baserock_trove: Add files needed for deploying the Trove

Change-Id: I9c45959dd27e5d9c4daf8566ef82806c25e85196

4 files changed, 118 insertions, 0 deletions

diff --git a/baserock_trove/baserock_trove.morph b/baserock_trove/baserock_trove.morph
new file mode 100644
index 00000000..ed93896f
--- /dev/null
+++ b/baserock_trove/baserock_trove.morph
@@ -0,0 +1,25 @@
+name: trove.baserock.org-upgrade
+kind: cluster
+description: |
+  Deployment .morph for baserock.org Trove system.
+
+  Configuration of the system is handled separately, with a series of
+  Ansible playbooks that should be run after an instance of the system
+  is up and running. See the README for instructions.
+
+systems:
+- morph: systems/trove-system-x86_64.morph
+  deploy-defaults:
+  deploy:
+    gbo:
+      type: extensions/openstack
+      location: https://compute.datacentred.io:5000/v2.0
+
+      upgrade-type: extensions/ssh-rsync
+      upgrade-location: root@git.baserock.org
+
+      TROVE_GENERIC: yes
+      OPENSTACK_IMAGENAME: baserock_trove
+      CLOUD_INIT: true
+      DISK_SIZE: 3G
+      KERNEL_ARGS: console=tty0 console=ttyS0
diff --git a/baserock_trove/configure-trove.yml b/baserock_trove/configure-trove.yml
new file mode 100644
index 00000000..f832e810
--- /dev/null
+++ b/baserock_trove/configure-trove.yml
@@ -0,0 +1,51 @@
+# Instance configuration for Baserock Trove server.
+#
+# This configuration can be easily done using the 'TROVE_' variables of trove.configure
+# extension, but it's better to deploy the Trove as 'TROVE_GENERIC' and configure
+# it later using this playbook. This is for:
+#
+# - Making upgrades easier. After initial deployment and post-deployment configuration,
+#   you will only need to deploy a generic Trove as an upgrade.
+#
+# - Not storing private data in images in OpenStack. We have shared our images with
+#   other tenants by mistake in the past, and I'd like to avoid this possibility.
+---
+- hosts: git
+  gather_facts: False
+  sudo: yes
+  tasks:
+
+  # To create the .pem file, simply concatenate
+  # certs/baserock.org-ssl-certificate-temporary-dsilverstone.full.cert with
+  # the private key for that certificate (which is not committed to Git, of
+  # course).
+    - name: Install SSL certificate
+      copy:
+        src: ../private/baserock.org-ssl-certificate-temporary-dsilverstone.pem
+        dest: /etc/trove/baserock.pem
+        mode: 400
+
+    - name: Install CA chain certificate
+      copy:
+        src: ../certs/startcom-class2-ca-chain-certificate.cert
+        dest: /etc/trove/startcom-ca.pem
+
+    - name: Install trove.conf configuration file
+      copy:
+        src: trove.conf
+        dest: /etc/trove/trove.conf
+
+    - name: Copy ssh keys
+      copy:
+        src: ../private/{{ item }}
+        dest: /etc/trove/{{ item }}
+      with_items:
+        - admin.key.pub
+        - lorry.key
+        - lorry.key.pub
+        - worker.key.pub
+
+    - name: Restart the trove-setup service to configure the trove
+      service:
+        name: trove-setup
+        state: restarted
diff --git a/baserock_trove/instance-config.yml b/baserock_trove/instance-config.yml
new file mode 100644
index 00000000..d8006fc2
--- /dev/null
+++ b/baserock_trove/instance-config.yml
@@ -0,0 +1,28 @@
+# Instance configuration for Baserock Trove server.
+#
+# This script expects a volume to be available at /dev/vdb.
+---
+- hosts: git
+  gather_facts: False
+  sudo: yes
+  tasks:
+
+    - name: Create an ext4 filesystem in /dev/vdb
+      filesystem:
+        fstype: ext4
+        dev: /dev/vdb
+        opts: -L home
+
+    - name: mount home volume
+      mount:
+        src: LABEL=home
+        name: /home
+        fstype: ext4
+        state: mounted
+      register: home_mounted
+
+# Ansible doesn't remount /home properly, so reboot system here
+    - name: Reboot server to mount everything properly
+      shell: reboot
+      when: home_mounted|changed
+      ignore_errors: true
diff --git a/baserock_trove/trove.conf b/baserock_trove/trove.conf
new file mode 100644
index 00000000..4de7cd19
--- /dev/null
+++ b/baserock_trove/trove.conf
@@ -0,0 +1,14 @@
+HOSTNAME: firehose1
+LORRY_CONTROLLER_MINIONS: '4'
+LORRY_SSH_KEY: /etc/trove/lorry.key
+LORRY_SSH_PUBKEY: /etc/trove/lorry.key.pub
+TROVE_ADMIN_EMAIL: daniel.silverstone@codethink.co.uk
+TROVE_ADMIN_NAME: Daniel Silverstone
+TROVE_ADMIN_SSH_PUBKEY: /etc/trove/admin.key.pub
+TROVE_ADMIN_USER: danielsilverstone
+TROVE_COMPANY: Baserock
+TROVE_HOSTNAME: git.baserock.org
+TROVE_ID: baserock
+WORKER_SSH_PUBKEY: /etc/trove/worker.key.pub
+TROVE_SSL_PEMFILE: /etc/trove/baserock.pem
+TROVE_SSL_CA_FILE: /etc/trove/startcom-ca.pem