openstack/kolla-ansible
Code Issues Proposed changes

Add zun ansible role

Browse Source 
Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-implements: bp add-zun-ansible-role
This commit is contained in:
root 2017-01-03 08:45:53 +00:00 committed by jianyi
parent 04ebda9e44
commit 2364bee3cc
28 changed files with 491 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/group_vars/all.yml
View File

@ -245,6 +245,8 @@ tacker_server_port: "9890"
fluentd_syslog_port: "5140"
zun_api_port: "9512"
public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
internal_protocol: "http"
admin_protocol: "http"
@ -364,6 +366,7 @@ enable_tempest: "no"
enable_trove: "no"
enable_vmtp: "no"
enable_watcher: "no"
enable_zun: "no"
ironic_keystone_user: "ironic"
neutron_keystone_user: "neutron"

10
ansible/inventory/all-in-one
View File

@ -184,6 +184,9 @@ control
[bifrost:children]
deployment
[zun:children]
control
# Additional control implemented here. These groups allow you to control which
# services run on which hosts at a per-service level.
#
@ -527,3 +530,10 @@ designate
# Placement
[placement-api:children]
placement
# Zun
[zun-api:children]
zun
[zun-compute:children]
compute

10
ansible/inventory/multinode
View File

@ -202,6 +202,9 @@ control
[bifrost:children]
deployment
[zun:children]
control
# Additional control implemented here. These groups allow you to control which
# services run on which hosts at a per-service level.
#
@ -545,3 +548,10 @@ designate
# Placement
[placement-api:children]
placement
# Zun
[zun-api:children]
zun
[zun-compute:children]
compute

1
ansible/roles/common/tasks/config.yml
View File

@ -110,3 +110,4 @@
- { name: "swift", enabled: "{{ enable_swift }}" }
- { name: "tacker", enabled: "{{ enable_tacker }}" }
- { name: "watcher", enabled: "{{ enable_watcher }}" }
- { name: "zun", enabled: "{{ enable_zun }}" }

3
ansible/roles/common/templates/cron-logrotate-zun.conf.j2 Normal file
View File

@ -0,0 +1,3 @@
"/var/log/kolla/zun/*.log"
{
}

3
ansible/roles/common/templates/cron.json.j2
View File

@ -34,7 +34,8 @@
( 'solum', enable_solum ),
( 'swift', enable_swift ),
( 'tacker', enable_tacker ),
( 'watcher', enable_watcher )
( 'watcher', enable_watcher ),
( 'zun', enable_zun )
] %}
{
"command": "{{ cron_cmd }}",

11
ansible/roles/haproxy/tasks/precheck.yml
View File

@ -621,3 +621,14 @@
- enable_watcher | bool
- inventory_hostname in groups['haproxy']
- "{{ 'watcher_api' not in haproxy_stat }}"
- name: Checking free port for Zun API HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"
port: "{{ zun_api_port }}"
connect_timeout: 1
state: stopped
when:
- enable_zun | bool
- inventory_hostname in groups['haproxy']
- "{{ 'zun_api' not in haproxy_stat }}"

19
ansible/roles/haproxy/templates/haproxy.cfg.j2
View File

@ -798,6 +798,25 @@ listen tacker_server_external
{% endif %}
{% endif %}
{% if enable_zun | bool %}
listen zun_api
bind {{ kolla_internal_vip_address }}:{{ zun_api_port }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
{% for host in groups['zun-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ zun_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
{% if haproxy_enable_external_vip | bool %}
listen zun_api_external
bind {{ kolla_external_vip_address }}:{{ zun_api_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto if { ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }
{% for host in groups['zun-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ zun_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
{% endif %}
{% endif %}
# (NOTE): This defaults section deletes forwardfor as recommended by:
# https://marc.info/?l=haproxy&m=141684110710132&w=1

55
ansible/roles/zun/defaults/main.yml Normal file
View File

@ -0,0 +1,55 @@
---
project_name: "zun"
zun_services:
zun-api:
container_name: zun_api
group: zun-api
enabled: true
image: "{{ zun_api_image_full }}"
volumes:
- "{{ node_config_directory }}/zun-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
zun-compute:
container_name: zun_compute
group: zun-compute
enabled: true
image: "{{ zun_compute_image_full }}"
volumes:
- "{{ node_config_directory }}/zun-compute/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
####################
## Database
####################
zun_database_name: "zun"
zun_database_user: "zun"
zun_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
####################
## Docker
####################
zun_compute_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-zun-compute"
zun_compute_tag: "{{ openstack_release }}"
zun_compute_image_full: "{{ zun_compute_image }}:{{ zun_compute_tag }}"
zun_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-zun-api"
zun_api_tag: "{{ openstack_release }}"
zun_api_image_full: "{{ zun_api_image }}:{{ zun_api_tag }}"
####################
## OpenStack
####################
zun_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s"
zun_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s"
zun_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s"
zun_logging_debug: "{{ openstack_logging_debug }}"
zun_keystone_user: "zun"
openstack_zun_auth: "{{ openstack_auth }}"

46
ansible/roles/zun/handlers/main.yml Normal file
View File

@ -0,0 +1,46 @@
---
- name: Restart zun-api container
vars:
service_name: "zun-api"
service: "{{ zun_services[service_name] }}"
config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_api_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
when:
- action != "config"
- inventory_hostname in groups[service.group]
- service.enabled | bool
- config_json.changed | bool
or zun_conf.changed | bool
or policy_json.changed | bool
or zun_api_container.changed | bool
- name: Restart zun-compute container
vars:
service_name: "zun-compute"
service: "{{ zun_services[service_name] }}"
config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_compute_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
when:
- action != "config"
- inventory_hostname in groups[service.group]
- service.enabled | bool
- config_json.changed | bool
or zun_conf.changed | bool
or policy_json.changed | bool
or zun_compute_container.changed | bool

3
ansible/roles/zun/meta/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
dependencies:
- { role: common }

32
ansible/roles/zun/tasks/bootstrap.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: Creating Zun database
kolla_toolbox:
module_name: mysql_db
module_args:
login_host: "{{ database_address }}"
login_port: "{{ database_port }}"
login_user: "{{ database_user }}"
login_password: "{{ database_password }}"
name: "{{ zun_database_name }}"
register: database
run_once: True
delegate_to: "{{ groups['zun-api'][0] }}"
- name: Creating Zun database user and setting permissions
kolla_toolbox:
module_name: mysql_user
module_args:
login_host: "{{ database_address }}"
login_port: "{{ database_port }}"
login_user: "{{ database_user }}"
login_password: "{{ database_password }}"
name: "{{ zun_database_name }}"
password: "{{ zun_database_password }}"
host: "%"
priv: "{{ zun_database_name }}.*:ALL"
append_privs: "yes"
run_once: True
delegate_to: "{{ groups['zun-api'][0] }}"
- include: bootstrap_service.yml
when: database.changed

19
ansible/roles/zun/tasks/bootstrap_service.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Running Zun bootstrap container
vars:
zun_api: "{{ zun_services['zun-api'] }}"
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
detach: False
environment:
KOLLA_BOOTSTRAP:
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
image: "{{ zun_api.image }}"
labels:
BOOTSTRAP:
name: "bootstrap_zun"
restart_policy: "never"
volumes: "{{ zun_api.volumes }}"
run_once: True
delegate_to: "{{ groups[zun_api.group][0] }}"

77
ansible/roles/zun/tasks/config.yml Normal file
View File

@ -0,0 +1,77 @@
---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
recurse: yes
when: inventory_hostname in groups[item.value.group]
with_dict: "{{ zun_services }}"
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
register: zun_config_jsons
when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
with_dict: "{{ zun_services }}"
notify:
- Restart zun-api container
- Restart zun-compute container
- name: Copying over zun.conf
merge_configs:
vars:
service_name: "{{ item.key }}"
sources:
- "{{ role_path }}/templates/zun.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/database.conf"
- "{{ node_custom_config }}/messaging.conf"
- "{{ node_custom_config }}/zun.conf"
- "{{ node_custom_config }}/zun/{{ item.key }}.conf"
- "{{ node_custom_config }}/zun/{{ inventory_hostname }}/zun.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/zun.conf"
register: zun_confs
when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
with_dict: "{{ zun_services }}"
notify:
- Restart zun-api container
- Restart zun-compute container
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/zun/policy.json"
register: zun_policy
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/zun/policy.json"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
register: zun_policy_jsons
when:
- zun_policy.stat.exists
- inventory_hostname in groups[item.value.group]
with_dict: "{{ zun_services }}"
notify:
- Restart zun-api container
- Restart zun-compute container
- name: Check zun containers
kolla_docker:
action: "compare_container"
common_options: "{{ docker_common_options }}"
name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}"
volumes: "{{ item.value.volumes }}"
register: check_zun_containers
when:
- action != "config"
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ zun_services }}"
notify:
- Restart zun-api container
- Restart zun-compute container

13
ansible/roles/zun/tasks/deploy.yml Normal file
View File

@ -0,0 +1,13 @@
---
- include: register.yml
when: inventory_hostname in groups['zun-api']
- include: config.yml
when: inventory_hostname in groups['zun-api'] or
inventory_hostname in groups['zun-compute']
- include: bootstrap.yml
when: inventory_hostname in groups['zun-api']
- name: Flush handlers
meta: flush_handlers

