openstack
/
cookbook-openstack-common
Code Issues Proposed changes

Properly convert README to rst 

This should fix the rendering on opendev.org.

Change-Id: I3d6250a42ca37e88d8139fa68692672a505ad07b
This commit is contained in:
Lance Albertson 2019-12-04 10:31:44 -08:00
parent 067f60dcfb
commit 8a1a644f11
1 changed files with 218 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

395
README.rst
View File

@ -1,19 +1,21 @@
OpenStack Chef Cookbook - common
================================
[![Team and repository tags](http://governance.openstack.org/badges/cookbook-openstack-common.svg)](http://governance.openstack.org/reference/tags/index.html)
.. image:: https://governance.openstack.org/badges/cookbook-openstack-common.svg
:target: https://governance.openstack.org/reference/tags/index.html
<!-- Change things from this point on -->
.. Change things from this point on
Description
===========
This cookbook provides common setup recipes, helper methods and attributes that
describe an OpenStack deployment as part of the OpenStack reference deployment
Chef for OpenStack.
This cookbook provides common setup recipes, helper methods and
attributes that describe an OpenStack deployment as part of the
OpenStack reference deployment Chef for OpenStack.
Please relate to the official OpenStack Configuration and Installation Guides for
a more detailed documentation on operating and administration of an OpenStack cluster:
Please relate to the official OpenStack Configuration and Installation
Guides for a more detailed documentation on operating and administration
of an OpenStack cluster:
https://docs.openstack.org/latest/configuration/
https://docs.openstack.org/latest/install/
@ -21,257 +23,296 @@ https://docs.openstack.org/latest/install/
Requirements
============
- Chef 14 or higher
- chefdk 3.2.30 for testing (also includes berkshelf for cookbook dependency
resolution)
- Chef 14 or higher
- chefdk 3.2.30 for testing (also includes berkshelf for cookbook
dependency resolution)
Platform
========
- ubuntu
- redhat
- centos
- ubuntu
- redhat
- centos
Cookbooks
=========
The following cookbooks are dependencies:
- 'etcd', '~> 5.5'
- 'mariadb', '~> 1.5'
- 'memcached', '~> 4.1'
- 'mysql', '~> 8.2'
- 'selinux'
- 'yum-epel'
- 'etcd', '~> 5.5'
- 'mariadb', '~> 1.5'
- 'memcached', '~> 4.1'
- 'mysql', '~> 8.2'
- 'selinux'
- 'yum-epel'
Attributes
==========
Please see the extensive inline documentation in `attributes/*.rb` for
Please see the extensive inline documentation in ``attributes/*.rb`` for
descriptions of all the settable attributes for this cookbook.
Note that all attributes are in the `default["openstack"]` "namespace"
Note that all attributes are in the ``default["openstack"]`` "namespace"
## Attributes to generate OpenStack service configuration files
Attributes to generate OpenStack service configuration files
------------------------------------------------------------
Since the mitaka release, we moved to a completely new way to generate all
OpenStack service configuration files. The base template is the
'openstack-service.conf.erb' included in the templates of this cookbook. In each
of the service cookbook (e.g. openstack-network, openstack-identity or
openstack-compute), the service configuration file (e.g neutron.conf,
keystone.conf or nova.conf) gets generated directly from attributes set inside
the cookbook. To merge all the configuration options (including the secrets)
properly, before handing them over as '@service_config' to the mentioned
template above, we use the methods defined in 'libraries/config_helpers'.
Since the mitaka release, we moved to a completely new way to generate
all OpenStack service configuration files. The base template is the
``openstack-service.conf.erb`` included in the templates of this
cookbook. In each of the service cookbook (e.g. openstack-network,
openstack-identity or openstack-compute), the service configuration file
(e.g neutron.conf, keystone.conf or nova.conf) gets generated directly
from attributes set inside the cookbook. To merge all the configuration
options (including the secrets) properly, before handing them over as
``@service_config`` to the mentioned template above, we use the methods
defined in ``libraries/config_helpers``.
For examples how to use these attributes, please refer to the attribute files
included in the service cookbooks (e.g. attributes/neutron_conf.rb in
openstack-network or attributes/keystone_conf.rb in openstack-identity). The
basic structure of all these attributes always follows this model:
For examples how to use these attributes, please refer to the attribute
files included in the service cookbooks (e.g.
