Retire openstack-chef: remove repo content
OpenStack-chef project is retiring - https://review.opendev.org/c/openstack/governance/+/905279 this commit remove the content of this project repo Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134 Change-Id: I07e16dd10769a13ae587b94f1387efacda01fdb2
This commit is contained in:
parent
cf9da3b474
commit
fb7c035bf3
@ -1,9 +0,0 @@
|
||||
[local_phases]
|
||||
unit = 'rspec spec/'
|
||||
lint = 'cookstyle --display-cop-names --extra-details'
|
||||
syntax = "berks install -e integration"
|
||||
provision = "echo skipping"
|
||||
deploy = "echo skipping"
|
||||
smoke = "echo skipping"
|
||||
functional = "echo skipping"
|
||||
cleanup = "echo skipping"
|
9
.gitignore
vendored
9
.gitignore
vendored
@ -1,9 +0,0 @@
|
||||
.bundle/
|
||||
berks-cookbooks/
|
||||
.kitchen
|
||||
.vagrant
|
||||
.coverage/
|
||||
*.swp
|
||||
Berksfile.lock
|
||||
Vagrantfile
|
||||
Gemfile.lock
|
@ -1,6 +0,0 @@
|
||||
inherit_from: .rubocop_todo.yml
|
||||
|
||||
Chef/Modernize/FoodcriticComments:
|
||||
Enabled: true
|
||||
Chef/Style/CopyrightCommentFormat:
|
||||
Enabled: true
|
@ -1,20 +0,0 @@
|
||||
# This configuration was generated by
|
||||
# `rubocop --auto-gen-config`
|
||||
# on 2021-10-14 06:25:41 UTC using RuboCop version 1.22.0.
|
||||
# The point is for the user to remove these configuration records
|
||||
# one by one as the offenses are removed from the code base.
|
||||
# Note that changes in the inspected code, or installation of new
|
||||
# versions of RuboCop, may require this file to be generated again.
|
||||
|
||||
# Offense count: 1
|
||||
# Cop supports --auto-correct.
|
||||
# Configuration parameters: Include.
|
||||
# Include: **/libraries/*.rb
|
||||
Chef/Modernize/DefinesChefSpecMatchers:
|
||||
Exclude:
|
||||
- 'libraries/matchers.rb'
|
||||
|
||||
# Offense count: 2
|
||||
Lint/NestedMethodDefinition:
|
||||
Exclude:
|
||||
- 'libraries/matchers.rb'
|
@ -1,3 +0,0 @@
|
||||
- project:
|
||||
templates:
|
||||
- openstack-chef-jobs
|
@ -1,8 +0,0 @@
|
||||
source 'https://supermarket.chef.io'
|
||||
|
||||
solver :ruby, :required
|
||||
|
||||
metadata
|
||||
|
||||
# cookbook for testing database provider:
|
||||
cookbook 'test-openstack-common-database', path: 'spec/cookbooks/test-openstack-common-database'
|
@ -1,36 +0,0 @@
|
||||
Contributing
|
||||
============
|
||||
|
||||
How To Get Started
|
||||
------------------
|
||||
|
||||
If you would like to contribute to the development of OpenStack Chef Cookbooks,
|
||||
you must follow the steps in this page:
|
||||
|
||||
http://docs.openstack.org/infra/manual/developers.html
|
||||
|
||||
Gerrit Workflow
|
||||
---------------
|
||||
|
||||
Once those steps have been completed, changes to OpenStack
|
||||
should be submitted for review via the Gerrit tool, following
|
||||
the workflow documented at:
|
||||
|
||||
http://docs.openstack.org/infra/manual/developers.html#development-workflow
|
||||
|
||||
Pull requests submitted through GitHub will be ignored.
|
||||
|
||||
Bugs
|
||||
----
|
||||
|
||||
Bugs should be filed on Launchpad, not GitHub:
|
||||
|
||||
https://bugs.launchpad.net/openstack-chef
|
||||
|
||||
Contacts
|
||||
--------
|
||||
|
||||
Mailing list: groups.google.com/group/opscode-chef-openstack
|
||||
IRC: #openstack-chef is our channel on irc.freenode.net
|
||||
Wiki: https://wiki.openstack.org/wiki/Chef/GettingStarted and https://docs.getchef.com/openstack.html
|
||||
Twitter: @chefopenstack
|
176
LICENSE
176
LICENSE
@ -1,176 +0,0 @@
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
342
README.rst
342
README.rst
@ -1,336 +1,10 @@
|
||||
OpenStack Chef Cookbook - common
|
||||
================================
|
||||
This project is no longer maintained.
|
||||
|
||||
.. image:: https://governance.openstack.org/badges/cookbook-openstack-common.svg
|
||||
:target: https://governance.openstack.org/reference/tags/index.html
|
||||
The contents of this repository are still available in the Git
|
||||
source code management system. To see the contents of this
|
||||
repository before it reached its end of life, please check out the
|
||||
previous commit with "git checkout HEAD^1".
|
||||
|
||||
.. Change things from this point on
|
||||
|
||||
Description
|
||||
===========
|
||||
|
||||
This cookbook provides common setup recipes, helper methods and
|
||||
attributes that describe an OpenStack deployment as part of the
|
||||
OpenStack reference deployment Chef for OpenStack.
|
||||
|
||||
Please relate to the official OpenStack Configuration and Installation
|
||||
Guides for a more detailed documentation on operating and administration
|
||||
of an OpenStack cluster:
|
||||
|
||||
https://docs.openstack.org/latest/configuration/
|
||||
https://docs.openstack.org/latest/install/
|
||||
|
||||
Requirements
|
||||
============
|
||||
|
||||
- Chef 16 or higher
|
||||
- Chef Workstation 21.10.640 for testing (also includes berkshelf for
|
||||
cookbook dependency resolution)
|
||||
|
||||
Platform
|
||||
========
|
||||
|
||||
- ubuntu
|
||||
- redhat
|
||||
- centos
|
||||
|
||||
Cookbooks
|
||||
=========
|
||||
|
||||
The following cookbooks are dependencies:
|
||||
|
||||
- 'etcd', '~> 7.0'
|
||||
- 'mariadb', '~> 5.0'
|
||||
- 'memcached', '~> 7.0'
|
||||
- 'selinux'
|
||||
- 'yum-centos', '>= 3.2.0'
|
||||
- 'yum-epel'
|
||||
|
||||
Attributes
|
||||
==========
|
||||
|
||||
Please see the extensive inline documentation in ``attributes/*.rb`` for
|
||||
descriptions of all the settable attributes for this cookbook.
