diff --git a/.gitignore b/.gitignore index ae30ac1..007aec8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,3 @@ _secrets.yml -_elb_secrets.yml -_ecs_secrets.yml _user_data*.txt -_tenant.ini *.retry diff --git a/BUILDSERVICE.md b/BUILDSERVICE.md new file mode 100644 index 0000000..d835df9 --- /dev/null +++ b/BUILDSERVICE.md @@ -0,0 +1,33 @@ +Build your own images with ansible +================================== + +1. Download Ubuntu Cloud Image +2. Upload to IMS (private, generic name) +3. Boot VM with this image +4. Login ssh, install, configure, doing things +5. Shutdown VM +6. Upload VM image to IMS (private, customize name) + +Supported OS: +============= + +* Ubuntu 14.04 +* Ubuntu 16.04 + +Requirements: +============= + +** adjust buildservice_var.yml ** + +S3 credentials in _secrets.yml + +Usage: +====== + +``` +ansible-playbook -i hosts buildservice.yml -e "distro=trusty" --vault-password-file vaultpass.txt + +ansible-playbook -i hosts buildservice.yml -e "distro=xenial" --vault-password-file vaultpass.txt +``` + +Easy to adapt for other operating systems diff --git a/CONNECT.md b/CONNECT.md index 8e46849..22fbffd 100644 --- a/CONNECT.md +++ b/CONNECT.md @@ -5,12 +5,11 @@ How to connect to the Open Telekom Cloud Install prerequisites as root on your Ubuntu 16.04 machine: - ``` -add-apt-repository -y ppa:ansible/ansible apt-get update -apt-get -y install curl git ansible python-openstackclient python-pip python-jmespath python-netaddr libs3-2 jq +apt-get -y install curl git python-openstackclient python-pip python-jmespath python-netaddr libs3-2 jq pip install python-otcclient +pip install ansible==2.2.0.0 ``` Follow instruction as normal user. You need always username, password, domain data. @@ -119,8 +118,6 @@ cd ~ git clone https://github.com/eumel8/ansible-otc.git cd ansible-otc cp secrets.yml _secrets.yml -cp ecs_secrets.yml _ecs_secrets.yml -cp elb_secrets.yml _elb_secrets.yml ansible-vault edit _secrets.yml --vault-password-file vaultpass.txt ``` diff --git a/DNS.md b/DNS.md new file mode 100644 index 0000000..a505d91 --- /dev/null +++ b/DNS.md @@ -0,0 +1,133 @@ +# OTC DNS - the complete example + +DNS services are provided by OTC since months. Now the complete stack +is reworked so we can take a closer look on API service. + +![OTC Dashboard](/pictures/otc-dns.png) + +The service is located on the dashboard in the network services area. +There are 3 main features as you can see on the screen: + +* Public Zones +* Private Zones +* PTR-Records + +Private Zones and PTR-Records are completly new. If you have older +implementation with setup reverse zones, please update to the new one. +A good thing: it's simple! + +![OTC API](/pictures/otc-dns-api.png) + +Documentation can you found at https://docs.otc.t-systems.com/en-us/dns_dld/index.html + +Let's start to implement some DNS entries via API. We will do this with Ansible. + +First of all we need connection to OTC. Use the [Connect Cheat Sheet](https://github.com/eumel8/ansible-otc/blob/poc_dns_v2/CONNECT.md) + +It's a good idea to install openstack-client because ansible will use +the same os-client-config. + +``` +git clone -b poc_dns_v2 https://github.com/eumel8/ansible-otc.git +cd ansible-otc +cp secrets.yml _secrets.yml +``` +In _secrets.yml are only S3 credentials stored. You need to adjust *env.yml* +with the used profile name in clouds.yml. Ignore the *_secrets.yml* settings + +``` +# adjust account data here or in clouds.yml +USERNAME: "" +PASSWORD: "" +DOMAIN: "OTC-EU-DE-0000000000100000XXXX" +PROJECT_NAME: "eu-de" + +EC2_ACCESS_KEY: "" +EC2_SECRET_KEY: "" +EC2_URL: "https://obs.otc.t-systems.com" + +# endpoint urls +IAM_AUTH_URL: "https://iam.{{ PROJECT_NAME }}.otc.t-systems.com/v3" +AUTH_URL_ELB: "https://elb.{{ PROJECT_NAME }}.otc.t-systems.com/v1.0" +AUTH_URL_ECS_CLOUD: "https://ecs.{{ PROJECT_NAME }}.otc.t-systems.com/v1" +AUTH_URL_RDS: "https://rds.{{ PROJECT_NAME }}.otc.t-systems.com/rds/v1" +``` + +Service endpoint for DNS is provided by IAM, so it's not necessary to setup. + + +Imagine we have a tenant.ini with the configuration of all resources in our tenant. +DNS configuration are also there: + +![tenant.ini](/pictures/tenant-ini-dns.png) + +**Public** zones are isolated on OTC. You can host your zones there but there +is no registration service to catch new domains. This means you need to +delegate your elsewhere registered domains to the public OTC server: + +**ns1.open-telekom-cloud.com** and **ns2.open-telekom-cloud.com** + +Before you need to configure your zone in OTC (see below) because the domain +(and all sub-domain) are uniq bound to one tenant. If someone else has +configured the domain, you need the service desk to clarify. + +**Private zones** are only reachable in the selected VPC and with the resolver host **100.125.4.25** + +**Reverse DNS** (PTR records) are only provided for public ip (EIP). The +ip address must assigned to your tenant to set the PTR record. + +Related playbooks are *zone_create.yml*, *zonerecord_create.yml* and *ptrrecord_create.yml* + + +Lets start a virtual machine with a fixed private ip address and an allocated EIP: + +``` +ansible-playbook -i hosts tenant_create.yml -e "ecs_name=ansible-testi101" +``` + +In this play we allocate all resources to bootstrap our ECS instance, set the floating ip +address and the reverse DNS + +``` +ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" +``` + +Here we create zones and zonerecords. API works asynchron so if job processing is slow +you need to repeat the step if the zone is not ready when zonerecords are added. + +Tests: +``` +$ host -t A ansible-test101.ansible.otc.telekomcloud2.com ns1.open-telekom-cloud.com +Using domain server: +Name: ns1.open-telekom-cloud.com +Address: 46.29.103.61#53 +Aliases: + +ansible-test101.ansible.otc.telekomcloud2.com has address 160.44.207.211 + +$ host -t A 160.44.207.211 ns1.open-telekom-cloud.com +Using domain server: +Name: ns1.open-telekom-cloud.com +Address: 46.29.103.61#53 +Aliases: + +211.207.44.160.in-addr.arpa domain name pointer ansible-test101.ansible.otc.telekomcloud2.com. + +$ host ansible-test101.ansible.internal.corp 100.125.4.25 +Using domain server: +Name: 100.125.4.25 +Address: 100.125.4.25#53 +Aliases: + +ansible-test101.ansible.internal.corp has address 192.168.0.101 + +``` + +Remove DNS reverse entry: + +``` +ansible-playbook -i hosts ptrrecord_delete.yml -e "public_ip_address=160.44.207.211" +``` + +End of PoC. Look at the [other plays and roles](https://github.com/eumel8/ansible-otc) to interact with OTC API + diff --git a/README.md b/README.md index 0443010..70b5a1d 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ Roles |elb_backends | list backends for elastic loadbalancer| |elb_backends_create | create backends for elastic loadbalancer| |elb_backends_delete | delete backends for elastic loadbalancer| +|enable_snat | enable SNAT on specific VPC| |endpoints | discover API endpoints| |evs | list volumes| |evs_create | create a volume| @@ -57,13 +58,16 @@ Roles |evs_show | information about a specific volume| |flavors | show flavors| |images | show images| -|image_create | create an image from obs| +|image_create | create an image | |image_delete | delete an image | |job | show job status| |keypairs | show ssh keypairs| |keypair_create | create a ssh keypair| |keypair_delete | delete a ssh keypair| |lookup_name | lookup id by name (set_fact image_id, vpc_id, subnet_id, secgroup_id, flavor_id)| +|ptrrecord_create | create DNS PTR record for EIP| +|ptrrecord_delete | delete DNS PTR record for EIP| +|ptrrecords | show DNS PTR records for EIP| |rds_versions | list provided database versions for RDS| |rds_flavors | list provided flavors for selected database version in RDS| |services | discover API services| @@ -77,10 +81,11 @@ Roles |secgrouprule_create | create security group rule| |secgrouprule_delete | delete security group rule| |subnet | show subnet| -|subnet_create | create subnet (vars in subnet_var.yml)| +|subnet_create | create subnet| |subnet_delete | delete subnet| |token | get auth token| |vpc | show vpc| +|vpc_router | show vpc router info and set facts| |vpc_create | create vpc| |vpc_delete | delete vpc| |zones | show DNS zones| @@ -95,20 +100,19 @@ Requirements * curl * openssl * base64 -* ansible >=2.2.0.0 +* ansible==2.2.0.0 * python-jmespath * python-netaddr - *Ubuntu 12.04/14.04/16.04:* + *Ubuntu 14.04/16.04:* ``` apt-get install software-properties-common - apt-add-repository ppa:ansible/ansible apt-get update apt-cache policy ansible - # should have version >2.1.0 - apt-get install curl ansible python-jmespath python-netaddr + apt-get install curl python-pip python-jmespath python-netaddr + pip install ansible==2.2.0.0 ``` *OpenSuSE 13.2:* @@ -119,241 +123,290 @@ Requirements zypper install curl ansible python-jmespath python-netaddr ``` -(should work on all other *nix systems) +(should work on all other *nix systems, check the right version of ansible!!!) * :exclamation: credentials on OTC (username, password, domain, S3 access/secret key) +Files outside the repo +====================== +| filename | description| +|-------------------------------|------------| +|~/.config/openstack/clouds.yml | os-client configuration file for multiple openstack environments| + Files ===== | filename | description| |----------------|------------| |ajob | shell script to fetch job status from OTC| -|secrets.yml | var file for OTC credentials and endpoints (ansible-vault)| -|ecs_secrets.yml | var file for virtual machine and volume conf (ansible-vault)| -|elb_secrets.yml | var file for elastic loadbalancer conf (ansible-vault)| -|secgrouprule.yml| var file for single security group rule | -|subnet_var.yml | var file for subnet | +|env.yml | profile to use in clouds.yml| +|secrets.yml | var file for S3 credentials and endpoints (ansible-vault)| |vaultpass.txt | password file for ansible-vault. The default password is: linux :-)| |hosts | host file for ansible (we use only localhost)| |tenant.ini | configuration file for complete tenant| -Examples -======== + +os-client config +================ + +for more comfort and standardization we moved credential lookup from secrets.yml to clouds.yml (part of https://docs.openstack.org/developer/os-client-config/). If you already configured your OTC credentials there put your profile name in env.yml or use +``` + ansible-playbook -e "CLOUD=otc" ... +``` +if your profile named otc + + +Starting up +=========== ``` cp secrets.yml _secrets.yml - cp ecs_secrets.yml _ecs_secrets.yml - cp elb_secrets.yml _elb_secrets.yml ``` :exclamation: **adjust your own data in this file before you using the examples:** -list virtual machines +list virtual machines (with secrets.yml) ansible-playbook -i hosts ecs.yml --vault-password-file vaultpass.txt -create and start virtual machine (defined in _ecs_secrets.yml) - - ansible-playbook -i hosts ecs_create.yml -e @_ecs_secrets.yml --vault-password-file vaultpass.txt +list virtual machines (with clouds.yml) -create and start virtual machine (defined in _ecs_secrets.yml and overwrite options) - - ansible-playbook -i hosts ecs_create.yml -e @_ecs_secrets.yml -e "ecs_name=test02-ansible" --vault-password-file vaultpass.txt + ansible-playbook -i hosts ecs.yml create and start virtual machine with file injection (inject up to 5 max 1k base64 encoded files) - ansible-playbook -i hosts -e "ecs_fileinject_1=/etc/hosts ecs_fileinject_data_1=$(base64 -w 0 hosts.txt) ecs_fileinject_2=/root/README.md2 ecs_fileinject_data_2=$(base64 -w 0 hallo.txt)" ecs_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts ecs_create.yml -e "ecs_fileinject_1=/etc/hosts ecs_fileinject_data_1=$(base64 -w 0 hosts.txt) ecs_fileinject_2=/root/README.md2 ecs_fileinject_data_2=$(base64 -w 0 hallo.txt)" --vault-password-file vaultpass.txt create and start virtual machine with injection user_data (inject max 32k base64 encoded user-data files) - ansible-playbook -i hosts -e "ecs_user_data=$(base64 -w 0 user-data.txt)" ecs_create.yml --vault-password-file vaultpass.txt - -(!) You can define ecs_fileinject_1, ecs_fileinject_data_1 and ecs_user_data also in _ecs_secrets.yml. Files must be base64 encoded. + ansible-playbook -i hosts ecs_create.yml -e "ecs_user_data=$(base64 -w 0 user-data.txt)" --vault-password-file vaultpass.txt show virtual machine (single) - ansible-playbook -e "ecs_id=51b6558a-7a6d-49f4-94e5-f4ec94314746 ecs_name=test05-ansible" -i hosts ecs_show.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts ecs_show.yml -e "ecs_name=ansible-test01" delete virtual machine (only the machine) - ansible-playbook -e "ecs_id=51b6558a-7a6d-49f4-94e5-f4ec94314746 ecs_name=test05-ansible" -i hosts ecs_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts ecs_delete.yml -e "ecs_name=ansible-test01" delete virtual machine (delete also floating ip and attached volumes) - ansible-playbook -e "ecs_id=f6b7536e-b954-4d73-940f-248de71ce58b ecs_name=test06-ansible delete_publicip=1 delete_volume=1" -i hosts ecs_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts ecs_delete.yml -e "ecs_name=test01-ansible delete_publicip=1 delete_volume=1" - -show information about a single virtual machines - - ansible-playbook -e "ecs_id=f6b7536e-b954-4d73-940f-248de71ce58b ecs_name=test06-ansible" -i hosts ecs_info.yml --vault-password-file vaultpass.txt - list elastic loadbalancers - ansible-playbook -i hosts elb.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb.yml -create elastic loadbalancer +create elastic loadbalancer (tenant.ini) - ansible-playbook -i hosts elb_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_create.yml -e "elb_name=ansible-elb01" delete elastic loadbalancer - ansible-playbook -i hosts -e "elb_id=43848329789145988d1e0bf25edb5ea8" elb_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_delete.yml -e "elb_name=ansible-elb01" show elastic loadbalancer - ansible-playbook -i hosts -e "elb_id=43848329789145988d1e0bf25edb5ea8" elb_show.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_show.yml -e "elb_name=ansible-elb01" list elastic loadbalancer certificates - ansible-playbook -i hosts elb_certificate.