-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
kayache
committed
Mar 22, 2019
1 parent
44ad428
commit 70e2782
Showing
2 changed files
with
131 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
## Usage | ||
Create terraform.tfvars, it would looks like: | ||
``` | ||
$ cat terraform.tfvars | ||
``` | ||
|
||
``` | ||
auth_url = "XXX" | ||
region = "XXX" | ||
#credentials tenant A | ||
name_project_A = "XXXXXX" | ||
user_project_A = "XXXXXX" | ||
pwd_project_A = "XXXXXX" | ||
#credentials tenant B: | ||
name_project_B = "XXXXXX" | ||
user_project_B = "XXXXXX" | ||
pwd_project_B = "XXXXXX" | ||
image_name = "XXXXXX" | ||
flavor_name = "XXXXXX" | ||
#To make it easy, keys would be the same and created before in the 2 tenants | ||
key_pair_project_A = "XXXXXX" | ||
key_pair_project_B = "XXXXXX" | ||
``` | ||
Create the stack: | ||
``` | ||
$ terraform init | ||
$ terraform apply -parallelism=1 | ||
``` | ||
|
||
We can generate hosts file to be used by ansible to play playbook on it using terraform-inventory: | ||
|
||
``` | ||
$ terraform-inventory -u <SSH_USER_bastion> -k <SSH_PRIVATE_KEY> -o hosts/<enviroment>.yml | ||
``` | ||
|
||
Modify/Check generated file to look like: | ||
|
||
``` | ||
[bastion] | ||
bastion_server_A ansible_host=xx.xx.xx.182 ansible_user=cloud ansible_ssh_private_key_file=/path/private-key ansible_ssh_common_args='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' | ||
bastion_server_B ansible_host=xx.xx.xx.186 ansible_user=cloud ansible_ssh_private_key_file=/path/private-key ansible_ssh_common_args='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' | ||
[project_A] | ||
backend_server_A ansible_host=192.168.20.3 ansible_user=cloud ansible_ssh_private_key_file=/path/private-key ansible_ssh_common_args='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ProxyCommand="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -i /path/private-key [email protected]"' | ||
[project_B] | ||
backend_server_B ansible_host=192.168.30.3 ansible_user=cloud ansible_ssh_private_key_file=/path/private-key ansible_ssh_common_args='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ProxyCommand="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -i /path/private-key [email protected]"' | ||
``` | ||
Start the playbook that will start tmux in backends and play ping between them: | ||
``` | ||
$ansible-playbook -i hosts/<enviroment> playbook.yml | ||
``` | ||
|
||
ssh to bastion, from and ssh to his backend and attach to the opened tmux session by ansible: | ||
``` | ||
$ssh USER@bastion-ip | ||
$ssh USER@backend-ip | ||
$ tmux a | ||
``` | ||
Create route-target between tenants by starting the script setup_inter_tenant_x-x.yml in bastion of the enviroment (sudo password is asked): | ||
there are 2 files: setup_inter_tenant_2-21.yml for contrail-2.21 and setup_inter_tenant_3-2.yml for contrail-3.2 | ||
|
||
First, create the file vars/<enviroment>.yml specific for each enviroment, it seems like: | ||
|
||
``` | ||
tenant_name: "" | ||
user_name: "" | ||
password: "" | ||
server_ip: "" | ||
auth_plugin: "" | ||
auth_url: "" | ||
asn: "" | ||
``` | ||
Create the route-target: | ||
|
||
``` | ||
$ ansible-playbook -K -i <bastion> @vars/<enviroment>, setup_inter_tenant_3-2.yml | ||
``` | ||
Check the ping in tmux you'll see the succes ping between tenants VMs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
- name: "Setup tools" | ||
hosts: all | ||
vars: | ||
target_num1: 1 | ||
target_num2: 2 | ||
tasks: | ||
- shell: "terraform output -json | jq -r '.project_A.value'" | ||
delegate_to: 127.0.0.1 | ||
register: project_A | ||
- shell: "terraform output -json | jq -r '.project_B.value'" | ||
delegate_to: 127.0.0.1 | ||
register: project_B | ||
- shell: "terraform output -json | jq -r '.virtual_network_project_A.value'" | ||
delegate_to: 127.0.0.1 | ||
register: virtual_network_project_A | ||
- shell: "terraform output -json | jq -r '.virtual_network_project_B.value'" | ||
delegate_to: 127.0.0.1 | ||
register: virtual_network_project_B | ||
- debug: | ||
var: item | ||
with_items: | ||
- "{{ project_A.stdout }}" | ||
- "{{ project_B.stdout }}" | ||
- "{{ virtual_network_project_A.stdout }}" | ||
- "{{ virtual_network_project_B.stdout }}" | ||
|
||
- shell: > | ||
contrail-api-cli | ||
--os-tenant-name {{ tenant_name }} | ||
--os-username {{ user_name }} | ||
--os-password {{ password }} | ||
--host {{ server_ip }} | ||
--os-auth-plugin {{ auth_plugin }} | ||
--os-auth-url {{ auth_url }} | ||
--ns contrail_api_cli.provision set-route-targets | ||
--virtual-network-fqname default-domain:{{ item.tenant_name }}:{{ item.network }} | ||
--import-route-target-list {{ item.import_route_target }} | ||
--export-route-target-list {{ item.export_route_target }} | ||
with_items: | ||
- tenant_name: "{{ project_A.stdout }}" | ||
network: "{{ virtual_network_project_A.stdout }}" | ||
import_route_target: "target:{{ asn }}:{{ target_num2 }}" | ||
export_route_target: "target:{{ asn }}:{{ target_num1 }}" | ||
- tenant_name: "{{ project_B.stdout }}" | ||
network: "{{ virtual_network_project_B.stdout }}" | ||
import_route_target: "target:{{ asn }}:{{ target_num1 }}" | ||
export_route_target: "target:{{ asn }}:{{ target_num2 }}" | ||
become: true |