|
||||
|
||||
Note that all attributes are in the ``default["openstack"]`` "namespace"
|
||||
|
||||
Attributes to generate OpenStack service configuration files
|
||||
------------------------------------------------------------
|
||||
|
||||
Since the mitaka release, we moved to a completely new way to generate
|
||||
all OpenStack service configuration files. The base template is the
|
||||
``openstack-service.conf.erb`` included in the templates of this
|
||||
cookbook. In each of the service cookbook (e.g. openstack-network,
|
||||
openstack-identity or openstack-compute), the service configuration file
|
||||
(e.g neutron.conf, keystone.conf or nova.conf) gets generated directly
|
||||
from attributes set inside the cookbook. To merge all the configuration
|
||||
options (including the secrets) properly, before handing them over as
|
||||
``@service_config`` to the mentioned template above, we use the methods
|
||||
defined in ``libraries/config_helpers``.
|
||||
|
||||
For examples how to use these attributes, please refer to the attribute
|
||||
files included in the service cookbooks (e.g.
|
||||
``attributes/neutron_conf.rb`` in openstack-network or
|
||||
``attributes/keystone_conf.rb`` in openstack-identity). The basic
|
||||
structure of all these attributes always follows this model:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
# usual config option that should eventually be saved to the node object
|
||||
default['openstack'][service]['conf'][section][key][value]
|
||||
# configuration options like passwords that should not be saved in the node
|
||||
# object
|
||||
default['openstack'][service]['conf_secrets'][section][key][value]
|
||||
|
||||
Recipes
|
||||
=======
|
||||
|
||||
openstack-common::client
|
||||
------------------------
|
||||
|
||||
- Install the common python openstack client package
|
||||
|
||||
openstack-common::completions
|
||||
-----------------------------
|
||||
|
||||
- Install bash completions for openstack client
|
||||
|
||||
openstack-common::default
|
||||
-------------------------
|
||||
|
||||
- Installs/Configures common recipes
|
||||
|
||||
openstack-common::etcd
|
||||
----------------------
|
||||
|
||||
- Installs and starts etcd
|
||||
|
||||
openstack-common::logging
|
||||
-------------------------
|
||||
|
||||
- Installs/Configures common logging
|
||||
|
||||
openstack-common::sysctl
|
||||
------------------------
|
||||
|
||||
- Iterates over the contents of the ``node['openstack']['sysctl']``
|
||||
hash and executes the ``sysctl`` resource.
|
||||
|
||||
Data Bags
|
||||
=========
|
||||
|
||||
This cookbook contains Libraries to work with passwords and secrets in
|
||||
databags. Databags can be unencrypted (for dev) or encrypted (for prod).
|
||||
In addition to traditionally encrypted data bags they can also be
|
||||
created as chef-vault items. To read more about chef-vault and how to
|
||||
use it, go to https://docs.chef.io/chef_vault.html.
|
||||
|
||||
Documentation for Attributes for selecting databag format can be found
|
||||
in the attributes section of this cookbook.
|
||||
|
||||
Documentation for format of these Databags can be found in the
|
||||
`Openstack Chef
|
||||
Repo <https://opendev.org/openstack/openstack-chef#data-bags>`__
|
||||
repository.
|
||||
|
||||
Resources
|
||||
=========
|
||||
|
||||
This cookbook provides the ``openstack_database`` custom resource. When
|
||||
this cookbook is included as dependency, this custom resource can be
|
||||
used to create databases needed by the OpenStack services.
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
depends 'openstack-common'
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
openstack_database 'compute' do
|
||||
user 'nova'
|
||||
pass 'supersecret'
|
||||
end
|
||||
|
||||
An example of the usage can be seen here
|
||||
https://opendev.org/openstack/cookbook-openstack-ops-database/src/branch/master/recipes/openstack-db.rb
|
||||
.
|
||||
|
||||
Libraries
|
||||
=========
|
||||
|
||||
This cookbook exposes a set of default library routines:
|
||||
|
||||
- ``cli`` -- Used to call openstack CLIs
|
||||
- ``endpoint`` -- Used to return a ``::URI`` object representing the
|
||||
named OpenStack endpoint
|
||||
- ``internal_endpoint`` -- Used to return a ``::URI`` object
|
||||
representing the named OpenStack internal endpoint if one was
|
||||
specified. Otherwise, it will return the same value as ``endpoint``.
|
||||
- ``public_endpoint`` -- Used to return a ``::URI`` object representing
|
||||
the named OpenStack public endpoint if one was specified. Otherwise,
|
||||
it will return the same value as ``endpoint``.
|
||||
- ``endpoints`` -- Useful for operating on all OpenStack endpoints
|
||||
- ``db`` -- Returns a Hash of information about a named OpenStack
|
||||
database
|
||||
- ``db_uri`` -- Returns the SQLAlchemy RFC-1738 DB URI (see:
|
||||
http://rfc.net/rfc1738.html) for a named OpenStack database
|
||||
- ``secret`` -- Returns the value of an encrypted data bag for a named
|
||||
OpenStack secret key and key-section
|
||||
- ``get_password`` -- Ease-of-use helper that returns the decrypted
|
||||
password for a named database, service or keystone user.
|
||||
- ``matchers`` -- A custom matcher(``render_config_file``) for testing
|
||||
ini format file section content by ``with_section_content``.
|
||||
|
||||
Examples
|
||||
========
|
||||
|
||||
The following are code examples showing the above library routines in
|
||||
action. Remember when using the library routines exposed by this library
|
||||
to include the Openstack routines in your recipe's ``::Chef::Recipe``
|
||||
namespace, like so:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
Example of using the ``endpoint`` routine:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
nova_api_ep = endpoint "compute-api"
|
||||
::Chef::Log.info("Using Openstack Compute API endpoint at #{nova_api_ep.to_s}")
|
||||
|
||||
# Note that endpoint URIs may contain variable interpolation markers such
|
||||
# as `%(tenant_id)s`, so you may need to decode them. Do so like this:
|
||||
|
||||
require "uri"
|
||||
|
||||
puts ::URI.decode nova_api_ap.to_s
|
||||
|
||||
Example of using the ``get_password`` and ``db_uri`` routine:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
db_pass = get_password "db" "cinder"
|
||||
db_user = node["cinder"]["db"]["user"]
|
||||
sql_connection = db_uri "volume", db_user, db_pass
|
||||
|
||||
template "/etc/cinder/cinder.conf" do
|
||||
source "cinder.conf.erb"
|
||||
owner node["cinder"]["user"]
|
||||
group node["cinder"]["group"]
|
||||
mode 00644
|
||||
variables(
|
||||
"sql_connection" => sql_connection
|
||||
)
|
||||
end
|
||||
|
||||
URI Operations
|
||||
--------------
|
||||
|
||||
Use the ``Openstack::uri_from_hash`` routine to helpfully return a
|
||||
``::URI::Generic`` object for a hash that contains any of the following
|
||||
keys:
|
||||
|
||||
- ``host``
|
||||
- ``uri``
|
||||
- ``port``
|
||||
- ``path``
|
||||
- ``scheme``
|
||||
|
||||
If the ``uri`` key is in the hash, that will be used as the URI,
|
||||
otherwise the URI will be constructed from the various parts of the hash
|
||||
corresponding to the keys above.