``attributes/neutron_conf.rb`` in openstack-network or
``attributes/keystone_conf.rb`` in openstack-identity). The basic
structure of all these attributes always follows this model:
```
# usual config option that should eventually be saved to the node object
default['openstack'][service]['conf'][section][key][value]
# configuration options like passwords that should not be saved in the node
# object
default['openstack'][service]['conf_secrets'][section][key][value]
```
.. code-block:: ruby
# usual config option that should eventually be saved to the node object
default['openstack'][service]['conf'][section][key][value]
# configuration options like passwords that should not be saved in the node
# object
default['openstack'][service]['conf_secrets'][section][key][value]
Recipes
=======
## openstack-common::client
- Install the common python openstack client package
openstack-common::client
------------------------
## openstack-common::default
- Installs/Configures common recipes
- Install the common python openstack client package
## openstack-common::logging
- Installs/Configures common logging
openstack-common::default
-------------------------
## openstack-common::sysctl
- Iterates over the contents of the `node['openstack']['sysctl']` hash and
writes the entries to `/etc/sysctl.d/60-openstack.conf`.
- Installs/Configures common recipes
openstack-common::logging
-------------------------
- Installs/Configures common logging
openstack-common::sysctl
------------------------
- Iterates over the contents of the ``node['openstack']['sysctl']``
hash and writes the entries to ``/etc/sysctl.d/60-openstack.conf``.
Data Bags
=========
This cookbook contains Libraries to work with passwords and secrets in
databags. Databags can be unencrypted (for dev) or encrypted (for prod).
In addition to traditionally encrypted data bags they can also be created as
chef-vault items. To read more about chef-vault and how to use it, go to
https://docs.chef.io/chef_vault.html.
In addition to traditionally encrypted data bags they can also be
created as chef-vault items. To read more about chef-vault and how to
use it, go to https://docs.chef.io/chef_vault.html.
Documentation for Attributes for selecting databag format can be found in the
attributes section of this cookbook.
Documentation for Attributes for selecting databag format can be found
in the attributes section of this cookbook.
Documentation for format of these Databags can be found in the [Openstack Chef
Repo](https://opendev.org/openstack/openstack-chef#data-bags) repository.
Documentation for format of these Databags can be found in the
`Openstack Chef
Repo <https://opendev.org/openstack/openstack-chef#data-bags>`__
repository.
Resources
=========
This cookbook provides the openstack_common_database LWRP, which replaces the
old database library function 'db_create_with_user'. When this cookbook is
included as dependency, this LWRP can be used to create databases needed by the
OpenStack services.
This cookbook provides the ``openstack_common_database`` LWRP, which
replaces the old database library function ``db_create_with_user``.
When this cookbook is included as dependency, this LWRP can be used to
create databases needed by the OpenStack services.
```ruby
depends 'openstack-common'
```
.. code-block:: ruby
```ruby
openstack_common_database 'compute' do
service 'compute' # name_attribute
user 'nova'
pass 'supersecret'
end
```
depends 'openstack-common'
An example of the usage can be seen here https://opendev.org/openstack/cookbook-openstack-ops-database/src/branch/master/recipes/openstack-db.rb .
.. code-block:: ruby
openstack_common_database 'compute' do
service 'compute' # name_attribute
user 'nova'
pass 'supersecret'
end
An example of the usage can be seen here
https://opendev.org/openstack/cookbook-openstack-ops-database/src/branch/master/recipes/openstack-db.rb
.
Libraries
=========
This cookbook exposes a set of default library routines:
* `cli` -- Used to call openstack CLIs
* `endpoint` -- Used to return a `::URI` object representing the named OpenStack
endpoint
* `internal_endpoint` -- Used to return a `::URI` object representing the named
OpenStack internal endpoint if one was specified. Otherwise, it will return
the same value as `endpoint`.
* `public_endpoint` -- Used to return a `::URI` object representing the named
OpenStack public endpoint if one was specified. Otherwise, it will return the
same value as `endpoint`.
* `endpoints` -- Useful for operating on all OpenStack endpoints
* `db` -- Returns a Hash of information about a named OpenStack database
* `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see:
http://rfc.net/rfc1738.html) for a named OpenStack database
* `secret` -- Returns the value of an encrypted data bag for a named OpenStack
secret key and key-section
* `get_password` -- Ease-of-use helper that returns the decrypted password for a
named database, service or keystone user.
* `matchers` -- A custom matcher(render_config_file) for testing ini format file
section content by with_section_content.
- ``cli`` -- Used to call openstack CLIs
- ``endpoint`` -- Used to return a ``::URI`` object representing the
named OpenStack endpoint
- ``internal_endpoint`` -- Used to return a ``::URI`` object
representing the named OpenStack internal endpoint if one was
specified. Otherwise, it will return the same value as ``endpoint``.
- ``public_endpoint`` -- Used to return a ``::URI`` object representing
the named OpenStack public endpoint if one was specified. Otherwise,
it will return the same value as ``endpoint``.
- ``endpoints`` -- Useful for operating on all OpenStack endpoints
- ``db`` -- Returns a Hash of information about a named OpenStack
database
- ``db_uri`` -- Returns the SQLAlchemy RFC-1738 DB URI (see:
http://rfc.net/rfc1738.html) for a named OpenStack database
- ``secret`` -- Returns the value of an encrypted data bag for a named
OpenStack secret key and key-section
- ``get_password`` -- Ease-of-use helper that returns the decrypted
password for a named database, service or keystone user.
- ``matchers`` -- A custom matcher(``render_config_file``) for testing
ini format file section content by ``with_section_content``.
Examples
========
The following are code examples showing the above library routines in action.
Remember when using the library routines exposed by this library to include
the Openstack routines in your recipe's `::Chef::Recipe` namespace, like so:
The following are code examples showing the above library routines in
action. Remember when using the library routines exposed by this library
to include the Openstack routines in your recipe's ``::Chef::Recipe``
namespace, like so:
```ruby
class ::Chef::Recipe
include ::Openstack
end
```
.. code-block:: ruby
Example of using the `endpoint` routine:
class ::Chef::Recipe
include ::Openstack
end
```ruby
nova_api_ep = endpoint "compute-api"
::Chef::Log.info("Using Openstack Compute API endpoint at #{nova_api_ep.to_s}")
Example of using the ``endpoint`` routine:
# Note that endpoint URIs may contain variable interpolation markers such
# as `%(tenant_id)s`, so you may need to decode them. Do so like this:
.. code-block:: ruby
require "uri"
nova_api_ep = endpoint "compute-api"
::Chef::Log.info("Using Openstack Compute API endpoint at #{nova_api_ep.to_s}")
puts ::URI.decode nova_api_ap.to_s
```
# Note that endpoint URIs may contain variable interpolation markers such
# as `%(tenant_id)s`, so you may need to decode them. Do so like this:
Example of using the `get_password` and `db_uri` routine:
require "uri"
```ruby
db_pass = get_password "db" "cinder"
db_user = node["cinder"]["db"]["user"]
sql_connection = db_uri "volume", db_user, db_pass
puts ::URI.decode nova_api_ap.to_s
template "/etc/cinder/cinder.conf" do
source "cinder.conf.erb"
owner node["cinder"]["user"]
group node["cinder"]["group"]
mode 00644
variables(
"sql_connection" => sql_connection
)
end
```
Example of using the ``get_password`` and ``db_uri`` routine:
.. code-block:: ruby
db_pass = get_password "db" "cinder"
db_user = node["cinder"]["db"]["user"]
sql_connection = db_uri "volume", db_user, db_pass
template "/etc/cinder/cinder.conf" do
source "cinder.conf.erb"
owner node["cinder"]["user"]
group node["cinder"]["group"]
mode 00644
variables(
"sql_connection" => sql_connection
)
end
URI Operations
--------------
Use the `Openstack::uri_from_hash` routine to helpfully return a `::URI::Generic`
object for a hash that contains any of the following keys:
Use the ``Openstack::uri_from_hash`` routine to helpfully return a
``::URI::Generic`` object for a hash that contains any of the following
keys:
* `host`
* `uri`
* `port`
* `path`
* `scheme`
- ``host``
- ``uri``
- ``port``
- ``path``
- ``scheme``
If the `uri` key is in the hash, that will be used as the URI, otherwise the URI
will be constructed from the various parts of the hash corresponding to the keys
above.
If the ``uri`` key is in the hash, that will be used as the URI,
otherwise the URI will be constructed from the various parts of the hash
corresponding to the keys above.
```ruby
# Suppose node hash contains the following subhash in the :identity_service key:
# {
# :host => 'identity.example.com',
# :port => 5000,
# :scheme => 'https'
# }
uri = ::Openstack::uri_from_hash(node[:identity_service])
# uri.to_s would == "https://identity.example.com:5000"
```
.. code-block:: ruby
The routine will return nil if neither a `uri` or `host` key exists in the
supplied hash.
# Suppose node hash contains the following subhash in the :identity_service key:
# {
# :host => 'identity.example.com',
# :port => 5000,
# :scheme => 'https'
# }
uri = ::Openstack::uri_from_hash(node[:identity_service])
# uri.to_s would == "https://identity.example.com:5000"
The routine will return nil if neither a ``uri`` or ``host`` key exists
in the supplied hash.
Using the library without prefixing with ::Openstack
----------------------------------------------------
Don't like prefixing calls to the library's routines with `::Openstack`? Do this:
Don't like prefixing calls to the library's routines with
``::Openstack``? Do this:
```ruby
class ::Chef::Recipe
include ::Openstack
end
```
.. code-block:: ruby
class ::Chef::Recipe
include ::Openstack
end
in your recipe.
License and Author
==================
| | |
|:---------------------|:---------------------------------------------------|
| **Author** | Jay Pipes (<jaypipes@att.com>) |
| **Author** | John Dewey (<jdewey@att.com>) |
| **Author** | Matt Ray (<matt@opscode.com>) |
| **Author** | Craig Tracey (<craigtracey@gmail.com>) |
| **Author** | Sean Gallagher (<sean.gallagher@att.com>) |
| **Author** | Ionut Artarisi (<iartarisi@suse.cz>) |
| **Author** | Chen Zhiwei (<zhiwchen@cn.ibm.com>) |
| **Author** | Brett Campbell (<brett.campbell@rackspace.com>) |
| **Author** | Mark Vanderwiel (<vanderwl@us.ibm.com>) |
| **Author** | Jan Klare (<j.klare@cloudbau.de>) |
| **Author** | Christoph Albers (<c.albers@x-ion.de>) |
| **Author** | Jens Harbott (<j.harbott@x-ion.de>) |
| | |
| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. |
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
| **Copyright** | Copyright (c) 2013, Craig Tracey |
| **Copyright** | Copyright (c) 2013-2014, SUSE Linux GmbH |
| **Copyright** | Copyright (c) 2013-2015, IBM, Corp. |
| **Copyright** | Copyright (c) 2013-2014, Rackspace US, Inc. |
| **Copyright** | Copyright (c) 2016-2019, x-ion GmbH |
+-----------------+-------------------------------------------------+
| **Author** | Jay Pipes (jaypipes@att.com) |
+-----------------+-------------------------------------------------+
| **Author** | John Dewey (jdewey@att.com) |
+-----------------+-------------------------------------------------+
| **Author** | Matt Ray (matt@opscode.com) |
+-----------------+-------------------------------------------------+
| **Author** | Craig Tracey (craigtracey@gmail.com) |
+-----------------+-------------------------------------------------+
| **Author** | Sean Gallagher (sean.gallagher@att.com) |
+-----------------+-------------------------------------------------+
| **Author** | Ionut Artarisi (iartarisi@suse.cz) |
+-----------------+-------------------------------------------------+
| **Author** | Chen Zhiwei (zhiwchen@cn.ibm.com) |
+-----------------+-------------------------------------------------+
| **Author** | Brett Campbell (brett.campbell@rackspace.com) |
+-----------------+-------------------------------------------------+
| **Author** | Mark Vanderwiel (vanderwl@us.ibm.com) |
+-----------------+-------------------------------------------------+
| **Author** | Jan Klare (j.klare@cloudbau.de) |
+-----------------+-------------------------------------------------+
| **Author** | Christoph Albers (c.albers@x-ion.de) |
+-----------------+-------------------------------------------------+
| **Author** | Jens Harbott (j.harbott@x-ion.de) |
+-----------------+-------------------------------------------------+
+-----------------+-------------------------------------------------+
| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. |
+-----------------+-------------------------------------------------+
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
+-----------------+-------------------------------------------------+
| **Copyright** | Copyright (c) 2013, Craig Tracey |
+-----------------+-------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2014, SUSE Linux GmbH |
+-----------------+-------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2015, IBM, Corp. |
+-----------------+-------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2014, Rackspace US, Inc. |
+-----------------+-------------------------------------------------+
| **Copyright** | Copyright (c) 2016-2019, x-ion GmbH |
+-----------------+-------------------------------------------------+
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
::
http://www.apache.org/licenses/LICENSE-2.0