[Vagrant&credentials.yml] Encripted credentials.yml file using vault. - Vault needs a password to decrypt variables file which is given via vault_secret (must be 600 on root).

- Vagrant will look for that file via ansible.vault_password_file 
variable set in the provision block.

- Vault needs a password to decrypt variables file which is given via 
vault_secret (must be 600 on root).

- Vagrant will look for that file via ansible.vault_password_file 
variable set in the provision block.

- Use _creates_ option to check for created files and directories.
- Everything goes to root's home (~ during provision)
- If the files/folder already exist, nothing happens (idempotency)

- admin Openstack credentials loaded as environment variables in each 
play.
- admin and demo credentials have been written into .bashrc (admin iff 
EUID==0).

Avoid downloading CirrOS image if it is already present.

-r MUST be set to 1 to boot virtual machines.

- IP addres is taken using ansible_eth1.ipv4.address in each compute 
node (controller node has ip by default in credentials).

- role of each node is adresed reading its value inside Nodes.json

- GenFiles.rb creates Nodes.json with an arbitrary number of compute 
nodes (and one controller), as well as modifies hosts.j2, credentials 
and the playbook to suitably address the number of compute nodes.

- Vagrant files has changed just to use Nodes.json instead of an ad hoc 
cluster variable.

- MetaConfig folder contains templates to by filled using the ruby 
script GenFiles.rb

Ignoring playbook.yml and roles/common/templates/host.j2. Theu are 
created via GenFiles.rb

[controller/firewalld] Firewalld stopped and masked (CentOS: default ON) -OpenStack uses iptables, while CentOS by deafult enables firewalld (which is more than just a firewall) and interferes with OpenStack processes.

- InitConfig.yml contanins the play which stops and maks firewalld 
(module _systemd_)

- OSnova.yml contained a list of ports to open which is not needed 
anymore.

- OSneutron.yml restarted firealld at some point, which is not needed 
anymore.

Even when there are mor than one default security group (due to multiple 
tenants), the playbook will look for the ID of the one corresponding to 
admin project and add there ICMP and SSH rules.

When a rule exist AND when there are multiple security groups with the 
same name the command returns 1.
We want to ensure that the first condition does not fail the proces, 
while the second should rise an error given that we don't want multiple 
default groups. This seems to work, but there may be problems when 
rebooting again.

Add rules to defautl security group using return 1 to avoid errors when 
redoing.

The [official 
page][https://docs.openstack.org/kilo/config-reference/content/firewalls-default-ports.html] 
show the list of needed ports.

The [official 
page][https://docs.openstack.org/kilo/config-reference/content/firewalls-default-ports.html] 
show the list of needed ports.