMs
+    os_nova_flavor:
+      endpoint_type: internal
+      cloud: default
+      state: present
+      name: "{{ item.name }}"
+      ram: "{{ item.ram }}"
+      vcpus: "{{ item.vcpus }}"
+      disk: "{{ item.disk }}"
+      swap: "{{ item.swap }}"
+      ephemeral: "{{ item.ephemeral }}"
+    with_items: "{{ vm_flavors }}"
+
+  - name: Create networks
+    os_network:
+      endpoint_type: internal
+      cloud: default
+      state: present
+      name: "{{ item.name }}"
+      shared: "{{ item.shared }}"
+      external: "{{ item.external }}"
+      provider_network_type: "{{ item.network_type }}"
+      provider_physical_network: "{{ item.physical_network | default ('') }}"
+    with_items: "{{ networks }}"
+
+  - name: Create subnets on networks
+    os_subnet:
+      endpoint_type: internal
+      cloud: default
+      state: present
+      name: "{{ item.name }}"
+      network_name: "{{ item.network_name }}"
+      ip_version: "{{ item.ip_version }}"
+      cidr: "{{ item.cidr }}"
+      gateway_ip: "{{ item.gateway_ip }}"
+      enable_dhcp: "{{ item.enable_dhcp }}"
+      allocation_pool_start: "{{ item.allocation_pool_start }}"
+      allocation_pool_end: "{{ item.allocation_pool_end }}"
+      dns_nameservers: "{{ item.dns_nameservers | default([]) }}"
+    with_items: "{{ subnets }}"
+
+  - name: Create a router on both public and private networks
+    os_router:
+      endpoint_type: internal
+      cloud: default
+      state: present
+      name: "{{ router_name }}"
+      network: "{{ provider_net_name }}"
+      interfaces:
+        - "{{ private_subnet_name }}"
+    ignore_errors: yes  # will report error if this router already exists
+    register: router_details
+
+  - name: Get list of security groups
+    # Must use shell here because Ansible does not have os_security_group_facts module
+    shell: "source openrc ; openstack security group list -f yaml | awk '/ID/ {print $2}'"
+    args:
+      executable: /bin/bash
+    register: sec_groups
+
+  - name: Setup rules on all security groups
+    os_security_group_rule:
+      endpoint_type: internal
+      cloud: default
+      security_group: "{{ item[1] }}"
+      protocol: "{{ item[0].protocol }}"
+      direction: "{{ item[0].direction }}"
+      port_range_min: "{{ item[0].port_min | default(-1) }}"
+      port_range_max: "{{ item[0].port_max | default(-1) }}"
+    with_nested:
+      - "{{ security_group_rules }}"
+      - "{{ sec_groups.stdout_lines }}"
+
+# Install some Linux system images
+  - include: ./openstack-image-setup.yml
+    with_items: "{{ images }}"
+
diff --git a/multi-node-aio/playbooks/site.yml b/multi-node-aio/playbooks/site.yml
index f3afc04a..c5d33b48 100644
--- a/multi-node-aio/playbooks/site.yml
+++ b/multi-node-aio/playbooks/site.yml
@@ -31,4 +31,8 @@
 
 - include: deploy-osa.yml
   when:
-    - deploy_osa | default(true) | bool
\ No newline at end of file
+    - deploy_osa | default(true) | bool
+
+- include: openstack-service-setup.yml
+  when:
+    - configure_openstack | default(true) | bool
diff --git a/multi-node-aio/playbooks/vars/openstack-service-config.yml b/multi-node-aio/playbooks/vars/openstack-service-config.yml
new file mode 100644
index 00000000..a5c5a862
--- /dev/null
+++ b/multi-node-aio/playbooks/vars/openstack-service-config.yml
@@ -0,0 +1,143 @@
+---
+# This file contains data that controls the post-deployment configuration
+# of OpenStack by the Ansible playbook openstack-service-setup.yml
+
+# Define a set of VM flavors to be created
+vm_flavors:
+  - name: m1.micro
+    ram: 256
+    vcpus: 1
+    disk: 1
+    swap: 0
+    ephemeral: 0
+  - name: m1.tiny
+    ram: 512
+    vcpus: 1
+    disk: 1
+    swap: 0
+    ephemeral: 0
