From 2364bee3ccdbbc033743546187c4e8ff638c3b46 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 3 Jan 2017 08:45:53 +0000 Subject: [PATCH] Add zun ansible role Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a Co-Authored-By: Mauricio Lima Partially-implements: bp add-zun-ansible-role --- ansible/group_vars/all.yml | 3 + ansible/inventory/all-in-one | 10 +++ ansible/inventory/multinode | 10 +++ ansible/roles/common/tasks/config.yml | 1 + .../templates/cron-logrotate-zun.conf.j2 | 3 + ansible/roles/common/templates/cron.json.j2 | 3 +- ansible/roles/haproxy/tasks/precheck.yml | 11 +++ .../roles/haproxy/templates/haproxy.cfg.j2 | 19 +++++ ansible/roles/zun/defaults/main.yml | 55 +++++++++++++ ansible/roles/zun/handlers/main.yml | 46 +++++++++++ ansible/roles/zun/meta/main.yml | 3 + ansible/roles/zun/tasks/bootstrap.yml | 32 ++++++++ ansible/roles/zun/tasks/bootstrap_service.yml | 19 +++++ ansible/roles/zun/tasks/config.yml | 77 +++++++++++++++++++ ansible/roles/zun/tasks/deploy.yml | 13 ++++ ansible/roles/zun/tasks/main.yml | 2 + ansible/roles/zun/tasks/precheck.yml | 16 ++++ ansible/roles/zun/tasks/pull.yml | 10 +++ ansible/roles/zun/tasks/reconfigure.yml | 2 + ansible/roles/zun/tasks/register.yml | 42 ++++++++++ ansible/roles/zun/tasks/upgrade.yml | 7 ++ ansible/roles/zun/templates/zun-api.json.j2 | 30 ++++++++ .../roles/zun/templates/zun-compute.json.j2 | 25 ++++++ ansible/roles/zun/templates/zun.conf.j2 | 33 ++++++++ ansible/site.yml | 11 +++ etc/kolla/globals.yml | 1 + etc/kolla/passwords.yml | 3 + .../notes/add-zun-role-275d41711e0fe206.yaml | 5 ++ 28 files changed, 491 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/common/templates/cron-logrotate-zun.conf.j2 create mode 100644 ansible/roles/zun/defaults/main.yml create mode 100644 ansible/roles/zun/handlers/main.yml create mode 100644 ansible/roles/zun/meta/main.yml create mode 100644 ansible/roles/zun/tasks/bootstrap.yml create mode 100644 ansible/roles/zun/tasks/bootstrap_service.yml create mode 100644 ansible/roles/zun/tasks/config.yml create mode 100644 ansible/roles/zun/tasks/deploy.yml create mode 100644 ansible/roles/zun/tasks/main.yml create mode 100644 ansible/roles/zun/tasks/precheck.yml create mode 100644 ansible/roles/zun/tasks/pull.yml create mode 100644 ansible/roles/zun/tasks/reconfigure.yml create mode 100644 ansible/roles/zun/tasks/register.yml create mode 100644 ansible/roles/zun/tasks/upgrade.yml create mode 100644 ansible/roles/zun/templates/zun-api.json.j2 create mode 100644 ansible/roles/zun/templates/zun-compute.json.j2 create mode 100644 ansible/roles/zun/templates/zun.conf.j2 create mode 100644 releasenotes/notes/add-zun-role-275d41711e0fe206.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 34b3ccd6a8..94c4aedffc 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -245,6 +245,8 @@ tacker_server_port: "9890" fluentd_syslog_port: "5140" +zun_api_port: "9512" + public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}" internal_protocol: "http" admin_protocol: "http" @@ -364,6 +366,7 @@ enable_tempest: "no" enable_trove: "no" enable_vmtp: "no" enable_watcher: "no" +enable_zun: "no" ironic_keystone_user: "ironic" neutron_keystone_user: "neutron" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 821b5411e0..23bbbb2ed6 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -184,6 +184,9 @@ control [bifrost:children] deployment +[zun:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -527,3 +530,10 @@ designate # Placement [placement-api:children] placement + +# Zun +[zun-api:children] +zun + +[zun-compute:children] +compute diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index dc682a24fa..0a2926c86c 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -202,6 +202,9 @@ control [bifrost:children] deployment +[zun:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -545,3 +548,10 @@ designate # Placement [placement-api:children] placement + +# Zun +[zun-api:children] +zun + +[zun-compute:children] +compute diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index 1b9b1f59a4..3b144963e4 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -110,3 +110,4 @@ - { name: "swift", enabled: "{{ enable_swift }}" } - { name: "tacker", enabled: "{{ enable_tacker }}" } - { name: "watcher", enabled: "{{ enable_watcher }}" } + - { name: "zun", enabled: "{{ enable_zun }}" } diff --git a/ansible/roles/common/templates/cron-logrotate-zun.conf.j2 b/ansible/roles/common/templates/cron-logrotate-zun.conf.j2 new file mode 100644 index 0000000000..57eef45c6e --- /dev/null +++ b/ansible/roles/common/templates/cron-logrotate-zun.conf.j2 @@ -0,0 +1,3 @@ +"/var/log/kolla/zun/*.log" +{ +} diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2 index 2bb3a5f78b..551ebaa9db 100644 --- a/ansible/roles/common/templates/cron.json.j2 +++ b/ansible/roles/common/templates/cron.json.j2 @@ -34,7 +34,8 @@ ( 'solum', enable_solum ), ( 'swift', enable_swift ), ( 'tacker', enable_tacker ), - ( 'watcher', enable_watcher ) + ( 'watcher', enable_watcher ), + ( 'zun', enable_zun ) ] %} { "command": "{{ cron_cmd }}", diff --git a/ansible/roles/haproxy/tasks/precheck.yml b/ansible/roles/haproxy/tasks/precheck.yml index f15384f056..b81d4a5a29 100644 --- a/ansible/roles/haproxy/tasks/precheck.yml +++ b/ansible/roles/haproxy/tasks/precheck.yml @@ -621,3 +621,14 @@ - enable_watcher | bool - inventory_hostname in groups['haproxy'] - "{{ 'watcher_api' not in haproxy_stat }}" + +- name: Checking free port for Zun API HAProxy + wait_for: + host: "{{ kolla_internal_vip_address }}" + port: "{{ zun_api_port }}" + connect_timeout: 1 + state: stopped + when: + - enable_zun | bool + - inventory_hostname in groups['haproxy'] + - "{{ 'zun_api' not in haproxy_stat }}" diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index 680a2220a2..20bacfdebe 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -798,6 +798,25 @@ listen tacker_server_external {% endif %} {% endif %} +{% if enable_zun | bool %} +listen zun_api + bind {{ kolla_internal_vip_address }}:{{ zun_api_port }} + http-request del-header X-Forwarded-Proto if { ssl_fc } +{% for host in groups['zun-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ zun_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% if haproxy_enable_external_vip | bool %} + +listen zun_api_external + bind {{ kolla_external_vip_address }}:{{ zun_api_port }} {{ tls_bind_info }} + http-request del-header X-Forwarded-Proto if { ssl_fc } + http-request set-header X-Forwarded-Proto https if { ssl_fc } +{% for host in groups['zun-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ zun_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} +{% endif %} + # (NOTE): This defaults section deletes forwardfor as recommended by: # https://marc.info/?l=haproxy&m=141684110710132&w=1 diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml new file mode 100644 index 0000000000..c81c326a9a --- /dev/null +++ b/ansible/roles/zun/defaults/main.yml @@ -0,0 +1,55 @@ +--- +project_name: "zun" + +zun_services: + zun-api: + container_name: zun_api + group: zun-api + enabled: true + image: "{{ zun_api_image_full }}" + volumes: + - "{{ node_config_directory }}/zun-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + zun-compute: + container_name: zun_compute + group: zun-compute + enabled: true + image: "{{ zun_compute_image_full }}" + volumes: + - "{{ node_config_directory }}/zun-compute/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + +#################### +## Database +#################### +zun_database_name: "zun" +zun_database_user: "zun" +zun_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + + +#################### +## Docker +#################### +zun_compute_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-zun-compute" +zun_compute_tag: "{{ openstack_release }}" +zun_compute_image_full: "{{ zun_compute_image }}:{{ zun_compute_tag }}" + +zun_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-zun-api" +zun_api_tag: "{{ openstack_release }}" +zun_api_image_full: "{{ zun_api_image }}:{{ zun_api_tag }}" + + +#################### +## OpenStack +#################### +zun_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s" +zun_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s" +zun_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s" + +zun_logging_debug: "{{ openstack_logging_debug }}" + +zun_keystone_user: "zun" + +openstack_zun_auth: "{{ openstack_auth }}" diff --git a/ansible/roles/zun/handlers/main.yml b/ansible/roles/zun/handlers/main.yml new file mode 100644 index 0000000000..ba34d4b881 --- /dev/null +++ b/ansible/roles/zun/handlers/main.yml @@ -0,0 +1,46 @@ +--- +- name: Restart zun-api container + vars: + service_name: "zun-api" + service: "{{ zun_services[service_name] }}" + config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + zun_api_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + when: + - action != "config" + - inventory_hostname in groups[service.group] + - service.enabled | bool + - config_json.changed | bool + or zun_conf.changed | bool + or policy_json.changed | bool + or zun_api_container.changed | bool + +- name: Restart zun-compute