evrardjp/deploy.sh

## deploy.sh
#!/usr/bin/env bash

set -e -u -x
set -o pipefail

export ADMIN_PASSWORD=${ADMIN_PASSWORD:-"secrete"}
export DEPLOY_AIO=${DEPLOY_AIO:-"no"}
export DEPLOY_HAPROXY=${DEPLOY_HAPROXY:-"no"}
export DEPLOY_OA=${DEPLOY_OA:-"yes"}
export DEPLOY_ELK=${DEPLOY_ELK:-"yes"}
export DEPLOY_MAAS=${DEPLOY_MAAS:-"no"}
export DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"no"}
export DEPLOY_CEILOMETER="no"
export DEPLOY_CEPH=${DEPLOY_CEPH:-"no"}
export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"}
export DEPLOY_HARDENING=${DEPLOY_HARDENING:-"yes"}
export FORKS=${FORKS:-$(grep -c ^processor /proc/cpuinfo)}
export ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-""}
export ANSIBLE_FORCE_COLOR=${ANSIBLE_FORCE_COLOR:-"true"}
export BOOTSTRAP_OPTS=${BOOTSTRAP_OPTS:-""}

OA_DIR='/opt/rpc-openstack/openstack-ansible'
RPCD_DIR='/opt/rpc-openstack/rpcd'
OSA_VARS='/etc/openstack_deploy/user_osa_variables_defaults.yml'
OSA_SECRETS='/etc/openstack_deploy/user_osa_secrets_defaults.yml'
RPCD_VARS='/etc/openstack_deploy/user_rpco_variables_defaults.yml'
RPCD_SECRETS='/etc/openstack_deploy/user_rpco_secrets_defaults.yml'

SECRETS_OVERRIDE_CONTENT='
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

## Using this file
#
# This file is laid down only once and is used for overriding variables based on the file name.
# This file will not be overwritten by upgrades.

# this variable is here because vars files need to have at least ONE variable defined.
this_file_is_reserved_for_support: True'

function run_ansible {
  openstack-ansible ${ANSIBLE_PARAMETERS} --forks ${FORKS} $@
}

# begin the bootstrap process
cd ${OA_DIR}

# bootstrap ansible and install galaxy roles (needed whether AIO or multinode)
./scripts/bootstrap-ansible.sh
# This removes Ceph roles downloaded using their pre-Ansible-Galaxy names
ansible-galaxy remove --roles-path /opt/rpc-openstack/rpcd/playbooks/roles/ ceph-common ceph-mon ceph-osd

ansible-galaxy install --role-file=/opt/rpc-openstack/ansible-role-requirements.yml --force \
                           --roles-path=/opt/rpc-openstack/rpcd/playbooks/roles

# Enable playbook callbacks from OSA to display playbook statistics
grep -q callback_plugins playbooks/ansible.cfg || sed -i '/\[defaults\]/a callback_plugins = plugins/callbacks' playbooks/ansible.cfg

# bootstrap the AIO
if [[ "${DEPLOY_AIO}" == "yes" ]]; then
  # Determine the largest secondary disk device available for repartitioning
  DATA_DISK_DEVICE=$(lsblk -brndo NAME,TYPE,RO,SIZE | \
                     awk '/d[b-z]+ disk 0/{ if ($4>m){m=$4; d=$1}}; END{print d}')

  # Only set the secondary disk device option if there is one
  if [ -n "${DATA_DISK_DEVICE}" ]; then
    export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_data_disk_device=${DATA_DISK_DEVICE}"
  fi
  # force the deployment of haproxy for an AIO
  export DEPLOY_HAPROXY="yes"
  if [[ ! -d /etc/openstack_deploy/ ]]; then
    ./scripts/bootstrap-aio.sh
    # move OSA variables file to AIO location.
    mv /etc/openstack_deploy/user_variables.yml /etc/openstack_deploy/user_osa_aio_variables.yml
    # move OSA secrets to correct locations
    mv /etc/openstack_deploy/user_secrets.yml $OSA_SECRETS
    pushd ${RPCD_DIR}
      for filename in $(find etc/openstack_deploy/ -type f -iname '*.yml'); do
        if [[ ! -a "/${filename}" ]]; then
          cp "${filename}" "/${filename}";
        fi
      done
    popd
    # ensure that the elasticsearch JVM heap size is limited
    sed -i 's/# elasticsearch_heap_size_mb/elasticsearch_heap_size_mb/' $RPCD_VARS
    # set the kibana admin password
    sed -i "s/kibana_password:.*/kibana_password: ${ADMIN_PASSWORD}/" $RPCD_SECRETS
    # set the load balancer name to the host's name
    sed -i "s/lb_name: .*/lb_name: '$(hostname)'/" $RPCD_VARS
    # set the notification_plan to the default for Rackspace Cloud Servers
    sed -i "s/maas_notification_plan: .*/maas_notification_plan: npTechnicalContactsEmail/" $RPCD_VARS
    # set network speed for vms
    echo "net_max_speed: 1000" >>$RPCD_VARS