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
# Suppose node hash contains the following subhash in the :identity_service key:
|
||||
# {
|
||||
# :host => 'identity.example.com',
|
||||
# :port => 5000,
|
||||
# :scheme => 'https'
|
||||
# }
|
||||
uri = ::Openstack::uri_from_hash(node[:identity_service])
|
||||
# uri.to_s would == "https://identity.example.com:5000"
|
||||
|
||||
The routine will return nil if neither a ``uri`` or ``host`` key exists
|
||||
in the supplied hash.
|
||||
|
||||
Using the library without prefixing with ::Openstack
|
||||
----------------------------------------------------
|
||||
|
||||
Don't like prefixing calls to the library's routines with
|
||||
``::Openstack``? Do this:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
in your recipe.
|
||||
|
||||
License and Author
|
||||
==================
|
||||
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Jay Pipes (jaypipes@att.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | John Dewey (jdewey@att.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Matt Ray (matt@opscode.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Craig Tracey (craigtracey@gmail.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Sean Gallagher (sean.gallagher@att.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Ionut Artarisi (iartarisi@suse.cz) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Chen Zhiwei (zhiwchen@cn.ibm.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Brett Campbell (brett.campbell@rackspace.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Mark Vanderwiel (vanderwl@us.ibm.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Jan Klare (j.klare@cloudbau.de) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Christoph Albers (c.albers@x-ion.de) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Jens Harbott (j.harbott@x-ion.de) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Lance Albertson (lance@osuosl.org) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013, Craig Tracey |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013-2014, SUSE Linux GmbH |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013-2015, IBM, Corp. |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013-2014, Rackspace US, Inc. |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2016-2019, x-ion GmbH |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2016-2021, Oregon State University |
|
||||
+-----------------+--------------------------------------------------+
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
::
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
For any further questions, please email
|
||||
openstack-discuss@lists.openstack.org or join #openstack-dev on
|
||||
OFTC.
|
||||
|
51
Rakefile
51
Rakefile
@ -1,51 +0,0 @@
|
||||
task default: ['test']
|
||||
|
||||
task test: [:syntax, :unit]
|
||||
|
||||
desc 'Vendor the cookbooks in the Berksfile'
|
||||
task :berks_prep do
|
||||
sh %(chef exec berks vendor)
|
||||
end
|
||||
|
||||
desc 'Run CookStyle (syntax & lint) tests'
|
||||
task :syntax do
|
||||
sh %(delivery local lint)
|
||||
end
|
||||
|
||||
desc 'Run RSpec (unit) tests'
|
||||
task unit: :berks_prep do
|
||||
sh %(delivery local unit)
|
||||
end
|
||||
|
||||
desc 'Remove the berks-cookbooks directory and the Berksfile.lock'
|
||||
task :clean do
|
||||
rm_rf [
|
||||
'berks-cookbooks',
|
||||
'Berksfile.lock',
|
||||
]
|
||||
end
|
||||
|
||||
desc 'All-in-One Neutron build'
|
||||
task integration: :common_integration do
|
||||
# Noop
|
||||
end
|
||||
|
||||
desc 'Common task used by all cookbooks for integration test'
|
||||
task :common_integration do
|
||||
# Use the berksfile support to make use of the existing patch clones.
|
||||
# Make a sym link from workspace/gate-cookbook-openstack-common-chef-rake-integration
|
||||
# to workspace/cookbook-openstack-common
|
||||
patch_dir = Dir.pwd
|
||||
patch_dir_berks = ENV['ZUUL_PROJECT'].split('/')[1]
|
||||
sh %(ls -la ..)
|
||||
sh %(ls -la ../..)
|
||||
sh %(sudo ln -s #{patch_dir} ../#{patch_dir_berks})
|
||||
|
||||
unless Dir.exist?('../openstack-chef')
|
||||
sh %(git clone --depth 1 https://opendev.org/openstack/openstack-chef ../openstack-chef)
|
||||
end
|
||||
|
||||
Dir.chdir('../openstack-chef') do
|
||||
sh %(chef exec rake integration)
|
||||
end
|
||||
end
|
30
TESTING.md
30
TESTING.md
@ -1,30 +0,0 @@
|
||||
# Testing the Cookbook #
|
||||
|
||||
This cookbook uses [chefdk](https://downloads.chef.io/chef-dk/) and [berkshelf](http://berkshelf.com/) to isolate dependencies. Make sure you have chefdk and the header files for `gecode` installed before continuing. Make sure that you're using gecode version 3. More info [here](https://github.com/opscode/dep-selector-libgecode/tree/0bad63fea305ede624c58506423ced697dd2545e#using-a-system-gecode-instead). For more detailed information on what needs to be installed, you can have a quick look into the bootstrap.sh file in this repository, which does install all the needed things to get going on ubuntu trusty. The tests defined in the Rakefile include lint, style and unit. For integration testing please refere to the [openstack-chef-repo](https://github.com/openstack/openstack-chef-repo).
|
||||
|
||||
We have three test suites which you can run either, individually (there are three rake tasks):
|
||||
|
||||
$ chef exec rake lint
|
||||
$ chef exec rake style
|
||||
$ chef exec rake unit
|
||||
|
||||
or altogether:
|
||||
|
||||
$ chef exec rake
|
||||
|
||||
The `rake` tasks will take care of installing the needed cookbooks with `berkshelf`.
|
||||
|
||||
## Rubocop ##
|
||||
|
||||
[Rubocop](https://github.com/bbatsov/rubocop) is a static Ruby code analyzer, based on the community [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). We are attempting to adhere to this where applicable, slowly cleaning up the cookbooks until we can turn on Rubocop for gating the commits.
|
||||
|
||||
## Foodcritic ##
|
||||
|
||||
[Foodcritic](http://acrmp.github.io/foodcritic/) is a lint tool for Chef cookbooks. We ignore the following rules:
|
||||
|
||||
* [FC003](http://acrmp.github.io/foodcritic/#FC003) These cookbooks are not intended for Chef Solo.
|
||||
* [FC023](http://acrmp.github.io/foodcritic/#FC023) Prefer conditional attributes.
|
||||
|
||||
## Chefspec
|
||||
|
||||
[ChefSpec](https://github.com/sethvargo/chefspec) is a unit testing framework for testing Chef cookbooks. ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.