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_certificate.yml -create elastic loadbalancer certificate +create elastic loadbalancer certificate (we hate comments in cert file) - ansible-playbook -i hosts -e "elb_certificate_name=ansible-cert elb_certificate_key_file=cert.key elb_certificate_certificate_file=cert.crt" elb_certificate_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_certificate_create.yml -e "elb_certificate_name=ansible-cert elb_certificate_key_file=cert.key elb_certificate_certificate_file=cert.crt" delete elastic loadbalancer certificates - ansible-playbook -i hosts -e "elb_certificate_id=43848329789145988d1e0bf25edb5ea8" elb_certificate_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_certificate_delete.yml -e "listener_certificate_name=ansible-cert" -create elastic loadbalancer healthcheck +create elastic loadbalancer healthcheck (tenant.ini) - ansible-playbook -i hosts -e "elb_listener_id=1595f0e7b6984395ab2832a22cd246f2" elb_healthcheck_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_healthcheck_create.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" delete elastic loadbalancer healthcheck - ansible-playbook -i hosts -e "elb_healthcheck_id=e12454b93f304b759be699cb0270648c" elb_healthcheck_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_healthcheck_delete.yml -e "elb_healthcheck_id=e12454b93f304b759be699cb0270648c" show elastic loadbalancer healthcheck - ansible-playbook -i hosts -e "elb_healthcheck_id=e12454b93f304b759be699cb0270648c" elb_healthcheck_show.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_healthcheck_show.yml -e "elb_healthcheck_id=e12454b93f304b759be699cb0270648c" list listener for elastic loadbalancer - ansible-playbook -i hosts -e "elb_id=e12454b93f304b759be699cb0270648c" elb_listener.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_listener.yml -e "elb_name=ansible-elb01" -create listener for elastic loadbalancer +create listener for elastic loadbalancer (tenant.ini) - ansible-playbook -i hosts -e "elb_id=e12454b93f304b759be699cb0270648c" elb_listener_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_listener_create.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" delete listener for elastic loadbalancer - ansible-playbook -i hosts -e "elb_listener_id=e12454b93f304b759be699cb0270648c" elb_listener_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_listener_delete.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener03" -list backends for elastic loadbalancer +list backends for elastic loadbalancer (tenant.ini) - ansible-playbook -i hosts -e "elb_listener_id=e12454b93f304b759be699cb0270648c elb_backends.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_backends.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" create backends for elastic loadbalancer - ansible-playbook -i hosts -e "elb_listener_id=e12454b93f304b759be699cb0270648c ecs_id=f6b7536e-b954-4d73-940f-248de71ce58b ecs_address=192.168.0.112" elb_backends_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_backends_create.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" -e "ecs_name=ansible-test01" -e "ecs_address=192.168.0.10" delete backends for elastic loadbalancer - ansible-playbook -i hosts -e "elb_listener_id=e12454b93f304b759be699cb0270648c elb_backends_id=f6b7536e-b954-4d73-940f-248de71ce58b" elb_backends_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts elb_backends_delete.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" -e "elb_backends_id=d15e2f8dd7d64d95a6b5c2a791cac408" + +enable SNAT on specific VPC + + ansible-playbook -i hosts snat_enable.yml -e "vpc_name=ansible-vpc1" -e "enable_snat=true" + +disable SNAT on specific VPC + + ansible-playbook -i hosts snat_enable.yml -e "vpc_name=ansible-vpc1" -e "enable_snat=false" discover API endpoints - ansible-playbook -i hosts endpoints.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts endpoints.yml list volumes - ansible-playbook -i hosts evs.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts evs.yml -create a volume (defined in ecs_secrets.yml) +create a volume (tenant.ini) - ansible-playbook -i hosts evs_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts evs_create.yml -e "evs_name=ansible-evs01" delete a volume - ansible-playbook -i hosts evs_delete.yml -e "evs_id=05f143e0-3ca9-4ec7-97e6-733dd281c283" --vault-password-file vaultpass.txt + ansible-playbook -i hosts evs_delete.yml -e "evs_name=ansible-evs01" show information about a single volume - ansible-playbook -i hosts evs_show.yml -e "evs_id=05f143e0-3ca9-4ec7-97e6-733dd281c283" --vault-password-file vaultpass.txt + ansible-playbook -i hosts evs_show.yml -e "evs_name=ansible-evs01" show flavors - ansible-playbook -i hosts flavors.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts flavors.yml show elastic ip-addresses - ansible-playbook -i hosts eip.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts eip.yml apply a new elastic ip-address (bandwidth between 1-300 MBit/s) - ansible-playbook -i hosts eip_apply.yml -e "eip_bandwidth_name=ansible-eip1" -e "eip_bandwidth_size=100" -e "public_ip_address=0.0.0.0" --vault-password-file vaultpass.txt + ansible-playbook -i hosts eip_apply.yml -e "eip_bandwidth_name=ansible-eip1" -e "eip_bandwidth_size=100" -e "public_ip_address=0.0.0.0" delete elastic ip-address - ansible-playbook -i hosts eip_delete.yml -e "eip_id=c417c3bf-fdd2-47c4-a64f-320add5759b5" --vault-password-file vaultpass.txt + ansible-playbook -i hosts eip_delete.yml -e "public_ip_address=160.44.195.18" show images - ansible-playbook -i hosts images.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts images.yml + +create image (from stopped ecs instance) + + ansible-playbook -i hosts image_create.yml -e "image_name=ansible-image01" -e "ecs_name=ansible-test01" + +create image (from obs image_url :) + + ansible-playbook -i hosts image_create.yml -e "image_name=ansible-image02" -e "image_url=ansible1:/xenial-server-cloudimg-amd64-disk1.vmdk" -e "image_min_disk=12" delete an image (API return code is 204 when success, ansible expected 200 and may give an error) - ansible-playbook -i hosts -e "image_id=af0a0bcf-7be3-4722-98ba-3350801a8cd5" image_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts -e "image_id=af0a0bcf-7be3-4722-98ba-3350801a8cd5" image_delete.yml show job status - ansible-playbook -e "job_id=2c9eb2c15693b00901571e32ad5e1755" -i hosts job.yml --vault-password-file vaultpass.txt + ansible-playbook -e "job_id=2c9eb2c15693b00901571e32ad5e1755" -i hosts job.yml ./ajob 2c9eb2c15693b00901571e32ad5e1755 show keypairs - ansible-playbook -i hosts keypairs.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts keypairs.yml create keypair - ansible-playbook -i hosts -e "ecs_adminkey=test-key" -e "keypair_file=~/.ssh/id_rsa.pub" keypair_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts -e "ecs_adminkey=test-key" -e "keypair_file=~/.ssh/id_rsa.pub" keypair_create.yml delete keypair - ansible-playbook -i hosts -e "ecs_adminkey=test-key" keypair_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts -e "ecs_adminkey=test-key" keypair_delete.yml lookup id by name (image) - ansible-playbook -i hosts lookup_name.yml -e "image_name=Community_Ubuntu_16.04_TSI_latest" --vault-password-file vaultpass.txt + ansible-playbook -i hosts lookup_name.yml -e "image_name=Community_Ubuntu_16.04_TSI_latest" lookup id by name (flavor) - ansible-playbook -i hosts lookup_name.yml -e "ecs_ram=2048" -e "ecs_vcpus=4" --vault-password-file vaultpass.txt + ansible-playbook -i hosts lookup_name.yml -e "ecs_ram=2048" -e "ecs_vcpus=4" lookup id by name (subnet) - ansible-playbook -i hosts lookup_name.yml -e "subnet_name=subnet-5831" --vault-password-file vaultpass.txt + ansible-playbook -i hosts lookup_name.yml -e "subnet_name=subnet-5831" lookup id by name (secgroup) - ansible-playbook -i hosts lookup_name.yml -e "secgroup_name=bitnami-wordpress-56a9-securitygroup" --vault-password-file vaultpass.txt + ansible-playbook -i hosts lookup_name.yml -e "secgroup_name=bitnami-wordpress-56a9-securitygroup" lookup id by name (vpc) - ansible-playbook -i hosts lookup_name.yml -e "vpc_name=vpc-4988" --vault-password-file vaultpass.txt + ansible-playbook -i hosts lookup_name.yml -e "vpc_name=vpc-4988" lookup id by name (eip) - ansible-playbook -i hosts lookup_name.yml -e "public_ip_address=160.44.1.1" --vault-password-file vaultpass.txt + ansible-playbook -i hosts lookup_name.yml -e "public_ip_address=160.44.1.1" lookup id by name (zone) - ansible-playbook -i hosts lookup_name.yml -e "zone_name=example.com." --vault-password-file vaultpass.txt + ansible-playbook -i hosts lookup_name.yml -e "zone_name=example.com." + +lookup id by name (ecs) + + ansible-playbook -i hosts lookup_name.yml -e "ecs_name=ansible-test01" + +lookup id by name (evs) + + ansible-playbook -i hosts lookup_name.yml -e "evs_name=ansible-evs01" + +lookup id by name (elb) + + ansible-playbook -i hosts lookup_name.yml -e "elb_name=ansible-elb01" + +lookup id by name (certificate) + + ansible-playbook -i hosts lookup_name.yml -e "listener_certificate_name=ansible-cert" + +lookup id by name (listener) + + ansible-playbook -i hosts lookup_name.yml -e "listener_name=ansible-listener01" -e "elb_name=ansible-elb01" + +create DNS PTR record for EIP + + ansible-playbook -i hosts ptrrecord_create.yml -e "public_ip_address=160.44.204.87" -e "ptr_name=ansible-test01.external.otc.telekomcloud.com" -e "ttl=300" + +delete DNS PTR record for EIP + + ansible-playbook -i hosts ptrrecord_delete.yml -e "public_ip_address=160.44.204.87" + +show DNS PTR records for EIP + + ansible-playbook -i hosts ptrrecords.yml list provided database versions for RDS - ansible-playbook -i hosts rds_versions.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts rds_versions.yml list provided flavors for selected database version in RDS - ansible-playbook -i hosts rds_flavors.yml -e "rds_version_id=286a34fc-a605-11e6-88fd-286ed488c9cb" --vault-password-file vaultpass.txt + ansible-playbook -i hosts rds_flavors.yml -e "rds_version_id=286a34fc-a605-11e6-88fd-286ed488c9cb" discover API services - ansible-playbook -i hosts services.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts services.yml show s3 buckets @@ -373,86 +426,91 @@ upload files in s3 object store (VHD, ZVHD, VMDK, QCOW2 are supported for otc im show security groups - ansible-playbook -i hosts secgroups.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts secgroups.yml show security groups (only from one vpc) - ansible-playbook -i hosts secgroups.yml -e "vpc_id=d59284de-ad78-4fee-8f2d-d6ff335f4961" --vault-password-file vaultpass.txt + ansible-playbook -i hosts secgroups.yml -e "vpc_name=ansible-vpc01" -create security group +create security group (subtask in tenant_create ecs section) - ansible-playbook -i hosts secgroup_create.yml -e "secgroup_name=ansible-secgroup01" -e "vpc_id=d59284de-ad78-4fee-8f2d-d6ff335f4961" --vault-password-file vaultpass.txt + .... delete security group - ansible-playbook -i hosts secgroup_delete.yml -e "secgroup_id="6e8ac0a0-e0ec-4c4d-a786-9c9c946fd673"" --vault-password-file vaultpass.txt + ansible-playbook -i hosts secgroup_delete.yml -e "secgroup_id=6e8ac0a0-e0ec-4c4d-a786-9c9c946fd673" -create security group rule +create security group rule (subtask in tenant_create ecs section) - ansible-playbook -i hosts secgrouprule_create.yml -e "secgroup_id=e67e7ef1-b582-47f7-a43f-6a244fd01353" -e @secgrouprule.yml --vault-password-file vaultpass.txt + ... delete security group rule - ansible-playbook -i hosts secgrouprule_delete.yml -e "secgrouprule_id=3c329359-fef5-402f-b29a-caac734065a1" --vault-password-file vaultpass.txt + ansible-playbook -i hosts secgrouprule_delete.yml -e "secgrouprule_id=3c329359-fef5-402f-b29a-caac734065a1" show subnets - ansible-playbook -i hosts subnet.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts subnet.yml -create subnet (vars in subnet_var.yml) +create subnet (subtask in tenant_create ecs section) - ansible-playbook -i hosts subnet_create.yml -e @subnet_var.yml --vault-password-file vaultpass.txt + ... delete subnet - ansible-playbook -i hosts subnet_delete.yml -e "vpc_id=0db2af4b-115d-426a-acae-889b025110c8" -e "subnet_id=3ec461e1-eca4-485b-a2a5-91a840968a4f" --vault-password-file vaultpass.txt + ansible-playbook -i hosts subnet_delete.yml -e "vpc_name=ansible-vpc01" -e "subnet_name=ansible-subnet01" show vpc - ansible-playbook -i hosts vpc.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts vpc.yml + +show vpc router info and set facts + + ansible-playbook -i hosts vpc_router.yml -e "vpc_name=ansible-vpc01" create vpc - ansible-playbook -i hosts vpc_create.yml -e "vpc_name=ansible-vpc1" -e "vpc_net=192.168.0.0/16" --vault-password-file vaultpass.txt + ansible-playbook -i hosts vpc_create.yml -e "vpc_name=ansible-vpc1" -e "vpc_net=192.168.0.0/16" delete vpc - ansible-playbook -i hosts vpc_delete.yml -e "vpc_id=0db2af4b-115d-426a-acae-889b025110c8" --vault-password-file vaultpass.txt + ansible-playbook -i hosts vpc_delete.yml -e "vpc_name=ansible-vpc01" + show DNS zones - ansible-playbook -i hosts zones.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts zones.yml create DNS zone (name and ttl are mandatory) - ansible-playbook -i hosts -e "zone_name=example.com." -e "zone_description=example zone" -e "zone_email=example@example.com" -e "zone_ttl=86400" zone_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts -e "zone_name=example.com." -e "zone_description=example zone" -e "zone_email=example@example.com" -e "zone_ttl=86400" zone_create.yml delete DNS zone - ansible-playbook -i hosts -e "zone_id=ff80808257e2bb5e0157ec5ca2620234" zone_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts -e "zone_id=ff80808257e2bb5e0157ec5ca2620234" zone_delete.yml show DNS zone records - ansible-playbook -i hosts zonerecords.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts zonerecords.yml create DNS zonerecord (A-Record) possible values A,AAAA,MX,CNAME,PTR,TXT,NS - ansible-playbook -i hosts -e "zone_id=ff80808257e2bb5e0157ec620968023a" -e "zonerecord_name=testserver.example.com." -e "zonerecord_type=A" -e "zonerecord_value=160.44.196.210" -e "zonerecord_ttl=86400" zonerecord_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts -e "zone_id=ff80808257e2bb5e0157ec620968023a" -e "zonerecord_name=testserver.example.com." -e "zonerecord_type=A" -e "zonerecord_value=160.44.196.210" -e "zonerecord_ttl=86400" zonerecord_create.yml create DNS zonerecord (PTR-Record) first create reverse zone: - ansible-playbook -i hosts -e "zone_name=210.196.44.160.in-addr.arpa." -e "zone_description=reverse zone 160.44.196.210" -e "zone_email=test@example.com" -e "zone_ttl=300" zone_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts -e "zone_name=210.196.44.160.in-addr.arpa." -e "zone_description=reverse zone 160.44.196.210" -e "zone_email=test@example.com" -e "zone_ttl=300" zone_create.yml then create PTR-Record: - ansible-playbook -i hosts -e "zone_id=ff80808257e2bb5e0157ec8911e60240" -e "zonerecord_name=210.196.44.160.in-addr.arpa." -e "zonerecord_type=PTR" -e "zonerecord_value=testserver.example.com" -e "zonerecord_ttl=300" zonerecord_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts -e "zone_id=ff80808257e2bb5e0157ec8911e60240" -e "zonerecord_name=210.196.44.160.in-addr.arpa." -e "zonerecord_type=PTR" -e "zonerecord_value=testserver.example.com" -e "zonerecord_ttl=300" zonerecord_create.yml beware of "." in the end of name and name convention of the PTR zones delete DNS zonerecord - ansible-playbook -i hosts -e "zone_id=ff80808257e2bb5e0157ec620968023a" -e "zonerecordid=ff80808257e2bb050157ec789b5e027e" zonerecord_delete.