+  - name: m1.mini
+    ram: 1024
+    vcpus: 2
+    disk: 3
+    swap: 0
+    ephemeral: 0
+  - name: m1.small
+    ram: 2048
+    vcpus: 3
+    disk: 12
+    swap: 4
+    ephemeral: 4
+  - name: m1.medium
+    ram: 4096
+    vcpus: 6
+    disk: 60
+    swap: 4
+    ephemeral: 20
+  - name: m1.large
+    ram: 8192
+    vcpus: 12
+    disk: 300
+    swap: 4
+    ephemeral: 150
+  - name: m1.xlarge
+    ram: 16384
+    vcpus: 24
+    disk: 600
+    swap: 4
+    ephemeral: 256
+  - name: m1.heavy
+    ram: 32768
+    vcpus: 48
+    disk: 1200
+    swap: 4
+    ephemeral: 256
+
+# Create shared networks and subnets:
+provider_net_name: GATEWAY_NET
+provider_net_cidr: 10.29.248.0/22
+provider_dns_server: "{{ DNS_NAMESERVER | default('8.8.8.8') }}"
+provider_subnet_name: "{{ provider_net_name }}_SUBNET"
+
+private_net_name: PRIVATE_NET
+private_net_cidr: 192.168.0.0/24
+private_subnet_name: "{{ private_net_name }}_SUBNET"
+
+networks:
+  - name: "{{ provider_net_name }}"
+    shared: true
+    external: true
+    network_type: flat
+    physical_network: flat
+  - name: "{{ private_net_name }}"
+    shared: true
+    external: true
+    network_type: vxlan
+    segmentation_id: 101
+
+subnets:
+  - name: "{{ provider_subnet_name }}"
+    network_name: "{{ provider_net_name }}"
+    ip_version: 4
+    cidr: "{{ provider_net_cidr }}"
+    gateway_ip: "{{ provider_net_cidr | ipaddr('1') | ipaddr('address') }}"
+    enable_dhcp: false
+    allocation_pool_start: "{{ provider_net_cidr | ipaddr('201') | ipaddr('address') }}"
+    allocation_pool_end:   "{{ provider_net_cidr | ipaddr('255') | ipaddr('address') }}"
+    dns_nameservers:
+       - "{{ provider_dns_server }}"
+  - name: "{{ private_subnet_name }}"
+    network_name: "{{ private_net_name }}"
+    ip_version: 4
+    cidr: "{{ private_net_cidr }}"
+    gateway_ip: "{{ private_net_cidr | ipaddr('1') | ipaddr('address') }}"
+    enable_dhcp: true
+    allocation_pool_start: "{{ private_net_cidr | ipaddr('10') | ipaddr('address') }}"
+    allocation_pool_end:   "{{ private_net_cidr | ipaddr('254') | ipaddr('address') }}"
+
+router_name: GATEWAY_NET_ROUTER
+security_group_name: gateway_security
+port_name: gateway_port
+
+# Neutron security group setup
+security_group_rules:
+  - name: Allow ICMP
+    protocol: icmp
+    direction: ingress
+  - name: Allow all TCP
+    protocol: tcp
+    direction: ingress
+    port_min: 1
+    port_max: 65535
+  - name: Allow all UDP
+    protocol: udp
+    direction: ingress
+    port_min: 1
+    port_max: 65535
+
+# Create some default images
+images:
+  - name: Ubuntu 14.04 LTS
+    format: qcow2
+    url: http://uec-images.ubuntu.com/releases/14.04/release/ubuntu-14.04-server-cloudimg-amd64-disk1.img
+  - name: Ubuntu 16.04
+    format: qcow2
+    url: http://uec-images.ubuntu.com/releases/16.04/release/ubuntu-16.04-server-cloudimg-amd64-disk1.img
+  - name: Fedora 24
+    format: qcow2
+    url: http://dfw.mirror.rackspace.com/fedora/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.qcow2
+  - name: CentOS 7
+    format: qcow2
+    url: http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
+  - name: OpenSuse Leap 42.3
+    format: qcow2
+    url: http://download.opensuse.org/repositories/Cloud:/Images:/Leap_42.3/images/openSUSE-Leap-42.3-OpenStack.x86_64-0.0.4-Build2.223.qcow2
+  - name: Debian 9.1.0
+    format: qcow2
+    url: http://cdimage.debian.org/cdimage/openstack/current/debian-9.1.0-openstack-amd64.qcow2
+  - name: Debian TESTING
+    format: qcow2
+    url: http://cdimage.debian.org/cdimage/openstack/testing/debian-testing-openstack-amd64.qcow2
+  - name: Cirros-0.3.5
+    format: qcow2
+    url: http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img