|
@ -1,207 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# Attributes:: database
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
# Copyright:: 2013-2021, SUSE Linux GmbH
|
||||
# Copyright:: 2020-2021, Oregon State University
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# ======================== OpenStack DB Support ================================
|
||||
#
|
||||
# This section of node attributes stores information about the database hosts
|
||||
# used in an OpenStack deployment.
|
||||
#
|
||||
# There is no 'scheme' key. Instead, there is a 'service_type' key that should
|
||||
# contain one of 'sqlite', 'mysql', or 'postgresql'
|
||||
#
|
||||
# The ::Openstack::db(<SERVICE_NAME>) library routine allows a lookup from any recipe
|
||||
# to this array, returning the host information for the server that contains
|
||||
# the database for <SERVICE_NAME>, where <SERVICE_NAME> is one of 'compute' (Nova),
|
||||
# 'image' (Glance), 'identity' (Keystone), 'network' (Neutron), or 'volume' (Cinder)
|
||||
#
|
||||
# The ::Openstack::db_connection(<SERVICE_NAME>, <USER>, <PASSWORD>) library routine
|
||||
# returns the SQLAlchemy DB URI for <SERVICE_NAME>, with the supplied user and password
|
||||
# that a calling service might be using when connecting to the database.
|
||||
#
|
||||
# For example, let's assume that the database that is used by the OpenStack Identity
|
||||
# service (Keystone) is configured as follows:
|
||||
#
|
||||
# host: 192.168.0.3
|
||||
# port: 3306
|
||||
# service_type: mysql
|
||||
# db_name: keystone
|
||||
#
|
||||
# Further suppose that a node running the OpenStack Identity API service needs to
|
||||
# connect to the above identity database server. It has the following in it's node
|
||||
# attributes:
|
||||
#
|
||||
# node['openstack']['db']['identity']['username'] = 'keystone'
|
||||
#
|
||||
# In a 'keystone' recipe, you might find the following code:
|
||||
#
|
||||
# user = node['openstack']['db']['identity']['username']
|
||||
# pass = get_password 'db', 'keystone'
|
||||
#
|
||||
# sql_connection = ::Openstack::db_uri('identity', user, pass)
|
||||
#
|
||||
# The sql_connection variable would then be set to "mysql://keystone:password@192.168.0.3:keystone"
|
||||
# and could then be written to the keystone.conf file in a template.
|
||||
#
|
||||
# Database Migrations:
|
||||
#
|
||||
# node['openstack']['db'][<SERVICE_NAME>]['migrate']
|
||||
#
|
||||
# The above attribute causes database migrations to be executed for the given
|
||||
# service. There are cases where migrations should not be executed. For
|
||||
# example when upgrading a zone, and the image or identity database are replicated
|
||||
# across many zones.
|
||||
#
|
||||
|
||||
# ******************** Database Endpoint **************************************
|
||||
%w(endpoints bind_service).each do |type|
|
||||
default['openstack'][type]['db']['host'] = '127.0.0.1'
|
||||
default['openstack'][type]['db']['port'] = '3306'
|
||||
end
|
||||
default['openstack']['bind_service']['db']['interface'] = nil
|
||||
default['openstack']['endpoints']['db']['enabled_slave'] = false
|
||||
default['openstack']['endpoints']['db']['slave_host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints']['db']['slave_port'] = '3316'
|
||||
|
||||
# If you bind the database to a specific ip-address (you can only choose one
|
||||
# here for mysql, so 127.0.0.1 + external address is not an option), to allow
|
||||
# the services and applications to access it via this one, you probably do not
|
||||
# want to allow the db root user to access it via this external address. In this
|
||||
# case you have the option to allow root access only via localhost, which
|
||||
# will work for mysql databases, since it will use a direct connection via
|
||||
# the socket, so the database does not have not to listen on 127.0.0.1.
|
||||
# Set this to 'localhost' for mysql to connect via socket.
|
||||
default['openstack']['endpoints']['db']['host_for_db_root_user'] = 'localhost'
|
||||
|
||||
# Default database attributes
|
||||
default['openstack']['db']['server_role'] = 'os-ops-database'
|
||||
# Database charset during create database
|
||||
default['openstack']['db']['charset'] = {
|
||||
mysql: 'utf8',
|
||||
'percona-cluster' => 'utf8',
|
||||
mariadb: 'utf8',
|
||||
postgresql: nil,
|
||||
pgsql: nil,
|
||||
sqlite: nil,
|
||||
nosql: nil,
|
||||
galera: 'utf8',
|
||||
}
|
||||
|
||||
# Database connection options. Should include starting '?'
|
||||
default['openstack']['db']['options'] = {
|
||||
mysql: "?charset=#{node['openstack']['db']['charset']['mysql']}",
|
||||
'percona-cluster' => "?charset=#{node['openstack']['db']['charset']['percona-cluster']}",
|
||||
mariadb: "?charset=#{node['openstack']['db']['charset']['mariadb']}",
|
||||
sqlite: '',
|
||||
nosql: '',
|
||||
galera: "?charset=#{node['openstack']['db']['charset']['galera']}",
|
||||
}
|
||||
|
||||
# platform and DBMS-specific python client packages
|
||||
default['openstack']['db']['python_packages'] = {
|
||||
postgresql: [],
|
||||
sqlite: [],
|
||||
}
|
||||
case node['platform_family']
|
||||
when 'rhel'
|
||||
default['openstack']['db']['service_type'] = 'mariadb'
|
||||
if node['platform_version'].to_i >= 8
|
||||
default['openstack']['db']['python_packages']['mariadb'] = ['python3-PyMySQL']
|
||||
default['openstack']['db']['python_packages']['percona-cluster'] = ['python3-PyMySQL']
|
||||
default['openstack']['db']['python_packages']['galera'] = ['python3-PyMySQL']
|
||||
else
|
||||
default['openstack']['db']['python_packages']['mariadb'] = ['MySQL-python']
|
||||
default['openstack']['db']['python_packages']['percona-cluster'] = ['MySQL-python']
|
||||
default['openstack']['db']['python_packages']['galera'] = ['MySQL-python']
|
||||
end
|
||||
when 'debian'
|
||||
default['openstack']['db']['service_type'] = 'mariadb'
|
||||
default['openstack']['db']['python_packages']['mariadb'] = ['python3-mysqldb']
|
||||
default['openstack']['db']['python_packages']['percona-cluster'] = ['python3-mysqldb']
|
||||
default['openstack']['db']['python_packages']['galera'] = ['python3-mysqldb']
|
||||
end
|
||||
|
||||
# database sockets, because different
|
||||
case node['platform_family']
|
||||
when 'rhel'
|
||||
default['openstack']['db']['socket'] = '/var/lib/mysql/mysql.sock'
|
||||
when 'debian'
|
||||