    # set the necessary bits for ceph
    if [[ "$DEPLOY_CEPH" == "yes" ]]; then
      cp -a ${RPCD_DIR}/etc/openstack_deploy/conf.d/ceph.yml.aio /etc/openstack_deploy/conf.d/ceph.yml

      # In production, the OSDs will run on bare metal however in the AIO we'll put them in containers
      # so the MONs think we have 3 OSDs on different hosts.
      sed -i 's/is_metal: true/is_metal: false/' /etc/openstack_deploy/env.d/ceph.yml

      sed -i "s/journal_size:.*/journal_size: 1024/" $RPCD_VARS
      echo "monitor_interface: eth1" | tee -a $RPCD_VARS
      echo "public_network: 172.29.236.0/22" | tee -a $RPCD_VARS
      sed -i "s/raw_multi_journal:.*/raw_multi_journal: false/" $RPCD_VARS
      echo "osd_directory: true" | tee -a $RPCD_VARS
      echo "osd_directories:" | tee -a $RPCD_VARS
      echo "  - /var/lib/ceph/osd/mydir1" | tee -a $RPCD_VARS
      echo "glance_default_store: rbd" | tee -a $OSA_VARS
      echo "nova_libvirt_images_rbd_pool: vms" | tee -a $RPCD_VARS
    else
      if [[ "$DEPLOY_SWIFT" == "yes" ]]; then
        echo "glance_default_store: swift" | tee -a $OSA_VARS
      else
        echo "glance_default_store: file" | tee -a $OSA_VARS
      fi
    fi
    # set the ansible inventory hostname to the host's name
    sed -i "s/aio1/$(hostname)/" /etc/openstack_deploy/openstack_user_config.yml
    # set the affinity to 3 for infra cluster (necessary for maas testing)
    sed -i "s/rabbit_mq_container: 1/rabbit_mq_container: 3/" /etc/openstack_deploy/openstack_user_config.yml
    sed -i "s/galera_container: 1/galera_container: 3/" /etc/openstack_deploy/openstack_user_config.yml
    sed -i "s/aio1/$(hostname)/" /etc/openstack_deploy/conf.d/*.yml
  fi
  # remove swift config if not deploying swift.
  if [[ "$DEPLOY_SWIFT" != "yes" ]]; then
    rm /etc/openstack_deploy/conf.d/swift.yml
  fi
  rm -f /etc/openstack_deploy/conf.d/aodh.yml
  rm -f /etc/openstack_deploy/conf.d/ceilometer.yml
fi

# Apply host security hardening with openstack-ansible-security
# The is applied as part of setup-hosts.yml
if [[ "$DEPLOY_HARDENING" == "yes" ]]; then
  if grep -q '^apply_security_hardening:' $OSA_VARS; then
    sed -i "s/^apply_security_hardening:.*/apply_security_hardening: true/" $OSA_VARS
  else
    echo "apply_security_hardening: true" >> $OSA_VARS
  fi
else
  if grep -q '^apply_security_hardening:' $OSA_VARS; then
    sed -i "s/^apply_security_hardening:.*/apply_security_hardening: false/" $OSA_VARS
  else
    echo "apply_security_hardening: false" >> $OSA_VARS
  fi
fi

# ensure all needed passwords and tokens are generated
./scripts/pw-token-gen.py --file $OSA_SECRETS
./scripts/pw-token-gen.py --file $RPCD_SECRETS

