Last active
May 21, 2016 10:57
-
-
Save dolph/b9856f7004525b863ec347092b8c9833 to your computer and use it in GitHub Desktop.
Deploying rackerlabs/capstone with a CentOS 7 ansible host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
set -x | |
# Give networking a chance to start. | |
until curl icanhazip.com ; do sleep 0.1 ; done | |
# Bootstrap the ansible host. | |
yum update | |
yum install -y git | |
# Clone the two repos we need. | |
git clone https://github.com/openstack/openstack-ansible.git /root/openstack-ansible | |
git clone https://github.com/rackerlabs/capstone.git /root/capstone | |
cd /root/openstack-ansible | |
git checkout stable/mitaka | |
# Temporary until this merges: https://review.gerrithub.io/#/c/277417/ | |
sed 's@git.openstack.org@github.com@' -i /root/capstone/deploy/ansible-role-requirements.yml | |
# We only need a subset of openstack-ansible's requirements for capstone. | |
export ANSIBLE_ROLE_FILE=/root/capstone/deploy/ansible-role-requirements.yml | |
./scripts/bootstrap-ansible.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
set -x | |
# We keyscanned the capstone node from the container host. | |
chown root /root/.ssh/known_hosts | |
chgrp root /root/.ssh/known_hosts | |
# Deploy capstone. | |
cd /root/capstone/deploy | |
ansible-playbook -i /root/inventory -e @local_vars.yml deploy.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
set -x | |
# Create a CentOS 7 container to use as a deploy host. | |
lxc delete -f ansible-host | |
lxc launch images:centos/7/amd64 ansible-host | |
# Create an ubuntu 14.04 box to use as a deploy target. | |
lxc delete -f capstone | |
lxc launch ubuntu:14.04 capstone | |
# Bootstrap the ansible host. | |
lxc file push ansible_host_step_1.sh ansible-host/root/step.sh | |
lxc exec ansible-host -- sh /root/step.sh | |
lxc exec ansible-host -- rm /root/step.sh | |
# Configure SSH keys: allow ansible-host to SSH to capstone | |
lxc file pull ansible-host/root/.ssh/id_rsa.pub /tmp/ansible-host-id_rsa.pub | |
lxc file push /tmp/ansible-host-id_rsa.pub capstone/root/.ssh/authorized_keys | |
rm /tmp/ansible-host-id_rsa.pub | |
# Bootstrap the deploy target. | |
lxc file push capstone_step_1.sh capstone/root/step.sh | |
lxc exec capstone -- sh /root/step.sh | |
lxc exec capstone -- rm /root/step.sh | |
# Authorize the ansible host to SSH to capstone. | |
CAPSTONE_IP=`lxc info capstone | grep eth0 | python -c "import fileinput; print(fileinput.input().readline().split()[2])"` | |
ssh-keyscan $CAPSTONE_IP > /tmp/ansible-host-known_hosts | |
lxc file push /tmp/ansible-host-known_hosts ansible-host/root/.ssh/known_hosts | |
rm /tmp/ansible-host-known_hosts | |
# Build an ansible inventory. | |
echo [keystone_all] > /tmp/inventory | |
echo $CAPSTONE_IP >> /tmp/inventory | |
lxc file push /tmp/inventory ansible-host/root/inventory | |
rm /tmp/inventory | |
# Use the ansible host to deploy capstone. | |
lxc file push ansible_host_step_2.sh ansible-host/root/step.sh | |
lxc exec ansible-host -- sh /root/step.sh | |
lxc exec ansible-host -- rm /root/step.sh | |
# Smoke test the deployment. | |
lxc file pull capstone/etc/ssl/certs/keystone.pem keystone.pem | |
curl --cacert keystone.pem https://$CAPSTONE_IP:8443/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
set -x | |
# Give networking a chance to start. | |
until curl icanhazip.com ; do sleep 0.1 ; done | |
apt update | |
apt install -y python-dev git-core apt-transport-https curl libssl-dev libffi-dev | |
chown root /root/.ssh/authorized_keys | |
chgrp root /root/.ssh/authorized_keys |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment