algo/roles/cloud-openstack/tasks/main.yml

---
- fail:
    msg: "OpenStack credentials are not set. Download it from the OpenStack dashboard->Compute->API Access and source it in the shell (eg: source /tmp/dhc-openrc.sh)"
  when: lookup('env', 'OS_AUTH_URL')|length <= 0

- name: Build python virtual environment
  import_tasks: venv.yml

- name: Security group created
  openstack.cloud.security_group:
    state: "{{ state|default('present') }}"
    name: "{{ algo_server_name }}-security_group"
    description: AlgoVPN security group
  register: os_security_group

- name: Security rules created
  openstack.cloud.security_group_rule:
    state: "{{ state|default('present') }}"
    security_group: "{{ os_security_group.id }}"
    protocol: "{{ item.proto }}"
    port_range_min: "{{ item.port_min }}"
    port_range_max: "{{ item.port_max }}"
    remote_ip_prefix: "{{ item.range }}"
  with_items:
    - { proto: tcp, port_min: "{{ ssh_port }}", port_max: "{{ ssh_port }}", range: 0.0.0.0/0 }
    - { proto: icmp, port_min: -1, port_max: -1, range: 0.0.0.0/0 }
    - { proto: udp, port_min: 4500, port_max: 4500, range: 0.0.0.0/0 }
    - { proto: udp, port_min: 500, port_max: 500, range: 0.0.0.0/0 }
    - { proto: udp, port_min: "{{ wireguard_port }}", port_max: "{{ wireguard_port }}", range: 0.0.0.0/0 }

- name: Gather facts about flavors
  openstack.cloud.compute_flavor_info:
    ram: "{{ cloud_providers.openstack.flavor_ram }}"
  register: os_flavor

- name: Gather facts about images
  openstack.cloud.image_info:
  register: os_image

- name: Set image as a fact
  set_fact:
    image_id: "{{ item.id }}"
  loop: "{{ os_image.openstack_image }}"
  when:
    - item.name == cloud_providers.openstack.image
    - item.status == "active"

- name: Gather facts about public networks
  openstack.cloud.networks_info:
  register: os_network

- name: Set the network as a fact
  set_fact:
    public_network_id: "{{ item.id }}"
  when:
    - item['router:external']|default(omit)
    - item['admin_state_up']|default(omit)
    - item['status'] == 'ACTIVE'
  with_items: "{{ os_network.openstack_networks }}"

- name: Set facts
  set_fact:
    flavor_id: "{{ (os_flavor.openstack_flavors | sort(attribute='ram'))[0]['id'] }}"
    security_group_name: "{{ os_security_group['secgroup']['name'] }}"

- name: Server created
  openstack.cloud.server:
    state: "{{ state|default('present') }}"
    name: "{{ algo_server_name }}"
    image: "{{ image_id }}"
    flavor: "{{ flavor_id }}"
    security_groups: "{{ security_group_name }}"
    userdata: "{{ lookup('template', 'files/cloud-init/base.yml') }}"
    nics:
      - net-id: "{{ public_network_id }}"
  register: os_server

- set_fact:
    cloud_instance_ip: "{{ os_server['openstack']['public_v4'] }}"
    ansible_ssh_user: algo
    ansible_ssh_port: "{{ ssh_port }}"
    cloudinit: true