# Apply any patched files.
cd ${RPCD_DIR}/playbooks
openstack-ansible -i "localhost," patcher.yml

# set permissions and lay down overrides files
chown 0440 /etc/openstack_deploy/user_*_defaults.yml
if [[ ! -f /etc/openstack_deploy/user_osa_secrets_overrides.yml ]]; then
  echo "${SECRETS_OVERRIDE_CONTENT}" > /etc/openstack_deploy/user_osa_secrets_overrides.yml
fi
if [[ ! -f /etc/openstack_deploy/user_rpco_secrets_overrides.yml ]]; then
  echo "${SECRETS_OVERRIDE_CONTENT}" > /etc/openstack_deploy/user_rpco_secrets_overrides.yml
fi
if [[ ! -f /etc/openstack_deploy/user_osa_variables_overrides.yml ]]; then
  echo "${SECRETS_OVERRIDE_CONTENT}" > /etc/openstack_deploy/user_osa_variables_overrides.yml
fi
if [[ ! -f /etc/openstack_deploy/user_rpco_variables_overrides.yml ]]; then
  echo "${SECRETS_OVERRIDE_CONTENT}" > /etc/openstack_deploy/user_rpco_variables_overrides.yml
fi

# begin the openstack installation
if [[ "${DEPLOY_OA}" == "yes" ]]; then

  # This deploy script is also used for minor upgrades (within an openstack release)
  # Some versions of liberty deploy pip lockdown to the repo server, in order for an
  # upgrade to succeed the pip config must be removed so that repo builds have
  # access to external repos.
  # Issue tracking upstream fix: https://github.com/rcbops/rpc-openstack/issues/1028
  ansible repo_all -m file -a 'name=/root/.pip state=absent' 2>/dev/null ||:

  cd ${OA_DIR}/playbooks/

  # ensure that the ELK containers aren't created if they're not
  # going to be used
  if [[ "${DEPLOY_ELK}" != "yes" ]]; then
    rm -f /etc/openstack_deploy/env.d/{elasticsearch,logstash,kibana}.yml
  fi

  # setup the haproxy load balancer
  if [[ "${DEPLOY_HAPROXY}" == "yes" ]]; then
    run_ansible haproxy-install.yml
  fi

  # setup the hosts and build the basic containers
  run_ansible setup-hosts.yml

  # ensure correct pip.conf
  pushd ${RPCD_DIR}/playbooks/
    run_ansible pip-lockdown.yml
  popd

  if [[ "$DEPLOY_CEPH" == "yes" ]]; then
    pushd ${RPCD_DIR}/playbooks/
      run_ansible ceph-all.yml
    popd
  fi

  # setup the infrastructure
  run_ansible setup-infrastructure.yml

  # This section is duplicated from OSA/run-playbooks as RPC doesn't currently
  # make use of run-playbooks. (TODO: hughsaunders)
  # Note that switching to run-playbooks may inadvertently convert to repo build from repo clone.
  # When running in an AIO, we need to drop the following iptables rule in any neutron_agent containers
  # to ensure that instances can communicate with the neutron metadata service.
  # This is necessary because in an AIO environment there are no physical interfaces involved in
  # instance -> metadata requests, and this results in the checksums being incorrect.
  if [ "${DEPLOY_AIO}" == "yes" ]; then
    ansible neutron_agent -m command \
                          -a '/sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill'
    ansible neutron_agent -m command \
                          -a '/sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 8000 -j CHECKSUM --checksum-fill'
    ansible neutron_agent -m shell \
                          -a 'DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent'
  fi

  # setup openstack
  run_ansible setup-openstack.yml

  if [[ "${DEPLOY_TEMPEST}" == "yes" ]]; then
    # Deploy tempest
    run_ansible os-tempest-install.yml
  fi

fi

# begin the RPC installation
cd ${RPCD_DIR}/playbooks/

# configure everything for RPC support access
run_ansible rpc-support.yml

# configure the horizon extensions
run_ansible horizon_extensions.yml

# deploy and configure RAX MaaS
if [[ "${DEPLOY_MAAS}" == "yes" ]]; then
  run_ansible setup-maas.yml
  run_ansible verify-maas.yml
fi