container + vars: + service_name: "zun-compute" + service: "{{ zun_services[service_name] }}" + config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + zun_compute_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + when: + - action != "config" + - inventory_hostname in groups[service.group] + - service.enabled | bool + - config_json.changed | bool + or zun_conf.changed | bool + or policy_json.changed | bool + or zun_compute_container.changed | bool diff --git a/ansible/roles/zun/meta/main.yml b/ansible/roles/zun/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/zun/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/zun/tasks/bootstrap.yml b/ansible/roles/zun/tasks/bootstrap.yml new file mode 100644 index 0000000000..24b6b09851 --- /dev/null +++ b/ansible/roles/zun/tasks/bootstrap.yml @@ -0,0 +1,32 @@ +--- +- name: Creating Zun database + kolla_toolbox: + module_name: mysql_db + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ database_user }}" + login_password: "{{ database_password }}" + name: "{{ zun_database_name }}" + register: database + run_once: True + delegate_to: "{{ groups['zun-api'][0] }}" + +- name: Creating Zun database user and setting permissions + kolla_toolbox: + module_name: mysql_user + module_args: + login_host: "{{ database_address }}" + login_port: "{{ database_port }}" + login_user: "{{ database_user }}" + login_password: "{{ database_password }}" + name: "{{ zun_database_name }}" + password: "{{ zun_database_password }}" + host: "%" + priv: "{{ zun_database_name }}.*:ALL" + append_privs: "yes" + run_once: True + delegate_to: "{{ groups['zun-api'][0] }}" + +- include: bootstrap_service.yml + when: database.changed diff --git a/ansible/roles/zun/tasks/bootstrap_service.yml b/ansible/roles/zun/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..32de6f06a6 --- /dev/null +++ b/ansible/roles/zun/tasks/bootstrap_service.yml @@ -0,0 +1,19 @@ +--- +- name: Running Zun bootstrap container + vars: + zun_api: "{{ zun_services['zun-api'] }}" + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ zun_api.image }}" + labels: + BOOTSTRAP: + name: "bootstrap_zun" + restart_policy: "never" + volumes: "{{ zun_api.volumes }}" + run_once: True + delegate_to: "{{ groups[zun_api.group][0] }}" diff --git a/ansible/roles/zun/tasks/config.yml b/ansible/roles/zun/tasks/config.yml new file mode 100644 index 0000000000..bdf326db01 --- /dev/null +++ b/ansible/roles/zun/tasks/config.yml @@ -0,0 +1,77 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item.key }}" + state: "directory" + recurse: yes + when: inventory_hostname in groups[item.value.group] + with_dict: "{{ zun_services }}" + +- name: Copying over config.json files for services + template: + src: "{{ item.key }}.json.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + register: zun_config_jsons + when: + - item.value.enabled | bool + - inventory_hostname in groups[item.value.group] + with_dict: "{{ zun_services }}" + notify: + - Restart zun-api container + - Restart zun-compute container + +- name: Copying over zun.conf + merge_configs: + vars: + service_name: "{{ item.key }}" + sources: + - "{{ role_path }}/templates/zun.conf.j2" + - "{{ node_custom_config }}/global.conf" + - "{{ node_custom_config }}/database.conf" + - "{{ node_custom_config }}/messaging.conf" + - "{{ node_custom_config }}/zun.conf" + - "{{ node_custom_config }}/zun/{{ item.key }}.conf" + - "{{ node_custom_config }}/zun/{{ inventory_hostname }}/zun.conf" + dest: "{{ node_config_directory }}/{{ item.key }}/zun.conf" + register: zun_confs + when: + - item.value.enabled | bool + - inventory_hostname in groups[item.value.group] + with_dict: "{{ zun_services }}" + notify: + - Restart zun-api container + - Restart zun-compute container + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/zun/policy.json" + register: zun_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/zun/policy.json" + dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" + register: zun_policy_jsons + when: + - zun_policy.stat.exists + - inventory_hostname in groups[item.value.group] + with_dict: "{{ zun_services }}" + notify: + - Restart zun-api container + - Restart zun-compute container + +- name: Check zun containers + kolla_docker: + action: "compare_container" + common_options: "{{ docker_common_options }}" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + volumes: "{{ item.value.volumes }}" + register: check_zun_containers + when: + - action != "config" + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ zun_services }}" + notify: + - Restart