forked from stephenogg/playbooks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
createInstance.yml
150 lines (135 loc) · 5.54 KB
/
createInstance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
# Requires openstack.cloud community collection to create resources on an openstack system.
# Uses authentication information placed into a clouds.yaml file that defines a named cloud:
# "computecanada_arbutus". Auth information is driven by openstacksdk, which means that values
# can come from a yaml config file in /etc/ansible/openstack.yaml, /etc/openstack/clouds.yaml
# or ~/.config/openstack/clouds.yaml.
- name: Create a Compute Instance, Add security groups, and update local known_hosts with new ssh fingerprint
hosts: localhost
tasks:
#Adding security group rules is broken in openstacksdk/ansible due to new "remote_address_group_id"
# which gets set even if the tasks don't use it. Openstack then thinks this is a problem.
# - name: Create Security Groups for OMERO, Web, ping and ssh
# openstack.cloud.security_group:
# cloud: "{{ cloud }}"
# state: present
# name: "{{ item }}"
# with_items:
# - web
# - ping
# - omero
# - ssh
#
# - name: Add security group rules for web security group
# openstack.cloud.security_group_rule:
# cloud: "{{ cloud }}"
# security_group: web
# protocol: tcp
# port_range_min: "{{ item }}"
# port_range_max: "{{ item }}"
# remote_ip_prefix: 0.0.0.0/0
# with_items:
# - 80
# - 443
#
# - name: Add security group rules for OMERO security group
# openstack.cloud.security_group_rule:
# cloud: "{{ cloud }}"
# security_group: omero
# protocol: tcp
# port_range_min: "{{ item }}"
# port_range_max: "{{ item }}"
# remote_ip_prefix: 0.0.0.0/0
# with_items:
# - 4063
# - 4064
#
# - name: Add security group rules for ssh security group
# openstack.cloud.security_group_rule:
# cloud: "{{ cloud }}"
# security_group: ssh
# protocol: tcp
# port_range_min: 22
# port_range_max: 22
# remote_ip_prefix: "{{ item }}"
# with_items:
# - 172.103.141.33/26 #home range of ip addresses possible
# - 142.244.23.105/24 # work range of ip addresses possible
#
# - name: Add security group rules for ping security group
# openstack.cloud.security_group_rule:
# cloud: "{{ cloud }}"
# security_group: ping
# protocol: icmp
# remote_ip_prefix: 0.0.0.0/0
- name: create an instance
openstack.cloud.server:
state: present
cloud: "{{ cloud }}"
name: "{{ server_name }}"
#description: "{{ server_description }}"
image: "{{ image }}"
boot_from_volume: true
volume_size: "{{ boot_volume_size }}"
reuse_ips: false
key_name: "{{ keypair }}"
timeout: 200
flavor: "{{ flavour }}"
network: "{{ network }}"
security_groups: "{{ security_group_list }}"
floating_ips:
- "{{ floating_ip }}"
- name: remove the ip address SSH fingerprint from the local known_hosts file in case of ip reuse
known_hosts:
state: absent
host: "{{ floating_ip }}"
- name: remove the fqdn SSH key from the local known_hosts file to prevent timeout below
known_hosts:
state: absent
host: "{{floating_ip.split('.')[0]}}-{{floating_ip.split('.')[1]}}-\
{{floating_ip.split('.')[2]}}-{{floating_ip.split('.')[3]}}.\
cloud.computecanada.ca"
- name: get new fqdn fingerprint so we can ssh to new instance without intervention
shell: "ssh-keyscan -t rsa {{floating_ip.split('.')[0]}}-{{floating_ip.split('.')[1]}}-\
{{floating_ip.split('.')[2]}}-{{floating_ip.split('.')[3]}}.\
cloud.computecanada.ca"
register: output1
- name: Add this new key to the localhost's known_hosts file to allow connection from ansible
known_hosts:
state: present
name: "{{floating_ip.split('.')[0]}}-{{floating_ip.split('.')[1]}}-\
{{floating_ip.split('.')[2]}}-{{floating_ip.split('.')[3]}}.\
cloud.computecanada.ca"
key: "{{ output1.stdout_lines[0] }}"
path: "~/.ssh/known_hosts"
- name: get key ip address fingerprint for new instance
shell: "ssh-keyscan -t rsa {{ floating_ip }}"
register: output2
- name: Add this new key to the localhost's known_hosts file to allow connection from ansible
known_hosts:
state: present
name: "{{ floating_ip }}"
key: "{{ output2.stdout_lines[0] }}"
path: "~/.ssh/known_hosts"
#---------------------------------- END create new instance --------------------
#---------------------------------- BEGIN create new volume --------------------
- name: Create and Attach a New Openstack CINDR Volume to the instance created above
hosts: localhost
tasks:
- name: Block of events to create new volume and attach it.
block:
- name: create a new CINDER volume
openstack.cloud.volume:
cloud: "{{ cloud }}"
state: present
size: "{{ second_volume_size_gb }}" #(in Gb)
display_name: "{{ volume_name }}"
display_description: "{{ volume_description }}"
- name: "Attach Volume: {{ volume_name }} to Server: {{ server_name }} on {{ device }}"
openstack.cloud.server_volume:
cloud: "{{ cloud }}"
state: present
server: "{{ server_name }}"
volume: "{{ volume_name }}"
device: "{{ device }}"
when: create_second_volume == True