stackhpc · MaxBed4d · Jan 3, 2024 · Jan 3, 2024 · Jan 4, 2024 · Jan 4, 2024
@@ -0,0 +1,11 @@
+[defaults]
+stdout_callback = yaml
+callbacks_enabled = timer, profile_tasks, profile_roles
+host_key_checking = False
+pipelining = True
+forks = 30
+deprecation_warnings=False
+roles_path = roles
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s
@@ -1,4 +1,4 @@
 resource "openstack_compute_keypair_v2" "keypair" {
   name       = var.multinode_keypair
-  public_key = file(var.ssh_public_key)
+  public_key = var.ssh_public_key
 }
@@ -0,0 +1,26 @@
+# The default Terraform state key for backends that support it
+terraform_state_key: "cluster/{{ cluster_id }}/tfstate"
+
+# Set up the terraform backend
+# This setup allows us to use the Consul backend when enabled without any changes
+#terraform_backend_type: 'local'
+terraform_backend_type: "{{ 'consul' if 'CONSUL_HTTP_ADDR' in ansible_env else 'local' }}"
+terraform_backend_config_defaults:
+  consul:
+    path: "{{ terraform_state_key }}"
+    gzip: "true"
+  local: {}
+terraform_backend_config: "{{ terraform_backend_config_defaults[terraform_backend_type] }}"
+
+# These variables control the location of the Terraform binary
+terraform_binary_directory: "{{ playbook_dir }}/bin"
+terraform_binary_path: "{{ terraform_binary_directory }}/terraform"
+
+# This controls the location where the Terraform files are rendered
+terraform_project_path: "{{ playbook_dir }}"
+
+# Indicates whether the Terraform operation is reconciling or removing resources
+# Valid values are 'present' and 'absent'
+terraform_state: "{{ cluster_state | default('present') }}"
+
+cluster_ssh_user: "{{ ssh_user }}"
@@ -0,0 +1,63 @@
+---
+
+- hosts: localhost
+  tasks:    
+    - name: Show Playbook Directory
+      debug:
+       msg: "{{ playbook_dir }}"
+
+    - name: Template Terraform files into project directory
+      template:
+        src: terraform.tfvars.j2
+        dest: "{{ playbook_dir }}/terraform.tfvars"
+
+    - name: Template Terraform userdata.cfg.tpl files into project template directory
+      template:
+        src: "{{ playbook_dir }}/templates/userdata.cfg.tpl.j2"
+        dest: "{{ playbook_dir }}/templates/userdata.cfg.tpl"
+
+# Provision the infrastructure The CaaS puts hosts for accessing the OpenStack
+# API into the 'openstack' group
+- hosts: openstack
+  roles:
+    - cluster_infra
+
+- hosts: localhost
+  tasks: 
+  # Check whether an ans_vlt_pwd variable is defined and if so, save it into a
+  # file called '~/vault.password'. If it doesn't exist, create a the
+  # '~/vault.password' file with ans_vlt_pwd = "password_not_set" as the
+  # password.
+    - name: Create vault password file
+      vars:
+        ans_dflt: 'default_password'
-        ans_dflt: 'default_password'
+        ans_dflt: 'no_password_provided'
-        ans_dflt: 'default_password'
+        ans_dflt: 'no_password_provided'
+      ansible.builtin.copy:
+        content: "{{ ans_vlt_pwd | default( ans_dflt , true ) }}"
+        dest: "~/vault.password"
+        mode: 0600
+
+# If openstack_deploy is true then continue if not end the playbook.
+
+# Import the playbook to start configuring the multi-node hosts.
+- name: Configure hosts and deploy ansible
+  import_playbook: ansible/configure-hosts.yml   
+  when: openstack_deploy == true
+
+
+- hosts: ansible_control
+  vars:
+    ansible_pipelining: true
+    ansible_ssh_pipelining: true
+  tasks: 
+    - name: Deploy OpenStack.
+      ansible.builtin.command:
+        cmd: "bash ~/deploy-openstack.sh"
+      when: openstack_deploy == true
+
+# This is to get the ip of the ansible-controller host.
+- hosts: localhost
+  tasks: 
+    - debug: var=outputs
+      vars:
+        outputs: 
+          cluster_access_ip: "{{ hostvars[groups['openstack'][0]].cluster_gateway_ip }}"
@@ -2,6 +2,10 @@ output "ansible_control_access_ip_v4" {
   value = openstack_compute_instance_v2.ansible_control.access_ip_v4
 }
 