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts -e "zone_id=ff80808257e2bb5e0157ec620968023a" -e "zonerecordid=ff80808257e2bb050157ec789b5e027e" zonerecord_delete.yml Full Working Example @@ -466,7 +524,7 @@ This playbook will create VPC,Subnet, SecurityGroup, SSH-Keypair, allocate Float configure your DNS in tenant.ini and deploy all zones and zonerecords - ansible-playbook -i hosts dns_create.yml --vault-password-file vaultpass.txt + ansible-playbook -i hosts dns_create.yml --vault-password-file vaultpass.txt Contributing diff --git a/VARIABLES.md b/VARIABLES.md new file mode 100644 index 0000000..2ab2f81 --- /dev/null +++ b/VARIABLES.md @@ -0,0 +1,137 @@ +|variable|description| +|------------------------------|---------------------------------------------| +|availability_zone| name of the availability zone (e.g. eu-de_01)| +|availability_zone_id| UUID of the availability zone (static)| +|backend_member_id| +|backend_member_ip| +|certificate_names| +|ecs| +|ecs_address| +|ecs_adminkey| name of ssh-key| +|ecs_adminpass| Admin password of ECS instance| +|ecs_fileinject_1| file to inject in ECS| +|ecs_fileinject_2| file to inject in ECS| +|ecs_fileinject_3| file to inject in ECS| +|ecs_fileinject_4| file to inject in ECS| +|ecs_fileinject_6| file to inject in ECS| +|ecs_fileinject_data_1| data of injected file in ECS| +|ecs_fileinject_data_2| data of injected file in ECS| +|ecs_fileinject_data_3| data of injected file in ECS| +|ecs_fileinject_data_4| data of injected file in ECS| +|ecs_fileinject_data_5| data of injected file in ECS| +|ecs_id| UUID of ECS instance| +|ecs_ipaddress| local ipaddress of ECS instance| +|ecs_name| name of ECS instance| +|ecs_publicip| EIP of ECS (0.0.0.0 to apply new address| +|ecs_publicfqdn| DNS PTR record FQDN| +|ecs_publicttl| DNS PTR record TTL| +|ecs_user_data| cloud-init user_data to inject in ECS| +|ecs_volumetype| type of ECS volume (SATA,SAS,SSD)| +|eip| Value of FloatingIP (EIP)| +|eip_bandwidth_name| Name of EIP bandwith resource| +|eip_bandwidth_size| Size of EIP bandwith (1-500 MBit/sec)| +|eip_id| UUID of floating ipaddress| +|elb| +|elb_availability_zone| +|elbbackends| +|elb_backends_id| +|elb_bandwidth| +|elbcertifcate| +|elbcertificate| +|elb_certificate_name| +|elbhealthcheck| +|elb_id| +|elblist| +|elblistener| +|elblistner| +|elb_name| name of ELB instance| +|elb_secgroup_name| +|elb_subnet_name| +|elb_type| +|enable_snat| +|evs| +|evs_availability_zone| +|evs_backup_id| +|evs_ims_id| +|evs_multiattach| EVS is shareble (true/false)| +|evs_scsi| EVS volume is scsi device instead vdb| +|evs_name| EVS name| +|evs_size| EVS size in GB| +|evs_volume_type| EVS volume type (SATA/SAS/SSD)| +|external_network_id| UUID of the external network| +|flavor_id| UUID of selected flavor| +|healthcheck_connect_port| +|healthcheck_interval| +|healthcheck_protocol| +|healthcheck_timeout| +|healthcheck_treshold| +|healthcheck_uri| +|image_create| +|image_delete| +|image_id| UUID of selected IMS image| +|image_min_disk| +|image_name| +|image_os_version| +|job_id| +|keypair| +|keypair_file| +|listener_backend_port| +|listener_backend_port:| +|listener_backend_protocol| +|listener_certificate_id| +|listener_certificate_name| +|listener_cookie_timeout| +|listener_id| +|listener_lb_algorithm| +|listener_name| +|listener_port| +|listener_protocol| +|listener_session_sticky| +|listener_sticky_session_type| +|listener_tcp_timeout| +|ptr_name| name of PTR record for EIP| +|public_ip_address| +|router| +|router_id| +|secgroup| +|secgroup_id| +|secgroup_name| +|secgrouprule| +|secgroup_rule| +|secgrouprule_direction| +|secgrouprule_ethertype| +|secgrouprule_list| +|secgrouprule_port_range_max | +|secgrouprule_port_range_min| +|secgrouprule_protocol| +|secgrouprule_remote_group_id| +|secgrouprule_remote_ip_prefix| +|subnet| +|subnet_dhcp_enable| +|subnet_gateway| +|subnet_id| UUID of selected subnet| +|subnet_name| +|subnet_net| +|subnet_primary_dns| +|subnet_secondary_dns| +|token| +|ttl| TTL PTR records in sec| +|unhealthy_threshold| +|vpc| +|vpc_id| UUID of ECS instance| +|vpc_name| name of VPC| +|vpc_net| +|zone| +|zone_description| +|zone_email| +|zone_list| +|zone_name| +|zonerecord| +|zonerecord_description| +|zonerecord_list| +|zonerecord_name| +|zonerecord_ttl| +|zonerecord_type| +|zonerecord_value| +|zone_ttl| +|zone_type| diff --git a/backend_member_helper.yml b/backend_member_helper.yml new file mode 100644 index 0000000..cf48f95 --- /dev/null +++ b/backend_member_helper.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + gather_facts: no + roles: + - role: token + - role: lookup_name + - role: backend_member_helper diff --git a/buildservice.yml b/buildservice.yml new file mode 100644 index 0000000..4b1da6c --- /dev/null +++ b/buildservice.yml @@ -0,0 +1,249 @@ +--- + +- hosts: localhost + gather_facts: no + connection: local + vars_files: + - buildservice_var.yml + vars: + date: "{{ lookup('pipe', 'date +%Y%m%d') }}" + tasks: + - name: Download ubuntu image {{ distro }} + get_url: + url: "https://cloud-images.ubuntu.com/{{ distro}}/current/{{ distro }}-server-cloudimg-amd64-disk1.img" + dest: "./{{ distro }}-server-cloudimg-amd64-{{ date }}.vmdk" + force: yes + +- hosts: localhost + gather_facts: no + connection: local + vars: + date: "{{ lookup('pipe', 'date +%Y%m%d') }}" + bucket: "buildservice" + ecs_name: "buildserver" + object: "{{ distro }}-server-cloudimg-amd64-{{ date }}.vmdk" + vars_files: + - buildservice_var.yml + roles: + - role: s3_bucket_create + - role: s3_upload + +- hosts: localhost + gather_facts: no + connection: local + vars: + date: "{{ lookup('pipe', 'date +%Y%m%d') }}" + bucket: "buildservice" + image_name: "{{ distro }}-server-cloudimg-amd64-{{ date }}" + image_url: "{{ bucket }}:{{ distro }}-server-cloudimg-amd64-{{ date }}.vmdk" + image_min_disk: 12 + roles: + - role: token + - role: image_create + + tasks: + - name: Check image status + uri: + url: "{{ AUTH_URL_IMS }}/v2/cloudimages?name={{ image_name }}" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + when: image_name is defined + register: ims_result + until: (ims_result.content|from_json)|json_query('images[].status|[0]') == 'active' + retries: 50 + delay: 10 + +- name: Create VPC + hosts: localhost + gather_facts: no + vars_files: + - buildservice_var.yml + roles: + - role: token + - role: lookup_name + - role: vpc_create + +- name: Create Subnet + hosts: localhost + gather_facts: no + connection: local + vars_files: + - buildservice_var.yml + roles: + - role: token + - role: lookup_name + - role: subnet_create + +- name: Create Secgroup + hosts: localhost + gather_facts: no + vars_files: + - buildservice_var.yml + roles: + - role: token + - role: lookup_name + - role: secgroup_create + +- name: Create Secgrouprules + hosts: localhost + gather_facts: no + vars_files: + - buildservice_var.yml + roles: + - role: token + - role: lookup_name + tasks: + - name: secgrouprule_create role + include_role: + name: secgrouprule_create + vars: + secgrouprule_direction: "{{ item.value.secgrouprule_direction }}" + secgrouprule_ethertype: "{{ item.value.secgrouprule_ethertype }}" + secgrouprule_protocol: "{{ item.value.secgrouprule_protocol }}" + secgrouprule_port_range_min: "{{ item.value.secgrouprule_port_range_min }}" + secgrouprule_port_range_max: "{{ item.value.secgrouprule_port_range_max }}" + secgrouprule_remote_ip_prefix: "{{ item.value.secgrouprule_remote_ip_prefix }}" + with_dict: "{{ secgroup_rules }}" + +- name: Create Keypair + hosts: localhost + gather_facts: no + vars_files: + - buildservice_var.yml + roles: + - role: token + - role: lookup_name + - role: keypair_create + +- name: Create EIP + hosts: localhost + gather_facts: no + vars_files: + - buildservice_var.yml + roles: + - role: token + - role: lookup_name + - role: eip_apply + +- name: Create ECS + hosts: localhost + gather_facts: no + vars_files: + - buildservice_var.yml + vars: + date: "{{ lookup('pipe', 'date +%Y%m%d') }}" + image_name: "{{ distro }}-server-cloudimg-amd64-{{ date }}" + roles: + - role: token + - role: lookup_name + - role: ecs_create + - role: job + +- name: Switch to ECS + hosts: localhost + gather_facts: no + vars_files: + - buildservice_var.yml + tasks: + - name: Wait for ssh + local_action: wait_for + args: + port: 22 + host: "{{ public_ip_address }}" + delay: 60 + + - name: Install python2 first + raw: apt-get -y install python-simplejson + remote_user: ubuntu + become: true + become_method: sudo + become_user: root + delegate_to: "{{ public_ip_address }}" + + - name: Doing things on ECS + shell: apt-get update; apt-get -y install git puppet; rm -rf modules; mkdir modules; git clone https://github.com/dev-sec/puppet-os-hardening.git modules/os_hardening; git clone https://github.com/thias/puppet-sysctl.git modules/sysctl; git clone https://github.com/puppetlabs/puppetlabs-stdlib.git modules/stdlib; puppet apply --modulepath ./modules -e "include os_hardening" + remote_user: ubuntu + become: true + become_method: sudo + become_user: root + delegate_to: "{{ public_ip_address }}" + + - name: Stop ECS + shell: /sbin/shutdown -H +1 & + remote_user: ubuntu + become: true + become_user: root + become_method: sudo + ignore_errors: yes + delegate_to: "{{ public_ip_address }}" + +- name: Check ECS Status + hosts: localhost + gather_facts: no + vars: + ecs_name: "buildserver" + ecs_body: "{\"server\": { \"name\": \"{{ ecs_name }}\" }}" + roles: + - role: token + - role: lookup_name + tasks: + - name: Check API if ECS is stopped + uri: + url: "{{ AUTH_URL_ECS }}/servers/{{ ecs_id }}" + method: PUT + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ ecs_body|to_json }}" + register: ecs_status + until: (ecs_status.content|from_json)|json_query('server.status') != 'ACTIVE' + retries: 50 + delay: 10 + +- name: Create new image + hosts: localhost + gather_facts: no + vars: + ecs_name: "buildserver" + date: "{{ lookup('pipe', 'date +%Y%m%d') }}" + image_name: "buildservice-{{ distro }}-{{ date }}" + image_job_id: "{{ (image_create.content|from_json)|json_query('job_id') }}" + vars_files: + - buildservice_var.yml + roles: + - role: token + - role: lookup_name + - role: image_create + tasks: + - name: Request job status from API + uri: + url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/jobs/{{ image_job_id }}" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + when: image_job_id is defined + register: jobstatus + until: (jobstatus.content|from_json)|json_query('status') == 'SUCCESS' + retries: 50 + delay: 10 + +- name: Delete ECS + hosts: localhost + gather_facts: no + vars: + ecs_name: "buildserver" + delete_volume: true + vars_files: + - buildservice_var.yml + roles: + - role: token + - role: lookup_name + - role: ecs_delete diff --git a/buildservice_var.yml b/buildservice_var.yml new file mode 100644 index 0000000..013dddf --- /dev/null +++ b/buildservice_var.yml @@ -0,0 +1,38 @@ +--- +ecs_name: "buildserver" +# distro: "xenial" +bucket: "buildservice" +availability_zone: "eu-de-01" +vpc_name: "buildserver-vpc01" +vpc_net: "192.168.0.0/16" +subnet_name: "buildserver-subnet01" +subnet_net: "192.168.0.0/24" +subnet_gateway: "192.168.0.1" +subnet_dhcp_enable: true +subnet_primary_dns: 8.8.8.8 +subnet_secondary_dns: 8.4.4.8 +secgroup_name: "buildserver-secgroup01" +secgroup_rules: + 1: + secgrouprule_direction: ingress + secgrouprule_ethertype: IPv4 + secgrouprule_protocol: tcp + secgrouprule_port_range_min: 22 + secgrouprule_port_range_max: 22 + secgrouprule_remote_ip_prefix: 0.0.0.0/0 + 2: + secgrouprule_direction: ingress + secgrouprule_ethertype: IPv4 + secgrouprule_protocol: icmp + secgrouprule_port_range_min: null + secgrouprule_port_range_max: null + secgrouprule_remote_ip_prefix: "0.0.0.0/0" +ecs_volumetype: "SSD" +ecs_ram: "2048" +ecs_vcpus: "2" +ecs_adminkey: "buildserver-key" +keypair_file: "~/.ssh/id_rsa.pub" +ecs_ipaddress: "192.168.0.100" +public_ip_address: "160.44.201.86" +eip_bandwidth_name: "buildserver-eip01" +eip_bandwidth_size: "500" diff --git a/dns_create.yml b/dns_create.yml index dfbfed9..3a8e492 100644 --- a/dns_create.yml +++ b/dns_create.yml @@ -5,4 +5,6 @@ connection: local roles: - role: token + - role: lookup_name + - role: vpc_router - role: zonerecord_helper diff --git a/ecs_delete.yml b/ecs_delete.yml index b4ddeaf..76278eb 100644 --- a/ecs_delete.yml +++ b/ecs_delete.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: ecs_delete diff --git a/ecs_secrets.yml b/ecs_secrets.yml deleted file mode 100644 index e4bf26d..0000000 --- a/ecs_secrets.yml +++ /dev/null @@ -1,24 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -32313362313136346637646362346335653965383165326164653230303833653936346461306261 -6564396434383834386231303839313462323538613961620a326566626331636537333463343135 -35383761666630666337336533363530646534373861373430616463663665353966383932643339 -3231363266386137390a623464386238343939613436626565646161636536393565623033376262 -36363063656161383835613539623730623666323139653363356338316330326263643063333764 -62623434396266633938366130636164633939643564313937373138663734303432333464323934 -39626662323931663762336239323435373933656133656530303138366139303964336238326130 -64363337326336303364363262373137633664386135666566653835623863333239386136323635 -38373832336263356531326365623138303332623637613164303263306439666165643263303966 -31376331366336356265343938333534303065663833626436393133616633656236613930323539 -38326137383638373036363530353935323164323764383430666661363965383834353631383737 -63383266353162313363366463656162333563366339633536376333653461636661393264336561 -37636363636561313833623136613634613164636464323233366166383065666332373131343262 -33633565376336313034386130356461313964653637313339626162323530653565323762643134 -63616537313135336563396435643062383265643965396265336636363162336664636464663162 -39353634373662386262653064373730393835346137356435376531613035346538333832313363 -36316164643965353436646137633463653265643730366233613334643638653966343061623237 -36383666666535316264373461613932386132386464393634336632346136383034656432633133 -64346430393835323837326436336238643938383236393439333363303361373936316264613661 -30616464636535616431323935353939343632333334386537383232363762326432613966303936 -64313863366131636439653638386635333663303762336463623533646563653365353363303064 -34306261333362373763386661323361373433326266626230323839316536616437656665363537 -633863653731383566303630326364326466 diff --git a/ecs_show.yml b/ecs_show.yml index a1b8851..611a51f 100644 --- a/ecs_show.yml +++ b/ecs_show.