2
ansible/roles/zun/tasks/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
- include: "{{ action }}.yml"

16
ansible/roles/zun/tasks/precheck.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Get container facts
kolla_container_facts:
name:
- zun_api
register: container_facts
- name: Checking free port for Zun API
wait_for:
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
port: "{{ zun_api_port }}"
connect_timeout: 1
state: stopped
when:
- container_facts['zun_api'] is not defined
- inventory_hostname in groups['zun-api']

10
ansible/roles/zun/tasks/pull.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Pulling zun images
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ item.value.image }}"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ zun_services }}"

2
ansible/roles/zun/tasks/reconfigure.yml Normal file
View File

@ -0,0 +1,2 @@
---
- include: deploy.yml

42
ansible/roles/zun/tasks/register.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Creating the Zun service and endpoint
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "{{ item.service_name }}"
service_type: "{{ item.service_type }}"
description: "Container Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ '{{ openstack_zun_auth }}' }}"
module_extra_vars:
openstack_zun_auth: "{{ openstack_zun_auth }}"
register: zun_endpoint
until: zun_endpoint|success
retries: 10
delay: 5
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ zun_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ zun_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ zun_public_endpoint }}'}
- name: Creating the Zun project, user, and role
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ zun_keystone_user }}"
password: "{{ zun_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ '{{ openstack_zun_auth }}' }}"
module_extra_vars:
openstack_zun_auth: "{{ openstack_zun_auth }}"
register: zun_user
until: zun_user|success
retries: 10
delay: 5
run_once: True

7
ansible/roles/zun/tasks/upgrade.yml Normal file
View File

@ -0,0 +1,7 @@
---
- include: config.yml
- include: bootstrap_service.yml
- name: Flush handlers
meta: flush_handlers

30
ansible/roles/zun/templates/zun-api.json.j2 Normal file
View File

@ -0,0 +1,30 @@
{
"command": "zun-api --config-file /etc/zun/zun.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/zun.conf",
"dest": "/etc/zun/zun.conf",
"owner": "zun",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/api-paste.ini",
"dest": "/etc/zun/api-paste.ini",
"owner": "zun",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/zun/policy.json",
"owner": "zun",
"perm": "0600"
}
],
"permissions": [
{
"path": "/var/log/kolla/zun",
"owner": "zun:zun",
"recurse": true
}
]
}

25
ansible/roles/zun/templates/zun-compute.json.j2 Normal file
View File

@ -0,0 +1,25 @@
{
"command": "zun-compute --config-file /etc/zun/zun.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/zun.conf",
"dest": "/etc/zun/zun.conf",
"owner": "zun",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/zun/policy.json",
"owner": "zun",
"perm": "0600",
"optional": true
}
],
"permissions": [
{
"path": "/var/log/kolla/zun",
"owner": "zun:zun",
"recurse": true
}
]
}

33
ansible/roles/zun/templates/zun.conf.j2 Normal file
View File

@ -0,0 +1,33 @@
[DEFAULT]
debug = {{ zun_logging_debug }}
log_dir = /var/log/kolla/zun
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% if service_name == 'zun-api' %}
osapi_zun_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
osapi_zun_listen_port = {{ zun_api_port }}
{% endif %}
[database]
connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }}
max_retries = -1
[zun_client]
version = 1
service_type = container
service_name = zun
[keystone_authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
project_domain_name = Default
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ zun_keystone_user }}
password = {{ zun_keystone_password }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}

11
ansible/site.yml
View File

@ -612,3 +612,14 @@
- { role: octavia,
tags: octavia,
when: enable_octavia | bool }
- name: Apply role zun
gather_facts: false
hosts:
- zun-api
- zun-compute
serial: '{{ serial|default("0") }}'
roles:
- { role: zun,
tags: zun,
when: enable_zun | bool }

1
etc/kolla/globals.yml
View File

@ -192,6 +192,7 @@ kolla_internal_vip_address: "10.10.10.254"
#enable_trove: "no"
#enable_vmtp: "no"
#enable_watcher: "no"
#enable_zun: "no"
###################
# Ceph options

3
etc/kolla/passwords.yml
View File

@ -144,6 +144,9 @@ searchlight_keystone_password:
tacker_database_password:
tacker_keystone_password:
zun_database_password:
zun_keystone_password:
memcache_secret_key:
nova_ssh_key:

5
releasenotes/notes/add-zun-role-275d41711e0fe206.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- Add zun ansible role,Zun is an OpenStack project for the management of containers.
zun quick start guide link is
https://github.com/openstack/zun/blob/master/doc/source/dev/quickstart.rst