+output "cluster_gateway_ip" {
+  value = openstack_compute_instance_v2.ansible_control.access_ip_v4
+}
+
 output "seed_access_ip_v4" {
   value = openstack_compute_instance_v2.seed.access_ip_v4
 }
@@ -75,38 +79,94 @@ resource "local_file" "deploy_openstack" {
   file_permission = "0755"
 }
 
-resource "ansible_host" "control_host" {
-  name   = openstack_compute_instance_v2.ansible_control.access_ip_v4
-  groups = ["ansible_control"]
+output "cluster_nodes" {
+  description = "A list of the cluster nodes and their IP addresses which will be used by the Ansible inventory"
+  value       = concat(
+    [
+      {
+        name   = openstack_compute_instance_v2.ansible_control.name
+        ip     = openstack_compute_instance_v2.ansible_control.access_ip_v4
+        groups = ["ansible_control"]
+        variables = {
+          ansible_user = var.ssh_user
+        }
+      }
+    ],
+    flatten([
+      for node in openstack_compute_instance_v2.compute: {
+        name   = node.name
+        ip     = node.access_ip_v4
+        groups = ["compute"]
+        variables = {
+          ansible_user = var.ssh_user
+        }  
+      }
+    ]),
+    flatten([
+      for node in openstack_compute_instance_v2.controller: {
+        name   = node.name
+        ip     = node.access_ip_v4
+        groups = ["controllers"]
+        variables = {
+          ansible_user = var.ssh_user
+        }
+      }
+    ]),    
+    [{
+      name   = openstack_compute_instance_v2.seed.name
+      ip     = openstack_compute_instance_v2.seed.access_ip_v4
+      groups = ["seed"]
+      variables = {
+        ansible_user = var.ssh_user
+      }
+    }],
+    flatten([
+      for node in openstack_compute_instance_v2.storage: {
+        name   = node.name
+        ip     = node.access_ip_v4
+        groups = ["storage"]
+        variables = {
+          ansible_user = var.ssh_user
+        }
+      }
+    ])  
+  )
 }
 
-resource "ansible_host" "compute_host" {
-  for_each = { for host in openstack_compute_instance_v2.compute : host.name => host.access_ip_v4 }
-  name = each.value
-  groups = ["compute"]
-}
+# Template of all the hosts' configuration which can be used to generate Ansible varables.
 
-resource "ansible_host" "controllers_hosts" {
-  for_each = { for host in openstack_compute_instance_v2.controller : host.name => host.access_ip_v4 }
-  name = each.value
-  groups = ["controllers"]
-}
+# resource "ansible_host" "control_host" {
+#   name   = openstack_compute_instance_v2.ansible_control.access_ip_v4
+#   groups = ["ansible_control"]
+# }
 
-resource "ansible_host" "seed_host" {
-  name   = openstack_compute_instance_v2.seed.access_ip_v4
-  groups = ["seed"]
-}
+# resource "ansible_host" "compute_host" {
+#   for_each = { for host in openstack_compute_instance_v2.compute : host.name => host.access_ip_v4 }
+#   name = each.value
+#   groups = ["compute"]
+# }
 
-resource "ansible_host" "storage" {
-  for_each = { for host in openstack_compute_instance_v2.storage : host.name => host.access_ip_v4 }
-  name = each.value
-  groups = ["storage"]
-}
+# resource "ansible_host" "controllers_hosts" {
+#   for_each = { for host in openstack_compute_instance_v2.controller : host.name => host.access_ip_v4 }
+#   name = each.value
+#   groups = ["controllers"]
+# }
 