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: ecs_show diff --git a/eip_delete.yml b/eip_delete.yml index 53c8fba..0570893 100644 --- a/eip_delete.yml +++ b/eip_delete.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: eip_delete diff --git a/elb_backends.yml b/elb_backends.yml index f4f7901..fb6d633 100644 --- a/elb_backends.yml +++ b/elb_backends.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: elb_backends diff --git a/elb_backends_create.yml b/elb_backends_create.yml index 15ccce4..89998c1 100644 --- a/elb_backends_create.yml +++ b/elb_backends_create.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: elb_backends_create diff --git a/elb_backends_delete.yml b/elb_backends_delete.yml index a6fcda5..9c2ee54 100644 --- a/elb_backends_delete.yml +++ b/elb_backends_delete.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: elb_backends_delete diff --git a/elb_certificate_delete.yml b/elb_certificate_delete.yml index 4248544..5799681 100644 --- a/elb_certificate_delete.yml +++ b/elb_certificate_delete.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: elb_certificate_delete diff --git a/elb_create.yml b/elb_create.yml index c12e2a5..be2cbd9 100644 --- a/elb_create.yml +++ b/elb_create.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: elb_create diff --git a/elb_delete.yml b/elb_delete.yml index 2febd21..2a05069 100644 --- a/elb_delete.yml +++ b/elb_delete.yml @@ -3,5 +3,6 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: elb_delete diff --git a/elb_healthcheck_create.yml b/elb_healthcheck_create.yml index 7463143..532ccee 100644 --- a/elb_healthcheck_create.yml +++ b/elb_healthcheck_create.yml @@ -1,6 +1,10 @@ --- - hosts: all gather_facts: no + vars_files: + - tenant_var_default.yml + - tenant_var.yml roles: - role: token + - role: lookup_name - role: elb_healthcheck_create diff --git a/elb_listener.yml b/elb_listener.yml index 6f90ec2..a3de313 100644 --- a/elb_listener.yml +++ b/elb_listener.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: elb_listener diff --git a/elb_listener_create.yml b/elb_listener_create.yml index d227ca1..44a2494 100644 --- a/elb_listener_create.yml +++ b/elb_listener_create.yml @@ -1,6 +1,10 @@ --- - hosts: all gather_facts: no + vars_files: + - tenant_var_default.yml + - tenant_var.yml roles: - role: token + - role: lookup_name - role: elb_listener_create diff --git a/elb_listener_delete.yml b/elb_listener_delete.yml index a57c74b..4e91ad0 100644 --- a/elb_listener_delete.yml +++ b/elb_listener_delete.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: elb_listener_delete diff --git a/elb_secrets.yml b/elb_secrets.yml deleted file mode 100644 index 3b53c26..0000000 --- a/elb_secrets.yml +++ /dev/null @@ -1,46 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64386139303439353066376465353039383636363439653934633961653363313734363163316232 -6666666133646565393233333565356236333534323262350a333065666331646439663832643964 -38326265623966343837356131616663393863373734643563336538656233653461383731663439 -6463323532663039650a613964626130623337626234363262653863656239343136393237633030 -33306164396463656463353361353432393366643363653137613532326130613863346536363036 -63656634366165316634363762343363356438636165653038356636663337323130656562323634 -30646263353839626330326234316237373264306364623336303561656132353261303038326639 -39356139646135656336326337373039643834353133346663346538633832306431663733303731 -36343066356438323337396331393734653961663966316338373232386233313230313339643733 -31376430373434663130366237366466396665373037386234396466343032613537366366363038 -63303839323335613562643763333635353537326365323030666530346566313939356437366161 -33326439373830393232353833383062373838636234383430656333616166613662623433613335 -32343330383735333261363539323766343566363637663366613664363634326165346138623236 -38616161653565656637333161376630613764666237626666646432663832653164366439343031 -31633265323031386331313161653662313561303634363038316132353033343331356663306639 -33376235336335646334383131623765653030646435393564346432626234386138393830356434 -64313135656231386164653839643538653038643562396662313463393433323833373165383764 -64396639313631353164613139303831366464636434666564656565356663396362636236393765 -66353961663935633364393264356131353030396630333731393338633334326431366565623061 -39613864303331663261383838313531653530316337353332633536613132323533663565306465 -65636132346539373434366231326561623837376534646336333039616337386133396561373938 -35383063376439376465373636303861356638306430666238646339303730626230383532616234 -34616665656438363563646538306364336630646365306564666633626438333535626465646138 -33663135643032353234306230626461363963373938333938356531356564636234343561386132 -61373766343136623064346331626339313930653364306233633066636631616132666538623564 -36666237663466343133316633393263303538393163623931353763346164343262343936383334 -35616232323636396535653261373161393763393430343539663065613161656165666331383537 -65353363383761353163666235396437653539633861616637316233336437393737613666373133 -63626266316466343637616663616630373831393461306164373961313336313363316636343463 -30653435313038373662313333633734633464616239363437386233633739363664633730343735 -35316239636638323232393234643537323362326364656339643037306331393133303462643262 -37663939376166633330393639343134393336303566626337646565633432356433333730316335 -32343130633164326339663432396563316338363665313262353532616333326136643962313731 -30366338626266326231373364616333643063356466663664356237313036353737316432353033 -39376136663466663330626335346331326561643738626235643235613736633031396361313335 -34383536623736363539346238323436313663616134636263633935353830666238393631373763 -35343335633232323539326138643037313032613734643363326432383137626534636634656536 -38613066623366346633333439333830363361343762316163383435643139666238663639333466 -34343139383330613435313562303561633962336663386664366130353165616634633339353665 -66633565636363643438383331316433316636313338633039343037313337343332346364366264 -38653166636536356164376666373334373263373939613133396234653839303230386630653734 -30393361623739653339333466656365343930366332646661663830353163356233386335663266 -65393666323834643638633562666337653637316636393837333236303464366664303866643865 -37316436376232383338393061343432306364333439363462313738666235303234363561616364 -6361 diff --git a/elb_show.yml b/elb_show.yml index 3d08d3b..4536a11 100644 --- a/elb_show.yml +++ b/elb_show.yml @@ -3,4 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: elb_show diff --git a/env.yml b/env.yml new file mode 100644 index 0000000..cf58d21 --- /dev/null +++ b/env.yml @@ -0,0 +1 @@ +CLOUD: "otc.19720" diff --git a/evs_create.yml b/evs_create.yml index 2f18d7a..f756cc2 100644 --- a/evs_create.yml +++ b/evs_create.yml @@ -1,8 +1,9 @@ --- - hosts: all gather_facts: no + vars_files: + - tenant_var_default.yml + - tenant_var.yml roles: - role: token - role: evs_create - - diff --git a/evs_delete.yml b/evs_delete.yml index fb8f92f..c7edd14 100644 --- a/evs_delete.yml +++ b/evs_delete.yml @@ -3,6 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: evs_delete - - diff --git a/evs_show.yml b/evs_show.yml index b7a34db..6c14f15 100644 --- a/evs_show.yml +++ b/evs_show.yml @@ -3,6 +3,5 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: evs_show - - diff --git a/image_create.yml b/image_create.yml index 4623905..b3436c2 100644 --- a/image_create.yml +++ b/image_create.yml @@ -3,6 +3,7 @@ gather_facts: no roles: - role: token + - role: lookup_name - role: image_create # http://support.hwclouds.com/en-us/api-ims/en-us_topic_0020092109.html diff --git a/pictures/otc-dns-api.png b/pictures/otc-dns-api.png new file mode 100644 index 0000000..32d4027 Binary files /dev/null and b/pictures/otc-dns-api.png differ diff --git a/pictures/otc-dns.png b/pictures/otc-dns.png new file mode 100644 index 0000000..bebab26 Binary files /dev/null and b/pictures/otc-dns.png differ diff --git a/pictures/tenant-ini-dns.png b/pictures/tenant-ini-dns.png new file mode 100644 index 0000000..1b49e24 Binary files /dev/null and b/pictures/tenant-ini-dns.png differ diff --git a/ptrrecord_create.yml b/ptrrecord_create.yml new file mode 100644 index 0000000..1edd6ba --- /dev/null +++ b/ptrrecord_create.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + gather_facts: no + roles: + - role: token + - role: lookup_name + - role: ptrrecord_create diff --git a/ptrrecord_delete.yml b/ptrrecord_delete.yml new file mode 100644 index 0000000..5d9d410 --- /dev/null +++ b/ptrrecord_delete.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + gather_facts: no + roles: + - role: token + - role: lookup_name + - role: ptrrecord_delete diff --git a/ptrrecords.yml b/ptrrecords.yml new file mode 100644 index 0000000..bea7580 --- /dev/null +++ b/ptrrecords.yml @@ -0,0 +1,6 @@ +--- +- hosts: all + gather_facts: no + roles: + - role: token + - role: ptrrecords diff --git a/roles/backend_member_helper/tasks/main.yml b/roles/backend_member_helper/tasks/main.yml new file mode 100644 index 0000000..753b0a2 --- /dev/null +++ b/roles/backend_member_helper/tasks/main.yml @@ -0,0 +1,51 @@ +- name: Request full ecs list from API + uri: + url: "{{ AUTH_URL_ECS }}/servers" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + register: ecs_result + when: listener_name is defined + +- name: Request detail ecs info from API + vars: + backend_member_name: "{{ ecs_result['json']|json_query(\"servers[?name=='\" + item + \"'].id|[0]\") }}" + uri: + url: "{{ AUTH_URL_ECS }}/servers/{{ backend_member_name }}" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + register: ecs + when: backend_members is defined + with_items: + - "{{ backend_members.split(',') }}" + +- name: Set fact backend_member_id + set_fact: + backend_member_id: "{{ ecs['results']|json_query('[].json.server.id') }}" + backend_member_ip: "{{ ecs['results']|json_query('[].json.server.addresses.*[*].addr[][]') }}" + when: ecs is defined and listener_id is defined + +- name: Send request to API + uri: + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners/{{ listener_id }}/members" + method: POST + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'roles/backend_member_helper/templates/request.json.j2')|to_json }}" + register: elbbackends + with_together: + - "{{ backend_member_id }}" + - "{{ backend_member_ip }}" + +- debug: + msg: "{{ elbbackends }}" + when: elbbackends is defined diff --git a/roles/backend_member_helper/templates/request.json.j2 b/roles/backend_member_helper/templates/request.json.j2 new file mode 100644 index 0000000..bf9de4c --- /dev/null +++ b/roles/backend_member_helper/templates/request.json.j2 @@ -0,0 +1,6 @@ +[ +{ + "server_id": "{{ item.0 }}", + "address": "{{ item.1 }}" +} +] diff --git a/roles/ecs/tasks/main.yml b/roles/ecs/tasks/main.yml index 56ce71a..7b5d989 100644 --- a/roles/ecs/tasks/main.yml +++ b/roles/ecs/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _secrets.yml - - name: Request ecs list from AUTH API uri: url: "{{ AUTH_URL_ECS }}/servers" diff --git a/roles/ecs_create/tasks/main.yml b/roles/ecs_create/tasks/main.yml index 9e15239..0a35e2e 100644 --- a/roles/ecs_create/tasks/main.yml +++ b/roles/ecs_create/tasks/main.yml @@ -1,5 +1,3 @@ -# - include_vars: _ecs_secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/cloudservers" @@ -12,12 +10,16 @@ HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/ecs_create/templates/request.json.j2')|to_json }}" register: ecs - when: ecs_name is defined + when: + - ecs_name is defined + - image_id is defined + - flavor_id is defined + - listener_name is undefined - set_fact: job_id: "{{ (ecs.content|from_json)|json_query('job_id') }}" - when: ecs is defined + when: ecs is defined and ecs.content|length != 0 - debug: msg: "{{ job_id }}" - + when: job_id is defined diff --git a/roles/elb/tasks/main.yml b/roles/elb/tasks/main.yml index 0b67605..0fbb114 100644 --- a/roles/elb/tasks/main.yml +++ b/roles/elb/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers" diff --git a/roles/elb_backends/tasks/main.yml b/roles/elb_backends/tasks/main.yml index ffadb46..6522ad4 100644 --- a/roles/elb_backends/tasks/main.yml +++ b/roles/elb_backends/tasks/main.yml @@ -1,8 +1,6 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: - url: "{{ AUTH_URL_ELB_LISTENER }}/{{ elb_listener_id}}/members?limit=10&marker=0" + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners/{{ listener_id}}/members?limit=10&marker=0" method: GET follow_redirects: all return_content: yes diff --git a/roles/elb_backends_create/tasks/main.yml b/roles/elb_backends_create/tasks/main.yml index fc5837b..cb0e09c 100644 --- a/roles/elb_backends_create/tasks/main.yml +++ b/roles/elb_backends_create/tasks/main.yml @@ -1,8 +1,6 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: - url: "{{ AUTH_URL_ELB_LISTENER }}/{{ elb_listener_id }}/members" + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners/{{ listener_id }}/members" method: POST body_format: raw follow_redirects: all diff --git a/roles/elb_backends_delete/tasks/main.yml b/roles/elb_backends_delete/tasks/main.yml index 433f4f3..3624dd6 100644 --- a/roles/elb_backends_delete/tasks/main.yml +++ b/roles/elb_backends_delete/tasks/main.yml @@ -1,8 +1,6 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: - url: "{{ AUTH_URL_ELB_LISTENER }}/{{ elb_listener_id }}/members/action" + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners/{{ listener_id }}/members/action" method: POST body_format: raw follow_redirects: all @@ -12,6 +10,7 @@ HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/elb_backends_delete/templates/request.json.j2')|to_json }}" register: elbbackends + when: listener_id is defined - debug: msg: "{{ elbbackends }}" diff --git a/roles/elb_certificate/tasks/main.yml b/roles/elb_certificate/tasks/main.yml index d2b255d..1cc2f8e 100644 --- a/roles/elb_certificate/tasks/main.yml +++ b/roles/elb_certificate/tasks/main.yml @@ -9,6 +9,10 @@ HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" register: elbcertificate -- debug: - msg: "{{ elbcertificate }}" +- set_fact: + certificate_names: "{{ (elbcertificate.content|from_json)|json_query('certificates[].name') }}" +- debug: +# msg: "{{ elbcertificate }}" + msg: "{{ certificate_names }}" + when: elbcertificate is defined diff --git a/roles/elb_certificate_delete/tasks/main.yml b/roles/elb_certificate_delete/tasks/main.yml index e79d6e8..a0d6b0a 100644 --- a/roles/elb_certificate_delete/tasks/main.yml +++ b/roles/elb_certificate_delete/tasks/main.yml @@ -1,14 +1,18 @@ - name: Send request to API uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/certificate/{{ elb_certificate_id}}" + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/certificate/{{ listener_certificate_id }}" method: DELETE follow_redirects: all return_content: yes validate_certs: yes + status_code: 200,201,202,203,204 HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - register: elbcerticate + register: elbcertifcate + when: listener_certificate_id is defined - debug: msg: "{{ elbcertifcate }}" - + when: + - elbcertifcate is defined + - listener_certificate_id is defined diff --git a/roles/elb_create/tasks/main.yml b/roles/elb_create/tasks/main.yml index 73b0643..3c1cd05 100644 --- a/roles/elb_create/tasks/main.yml +++ b/roles/elb_create/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers" @@ -11,6 +9,10 @@ HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/elb_create/templates/request.json.j2')|to_json }}" + when: + - listener_name is undefined + - vpc_id is defined + - elb_name is defined register: elb - debug: diff --git a/roles/elb_create/templates/request.json.j2 b/roles/elb_create/templates/request.json.j2 index cd783f3..531bc94 100644 --- a/roles/elb_create/templates/request.json.j2 +++ b/roles/elb_create/templates/request.json.j2 @@ -1,14 +1,14 @@ { "name": "{{ elb_name }}", - "vpc_id": "{{ elb_vpcid }}", + "vpc_id": "{{ vpc_id }}", {% if elb_type == "External" %} "bandwidth": "{{ elb_bandwidth }}", {% endif %} "type": "{{ elb_type }}", -{% if elb_type == "Internal" and elb_secgroup is defined %} - "security_group_id": "{{ elb_secgroup }}", - "az": "{{ elb_availability_zone_id }}", - "vip_subnet_id": "{{ elb_subnet_id }}", +{% if elb_type == "Internal" and secgroup_id is defined %} + "security_group_id": "{{ secgroup_id }}", + "az": "{{ availability_zone_id }}", + "vip_subnet_id": "{{ subnet_id }}", {% endif %} - "admin_state_up": {{ elb_admin_state_up }} + "admin_state_up": {{ admin_state_up }} } diff --git a/roles/elb_delete/tasks/main.yml b/roles/elb_delete/tasks/main.yml index 8adfe4f..22cc88a 100644 --- a/roles/elb_delete/tasks/main.yml +++ b/roles/elb_delete/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers/{{ elb_id }}" diff --git a/roles/elb_healthcheck_create/tasks/main.yml b/roles/elb_healthcheck_create/tasks/main.yml index cc059a3..21938d4 100644 --- a/roles/elb_healthcheck_create/tasks/main.yml +++ b/roles/elb_healthcheck_create/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/healthcheck" @@ -12,6 +10,7 @@ HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/elb_healthcheck_create/templates/request.json.j2')|to_json }}" register: elbhealthcheck + when: listener_id is defined and listener_id|length != 0 - debug: msg: "{{ elbhealthcheck }}" diff --git a/roles/elb_healthcheck_create/templates/request.json.j2 b/roles/elb_healthcheck_create/templates/request.json.j2 index c233340..240696e 100644 --- a/roles/elb_healthcheck_create/templates/request.json.j2 +++ b/roles/elb_healthcheck_create/templates/request.json.j2 @@ -1,21 +1,21 @@ { - "listener_id": "{{ elb_listener_id }}", -{% if healthcheck_connect_port is defined %} + "listener_id": "{{ listener_id }}", +{% if healthcheck_connect_port is defined and healthcheck_connect_port|length != 0 %} "healthcheck_connect_port": {{ healthcheck_connect_port }}, {% endif %} -{% if healthcheck_interval is defined %} +{% if healthcheck_interval is defined and healthcheck_interval|length != 0 %} "healthcheck_interval": {{ healthcheck_interval }}, {% endif %} -{% if healthcheck_protocol is defined %} +{% if healthcheck_protocol is defined and healthcheck_protocol|length != 0 %} "healthcheck_protocol": "{{ healthcheck_protocol }}", {% endif %} -{% if healthcheck_timeout is defined %} +{% if healthcheck_timeout is defined and healthcheck_timeout|length != 0 %} "healthcheck_timeout": {{ healthcheck_timeout }}, {% endif %} -{% if healthcheck_uri is defined %} +{% if healthcheck_uri is defined and healthcheck_uri|length != 0 %} "healthcheck_uri": "{{ healthcheck_uri }}", {% endif %} -{% if healthcheck_treshold is defined %} +{% if healthcheck_treshold is defined and healthcheck_treshold|length != 0 %} "healthcheck_treshold": {{ healthcheck_treshold }} {% endif %} } diff --git a/roles/elb_healthcheck_delete/tasks/main.yml b/roles/elb_healthcheck_delete/tasks/main.yml index 4c47cf9..b589e9a 100644 --- a/roles/elb_healthcheck_delete/tasks/main.yml +++ b/roles/elb_healthcheck_delete/tasks/main.yml @@ -5,6 +5,7 @@ follow_redirects: all return_content: yes validate_certs: yes + status_code: 200,201,202,203,204 HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" register: elbhealthcheck diff --git a/roles/elb_listener/tasks/main.yml b/roles/elb_listener/tasks/main.yml index 59c4d74..d72e01b 100644 --- a/roles/elb_listener/tasks/main.yml +++ b/roles/elb_listener/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners?loadbalancer_id={{ elb_id}}" @@ -10,6 +8,7 @@ HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" register: elblistener + when: elb_id is defined - debug: msg: "{{ elblistener }}" diff --git a/roles/elb_listener_create/tasks/main.yml b/roles/elb_listener_create/tasks/main.yml index a7f3f84..5a371c8 100644 --- a/roles/elb_listener_create/tasks/main.yml +++ b/roles/elb_listener_create/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners" @@ -12,6 +10,12 @@ HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/elb_listener_create/templates/request.json.j2')|to_json }}" register: elblistner + when: + - elb_id is defined + - listener_name is defined + +# - pause: +# minutes: 1 - debug: msg: "{{ elblistner }}" diff --git a/roles/elb_listener_create/templates/request.json.j2 b/roles/elb_listener_create/templates/request.json.j2 index 9f1a267..0e725cc 100644 --- a/roles/elb_listener_create/templates/request.json.j2 +++ b/roles/elb_listener_create/templates/request.json.j2 @@ -5,19 +5,19 @@ "port": {{ listener_port }}, "backend_protocol": "{{ listener_backend_protocol }}", "backend_port": {{ listener_backend_port }}, -{% if listener_certificate_id is defined %} +{% if listener_certificate_id is defined and listener_certificate_id|length != 0 %} "certificate_id": "{{ listener_certificate_id }}", {% endif %} -{% if listener_session_sticky is defined %} +{% if listener_session_sticky is defined and listener_session_sticky|length != 0 %} "session_sticky": "{{ listener_session_sticky }}", {% endif %} -{% if listener_sticky_session_type is defined %} +{% if listener_sticky_session_type is defined and listener_sticky_session_type|length != 0 %} "sticky_session_type": "{{ listener_sticky_session_type }}", {% endif %} -{% if listener_cookie_timeout is defined %} +{% if listener_cookie_timeout is defined and listener_cookie_timeout|length != 0 %} "cookie_timeout": "{{ listener_cookie_timeout }}", {% endif %} -{% if listener_tcp_timeout is defined %} +{% if listener_tcp_timeout is defined and listener_tcp_timeout|length != 0 %} "tcp_timeout": "{{ listener_tcp_timeout }}", {% endif %} "lb_algorithm": "{{ listener_lb_algorithm }}" diff --git a/roles/elb_listener_delete/tasks/main.yml b/roles/elb_listener_delete/tasks/main.yml index c927868..a876307 100644 --- a/roles/elb_listener_delete/tasks/main.yml +++ b/roles/elb_listener_delete/tasks/main.yml @@ -1,10 +1,11 @@ - name: Send request to API uri: - url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners/{{ elb_listener_id}}" + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners/{{ listener_id}}" method: DELETE follow_redirects: all return_content: yes validate_certs: yes + status_code: 200,201,202,203,204 HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" register: elblistener diff --git a/roles/elb_show/tasks/main.yml b/roles/elb_show/tasks/main.yml index 18b5f6f..4634c62 100644 --- a/roles/elb_show/tasks/main.yml +++ b/roles/elb_show/tasks/main.yml @@ -1,8 +1,6 @@ -- include_vars: _elb_secrets.yml - - name: Send request to API uri: - url: "{{ AUTH_URL_ELB }}/{{ elb_id }}" + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers/{{ elb_id }}" method: GET follow_redirects: all return_content: yes @@ -10,6 +8,7 @@ HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" register: elb + when: elb_id is defined - debug: msg: "{{ elb }}" diff --git a/roles/endpoints/tasks/main.yml b/roles/endpoints/tasks/main.yml index bcff548..4e846f3 100644 --- a/roles/endpoints/tasks/main.yml +++ b/roles/endpoints/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _secrets.yml - - name: Request endpoints list from AUTH API uri: url: "{{ IAM_AUTH_URL }}/endpoints" diff --git a/roles/evs_create/tasks/main.yml b/roles/evs_create/tasks/main.yml index 860e45c..6b7837d 100644 --- a/roles/evs_create/tasks/main.yml +++ b/roles/evs_create/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _ecs_secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_EVS }}/cloudvolumes" @@ -15,4 +13,3 @@ - debug: msg: "{{ evs }}" - diff --git a/roles/evs_create/templates/request.json.j2 b/roles/evs_create/templates/request.json.j2 index ddacebc..8acf059 100644 --- a/roles/evs_create/templates/request.json.j2 +++ b/roles/evs_create/templates/request.json.j2 @@ -12,8 +12,13 @@ {% if evs_backup_id is defined %} "backup_id": "{{ evs_backup_id }}", {% endif %} -{% if evs_shareable is defined %} - "shareable": "{{ evs_shareable }}", +{% if evs_scsi is defined and evs_scsi|length != 0 %} + "metadata": { + "hw:passthrough": {{ evs_scsi }} + }, +{% endif %} +{% if evs_multiattach is defined and evs_multiattach|length != 0 %} + "multiattach": {{ evs_multiattach }}, {% endif %} "count": 1 } diff --git a/roles/evs_delete/tasks/main.yml b/roles/evs_delete/tasks/main.yml index 3a7ac65..824e144 100644 --- a/roles/evs_delete/tasks/main.yml +++ b/roles/evs_delete/tasks/main.yml @@ -6,6 +6,7 @@ follow_redirects: all return_content: yes validate_certs: yes + status_code: 200,201,202,203,204 HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" register: evs diff --git a/roles/image_create/tasks/main.yml b/roles/image_create/tasks/main.yml index d62b470..87d6530 100644 --- a/roles/image_create/tasks/main.yml +++ b/roles/image_create/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_IMS }}/v2/cloudimages/action" @@ -12,7 +10,9 @@ HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/image_create/templates/request.json.j2')|to_json }}" register: image_create + when: image_name is defined - debug: msg: "{{ image_create }}" + when: image_create is defined diff --git a/roles/image_create/templates/request.json.j2 b/roles/image_create/templates/request.json.j2 index 7edb3a1..08d6c9b 100644 --- a/roles/image_create/templates/request.json.j2 +++ b/roles/image_create/templates/request.json.j2 @@ -1,8 +1,15 @@ { - "name": "{{ image_name }}", +{% if image_url is defined %} "image_url": "{{ image_url }}", +{% endif %} +{% if ecs_id is defined %} + "instance_id": "{{ ecs_id }}", +{% endif %} +{% if image_min_disk is defined %} + "min_disk": {{ image_min_disk }}, +{% endif %} {% if image_os_version is defined %} "__os_version":"{{ image_os_version }}", {% endif %} - "min_disk": {{ image_min_disk }} + "name": "{{ image_name }}" } diff --git a/roles/image_delete/tasks/main.yml b/roles/image_delete/tasks/main.yml index 7b48e08..bfded77 100644 --- a/roles/image_delete/tasks/main.yml +++ b/roles/image_delete/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_IMS }}/v2/images/{{ image_id }}" diff --git a/roles/job/tasks/main.yml b/roles/job/tasks/main.yml index b8f8f78..51d4793 100644 --- a/roles/job/tasks/main.yml +++ b/roles/job/tasks/main.yml @@ -6,8 +6,9 @@ validate_certs: yes HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + when: job_id is defined register: jobstatus - debug: msg: "{{ jobstatus.json }}" - + when: jobstatus is defined and jobstatus.content|length != 0 diff --git a/roles/keypair_create/tasks/main.yml b/roles/keypair_create/tasks/main.yml index df314b2..482d006 100644 --- a/roles/keypair_create/tasks/main.yml +++ b/roles/keypair_create/tasks/main.yml @@ -1,6 +1,10 @@ +- stat: path={{ keypair_file }} + register: keypair_file_stat + - name: grab ssh pub key shell: awk '$1=$1' ORS='\\n' {{ keypair_file }} register: keypair_file_content + when: keypair_file_stat.stat.exists - name: Send request to API uri: @@ -13,7 +17,9 @@ HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/keypair_create/templates/request.json.j2')|to_json }}" - when: (not ecs_adminkey_name or ecs_adminkey_name is undefined) + when: + - keypair_file_stat.stat.exists + - (not ecs_adminkey_name or ecs_adminkey_name is undefined) register: keypair - debug: diff --git a/roles/lookup_name/tasks/main.yml b/roles/lookup_name/tasks/main.yml index 97f8e9f..4db8932 100644 --- a/roles/lookup_name/tasks/main.yml +++ b/roles/lookup_name/tasks/main.yml @@ -1,4 +1,16 @@ +- name: Set fact for availability_zone_id (eu_de-01) + set_fact: + availability_zone_id: "bf84aba586ce4e948da0b97d9a7d62fb" + when: + - listener_name is undefined + - elb_availability_zone is defined and elb_availability_zone == "eu_de-01" +- name: Set fact for availability_zone_id (eu_de-02) + set_fact: + availability_zone_id: "bf84aba586ce4e948da0b97d9a7d62fc" + when: + - listener_name is undefined + - elb_availability_zone is defined and elb_availability_zone == "eu_de-02" - name: Request images list from API uri: @@ -11,7 +23,8 @@ when: image_name is defined register: ims_result -- set_fact: +- name: Set fact image_id if image_name is defined + set_fact: image_id: "{{ (ims_result.content|from_json)|json_query('images[].id|[0]') }}" when: image_name is defined @@ -26,11 +39,32 @@ when: vpc_name is defined register: vpc_result -- set_fact: +- name: Set fact vpc_id if vpc_name is defined + set_fact: vpc_id: "{{ (vpc_result.content|from_json)|json_query(\"vpcs[?name=='\" + vpc_name + \"'].id|[0]\") }}" when: vpc_name is defined -- name: Request subnet list from API +- name: Request subnet list from API for elb + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - listener_name is undefined + - elb_subnet_name is defined + register: subnet_result + +- name: Set fact for subnet_name