# deploy and configure the ELK stack
if [[ "${DEPLOY_ELK}" == "yes" ]]; then
  run_ansible setup-logging.yml

  # deploy the LB required for the ELK stack
  if [[ "${DEPLOY_HAPROXY}" == "yes" ]]; then
    run_ansible haproxy.yml
  fi
fi
	#!/usr/bin/env bash

	set -e -u -x
	set -o pipefail

	export ADMIN_PASSWORD=${ADMIN_PASSWORD:-"secrete"}
	export DEPLOY_AIO=${DEPLOY_AIO:-"no"}
	export DEPLOY_HAPROXY=${DEPLOY_HAPROXY:-"no"}
	export DEPLOY_OA=${DEPLOY_OA:-"yes"}
	export DEPLOY_ELK=${DEPLOY_ELK:-"yes"}
	export DEPLOY_MAAS=${DEPLOY_MAAS:-"no"}
	export DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"no"}
	export DEPLOY_CEILOMETER="no"
	export DEPLOY_CEPH=${DEPLOY_CEPH:-"no"}
	export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"}
	export DEPLOY_HARDENING=${DEPLOY_HARDENING:-"yes"}
	export FORKS=${FORKS:-$(grep -c ^processor /proc/cpuinfo)}
	export ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-""}
	export ANSIBLE_FORCE_COLOR=${ANSIBLE_FORCE_COLOR:-"true"}
	export BOOTSTRAP_OPTS=${BOOTSTRAP_OPTS:-""}

	OA_DIR='/opt/rpc-openstack/openstack-ansible'
	RPCD_DIR='/opt/rpc-openstack/rpcd'
	OSA_VARS='/etc/openstack_deploy/user_osa_variables_defaults.yml'
	OSA_SECRETS='/etc/openstack_deploy/user_osa_secrets_defaults.yml'
	RPCD_VARS='/etc/openstack_deploy/user_rpco_variables_defaults.yml'
	RPCD_SECRETS='/etc/openstack_deploy/user_rpco_secrets_defaults.yml'

	SECRETS_OVERRIDE_CONTENT='
	---
	# Copyright 2016, Rackspace US, Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	## Using this file
	#
	# This file is laid down only once and is used for overriding variables based on the file name.
	# This file will not be overwritten by upgrades.

	# this variable is here because vars files need to have at least ONE variable defined.
	this_file_is_reserved_for_support: True'

	function run_ansible {
	openstack-ansible ${ANSIBLE_PARAMETERS} --forks ${FORKS} $@
	}

	# begin the bootstrap process
	cd ${OA_DIR}

	# bootstrap ansible and install galaxy roles (needed whether AIO or multinode)
	./scripts/bootstrap-ansible.sh
	# This removes Ceph roles downloaded using their pre-Ansible-Galaxy names
	ansible-galaxy remove --roles-path /opt/rpc-openstack/rpcd/playbooks/roles/ ceph-common ceph-mon ceph-osd

	ansible-galaxy install --role-file=/opt/rpc-openstack/ansible-role-requirements.yml --force \
	--roles-path=/opt/rpc-openstack/rpcd/playbooks/roles

	# Enable playbook callbacks from OSA to display playbook statistics
	grep -q callback_plugins playbooks/ansible.cfg \|\| sed -i '/\[defaults\]/a callback_plugins = plugins/callbacks' playbooks/ansible.cfg

	# bootstrap the AIO
	if [[ "${DEPLOY_AIO}" == "yes" ]]; then
	# Determine the largest secondary disk device available for repartitioning
	DATA_DISK_DEVICE=$(lsblk -brndo NAME,TYPE,RO,SIZE \| \
	awk '/d[b-z]+ disk 0/{ if ($4>m){m=$4; d=$1}}; END{print d}')

	# Only set the secondary disk device option if there is one
	if [ -n "${DATA_DISK_DEVICE}" ]; then
	export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_data_disk_device=${DATA_DISK_DEVICE}"
	fi
	# force the deployment of haproxy for an AIO
	export DEPLOY_HAPROXY="yes"
	if [[ ! -d /etc/openstack_deploy/ ]]; then
	./scripts/bootstrap-aio.sh
	# move OSA variables file to AIO location.
	mv /etc/openstack_deploy/user_variables.yml /etc/openstack_deploy/user_osa_aio_variables.yml
	# move OSA secrets to correct locations
	mv /etc/openstack_deploy/user_secrets.yml $OSA_SECRETS
	pushd ${RPCD_DIR}
	for filename in $(find etc/openstack_deploy/ -type f -iname '*.yml'); do
	if [[ ! -a "/${filename}" ]]; then
	cp "${filename}" "/${filename}";
	fi
	done
	popd
	# ensure that the elasticsearch JVM heap size is limited
	sed -i 's/# elasticsearch_heap_size_mb/elasticsearch_heap_size_mb/' $RPCD_VARS
	# set the kibana admin password
	sed -i "s/kibana_password:.*/kibana_password: ${ADMIN_PASSWORD}/" $RPCD_SECRETS
	# set the load balancer name to the host's name
	sed -i "s/lb_name: .*/lb_name: '$(hostname)'/" $RPCD_VARS
	# set the notification_plan to the default for Rackspace Cloud Servers
	sed -i "s/maas_notification_plan: .*/maas_notification_plan: npTechnicalContactsEmail/" $RPCD_VARS
	# set network speed for vms
	echo "net_max_speed: 1000" >>$RPCD_VARS

	# set the necessary bits for ceph
	if [[ "$DEPLOY_CEPH" == "yes" ]]; then
	cp -a ${RPCD_DIR}/etc/openstack_deploy/conf.d/ceph.yml.aio /etc/openstack_deploy/conf.d/ceph.yml

	# In production, the OSDs will run on bare metal however in the AIO we'll put them in containers
	# so the MONs think we have 3 OSDs on different hosts.
	sed -i 's/is_metal: true/is_metal: false/' /etc/openstack_deploy/env.d/ceph.yml

	sed -i "s/journal_size:.*/journal_size: 1024/" $RPCD_VARS
	echo "monitor_interface: eth1" \| tee -a $RPCD_VARS
	echo "public_network: 172.29.236.0/22" \| tee -a $RPCD_VARS
	sed -i "s/raw_multi_journal:.*/raw_multi_journal: false/" $RPCD_VARS
	echo "osd_directory: true" \| tee -a $RPCD_VARS
	echo "osd_directories:" \| tee -a $RPCD_VARS
	echo " - /var/lib/ceph/osd/mydir1" \| tee -a $RPCD_VARS
	echo "glance_default_store: rbd" \| tee -a $OSA_VARS
	echo "nova_libvirt_images_rbd_pool: vms" \| tee -a $RPCD_VARS
	else
	if [[ "$DEPLOY_SWIFT" == "yes" ]]; then
	echo "glance_default_store: swift" \| tee -a $OSA_VARS
	else
	echo "glance_default_store: file" \| tee -a $OSA_VARS
	fi
	fi
	# set the ansible inventory hostname to the host's name
	sed -i "s/aio1/$(hostname)/" /etc/openstack_deploy/openstack_user_config.yml
	# set the affinity to 3 for infra cluster (necessary for maas testing)
	sed -i "s/rabbit_mq_container: 1/rabbit_mq_container: 3/" /etc/openstack_deploy/openstack_user_config.yml
	sed -i "s/galera_container: 1/galera_container: 3/" /etc/openstack_deploy/openstack_user_config.yml
	sed -i "s/aio1/$(hostname)/" /etc/openstack_deploy/conf.d/*.yml
	fi
	# remove swift config if not deploying swift.
	if [[ "$DEPLOY_SWIFT" != "yes" ]]; then
	rm /etc/openstack_deploy/conf.d/swift.yml
	fi
	rm -f /etc/openstack_deploy/conf.d/aodh.yml
	rm -f /etc/openstack_deploy/conf.d/ceilometer.yml
	fi

	# Apply host security hardening with openstack-ansible-security
	# The is applied as part of setup-hosts.yml
	if [[ "$DEPLOY_HARDENING" == "yes" ]]; then
	if grep -q '^apply_security_hardening:' $OSA_VARS; then
	sed -i "s/^apply_security_hardening:.*/apply_security_hardening: true/" $OSA_VARS
	else
	echo "apply_security_hardening: true" >> $OSA_VARS
	fi
	else
	if grep -q '^apply_security_hardening:' $OSA_VARS; then
	sed -i "s/^apply_security_hardening:.*/apply_security_hardening: false/" $OSA_VARS
	else
	echo "apply_security_hardening: false" >> $OSA_VARS
	fi
	fi

	# ensure all needed passwords and tokens are generated
	./scripts/pw-token-gen.py --file $OSA_SECRETS
	./scripts/pw-token-gen.py --file $RPCD_SECRETS