-resource "ansible_group" "cluster_group" {
-  name     = "cluster"
-  children = ["compute", "ansible_control", "controllers", "seed", "storage"]
-  variables = {
-    ansible_user = var.ssh_user
-  }
-}
+# resource "ansible_host" "seed_host" {
+#   name   = openstack_compute_instance_v2.seed.access_ip_v4
+#   groups = ["seed"]
+# }
+
+# resource "ansible_host" "storage" {
+#   for_each = { for host in openstack_compute_instance_v2.storage : host.name => host.access_ip_v4 }
+#   name = each.value
+#   groups = ["storage"]
+# }
+
+# resource "ansible_group" "cluster_group" {
+#   name     = "cluster"
+#   children = ["compute", "ansible_control", "controllers", "seed", "storage"]
+#   variables = {
+#     ansible_user = var.ssh_user
+#   }
+# }
@@ -0,0 +1,9 @@
+---
+collections:
+  - name: https://github.com/stackhpc/ansible-collection-terraform
+    type: git
+    version: 8c7acce4538aab8c0e928972155a2ccb5cb1b2a1
+  - name: cloud.terraform
+  - name: ansible.posix
+roles:
+  - src: mrlesmithjr.manage_lvm
@@ -0,0 +1,42 @@
+---
+
+- name: Install Terraform binary
+  include_role:
+    name: stackhpc.terraform.install
+
+- name: Make Terraform project directory
+  file:
+    path: "{{ terraform_project_path }}"
+    state: directory
+
+- name: Write backend configuration
+  copy:
+    content: |
+      terraform {
+        backend "{{ terraform_backend_type }}" { }
+      }
+    dest: "{{ terraform_project_path }}/backend.tf"
+
+# Patching in this appliance is implemented as a switch to a new base image
+# So unless explicitly patching, we want to use the same image as last time
+# To do this, we query the previous Terraform state before updating
+- block:
+    - name: Get previous Terraform state
+      stackhpc.terraform.terraform_output:
+        binary_path: "{{ terraform_binary_path }}"
+        project_path: "{{ terraform_project_path }}"
+        backend_config: "{{ terraform_backend_config }}"
+      register: cluster_infra_terraform_output
+
+    - name: Extract image from Terraform state
+      set_fact:
+        cluster_previous_image: "{{ cluster_infra_terraform_output.outputs.cluster_image.value }}"
+      when: '"cluster_image" in cluster_infra_terraform_output.outputs'
+  when:
+    - terraform_state == "present"
+    - cluster_upgrade_system_packages is not defined or not cluster_upgrade_system_packages
+
+
+- name: Provision infrastructure
+  include_role:
+    name: stackhpc.terraform.infra
@@ -0,0 +1 @@
+../requirements.yml
@@ -131,7 +131,7 @@ fi
 if [[ "$(sudo docker image ls)" == *"kayobe"* ]]; then
   echo "Image already exists skipping docker build"
 else
-  sudo DOCKER_BUILDKIT=1 docker build --network host --build-arg BASE_IMAGE=$$BASE_IMAGE --file $${config_directories[kayobe]}/.automation/docker/kayobe/Dockerfile --tag kayobe:latest $${config_directories[kayobe]}
+  sudo DOCKER_BUILDKIT=1 docker build --network host --build-arg BASE_IMAGE=$BASE_IMAGE --file $${config_directories[kayobe]}/.automation/docker/kayobe/Dockerfile --tag kayobe:latest $${config_directories[kayobe]}
 fi
 
 set +x

@@ -7,3 +7,6 @@ packages:
   - git
   - vim
   - tmux
+ssh_authorized_keys:
+  - "{{ cluster_deploy_ssh_public_key }}"
+  - "{{ cluster_user_ssh_public_key }}"
@@ -0,0 +1,29 @@
+prefix = "{{ cluster_name }}"
+
+ansible_control_vm_flavor = "general.v1.small"
+ansible_control_vm_name   = "ansible-control"
+ansible_control_disk_size = 25
+
+seed_vm_flavor = "general.v1.small"
+seed_disk_size = 25
+
+multinode_flavor     = "general.v1.medium"
+multinode_image = "{{ multinode_image }}"
+multinode_keypair    = "MaxMNKP"
+multinode_vm_network = "stackhpc-ipv4-geneve"
+multinode_vm_subnet  = "stackhpc-ipv4-geneve-subnet"
+compute_count        = "2"
+controller_count     = "3"
+compute_disk_size    = 25
+controller_disk_size = 25
+
+ssh_public_key = "{{ cluster_user_ssh_public_key }}"
+ssh_user         = "{{ ssh_user }}"
+
+storage_count     = "3"
+storage_flavor    = "general.v1.small"
+storage_disk_size = 25
+
+deploy_wazuh       = false
+infra_vm_flavor    = "general.v1.small"
+infra_vm_disk_size = 25
@@ -1,15 +1,9 @@
 terraform {
   required_version = ">= 0.14"
-  backend "local" {
-  }
   required_providers {
     openstack = {
       source  = "terraform-provider-openstack/openstack"
       version = "1.49.0"
     }
-    ansible = {
-      source = "ansible/ansible"
-      version = "1.1.0"
-    }
   }
 }