if elb_subnet_name is defined + set_fact: + subnet_name: "{{ elb_subnet_name }}" + when: + - listener_name is undefined + - elb_subnet_name is defined and elb_subnet_name|length != 0 + +- name: Request subnet list from API for ecs uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/subnets" method: GET @@ -41,11 +75,32 @@ when: subnet_name is defined register: subnet_result -- set_fact: +- name: Set fact for subnet_id if subnet_name is defined + set_fact: subnet_id: "{{ (subnet_result.content|from_json)|json_query(\"subnets[?name=='\" + subnet_name + \"'].id|[0]\") }}" - when: subnet_name is defined + when: subnet_name is defined and subnet_name|length != 0 + +- name: Request secgroup list from API for elb + uri: + url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - listener_name is undefined + - elb_secgroup_name is defined + register: secgroup_result -- name: Request secgroup list from API +- name: Set fact secgroup_name if elb_secgroup_name is defined + set_fact: + secgroup_name: "{{ elb_secgroup_name }}" + when: + - listener_name is undefined + - elb_secgroup_name is defined + +- name: Request secgroup list from API for ecs uri: url: "{{ AUTH_URL_VPC }}/v1/{{ PROJECT_ID }}/security-groups" method: GET @@ -56,9 +111,11 @@ when: secgroup_name is defined register: secgroup_result -- set_fact: +- name: Set fact for secgroup_id if secgroup_name is defined + set_fact: secgroup_id: "{{ (secgroup_result.content|from_json)|json_query(\"security_groups[?name=='\" + secgroup_name + \"'].id|[0]\") }}" - when: secgroup_name is defined + when: + - secgroup_name is defined and secgroup_name| length != 0 - name: Request flavor list from API uri: @@ -68,12 +125,13 @@ validate_certs: yes HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" - when: ecs_ram is defined and ecs_vcpus is defined + when: (ecs_ram is defined and ecs_ram|length != 0) and (ecs_vcpus is defined and ecs_vcpus|length != 0) register: flavor_result -- set_fact: +- name: Set fact flavor_id if ecs_ram or ecs_vcpus is defined + set_fact: flavor_id: "{{ (flavor_result.content|from_json)|json_query('sort_by(flavors, &ram)|[?ram>=`' + ecs_ram + '` && vcpus>=`' + ecs_vcpus + '`].id|[0]') }}" - when: ecs_ram is defined and ecs_vcpus is defined + when: (ecs_ram is defined and ecs_ram |length != 0) or (ecs_vcpus is defined and ecs_vcpus|length != 0) - name: Request keypair list from API uri: @@ -86,9 +144,10 @@ when: ecs_adminkey is defined register: keypairlist_result -- set_fact: +- name: Set fact ecs_adminkey_name if ecs_adminkey is defined + set_fact: ecs_adminkey_name: "{{ (keypairlist_result.content|from_json)|json_query(\"keypairs[?keypair.name=='\" + ecs_adminkey + \"'].keypair.name\") }}" - when: ecs_adminkey is defined + when: ecs_adminkey is defined and ecs_adminkey|length != 0 - name: Request floatingip list from API uri: @@ -100,7 +159,8 @@ HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" register: floatingiplist_result -- set_fact: +- name: Set fact eip_id for eip if public_ip_address is defined + set_fact: eip_id: "{{ (floatingiplist_result.content|from_json)|json_query(\"publicips[?public_ip_address=='\" + public_ip_address + \"'].id|[0]\") }}" when: (public_ip_address is defined and public_ip_address | ipaddr) @@ -115,10 +175,94 @@ when: zone_name is defined register: zonelist_result -- set_fact: +- name: Set fact zone_id for dns if zone_name is defined + set_fact: zone_id: "{{ (zonelist_result.content|from_json)|json_query(\"zones[?name=='\" + zone_name + \"'].id|[0]\") }}" when: zone_name is defined -- debug: - msg: "{{ zone_id }}" - when: zone_id is defined +- name: Request ecs list from API + uri: + url: "{{ AUTH_URL_ECS }}/servers" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + register: ecs_result + when: ecs_name is defined + +- name: Set fact ecs_id for ecs if ecs_name is defined + set_fact: + ecs_id: "{{ (ecs_result.content|from_json)|json_query(\"servers[?name=='\" + ecs_name + \"'].id|[0]\") }}" + when: ecs_name is defined + +- name: Request evs list from API + uri: + url: "{{ AUTH_URL_EVS }}/cloudvolumes" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + register: evs_result + when: evs_name is defined + +- name: Set fact evs_id if evs_name is defined + set_fact: + evs_id: "{{ (evs_result.content|from_json)|json_query(\"volumes[?name=='\" + evs_name + \"'].id|[0]\") }}" + when: evs_name is defined + +- name: Request elb list from API + uri: + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/loadbalancers" + method: GET + follow_redirects: all + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + register: elb_result + when: elb_name is defined + +- name: Set fact elb_id for elb if elb_name is defined + set_fact: + elb_id: "{{ (elb_result.content|from_json)|json_query(\"loadbalancers[?name=='\" + elb_name + \"'].id|[0]\") }}" + when: elb_name is defined + +- name: Request elb certificate list from API + uri: + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/certificate" + method: GET + follow_redirects: all + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + register: listener_certificate_result + when: listener_certificate_name is defined and listener_certificate_name|length != 0 + +- name: Set fact listener_certificate_id for elb if listener_certificate_name is defined + set_fact: + listener_certificate_id: "{{ (listener_certificate_result.content|from_json)|json_query(\"certificates[?name=='\" + listener_certificate_name + \"'].id|[0]\") }}" + when: listener_certificate_name is defined and listener_certificate_name|length != 0 + +- name: Request elb listener from API + uri: + url: "{{ AUTH_URL_ELB }}/{{ PROJECT_ID }}/elbaas/listeners?loadbalancer_id={{ elb_id}}" + method: GET + follow_redirects: all + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + register: listener_result + when: elb_id is defined + +- name: Set fact listener_id for elb if listener_name is defined + set_fact: + listener_id: "{{ (listener_result.content|from_json)|json_query(\"[?name=='\" + listener_name + \"'].id|[0]\") }}" + when: listener_name is defined + +# - debug: +# msg: "{{ evs_id }}" +# when: evs_id is defined diff --git a/roles/ptrrecord_create/tasks/main.yml b/roles/ptrrecord_create/tasks/main.yml new file mode 100644 index 0000000..74aff8b --- /dev/null +++ b/roles/ptrrecord_create/tasks/main.yml @@ -0,0 +1,20 @@ +- name: send ptrrecord request to API + uri: + url: "{{ AUTH_URL_DNS }}/v2/reverse/floatingips/{{ PROJECT_NAME }}:{{ eip_id }}" + method: PATCH + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,400 + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'roles/ptrrecord_create/templates/request.json.j2')|to_json }}" + register: ptrrecord + when: + - (ptr_name is defined and ptr_name | length != 0) + - eip_id is defined + +- debug: + msg: "{{ ptrrecord }}" + diff --git a/roles/ptrrecord_create/templates/request.json.j2 b/roles/ptrrecord_create/templates/request.json.j2 new file mode 100644 index 0000000..f6c31fc --- /dev/null +++ b/roles/ptrrecord_create/templates/request.json.j2 @@ -0,0 +1,9 @@ +{ +{% if description is defined and description|length != 0 %} + "description": "{{ description }}", +{% endif %} +{% if ttl is defined and ttl|length != 0 %} + "ttl": {{ ttl }}, +{% endif %} + "ptrdname": "{{ ptr_name }}" +} diff --git a/roles/ptrrecord_delete/tasks/main.yml b/roles/ptrrecord_delete/tasks/main.yml new file mode 100644 index 0000000..60d75f0 --- /dev/null +++ b/roles/ptrrecord_delete/tasks/main.yml @@ -0,0 +1,19 @@ +- name: send ptrrecord request to API + uri: + url: "{{ AUTH_URL_DNS }}/v2/reverse/floatingips/{{ PROJECT_NAME }}:{{ eip_id }}" + method: PATCH + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,400 + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + body: '{ "ptrdname": null }' + register: ptrrecord + when: + - eip_id is defined + +- debug: + msg: "{{ ptrrecord }}" + diff --git a/roles/ptrrecords/tasks/main.yml b/roles/ptrrecords/tasks/main.yml new file mode 100644 index 0000000..934087d --- /dev/null +++ b/roles/ptrrecords/tasks/main.yml @@ -0,0 +1,15 @@ +- name: send ptrrecord request to API + uri: + url: "{{ AUTH_URL_DNS }}/v2/reverse/floatingips" + method: GET + follow_redirects: all + return_content: yes + validate_certs: yes + status_code: 200,201,202,203,400 + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + register: ptrrecord + +- debug: + msg: "{{ ptrrecord }}" + diff --git a/roles/ptrrecords/templates/request.json.j2 b/roles/ptrrecords/templates/request.json.j2 new file mode 100644 index 0000000..f6c31fc --- /dev/null +++ b/roles/ptrrecords/templates/request.json.j2 @@ -0,0 +1,9 @@ +{ +{% if description is defined and description|length != 0 %} + "description": "{{ description }}", +{% endif %} +{% if ttl is defined and ttl|length != 0 %} + "ttl": {{ ttl }}, +{% endif %} + "ptrdname": "{{ ptr_name }}" +} diff --git a/roles/rds_flavors/tasks/main.yml b/roles/rds_flavors/tasks/main.yml index aa29e11..daf1a04 100644 --- a/roles/rds_flavors/tasks/main.yml +++ b/roles/rds_flavors/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _secrets.yml - - name: Request rds flavors from API uri: url: "{{ AUTH_URL_RDS }}/{{ OS_USER_DOMAIN_ID }}/flavors?dbId={{ rds_version_id }}®ion={{ PROJECT_NAME }}" diff --git a/roles/rds_versions/tasks/main.yml b/roles/rds_versions/tasks/main.yml index 02f931a..acb5a85 100644 --- a/roles/rds_versions/tasks/main.yml +++ b/roles/rds_versions/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _secrets.yml - - name: Request rds list from API for mysql uri: url: "{{ AUTH_URL_RDS }}/{{ OS_USER_DOMAIN_ID }}/datastores/MySQL/versions" diff --git a/roles/secgrouprule_create/tasks/main.yml b/roles/secgrouprule_create/tasks/main.yml index 82b5f3d..8c358d3 100644 --- a/roles/secgrouprule_create/tasks/main.yml +++ b/roles/secgrouprule_create/tasks/main.yml @@ -6,7 +6,7 @@ follow_redirects: all return_content: yes validate_certs: yes - status_code: 200,201,202,203,204 + status_code: 200,201,202,203,204,409 HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/secgrouprule_create/templates/request.json.j2')|to_json }}" diff --git a/roles/secgrouprule_create/templates/request.json.j2 b/roles/secgrouprule_create/templates/request.json.j2 index aad5af9..1102306 100644 --- a/roles/secgrouprule_create/templates/request.json.j2 +++ b/roles/secgrouprule_create/templates/request.json.j2 @@ -1,25 +1,25 @@ { "security_group_rule": { "direction": "{{ secgrouprule_direction }}", -{% if secgrouprule_ethertype is defined %} +{% if secgrouprule_ethertype is defined and secgrouprule_ethertype|length != 0 %} "ethertype": "{{ secgrouprule_ethertype }}", {% endif %} -{% if secgrouprule_ethertype is defined %} +{% if secgrouprule_ethertype is defined and secgrouprule_ethertype|length != 0 %} "ethertype": "{{ secgrouprule_ethertype }}", {% endif %} -{% if secgrouprule_protocol is defined %} +{% if secgrouprule_protocol is defined and secgrouprule_protocol|length != 0 %} "protocol": "{{ secgrouprule_protocol }}", {% endif %} -{% if secgrouprule_port_range_min is defined %} +{% if secgrouprule_port_range_min is defined and secgrouprule_port_range_min|length != 0 %} "port_range_min": {{ secgrouprule_port_range_min }}, {% endif %} -{% if secgrouprule_port_range_max is defined %} +{% if secgrouprule_port_range_max is defined and secgrouprule_port_range_max|length != 0 %} "port_range_max": {{ secgrouprule_port_range_max }}, {% endif %} -{% if secgrouprule_remote_ip_prefix is defined %} +{% if secgrouprule_remote_ip_prefix is defined and secgrouprule_remote_ip_prefix|length != 0 %} "remote_ip_prefix": "{{ secgrouprule_remote_ip_prefix }}", {% endif %} -{% if secgrouprule_remote_group_id is defined %} +{% if secgrouprule_remote_group_id is defined and secgrouprule_remote_group_id|length != 0 %} "remote_group_id": "{{ secgrouprule_remote_group_id }}", {% endif %} "security_group_id": "{{ secgroup_id }}", diff --git a/roles/secgrouprule_helper/tasks/main.yml b/roles/secgrouprule_helper/tasks/main.yml index 1556601..db24b85 100644 --- a/roles/secgrouprule_helper/tasks/main.yml +++ b/roles/secgrouprule_helper/tasks/main.yml @@ -1,13 +1,24 @@ +- name: switch ecs or elb + set_fact: + ecs_name: "{{ elb_name }}" + when: + - elb_name is defined +# - listener_name is undefined + - name: fetch secgroup rules from ini set_fact: secgrouprules: "{{ item }}" with_ini: secgroup_rule[1-9] section={{ ecs_name }} file=tenant.ini re=true register: secgrouprule_reg + when: + - ecs_name is defined +# - listener_name is undefined - name: make a list from secgroup rules set_fact: secgrouprule_list: "{{ secgrouprule_reg.results | map(attribute='ansible_facts.secgrouprules') | list }}" + when: secgrouprule_reg is defined - name: send request to API vars: @@ -24,6 +35,9 @@ HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/secgrouprule_helper/templates/request.json.j2')|to_json }}" register: secgrouprule + when: + - secgroup_id is defined + - secgrouprule_reg is defined with_items: - "{{ secgrouprule_list }}" diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml index ba9e945..9e9fd87 100644 --- a/roles/services/tasks/main.yml +++ b/roles/services/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _secrets.yml - - name: Request services list from AUTH API uri: url: "{{ IAM_AUTH_URL }}/services" diff --git a/roles/snat_enable/tasks/main.yml b/roles/snat_enable/tasks/main.yml new file mode 100644 index 0000000..6dfd1d6 --- /dev/null +++ b/roles/snat_enable/tasks/main.yml @@ -0,0 +1,42 @@ +- name: Request router from API + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/routers/{{ vpc_id }}" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - vpc_id is defined + register: routerlist + +- set_fact: +# router_id: "{{ (routerlist.content|from_json)|json_query('router.id') }}" +# router_name: "{{ (routerlist.content|from_json)|json_query('router.name') }}" +# router_status: "{{ (routerlist.content|from_json)|json_query('router.status') }}" +# router_admin_state_up: "{{ (routerlist.content|from_json)|json_query('router.admin_state_up') }}" +# router_routes: "{{ (routerlist.content|from_json)|json_query('router.routes[]') }}" +# router_tenant_id: "{{ (routerlist.content|from_json)|json_query('router.tenant_id') }}" + external_network_id: "{{ (routerlist.content|from_json)|json_query('router.external_gateway_info.network_id') }}" +# external_network_snat_state: "{{ (routerlist.content|from_json)|json_query('router.external_gateway_info.enable_snat') }}" + when: routerlist is defined + +- name: Send request to API + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/routers/{{ vpc_id }}" + method: PUT + body_format: raw + follow_redirects: all + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + body: "{{ lookup('template', 'roles/snat_enable/templates/request.json.j2')|to_json }}" + when: + - vpc_id is defined + - enable_snat is defined + - external_network_id|length != 0 + register: router + +- debug: + msg: "{{ router }}" diff --git a/roles/snat_enable/templates/request.json.j2 b/roles/snat_enable/templates/request.json.j2 new file mode 100644 index 0000000..0fd092b --- /dev/null +++ b/roles/snat_enable/templates/request.json.j2 @@ -0,0 +1,8 @@ +{ + "router": { + "external_gateway_info": { + "network_id": "{{ external_network_id }}", + "enable_snat": {{ enable_snat }} + } + } +} diff --git a/roles/subnet_create/templates/request.json.j2 b/roles/subnet_create/templates/request.json.j2 index b003634..debf327 100644 --- a/roles/subnet_create/templates/request.json.j2 +++ b/roles/subnet_create/templates/request.json.j2 @@ -6,10 +6,10 @@ {% if subnet_dhcp_enable is defined %} "dhcp_enable": {{ subnet_dhcp_enable }}, {% endif %} -{% if subnet_primary_dns is defined %} +{% if subnet_primary_dns is defined and subnet_primary_dns | length != 0 %} "primary_dns": "{{ subnet_primary_dns }}", {% endif %} -{% if subnet_secondary_dns is defined %} +{% if subnet_secondary_dns is defined and subnet_secondary_dns|length != 0 %} "secondary_dns": "{{ subnet_secondary_dns }}", {% endif %} "availability_zone": "{{ availability_zone }}", diff --git a/roles/token/tasks/main.yml b/roles/token/tasks/main.yml index 36cd4de..444a00e 100644 --- a/roles/token/tasks/main.yml +++ b/roles/token/tasks/main.yml @@ -1,4 +1,36 @@ -- include_vars: _secrets.yml +- name: Load auth variable file from os-client config or ansible-vault secret + include_vars: "{{ item }}" + with_first_found: + - "env.yml" + - "_secrets.yml" + +- name: Set fact user home + set_fact: + user_home: "{{ lookup('env','HOME') }}" + +- stat: + path: "{{ user_home }}/.config/openstack/clouds.yml" + register: osclientconfigfile + +- name: Set fact os-client config file + set_fact: + os_client_config: "{{ lookup('file', osclientconfigfile.stat.path)|from_yaml }}" + when: osclientconfigfile.stat.exists + +- name: Set facts from os-client-config + set_fact: + USERNAME: "{{ os_client_config['clouds'][CLOUD]['auth']['username'] }}" + PASSWORD: "{{ os_client_config['clouds'][CLOUD]['auth']['password'] }}" + PROJECT_NAME: "{{ os_client_config['clouds'][CLOUD]['auth']['project_name'] }}" + DOMAIN: "{{ os_client_config['clouds'][CLOUD]['auth']['user_domain_name'] }}" + when: osclientconfigfile.stat.exists + +- name: Set fact generic endpoints + set_fact: + IAM_AUTH_URL: "https://iam.{{ PROJECT_NAME }}.otc.t-systems.com/v3" + AUTH_URL_ELB: "https://elb.{{ PROJECT_NAME }}.otc.t-systems.com/v1.0" + AUTH_URL_ECS_CLOUD: "https://ecs.{{ PROJECT_NAME }}.otc.t-systems.com/v1" + AUTH_URL_RDS: "https://rds.{{ PROJECT_NAME }}.otc.t-systems.com/rds/v1" - name: Request token from AUTH API uri: @@ -13,7 +45,8 @@ body: "{{ lookup('template', 'roles/token/templates/request.json.j2',convert_data=True)|to_json }}" register: token -- set_fact: +- name: Set facts dynamic endpoints + set_fact: # OS_USER_DOMAIN_ID: "{{ (token.content|from_json)['token']['user']['domain']['id'] }}" OS_USER_DOMAIN_ID: "{{ (token.content|from_json)|json_query('token.user.domain.id') }}" PROJECT_ID: "{{ (token.content|from_json)|json_query('token.project.id') }}" @@ -24,6 +57,7 @@ AUTH_URL_EVSv2: "{{ (token.content|from_json)|json_query('token.catalog[?type==`volumev2`].endpoints[].url|[0]') }}" AUTH_URL_RTS: "{{ (token.content|from_json)|json_query('token.catalog[?type==`orchestration`].endpoints[].url|[0]') }}" AUTH_URL_IMS: "{{ (token.content|from_json)|json_query('token.catalog[?type==`image`].endpoints[].url|[0]') }}" + IAM_AUTH_URL: "https://iam.{{ PROJECT_NAME }}.otc.t-systems.com/v3" # - debug: # msg: "{{ token }}" diff --git a/roles/vpc_create/tasks/main.yml b/roles/vpc_create/tasks/main.yml index 2b80bb4..4771efc 100644 --- a/roles/vpc_create/tasks/main.yml +++ b/roles/vpc_create/tasks/main.yml @@ -9,7 +9,9 @@ HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" body: "{{ lookup('template', 'roles/vpc_create/templates/request.json.j2')|to_json }}" - when: (not vpc_id and vpc_name is defined) + when: + - not vpc_id or vpc_id is undefined + - vpc_name is defined register: vpc - debug: diff --git a/roles/vpc_delete/tasks/main.yml b/roles/vpc_delete/tasks/main.yml index 4502a61..94fbeb8 100644 --- a/roles/vpc_delete/tasks/main.yml +++ b/roles/vpc_delete/tasks/main.yml @@ -10,7 +10,8 @@ HEADER_Content-Type: "application/json" HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" register: vpc + when: vpc_id is defined - debug: msg: "{{ vpc }}" - + when: vpc_id is defined diff --git a/roles/vpc_router/tasks/main.yml b/roles/vpc_router/tasks/main.yml new file mode 100644 index 0000000..6f23392 --- /dev/null +++ b/roles/vpc_router/tasks/main.yml @@ -0,0 +1,30 @@ +- name: Request router from API + uri: + url: "{{ AUTH_URL_VPC }}/v2.0/routers/{{ vpc_id }}" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + when: + - vpc_id is defined + register: routerlist + +- set_fact: + router_id: "{{ (routerlist.content|from_json)|json_query('router.id') }}" + router_name: "{{ (routerlist.content|from_json)|json_query('router.name') }}" + router_status: "{{ (routerlist.content|from_json)|json_query('router.status') }}" + router_admin_state_up: "{{ (routerlist.content|from_json)|json_query('router.admin_state_up') }}" + router_routes: "{{ (routerlist.content|from_json)|json_query('router.routes[]') }}" + router_tenant_id: "{{ (routerlist.content|from_json)|json_query('router.tenant_id') }}" + external_network_id: "{{ (routerlist.content|from_json)|json_query('router.external_gateway_info.network_id') }}" + external_network_snat_state: "{{ (routerlist.content|from_json)|json_query('router.external_gateway_info.enable_snat') }}" + when: + - vpc_id is defined + - routerlist is defined + +- debug: + msg: "{{ routerlist.json }}" + when: + - vpc_id is defined + - routerlist is defined diff --git a/roles/zone_create/tasks/main.yml b/roles/zone_create/tasks/main.yml index 326abb1..3d5e323 100644 --- a/roles/zone_create/tasks/main.yml +++ b/roles/zone_create/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_DNS }}/v2/zones" diff --git a/roles/zone_create/templates/request.json.j2 b/roles/zone_create/templates/request.json.j2 index 9510bd1..a467fab 100644 --- a/roles/zone_create/templates/request.json.j2 +++ b/roles/zone_create/templates/request.json.j2 @@ -6,6 +6,12 @@ {% if zone_type is defined %} "zone_type": "{{ zone_type }}", {% endif %} +{% if zone_type == "private" %} + "router": { + "router_id": "{{ router_id }}", + "router_region": "{{ PROJECT_NAME }}" + }, +{% endif %} {% if zone_email is defined %} "email": "{{ zone_email }}", {% endif %} diff --git a/roles/zonerecord_create/tasks/main.yml b/roles/zonerecord_create/tasks/main.yml index fc786e0..470c49b 100644 --- a/roles/zonerecord_create/tasks/main.yml +++ b/roles/zonerecord_create/tasks/main.yml @@ -1,5 +1,3 @@ -- include_vars: _secrets.yml - - name: Send request to API uri: url: "{{ AUTH_URL_DNS }}/v2/zones/{{ zone_id }}/recordsets" diff --git a/roles/zonerecord_helper/templates/zone.json.j2 b/roles/zonerecord_helper/templates/zone.json.j2 index d54755e..3d0ff2e 100644 --- a/roles/zonerecord_helper/templates/zone.json.j2 +++ b/roles/zonerecord_helper/templates/zone.json.j2 @@ -6,6 +6,12 @@ {% if zone_list_part[2]|length != 0 %} "zone_type": "{{ zone_list_part[2] }}", {% endif %} +{% if zone_list_part[2] == "private" %} + "router": { + "router_id": "{{ router_id }}", + "router_region": "{{ PROJECT_NAME }}" + }, +{% endif %} {% if zone_list_part[3]|length != 0 %} "email": "{{ zone_list_part[3] }}", {% endif %} diff --git a/secgroups.yml b/secgroups.yml index 125d47d..0c68e1c 100644 --- a/secgroups.yml +++ b/secgroups.yml @@ -1,7 +1,7 @@ --- - hosts: all + gather_facts: no roles: - role: token + - role: lookup_name - role: secgroups - - diff --git a/secrets.yml b/secrets.yml index 5bf38e4..d2804e2 100644 --- a/secrets.yml +++ b/secrets.yml @@ -1,33 +1,34 @@ $ANSIBLE_VAULT;1.1;AES256 -61313666663139373934613230386362653539623063666637383438386433336266313166373365 -6435386635373838323462363733363433353361323633630a656436623537623634386162366561 -62343831373030646330323435653837623465633162363832663365353035323266363731663936 -3131386335346335660a306531353438653362666565656263323537303665346263386463663631 -39343363616461666561623264616139616434303564626432306562373136326463313232316138 -39356164393461353138643131326662346130656566633431633837313734373331313234353039 -34663535356362383464366637653962633763313330353461383031633563386532623733326464 -30386237306632366532353361663364373133353262663232306234356430313461333565343039 -61613235646132373065323736316337346661356636653530343464353731656563616137386361 -37633437303834313562376430363031366166663261303066643335663265396663373530636236 -39353539353064653763386630623037383339393930346534343664396564313466393663613064 -61666136623438323931323763383763393535393562663035313039303435383032656236646433 -36346662353433326366626464646431326462343138386132333831643063623732373930393137 -63623733306635646230646665336537373735363731663237633265376336336632386262393630 -38323066316363643031323563623238316530616538303231393661393865366636393333373532 -32316438613739623863623438356663653933373830326433313337626539643636313237373639 -34353731386565303732353161393265643834623865646633623237623332626134323538666335 -39316234643736343962663961356362383133326338663232613564663563356161393864336563 -65393535333837383230313937653565313166326564373936646235343630353061393634323838 -35643732356463363033653636356461333262306636623138643663633834373136313338626635 -33313836363235656435663866663433656265343430396335643766663563643064663733356561 -38623364383665313664646139313938323065363638353332613836323933346266393339353832 -35366463653461613865653262623635313130656634643635626636616465623536666161393931 -63363564326366346134663931363837656231623334626536333036643465313939656462343363 -30303531353634653536393861373134626563323061363066613665306363336662333336343639 -63313934316536656239386264333933356435386136643364616463656665373063613666353235 -31623130393533346462633163313462646530316138333264656637316535363833613065623265 -35656137633561383234393733396265316361366234373434383331323238633062366239316665 -39373161373531313330363362333230633636386461386530623832316265386535633433333039 -33626265653734663239396662663535303362363631393832663661633764613761303230373638 -62393937343032343230386661623964346131613435623338656466386336343432623362616264 -61636536323832353932 +35616631313462613563643736613164396666333464616337633639653636303131666531383866 +6664313535343038386330623361353365303336396664390a336235643138343066366163303762 +35663639366262353437326233393765313863333430623065326437393733353833326662613930 +6362636637613132630a356431386166663736336332626164336330353432316237396437363537 +66343235626537343938326532383239336435626439623135643639333333346630353935336133 +36363535316565633932633338353761326237653362353765353030613662626561336164313032 +32326432373661373762666231316230613239366130353232343936616134353032373236633839 +31306163393636373730336265333966633830623432663365633536623964323839363565373933 +32353535323237393634343636306463356337313063623764663337343932323561343661623362 +66613635303633633332336262353565666264663062653262656262643938306662326337623631 +34653436623935613136363533646164623833346535643436613333313732623438313330373166 +32613766386639393635393362363838636265383937626263306463383033376563343836313235 +31373233616235653065653763393937383035373236663239363034343032383364636561383165 +37656233383333316139613830623634393639333733356336306532653962376662366565303435 +34623938663830376466393631643965613865643265616266366530616237666135316634323263 +34653034613335303162306533653764643335393434373436616438343235396537653638313732 +35393533313865316665393039646633626362356362636539383364633731636336626632303537 +32663561306264343032383536383431626262376634623530623331333532616262316238333064 +34366631366466363461333134663935383261636635646462393464643966636238343830323832 +61396362343930316666333364323831383238353937633766356436376634363765353739333738 +34326637643162636661663235336138366561336432623434626238633465653134333536623763 +66663338333136633132373138633637373036626135623662366437636262383238626135376339 +63613365383438306564656265636330323435373435333431633632376464653866366661633035 +34613239663636303566373335633138623937313535393833373139316530346230643162663864 +30663763353065346636623738313565613731646630373538356334646633323463323132396237 +30363433336338333364306165303534323939626531303561313163633234306265333463613332 +36326666333036656437616364333262303163363938626336353361656164383164616664643937 +36666466353463383332363739343263363561613565326361313837343735643462616337333231 +65623730613866326633346363623033333536633465363964383333656462376232613364633230 +30663431383463323765666632346531633330623065396232643466333530323862316631363939 +63396534656662326430326436643136363134323866363333613136633835313462363334326662 +61343265396362363761376238356134343461616462393465663063313135316562323737613639 +3134 diff --git a/snat_enable.yml b/snat_enable.yml new file mode 100644 index 0000000..b57d0b1 --- /dev/null +++ b/snat_enable.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + gather_facts: no + roles: + - role: token + - role: lookup_name + - role: snat_enable diff --git a/subnet_delete.yml b/subnet_delete.yml index 3549457..04866e2 100644 --- a/subnet_delete.yml +++ b/subnet_delete.yml @@ -2,4 +2,5 @@ - hosts: all roles: - role: token + - role: lookup_name - role: subnet_delete diff --git a/subnet_var.yml b/subnet_var.yml deleted file mode 100644 index 60f1c13..0000000 --- a/subnet_var.yml +++ /dev/null @@ -1,8 +0,0 @@ -subnet_name: "ansible-subnet01" -subnet_net: "192.168.5.0/24" -subnet_gateway: "192.168.5.1" -subnet_dhcp_enable: true -subnet_primary_dns: "8.8.8.8" -subnet_secondary_dns: "8.4.4.8" -availability_zone: "eu-de-02" -vpc_id: "0db2af4b-115d-426a-acae-889b025110c8" diff --git a/tenant.ini b/tenant.ini index 255b9dc..a52e292 100644 --- a/tenant.ini +++ b/tenant.ini @@ -1,87 +1,68 @@ # ini file for tenant configuration # each block for each vm # usage ecs: -# ansible-playbook -i hosts tenant_create.yml -e "ecs_name=ansible-test01" --vault-password-file vaultpass.txt -# usage dns: -# ansible-playbook -i hosts dns_create.yml --vault-password-file vaultpass.txt - +# ansible-playbook -i hosts tenant_create.yml -e "ecs_name=ansible-test01" +# ansible-playbook -i hosts tenant_delete.yml -e "ecs_name=ansible-test01" +# usage evs: +# ansible-playbook -i hosts evs_create.yml -e "evs_name=ansible-evs01" +# usage dns (public zones): +# ansible-playbook -i hosts dns_create.yml +# usage dns (internal usage, only in selected vpc): +# ansible-playbook -i hosts dns_create.yml -e "vpc_name=ansible-vpc01" +# usage elb (listener, healthcheck, backendmembers) +# ansible-playbook -i hosts tenant_create.