default['openstack']['db']['socket'] = '/var/run/mysqld/mysqld.sock'
|
||||
end
|
||||
|
||||
# Database used by the OpenStack services
|
||||
node['openstack']['common']['services'].each do |service, project|
|
||||
default['openstack']['db'][service]['service_type'] = node['openstack']['db']['service_type']
|
||||
default['openstack']['db'][service]['host'] = node['openstack']['endpoints']['db']['host']
|
||||
default['openstack']['db'][service]['port'] = node['openstack']['endpoints']['db']['port']
|
||||
default['openstack']['db'][service]['db_name'] = project
|
||||
default['openstack']['db'][service]['username'] = project
|
||||
default['openstack']['db'][service]['options'] = node['openstack']['db']['options']
|
||||
|
||||
default['openstack']['db'][service]['slave_host'] = node['openstack']['endpoints']['db']['slave_host']
|
||||
default['openstack']['db'][service]['slave_port'] = node['openstack']['endpoints']['db']['slave_port']
|
||||
|
||||
default['openstack']['db'][service]['socket'] = node['openstack']['db']['socket']
|
||||
|
||||
case service
|
||||
when 'dashboard'
|
||||
default['openstack']['db'][service]['migrate'] = true
|
||||
when 'identity'
|
||||
default['openstack']['db'][service]['migrate'] = true
|
||||
when 'image'
|
||||
default['openstack']['db'][service]['migrate'] = true
|
||||
when 'network'
|
||||
# The SQLAlchemy connection string used to connect to the slave database
|
||||
default['openstack']['db'][service]['slave_connection'] = ''
|
||||
|
||||
# Database reconnection retry times - in event connectivity is lost
|
||||
default['openstack']['db'][service]['max_retries'] = 10
|
||||
|
||||
# Database reconnection interval in seconds - if the initial connection to the database fails
|
||||
default['openstack']['db'][service]['retry_interval'] = 10
|
||||
|
||||
# Minimum number of SQL connections to keep open in a pool
|
||||
default['openstack']['db'][service]['min_pool_size'] = 1
|
||||
|
||||
# Maximum number of SQL connections to keep open in a pool
|
||||
default['openstack']['db'][service]['max_pool_size'] = 10
|
||||
|
||||
# Timeout in seconds before idle sql connections are reaped
|
||||
default['openstack']['db'][service]['idle_timeout'] = 3600
|
||||
|
||||
# If set, use this value for max_overflow with sqlalchemy
|
||||
default['openstack']['db'][service]['max_overflow'] = 20
|
||||
|
||||
# Verbosity of SQL debugging information. 0=None, 100=Everything
|
||||
default['openstack']['db'][service]['connection_debug'] = 0
|
||||
|
||||
# Add python stack traces to SQL as comment strings
|
||||
default['openstack']['db'][service]['connection_trace'] = false
|
||||
|
||||
# If set, use this value for pool_timeout with sqlalchemy
|
||||
default['openstack']['db'][service]['pool_timeout'] = 10
|
||||
when 'telemetry'
|
||||
default['openstack']['db'][service]['nosql']['used'] = false
|
||||
default['openstack']['db'][service]['nosql']['port'] = '27017'
|
||||
end
|
||||
end
|
||||
|
||||
# DB key to the get_password library routine
|
||||
default['openstack']['db']['root_user_key'] = 'mysqlroot'
|
@ -1,357 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# Attributes:: default
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
# Copyright:: 2013-2021, SUSE Linux GmbH
|
||||
# Copyright:: 2016-2021, Oregon State University
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# Release mode toggle for testing frameworks. Defaults to false.
|
||||
# Override this to true at the environment level when you're ready.
|
||||
default['openstack']['is_release'] = false
|
||||
|
||||
# Set to some text value if you want templated config files
|
||||
# to contain a custom banner at the top of the written file
|
||||
default['openstack']['common']['custom_template_banner'] = '
|
||||
# This file is automatically generated by Chef
|
||||
# Any changes will be overwritten
|
||||
'
|
||||
|
||||
# OpenStack services and their project names
|
||||
default['openstack']['common']['services'] = {
|
||||
'aodh' => 'aodh',
|
||||
'baremetal' => 'ironic',
|
||||
'bare_metal' => 'ironic',
|
||||
'block_storage' => 'cinder',
|
||||
'block-storage' => 'cinder',
|
||||
'compute' => 'nova',
|
||||
'compute_api' => 'nova_api',
|
||||
'compute_cell0' => 'nova_cell0',
|
||||
'dashboard' => 'horizon',
|
||||
'database' => 'trove',
|
||||
'dns' => 'designate',
|
||||
'identity' => 'keystone',
|
||||
'image' => 'glance',
|
||||
'load_balancer' => 'octavia',
|
||||
'network' => 'neutron',
|
||||
'object_storage' => 'swift',
|
||||
'orchestration' => 'heat',
|
||||
'placement' => 'placement',
|
||||
'telemetry' => 'ceilometer',
|
||||
'telemetry_metric' => 'gnocchi',
|
||||
'application_catalog' => 'murano',
|
||||
}
|
||||
|
||||
# Setting this to True means that database passwords and service user
|
||||
# passwords for Keystone will be easy-to-remember values -- they will be
|
||||
# the same value as the key. For instance, if a cookbook calls the
|
||||
# ::Openstack::secret routine like so:
|
||||
#
|
||||
# pass = secret "passwords", "nova"
|
||||
#
|
||||
# The value of pass will be "nova"
|
||||
#
|
||||
|
||||
# Use data bags for storing passwords
|
||||
# Set this to false in order to get the passwords from attributes like:
|
||||
# node['openstack']['secret'][key][type]
|
||||
default['openstack']['use_databags'] = true
|
||||
|
||||
# Set databag type
|
||||
# acceptable values 'encrypted', 'standard', 'vault'
|
||||
# Set this to 'standard' in order to use regular databags.
|
||||
# this is not recommended for anything other than dev/CI
|
||||
# type environments. Storing real secrets in plaintext = craycray.
|
||||
# In addition to the encrypted data_bags which are an included
|
||||
# feature of the official chef project, you can use 'vault' to
|
||||
# encrypt your secrets with the method provided in the chef-vault gem.
|
||||
default['openstack']['databag_type'] = 'encrypted'
|
||||
default['openstack']['vault_gem_version'] = '~> 3.2'
|
||||
|
||||
# Default attributes when not using data bags (use_databags = false)
|
||||
node['openstack']['common']['services'].each_key do |service|
|
||||
%w(user service db token).each do |type|
|
||||
default['openstack']['secret'][service][type] = "#{service}-#{type}"
|
||||
end
|
||||
end
|
||||
|
||||
# The type of token signing to use (uuid or fernet)
|
||||
default['openstack']['auth']['strategy'] = 'fernet'