	# Apply any patched files.
	cd ${RPCD_DIR}/playbooks
	openstack-ansible -i "localhost," patcher.yml

	# set permissions and lay down overrides files
	chown 0440 /etc/openstack_deploy/user_*_defaults.yml
	if [[ ! -f /etc/openstack_deploy/user_osa_secrets_overrides.yml ]]; then
	echo "${SECRETS_OVERRIDE_CONTENT}" > /etc/openstack_deploy/user_osa_secrets_overrides.yml
	fi
	if [[ ! -f /etc/openstack_deploy/user_rpco_secrets_overrides.yml ]]; then
	echo "${SECRETS_OVERRIDE_CONTENT}" > /etc/openstack_deploy/user_rpco_secrets_overrides.yml
	fi
	if [[ ! -f /etc/openstack_deploy/user_osa_variables_overrides.yml ]]; then
	echo "${SECRETS_OVERRIDE_CONTENT}" > /etc/openstack_deploy/user_osa_variables_overrides.yml
	fi
	if [[ ! -f /etc/openstack_deploy/user_rpco_variables_overrides.yml ]]; then
	echo "${SECRETS_OVERRIDE_CONTENT}" > /etc/openstack_deploy/user_rpco_variables_overrides.yml
	fi

	# begin the openstack installation
	if [[ "${DEPLOY_OA}" == "yes" ]]; then

	# This deploy script is also used for minor upgrades (within an openstack release)
	# Some versions of liberty deploy pip lockdown to the repo server, in order for an
	# upgrade to succeed the pip config must be removed so that repo builds have
	# access to external repos.
	# Issue tracking upstream fix: https://github.com/rcbops/rpc-openstack/issues/1028
	ansible repo_all -m file -a 'name=/root/.pip state=absent' 2>/dev/null \|\|:

	cd ${OA_DIR}/playbooks/

	# ensure that the ELK containers aren't created if they're not
	# going to be used
	if [[ "${DEPLOY_ELK}" != "yes" ]]; then
	rm -f /etc/openstack_deploy/env.d/{elasticsearch,logstash,kibana}.yml
	fi

	# setup the haproxy load balancer
	if [[ "${DEPLOY_HAPROXY}" == "yes" ]]; then
	run_ansible haproxy-install.yml
	fi

	# setup the hosts and build the basic containers
	run_ansible setup-hosts.yml

	# ensure correct pip.conf
	pushd ${RPCD_DIR}/playbooks/
	run_ansible pip-lockdown.yml
	popd

	if [[ "$DEPLOY_CEPH" == "yes" ]]; then
	pushd ${RPCD_DIR}/playbooks/
	run_ansible ceph-all.yml
	popd
	fi

	# setup the infrastructure
	run_ansible setup-infrastructure.yml

	# This section is duplicated from OSA/run-playbooks as RPC doesn't currently
	# make use of run-playbooks. (TODO: hughsaunders)
	# Note that switching to run-playbooks may inadvertently convert to repo build from repo clone.
	# When running in an AIO, we need to drop the following iptables rule in any neutron_agent containers
	# to ensure that instances can communicate with the neutron metadata service.
	# This is necessary because in an AIO environment there are no physical interfaces involved in
	# instance -> metadata requests, and this results in the checksums being incorrect.
	if [ "${DEPLOY_AIO}" == "yes" ]; then
	ansible neutron_agent -m command \
	-a '/sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill'
	ansible neutron_agent -m command \
	-a '/sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 8000 -j CHECKSUM --checksum-fill'
	ansible neutron_agent -m shell \
	-a 'DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent'
	fi

	# setup openstack
	run_ansible setup-openstack.yml

	if [[ "${DEPLOY_TEMPEST}" == "yes" ]]; then
	# Deploy tempest
	run_ansible os-tempest-install.yml
	fi

	fi

	# begin the RPC installation
	cd ${RPCD_DIR}/playbooks/

	# configure everything for RPC support access
	run_ansible rpc-support.yml

	# configure the horizon extensions
	run_ansible horizon_extensions.yml

	# deploy and configure RAX MaaS
	if [[ "${DEPLOY_MAAS}" == "yes" ]]; then
	run_ansible setup-maas.yml
	run_ansible verify-maas.yml
	fi

	# deploy and configure the ELK stack
	if [[ "${DEPLOY_ELK}" == "yes" ]]; then
	run_ansible setup-logging.yml

	# deploy the LB required for the ELK stack
	if [[ "${DEPLOY_HAPROXY}" == "yes" ]]; then
	run_ansible haproxy.yml
	fi
	fi