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" +# [DEFAULT] image_name=Community_Ubuntu_16.04_TSI_latest +availability_zone=eu-de-01 +evs_availability_zone=eu-de-01 +vpc_name=ansible-vpc01 +vpc_net=192.168.0.0/16 +subnet_name=ansible-subnet01 +subnet_net=192.168.0.0/24 +subnet_gateway=192.168.0.1 +subnet_dhcp_enable=true +subnet_primary_dns=8.8.8.8 +subnet_secondary_dns=8.4.4.8 +secgroup_name=ansible-secgroup01 +secgroup_rule1=ingress;IPv4;tcp;22;22;0.0.0.0/0 +ecs_volumetype=SATA +ecs_ram=2048 +ecs_vcpus=2 +ecs_adminkey=ansible-key +keypair_file=~/.ssh/id_rsa.pub [dnszones] -# name; description; type; email-address; ttl -zone1=external.otc.telekomcloud.com.;Core Zone public OTC services;;cloud-operations@telekom.de;86400 -# zone2=80.196.44.160.in-addr.arpa.;Reverse OTC Zone;;cloud-operations@telekom.de;300 +# name; description; type (public/private); email-address; ttl (in sec) +zone1=ansible.internal.corp.;Core Zone internal services;private;cloud-operations@telekom.de;86400 +zone2=ansible.otc.telekomcloud2.com.;Core Zone public OTC services;public;cloud-operations@telekom.de;86400 [dnszonerecords] # domain; description; name; type; ttl; value -zonerecord1=external.otc.telekomcloud.com.;;console.external.otc.telekomcloud.com.;A;300;160.44.204.87 -# zonerecord2=80.196.44.160.in-addr.arpa.;Reverse OTC;80.196.44.160.in-addr.arpa.;PTR;300;console.otc.telekomcloud.com. +zonerecord1=ansible.internal.corp.;;ansible-test01.ansible.internal.corp.;A;300;192.168.0.101 +zonerecord2=ansible.otc.telekomcloud2.com.;;ansible-test01.ansible.otc.telekomcloud2.com.;A;300;160.44.201.86 [ansible-test01] -# image_name=Community_Ubuntu_14.04_TSI_latest -ecs_volumetype=SATA -ecs_ram=2048 -ecs_vcpus=2 -vpc_name=ansible-vpc01 secgroup_name=ansible-secgroup01 secgroup_rule1=ingress;IPv4;tcp;22;22;0.0.0.0/0 secgroup_rule2=ingress;IPv4;tcp;80;80;0.0.0.0/0 secgroup_rule3=egress;IPv4;tcp;80;80;0.0.0.0/0 secgroup_rule4=ingress;IPv4;icmp;;;0.0.0.0/0 -vpc_net=192.168.0.0/16 -subnet_name=ansible-subnet01 -subnet_net=192.168.0.0/24 -subnet_gateway=192.168.0.1 -subnet_dhcp_enable=true -subnet_primary_dns=8.8.8.8 -subnet_secondary_dns=8.4.4.8 -availability_zone=eu-de-02 ecs_ipaddress=192.168.0.101 -ecs_publicip=160.44.195.243 -eip_bandwidth_name=ansible-eip1 +ecs_publicip=160.44.201.86 +ecs_publicfqdn=ansible-test01.ansible.otc.telekomcloud2.com. +ecs_publicttl=300 +eip_bandwidth_name=ansible-eip01 eip_bandwidth_size=100 -ecs_adminkey=ansible-key -keypair_file=~/.ssh/id_rsa.pub [ansible-test02] -image_name=Community_Ubuntu_16.04_TSI_latest +image_name=Community_Ubuntu_14.04_TSI_latest ecs_volumetype=SATA ecs_ram=2048 -ecs_vcpus=2 -vpc_name=ansible-vpc01 -secgroup_name=ansible-secgroup01 -vpc_net=192.168.0.0/16 -subnet_name=ansible-subnet01 -subnet_net=192.168.0.0/24 -subnet_gateway=192.168.0.1 -subnet_dhcp_enable=true -subnet_primary_dns=8.8.8.8 -subnet_secondary_dns=8.4.4.8 -availability_zone=eu-de-02 +ecs_vcpus=4 ecs_ipaddress=192.168.0.102 -# ecs_publicip= -eip_bandwidth_name=ansible-eip1 -eip_bandwidth_size=100 -ecs_adminkey=ansible-key -keypair_file=~/.ssh/id_rsa.pub [ansible-test03] -image_name=Community_Ubuntu_16.04_TSI_latest -ecs_volumetype=SATA -ecs_ram=2048 -ecs_vcpus=2 -vpc_name=ansible-vpc01 -secgroup_name=ansible-secgroup01 -vpc_net=192.168.0.0/16 -subnet_name=ansible-subnet01 -subnet_net=192.168.0.0/24 -subnet_gateway=192.168.0.1 -subnet_dhcp_enable=true -subnet_primary_dns=8.8.8.8 -subnet_secondary_dns=8.4.4.8 -availability_zone=eu-de-02 +ecs_volumetype=SSD ecs_ipaddress=192.168.0.103 -ecs_publicip=0.0.0.0 -eip_bandwidth_name=ansible-eip1 -eip_bandwidth_size=100 -ecs_adminkey=ansible-key -keypair_file=~/.ssh/id_rsa.pub +# ecs_publicip=0.0.0.0 +# eip_bandwidth_name=ansible-eip1 +# eip_bandwidth_size=100 [console] image_name=Community_Ubuntu_16.04_TSI_latest ecs_volumetype=SATA @@ -110,4 +91,38 @@ eip_bandwidth_name=cloudcamp-eip1 eip_bandwidth_size=100 ecs_adminkey=eumel-key keypair_file=~/.ssh/id_rsa.pub - +[ansible-evs01] +evs_volume_type=SATA +evs_size=20 +# evs_multiattach=true +# evs_scsi=true +[ansible-elb01] +elb_type=External +elb_bandwidth=100 +admin_state_up=true +elb_availability_zone=eu_de-01 +elb_secgroup_name=ansible-secgroup02 +secgroup_rule1=ingress;IPv4;tcp;22;22;0.0.0.0/0 +secgroup_rule1=ingress;IPv4;tcp;80;80;0.0.0.0/0 +elb_subnet_name=ansible-subnet01 +[ansible-listener01] +# HTTP, HTTPS, TCP +listener_protocol=TCP +listener_port=22 +listener_backend_protocol=TCP +listener_backend_port=22 +# source, roundrobin, leastconn +listener_lb_algorithm=source +#listener_certificate_name=ansible-cert +#listener_tcp_timeout= +#listener_cookie_timeout= +#listener_sticky_session_type=insert +#listener_session_sticky= +healthcheck_connect_port=22 +healthcheck_interval=5 +# HTTP, TCP +healthcheck_protocol=TCP +healthcheck_timeout=10 +#healthcheck_uri="/" +unhealthy_threshold=3 +backend_members=ansible-test01,ansible-test02 diff --git a/tenant_create.yml b/tenant_create.yml index da3c874..04e7fb8 100644 --- a/tenant_create.yml +++ b/tenant_create.yml @@ -66,16 +66,62 @@ - role: lookup_name - role: eip_apply +- hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var.yml + roles: + - role: token + - role: ptrrecord_create + - hosts: localhost gather_facts: no connection: local vars_files: - tenant_var_default.yml - tenant_var.yml -# vars: -# eip_id: "{{ eip_id }}" roles: - role: token - role: lookup_name - role: ecs_create - role: job + +- hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var_default.yml + - tenant_var.yml + roles: + - role: elb_create + +- hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var_default.yml + - tenant_var.yml + roles: + - role: elb_listener_create + +- hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var_default.yml + - tenant_var.yml + roles: + - role: lookup_name + - role: elb_healthcheck_create + +- hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var_default.yml + - tenant_var.yml + roles: + - role: lookup_name + - role: backend_member_helper + when: backend_members is defined diff --git a/tenant_delete.yml b/tenant_delete.yml new file mode 100644 index 0000000..6239380 --- /dev/null +++ b/tenant_delete.yml @@ -0,0 +1,93 @@ +--- +- name: Delete DNS PTR record + hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var.yml + roles: + - role: token + - role: lookup_name + - role: ptrrecord_delete + ignore_errors: yes + +- name: Delete ECS + hosts: localhost + gather_facts: no + connection: local + vars: + delete_volume: true +# delete_publicip: true + ecs_job_id: "{{ (ecs.content|from_json)|json_query('job_id') }}" + roles: + - role: token + - role: lookup_name + - role: ecs_delete + tasks: + - name: Request job status from API + uri: + url: "{{ AUTH_URL_ECS_CLOUD }}/{{ PROJECT_ID }}/jobs/{{ ecs_job_id }}" + method: GET + return_content: yes + validate_certs: yes + HEADER_Content-Type: "application/json" + HEADER_X-Auth-Token: "{{ token['x_subject_token'] }}" + when: ecs_job_id is defined + register: jobstatus + until: (jobstatus.content|from_json)|json_query('status') == 'SUCCESS' + retries: 50 + delay: 10 + + +- name: Delete keypair + hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var_default.yml + - tenant_var.yml + roles: + - role: token + - role: lookup_name + - role: keypair_delete + ignore_errors: yes + +- name: Delete Secgroup + hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var_default.yml + - tenant_var.yml + roles: + - role: token + - role: lookup_name + - role: secgroup_delete + ignore_errors: yes + +- name: Delete Subnet + hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var_default.yml + - tenant_var.yml + roles: + - role: token + - role: lookup_name + - role: subnet_delete + ignore_errors: yes + +- name: Delete VPC + hosts: localhost + gather_facts: no + connection: local + vars_files: + - tenant_var_default.yml + - tenant_var.yml + roles: + - role: token + - role: lookup_name + - role: vpc_delete + ignore_errors: yes + diff --git a/tenant_var.yml b/tenant_var.yml index a0f8397..4c51d82 100644 --- a/tenant_var.yml +++ b/tenant_var.yml @@ -14,6 +14,8 @@ ecs_vcpus: "{{ lookup('ini', 'ecs_vcpus section={{ ecs_name }} file=tenant.ini') }}" ecs_ipaddress: "{{ lookup('ini', 'ecs_ipaddress section={{ ecs_name }} file=tenant.ini') }}" public_ip_address: "{{ lookup('ini', 'ecs_publicip section={{ ecs_name }} file=tenant.ini') }}" + ptr_name: "{{ lookup('ini', 'ecs_publicfqdn section={{ ecs_name }} file=tenant.ini') }}" + ttl: "{{ lookup('ini', 'ecs_publicttl section={{ ecs_name }} file=tenant.ini') }}" eip_bandwidth_name: "{{ lookup('ini', 'eip_bandwidth_name section={{ ecs_name }} file=tenant.ini') }}" eip_bandwidth_size: "{{ lookup('ini', 'eip_bandwidth_size section={{ ecs_name }} file=tenant.ini') }}" image_name: "{{ lookup('ini', 'image_name section={{ ecs_name }} file=tenant.ini') }}" @@ -27,3 +29,36 @@ subnet_secondary_dns: "{{ lookup('ini', 'subnet_secondary_dns section={{ ecs_name }} file=tenant.ini') }}" vpc_name: "{{ lookup('ini', 'vpc_name section={{ ecs_name }} file=tenant.ini') }}" vpc_net: "{{ lookup('ini', 'vpc_net section={{ ecs_name }} file=tenant.ini') }}" +# EVS vars + evs_availability_zone: "{{ lookup('ini', 'evs_availability_zone section={{ evs_name }} file=tenant.ini') }}" + evs_volume_type: "{{ lookup('ini', 'evs_volume_type section={{ evs_name }} file=tenant.ini') }}" + evs_size: "{{ lookup('ini', 'evs_size section={{ evs_name }} file=tenant.ini') }}" + evs_multiattach: "{{ lookup('ini', 'evs_multiattach section={{ evs_name }} file=tenant.ini') }}" + evs_scsi: "{{ lookup('ini', 'evs_scsi section={{ evs_name }} file=tenant.ini') }}" +# ELB vars + admin_state_up: "{{ lookup('ini', 'admin_state_up section={{ elb_name }} file=tenant.ini') }}" + elb_availability_zone: "{{ lookup('ini', 'elb_availability_zone section={{ elb_name }} file=tenant.ini') }}" + elb_bandwidth: "{{ lookup('ini', 'elb_bandwidth section={{ elb_name }} file=tenant.ini') }}" + elb_type: "{{ lookup('ini', 'elb_type section={{ elb_name }} file=tenant.ini') }}" + elb_secgroup_name: "{{ lookup('ini', 'elb_secgroup_name section={{ elb_name }} file=tenant.ini') }}" + elb_subnet_name: "{{ lookup('ini', 'elb_subnet_name section={{ elb_name }} file=tenant.ini') }}" +# ELB listener vars + listener_protocol: "{{ lookup('ini', 'listener_protocol section={{ listener_name }} file=tenant.ini') }}" + listener_port: "{{ lookup('ini', 'listener_port section={{ listener_name }} file=tenant.ini') }}" + listener_backend_protocol: "{{ lookup('ini', 'listener_backend_protocol section={{ listener_name }} file=tenant.ini') }}" + listener_backend_port: "{{ lookup('ini', 'listener_backend_port section={{ listener_name }} file=tenant.ini') }}" + listener_lb_algorithm: "{{ lookup('ini', 'listener_lb_algorithm section={{ listener_name }} file=tenant.ini') }}" + listener_certificate_name: "{{ lookup('ini', 'listener_certificate_name section={{ listener_name }} file=tenant.ini') }}" + listener_tcp_timeout: "{{ lookup('ini', 'listener_tcp_timeout section={{ listener_name }} file=tenant.ini') }}" + listener_cookie_timeout: "{{ lookup('ini', 'listener_cookie_timeout section={{ listener_name }} file=tenant.ini') }}" + listener_sticky_session_type: "{{ lookup('ini', 'listener_sticky_session_type section={{ listener_name }} file=tenant.ini') }}" + listener_session_sticky: "{{ lookup('ini', 'listener_session_sticky section={{ listener_name }} file=tenant.ini') }}" +# ELB healthcheck vars + healthcheck_connect_port: "{{ lookup('ini', 'healthcheck_connect_port section={{ listener_name }} file=tenant.ini') }}" + healthcheck_interval: "{{ lookup('ini', 'healthcheck_interval section={{ listener_name }} file=tenant.ini') }}" + healthcheck_protocol: "{{ lookup('ini', 'healthcheck_protocol section={{ listener_name }} file=tenant.ini') }}" + healthcheck_timeout: "{{ lookup('ini', 'healthcheck_timeout section={{ listener_name }} file=tenant.ini') }}" + healthcheck_uri: "{{ lookup('ini', 'healthcheck_uri section={{ listener_name }} file=tenant.ini') }}" + unhealthy_threshold: "{{ lookup('ini', 'unhealthy_threshold section={{ listener_name }} file=tenant.ini') }}" +# ELB backend member + backend_members: "{{ lookup('ini', 'backend_members section={{ listener_name }} file=tenant.ini') }}" diff --git a/tenant_var_default.yml b/tenant_var_default.yml index 2631812..a58167c 100644 --- a/tenant_var_default.yml +++ b/tenant_var_default.yml @@ -17,4 +17,9 @@ subnet_secondary_dns_default: "{{ lookup('ini', 'subnet_secondary_dns section=DEFAULT file=tenant.ini') }}" vpc_name_default: "{{ lookup('ini', 'vpc_name section=DEFAULT file=tenant.ini') }}" vpc_net_default: "{{ lookup('ini', 'vpc_net section=DEFAULT file=tenant.ini') }}" + evs_availability_zone_default: "{{ lookup('ini', 'evs_availability_zone section=DEFAULT file=tenant.ini') }}" + evs_volume_type_default: "{{ lookup('ini', 'evs_volume_type section=DEFAULT file=tenant.ini') }}" + evs_size_default: "{{ lookup('ini', 'evs_size section=DEFAULT file=tenant.ini') }}" + evs_multiattach_default: "{{ lookup('ini', 'evs_multiattach section=DEFAULT file=tenant.ini') }}" + evs_scsi_default: "{{ lookup('ini', 'evs_scsi section=DEFAULT file=tenant.ini') }}" diff --git a/vpc.yml b/vpc.yml index 48fe3f7..be9fd11 100644 --- a/vpc.yml +++ b/vpc.yml @@ -1,5 +1,6 @@ --- - hosts: all + gather_facts: no roles: - role: token - role: vpc diff --git a/vpc_create.yml b/vpc_create.yml index 1bd50c3..3b9527a 100644 --- a/vpc_create.yml +++ b/vpc_create.yml @@ -1,5 +1,6 @@ --- - hosts: all + gather_facts: no roles: - role: token - role: vpc_create diff --git a/vpc_delete.yml b/vpc_delete.yml index 8358c67..225a89c 100644 --- a/vpc_delete.yml +++ b/vpc_delete.yml @@ -1,5 +1,7 @@ --- - hosts: all + gather_facts: no roles: - role: token + - role: lookup_name - role: vpc_delete diff --git a/vpc_router.yml b/vpc_router.yml new file mode 100644 index 0000000..5398b0e --- /dev/null +++ b/vpc_router.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + gather_facts: no + roles: + - role: token + - role: lookup_name + - role: vpc_router