|
||||
|
||||
# Set to true where using self-signed certs (in testing environments)
|
||||
default['openstack']['auth']['validate_certs'] = true
|
||||
|
||||
# ========================= Encrypted Databag Setup ===========================
|
||||
#
|
||||
# The openstack-common cookbook's default library contains a `secret`
|
||||
# routine that looks up the value of encrypted databag values. This routine
|
||||
# uses the secret key file located at the following location to decrypt the
|
||||
# values in the data bag.
|
||||
default['openstack']['secret']['key_path'] = '/etc/chef/openstack_data_bag_secret'
|
||||
|
||||
# The name of the encrypted data bag that stores openstack secrets
|
||||
default['openstack']['secret']['secrets_data_bag'] = 'secrets'
|
||||
|
||||
# The name of the encrypted data bag that stores service user passwords, with
|
||||
# each key in the data bag corresponding to a named OpenStack service, like
|
||||
# "nova", "cinder", etc.
|
||||
default['openstack']['secret']['service_passwords_data_bag'] = 'service_passwords'
|
||||
|
||||
# The name of the encrypted data bag that stores DB passwords, with
|
||||
# each key in the data bag corresponding to a named OpenStack database, like
|
||||
# "nova", "cinder", etc.
|
||||
default['openstack']['secret']['db_passwords_data_bag'] = 'db_passwords'
|
||||
|
||||
# The name of the encrypted data bag that stores Keystone user passwords, with
|
||||
# each key in the data bag corresponding to a user (Keystone or otherwise).
|
||||
default['openstack']['secret']['user_passwords_data_bag'] = 'user_passwords'
|
||||
|
||||
# ========================= Package and Repository Setup ======================
|
||||
#
|
||||
# Various Linux distributions provide OpenStack packages and repositories.
|
||||
# The provide some sensible defaults, but feel free to override per your
|
||||
# needs.
|
||||
|
||||
# The coordinated release of OpenStack codename
|
||||
default['openstack']['release'] = 'train'
|
||||
|
||||
# The Ubuntu Cloud Archive has packages for multiple Ubuntu releases. For
|
||||
# more information, see: https://wiki.ubuntu.com/ServerTeam/CloudArchive.
|
||||
# In the component strings, %codename% will be replaced by the value of
|
||||
# the node['lsb']['codename'] Ohai value and %release% will be replaced
|
||||
# by the value of node['openstack']['release']
|
||||
#
|
||||
# Change ['openstack']['apt']['update_apt_cache'] to true if you would like
|
||||
# have the cache automatically updated
|
||||
default['openstack']['apt']['update_apt_cache'] = false
|
||||
default['openstack']['apt']['live_updates_enabled'] = true
|
||||
default['openstack']['apt']['uri'] = 'http://ubuntu-cloud.archive.canonical.com/ubuntu'
|
||||
default['openstack']['apt']['components'] = ['main']
|
||||
|
||||
default['openstack']['yum']['update_yum_cache'] = false
|
||||
default['openstack']['yum']['rdo_enabled'] = true
|
||||
default['openstack']['yum']['uri'] =
|
||||
if node['platform_version'].to_i >= 8
|
||||
# TODO: Train has been archived to vault for RHEL 8
|
||||
# "http://mirror.centos.org/centos/$releasever/cloud/$basearch/openstack-#{node['openstack']['release']}"
|
||||
"https://vault.centos.org/8.5.2111/cloud/x86_64/openstack-#{node['openstack']['release']}/"
|
||||
else
|
||||
"http://mirror.centos.org/centos/$releasever/cloud/$basearch/openstack-#{node['openstack']['release']}"
|
||||
end
|
||||
default['openstack']['yum']['repo-key'] = "https://github.com/rdo-infra/rdo-release/raw/#{node['openstack']['release']}-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud"
|
||||
# Enforcing GnuPG signature check for RDO repo. Set this to false if you want to disable the check.
|
||||
default['openstack']['yum']['gpgcheck'] = true
|
||||
default['openstack']['endpoints']['family'] = 'inet'
|
||||
|
||||
# Set a default region that other regions are set to - such that changing the region for all services can be done in one place
|
||||
default['openstack']['region'] = 'RegionOne'
|
||||
|
||||
# Allow configured loggers in logging.conf
|
||||
default['openstack']['logging']['loggers'] = {
|
||||
'root' => {
|
||||
'level' => 'NOTSET',
|
||||
'handlers' => 'devel',
|
||||
},
|
||||
'ceilometer' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'ceilometer',
|
||||
},
|
||||
'cinder' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'cinder',
|
||||
},
|
||||
'glance' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'glance',
|
||||
},
|
||||
'horizon' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'horizon',
|
||||
},
|
||||
'keystone' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'keystone',
|
||||
},
|
||||
'nova' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'nova',
|
||||
},
|
||||
'neutron' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'neutron',
|
||||
},
|
||||
'trove' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'trove',
|
||||
},
|
||||
'amqplib' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'amqplib',
|
||||
},
|
||||
'sqlalchemy' => {
|
||||
'level' => 'WARNING',
|
||||
# "level' => 'INFO" logs SQL queries.
|
||||
# "level' => 'DEBUG" logs SQL queries and results.
|
||||
# "level' => 'WARNING" logs neither. (Recommended for production systems.)
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'sqlalchemy',
|
||||
},
|
||||
'boto' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'boto',
|
||||
},
|
||||
'suds' => {
|
||||
'level' => 'INFO',
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'suds',
|
||||
},
|
||||
'eventletwsgi' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'eventlet.wsgi.server',
|
||||
},
|
||||
'nova_api_openstack_wsgi' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'nova.api.openstack.wsgi',
|
||||
},
|
||||
'nova_osapi_compute_wsgi_server' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'nova.osapi_compute.wsgi.server',
|
||||
},
|
||||
}
|
||||
|
||||
# Allow configured formatters in logging.conf
|
||||
default['openstack']['logging']['formatters'] = {
|
||||
'normal' => {
|
||||
'format' => '%(asctime)s %(levelname)s %(message)s',
|
||||
},
|
||||
'normal_with_name' => {
|
||||
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(message)s',
|
||||
},
|
||||
'debug' => {
|
||||
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(module)s.%(funcName)s %(message)s',
|
||||
},
|
||||
'syslog_with_name' => {
|
||||
'format' => '%(name)s: %(levelname)s %(message)s',
|
||||
},
|
||||
'syslog_debug' => {
|
||||
'format' => '%(name)s: %(levelname)s %(module)s.%(funcName)s %(message)s',
|
||||
},
|
||||
}
|
||||
|
||||
# Allow configured logging handlers in logging.conf
|
||||
default['openstack']['logging']['handlers'] = {
|
||||
'stderr' => {
|
||||
'args' => '(sys.stderr,)',
|
||||
'class' => 'StreamHandler',
|
||||
'formatter' => 'debug',
|
||||
},
|
||||
'devel' => {
|
||||
'args' => '(sys.stdout,)',
|
||||
'class' => 'StreamHandler',
|
||||
'formatter' => 'debug',
|
||||
'level' => 'NOTSET',
|
||||
},
|
||||
'prod' => {
|
||||
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL0)',
|
||||
'class' => 'handlers.SysLogHandler',
|
||||
'formatter' => 'syslog_with_name',
|
||||
'level' => 'INFO',
|
||||
},
|
||||
'debug' => {
|
||||
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL1)',
|
||||
'class' => 'handlers.SysLogHandler',
|
||||
'formatter' => 'syslog_debug',
|
||||
'level' => 'DEBUG',
|
||||
},
|
||||
}
|
||||
|
||||
default['openstack']['memcached_servers'] = nil
|
||||
|
||||
# Default sysctl settings
|
||||
default['openstack']['sysctl']['net.ipv4.conf.all.rp_filter'] = 0
|
||||
default['openstack']['sysctl']['net.ipv4.conf.default.rp_filter'] = 0
|
||||
|
||||
case node['platform_family']
|
||||
when 'rhel'
|
||||
default['openstack']['common']['platform'] =
|
||||
if node['platform_version'].to_i >= 8
|
||||
{
|
||||
'common_client_packages' => ['python3-openstackclient'],
|
||||
'python_packages' => %w(
|
||||
python3-pip
|
||||
python3-setuptools
|
||||
python3-virtualenv
|
||||
python3-wheel
|
||||
python36
|
||||
python36-devel
|
||||
),
|
||||
'package_overrides' => '',
|
||||
}
|
||||
else
|
||||
{
|
||||
'common_client_packages' => ['python-openstackclient'],
|
||||
'python_packages' => %w(
|
||||
python
|
||||
python2-pip
|
||||
python2-setuptools
|
||||
python-devel
|
||||
python-virtualenv
|
||||
python-wheel
|
||||
),
|
||||
'package_overrides' => '',
|
||||
}
|
||||
end
|
||||
when 'debian'
|
||||
default['openstack']['common']['platform'] = {
|
||||
'common_client_packages' => ['python3-openstackclient'],
|
||||
'python_packages' => %w(
|
||||
python3
|
||||
python3-dev
|
||||
python3-pip
|
||||
python3-setuptools
|
||||
python3-virtualenv
|
||||
python3-wheel
|
||||
virtualenv
|
||||
),
|
||||
'package_overrides' => '',
|
||||
}
|
||||
end
|
||||
|
||||
# The location of the OSC bash completion file
|
||||
default['openstack']['common']['bash_complete'] = '/etc/bash_completion.d/osc.bash_completion'
|
||||
|
||||
# Set maximum count for searches [1]
|
||||
# [1] https://review.opendev.org/60126
|
||||
default['openstack']['common']['search_count_max'] = 7
|
||||
|
||||
# The name of the Chef role that installs the Keystone Service API
|
||||
default['openstack']['identity_service_chef_role'] = 'os-identity'
|
||||
|
||||
# The name of the Chef role that sets up the compute worker
|
||||
default['openstack']['compute_worker_chef_role'] = 'os-compute-worker'
|
@ -1,125 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# Attributes:: messaging
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
# Copyright:: 2013-2021, SUSE Linux GmbH
|
||||
# Copyright:: 2013-2021, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
# The rabbitmq user's password is stored in an encrypted databag and accessed
|
||||
# with openstack-common cookbook library's user_password routine. You are
|
||||
# expected to create the user, pass, vhost in a wrapper rabbitmq cookbook.
|
||||
#
|
||||
|
||||
# ******************** RabbitMQ Endpoint **************************************
|
||||
%w(endpoints bind_service).each do |type|
|
||||
default['openstack'][type]['mq']['host'] = '127.0.0.1'
|
||||
default['openstack'][type]['mq']['port'] = '5672'
|
||||
end
|
||||
default['openstack']['bind_service']['mq']['interface'] = nil
|
||||
|
||||
###################################################################
|
||||
# Services to assign mq attributes for
|
||||
###################################################################
|
||||
services =
|
||||
%w(
|
||||
aodh
|
||||
bare_metal
|
||||
baremetal
|
||||
block-storage
|
||||
block_storage
|
||||
compute
|
||||
database
|
||||
dns
|
||||
identity
|
||||
image
|
||||
load_balancer
|
||||
network
|
||||
orchestration
|
||||
placement
|
||||
telemetry
|
||||
)
|
||||
|
||||
###################################################################
|
||||
# Generic default attributes
|
||||
###################################################################
|
||||
default['openstack']['mq']['server_role'] = 'os-ops-messaging'
|
||||
default['openstack']['mq']['service_type'] = 'rabbit'
|
||||
default['openstack']['mq']['user'] = 'openstack'
|
||||
default['openstack']['mq']['vhost'] = '/'
|
||||
|
||||
# defined in oslo/messaging/_drivers/amqp.py
|
||||
default['openstack']['mq']['durable_queues'] = false
|
||||
default['openstack']['mq']['auto_delete'] = false
|
||||
|
||||
###################################################################
|
||||
# Default rabbit values (for attribute assignment below)
|
||||
###################################################################
|
||||
# global switch for handling rabbit ssl
|
||||
default['openstack']['mq']['rabbitmq']['use_ssl'] = false
|
||||
# SSL version to use (valid only if SSL enabled)
|
||||
default['openstack']['mq']['rabbitmq']['kombu_ssl_version'] = nil
|
||||
# SSL key file (valid only if SSL enabled)
|
||||
default['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'] = nil
|
||||
# SSL cert file (valid only if SSL enabled)
|
||||
default['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'] = nil
|
||||
# SSL certification authority file (valid only if SSL enabled)
|
||||
default['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'] = nil
|
||||
# How long to wait before reconnecting in response to an AMQP consumer cancel notification
|
||||
default['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'] = 1.0
|
||||
# How long to wait before considering a reconnect attempt to have failed.
|
||||
# This value should not be longer than rpc_response_timeout
|
||||
default['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'] = 60
|
||||
# global switch for handling rabbit ha
|
||||
default['openstack']['mq']['rabbitmq']['ha'] = false
|
||||
# global switch for number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat)
|
||||
default['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'] = 0
|
||||
# global switch for how often times during the heartbeat_timeout_threshold we check the heartbeat
|
||||
default['openstack']['mq']['rabbitmq']['heartbeat_rate'] = 2
|
||||
|
||||
rabbit_defaults = {
|
||||
rabbit_max_retries: 0,
|
||||
rabbit_retry_interval: 1,
|
||||
userid: node['openstack']['mq']['user'],
|
||||
vhost: node['openstack']['mq']['vhost'],
|
||||
port: node['openstack']['endpoints']['mq']['port'],
|
||||
host: node['openstack']['endpoints']['mq']['host'],
|
||||
ha: node['openstack']['mq']['rabbitmq']['ha'],
|
||||
heartbeat_timeout_threshold: node['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'],
|
||||
heartbeat_rate: node['openstack']['mq']['rabbitmq']['heartbeat_rate'],
|
||||
use_ssl: node['openstack']['mq']['rabbitmq']['use_ssl'],
|
||||
kombu_ssl_version: node['openstack']['mq']['rabbitmq']['kombu_ssl_version'],
|
||||
kombu_ssl_keyfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'],
|
||||
kombu_ssl_certfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'],
|
||||
kombu_ssl_ca_certs: node['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'],
|
||||
kombu_reconnect_delay: node['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'],
|
||||
kombu_reconnect_timeout: node['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'],
|
||||
}
|
||||
|
||||
###################################################################
|
||||
# Assign default mq attributes for every service
|
||||
###################################################################
|
||||
services.each do |svc|
|
||||
default['openstack']['mq'][svc]['service_type'] = node['openstack']['mq']['service_type']
|
||||
|
||||
default['openstack']['mq'][svc]['durable_queues'] =
|
||||
node['openstack']['mq']['durable_queues']
|
||||
default['openstack']['mq'][svc]['auto_delete'] =
|
||||
node['openstack']['mq']['auto_delete']
|
||||
|
||||
rabbit_defaults.each do |key, val|
|
||||
default['openstack']['mq'][svc]['rabbit'][key.to_s] = val
|
||||
end
|
||||
end
|
138
libraries/cli.rb
138
libraries/cli.rb
@ -1,138 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: cli
|
||||
#
|
||||
# Copyright:: 2014-2021, IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
require 'chef/mixin/shell_out'
|
||||
include Chef::Mixin::ShellOut
|
||||
require 'uri'
|
||||
|
||||
# CLI methods
|
||||
module ::Openstack
|
||||
# return an environment suitable for calling openstack commands.
|
||||
#
|
||||
# @param [String] user name
|
||||
# @param [String] tenant name
|
||||
# @return [Hash] environment
|
||||
def openstack_command_env(name, project, user_domain, project_domain)
|
||||
identity_endpoint = public_endpoint 'identity'
|
||||
auth_url = identity_endpoint.to_s
|
||||
|
||||
pass = get_password 'user', name
|
||||
{
|
||||
'OS_USERNAME' => name,
|
||||
'OS_PASSWORD' => pass,
|
||||
'OS_PROJECT_NAME' => project,
|
||||
'OS_USER_DOMAIN_NAME' => user_domain,
|
||||
'OS_PROJECT_DOMAIN_NAME' => project_domain,
|
||||
'OS_IDENTITY_API_VERSION' => '3',
|
||||
'OS_AUTH_URL' => auth_url,
|
||||
}
|
||||
end
|
||||
|
||||
# return stdout from calling an openstack command.
|
||||
#
|
||||
# @param [String] command to run
|
||||
# @param [String] command options
|
||||
# @param [Hash] environment to use
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @return [String] stdout or fail
|
||||
#
|
||||
def openstack_command(cmd, options = '', env = {}, args = {})
|
||||
# NOTE: Here we split options (which creates an array) and then merge that
|
||||
# array into [cmd]. This is done to accomdate cmd + options like:
|
||||
# keystone user-list
|
||||
# glance image-show <id|name>
|
||||
openstackcmd = [cmd]
|
||||
args.each do |key, val|
|
||||
openstackcmd << "--#{key}"
|
||||
openstackcmd << val.to_s unless val.to_s.empty?
|
||||
end
|
||||
# If options is a string, split on whitespace into array; otherwise, assume
|
||||
# it is an array already and leave it untouched.
|
||||
options = options.split if options.instance_of? String
|
||||
openstackcmd = openstackcmd.concat(options)
|
||||
Chef::Log.debug("Running openstack command: #{openstackcmd} with environment: #{env}")
|
||||
result = shell_out(openstackcmd, env: env)
|
||||
Chef::Log.debug("Output for command: #{cmd}:\n#{result.stdout}\n#{result.stderr}")
|
||||
raise "#{result.stderr} (#{result.exitstatus})" if result.exitstatus != 0
|
||||
result.stdout
|
||||
end
|
||||
|
||||
# return uuid for a resource.
|
||||
#
|
||||
# @param [String] client of resource (keystone, neutron, glance, ...)
|
||||
# @param [String] type of resource (user, service, tenant, endpoint, role; net, subnet, router, ...)
|
||||
# @param [String] key of resource to match
|
||||
# @param [String] value of resource key to match
|
||||
# @param [Hash] environment to use.
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @param [String] optional uuid field to match
|
||||
# @return [String] uuid or nil
|
||||
#
|
||||
def get_uuid(client, type, key, value, env, args = {}, uuid_field = 'id') # rubocop: disable Metrics/ParameterLists
|
||||
begin
|
||||
output = openstack_command(client, "#{type} list", env, args)
|
||||
prettytable_to_array(output).each do |obj|
|
||||
return obj[uuid_field] if obj.key?(uuid_field) && obj[key] == value
|
||||
end
|
||||
rescue RuntimeError => e
|
||||
raise "Could not lookup uuid for #{type}:#{key}=>#{value}. Error was #{e.message}"
|
||||
end
|
||||
nil
|
||||
end
|
||||
|
||||
# return uuid for an identity resource.
|
||||
#
|
||||
# @param [String] type of resource (user, service, tenant, endpoint, role)
|
||||
# @param [String] key of resource to match
|
||||
# @param [String] value of resource key to match
|
||||
# @param [Hash] environment to use.
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @param [String] optional uuid field to match
|
||||
# @return [String] uuid or nil
|
||||
#
|
||||
# TODO: update openstack-identity register provider to use these functions.
|
||||
#
|
||||
def identity_uuid(*args)
|
||||
get_uuid('openstack', *args)
|
||||
end
|
||||
|
||||
# return id for a glance image.
|
||||
#
|
||||
# @param [String] name of image
|
||||
# @param [Hash] environment to use.
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @return [String] id or nil
|
||||
def image_id(name, env, args = {})
|
||||
get_uuid('openstack', 'image', 'Name', name, env, args, 'ID')
|
||||
end
|
||||
|
||||
# return uuid for a network resource.
|
||||
#
|
||||
# @param [String] type of resource (net, subnet, router, port, ...)
|
||||
# @param [String] key of resource to match
|
||||
# @param [String] value of resource key to match
|
||||
# @param [Hash] environment to use.
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @param [String] optional uuid field to match
|
||||
# @return [String] uuid or nil
|
||||
#
|
||||
def network_uuid(*args)
|
||||
get_uuid('openstack', *args)
|
||||
end
|
||||
end
|
@ -1,46 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: config_helpers
|
||||
#
|
||||
# Copyright:: 2016-2021, cloudbau GmbH
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# config helper methods
|
||||
module ::Openstack
|
||||
# return a Mash with config options which can be used for the service config
|
||||