zun-api container + - Restart zun-compute container diff --git a/ansible/roles/zun/tasks/deploy.yml b/ansible/roles/zun/tasks/deploy.yml new file mode 100644 index 0000000000..ce46a42af7 --- /dev/null +++ b/ansible/roles/zun/tasks/deploy.yml @@ -0,0 +1,13 @@ +--- +- include: register.yml + when: inventory_hostname in groups['zun-api'] + +- include: config.yml + when: inventory_hostname in groups['zun-api'] or + inventory_hostname in groups['zun-compute'] + +- include: bootstrap.yml + when: inventory_hostname in groups['zun-api'] + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/zun/tasks/main.yml b/ansible/roles/zun/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/zun/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/zun/tasks/precheck.yml b/ansible/roles/zun/tasks/precheck.yml new file mode 100644 index 0000000000..df4c3abc8d --- /dev/null +++ b/ansible/roles/zun/tasks/precheck.yml @@ -0,0 +1,16 @@ +--- +- name: Get container facts + kolla_container_facts: + name: + - zun_api + register: container_facts + +- name: Checking free port for Zun API + wait_for: + host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + port: "{{ zun_api_port }}" + connect_timeout: 1 + state: stopped + when: + - container_facts['zun_api'] is not defined + - inventory_hostname in groups['zun-api'] diff --git a/ansible/roles/zun/tasks/pull.yml b/ansible/roles/zun/tasks/pull.yml new file mode 100644 index 0000000000..0af5700dc0 --- /dev/null +++ b/ansible/roles/zun/tasks/pull.yml @@ -0,0 +1,10 @@ +--- +- name: Pulling zun images + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ item.value.image }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ zun_services }}" diff --git a/ansible/roles/zun/tasks/reconfigure.yml b/ansible/roles/zun/tasks/reconfigure.yml new file mode 100644 index 0000000000..e078ef1318 --- /dev/null +++ b/ansible/roles/zun/tasks/reconfigure.yml @@ -0,0 +1,2 @@ +--- +- include: deploy.yml diff --git a/ansible/roles/zun/tasks/register.yml b/ansible/roles/zun/tasks/register.yml new file mode 100644 index 0000000000..f44951263a --- /dev/null +++ b/ansible/roles/zun/tasks/register.yml @@ -0,0 +1,42 @@ +--- +- name: Creating the Zun service and endpoint + kolla_toolbox: + module_name: "kolla_keystone_service" + module_args: + service_name: "{{ item.service_name }}" + service_type: "{{ item.service_type }}" + description: "Container Service" + endpoint_region: "{{ openstack_region_name }}" + url: "{{ item.url }}" + interface: "{{ item.interface }}" + region_name: "{{ openstack_region_name }}" + auth: "{{ '{{ openstack_zun_auth }}' }}" + module_extra_vars: + openstack_zun_auth: "{{ openstack_zun_auth }}" + register: zun_endpoint + until: zun_endpoint|success + retries: 10 + delay: 5 + run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ zun_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ zun_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ zun_public_endpoint }}'} + +- name: Creating the Zun project, user, and role + kolla_toolbox: + module_name: "kolla_keystone_user" + module_args: + project: "service" + user: "{{ zun_keystone_user }}" + password: "{{ zun_keystone_password }}" + role: "admin" + region_name: "{{ openstack_region_name }}" + auth: "{{ '{{ openstack_zun_auth }}' }}" + module_extra_vars: + openstack_zun_auth: "{{ openstack_zun_auth }}" + register: zun_user + until: zun_user|success + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/zun/tasks/upgrade.yml b/ansible/roles/zun/tasks/upgrade.yml new file mode 100644 index 0000000000..c38db1adf4 --- /dev/null +++ b/ansible/roles/zun/tasks/upgrade.yml @@ -0,0 +1,7 @@ +--- +- include: config.yml + +- include: bootstrap_service.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/zun/templates/zun-api.json.j2 b/ansible/roles/zun/templates/zun-api.json.j2 new file mode 100644 index 0000000000..ded9aea735 --- /dev/null +++ b/ansible/roles/zun/templates/zun-api.json.j2 @@ -0,0 +1,30 @@ +{ + "command": "zun-api --config-file /etc/zun/zun.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/zun.conf", + "dest": "/etc/zun/zun.conf", + "owner": "zun", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/api-paste.ini", + "dest": "/etc/zun/api-paste.ini", + "owner": "zun", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/zun/policy.json", + "owner": "zun", + "perm": "0600" + } + ], + "permissions": [ + { + "path": "/var/log/kolla/zun", + "owner": "zun:zun", + "recurse": true + } + ] +} diff --git a/ansible/roles/zun/templates/zun-compute.json.j2 b/ansible/roles/zun/templates/zun-compute.json.j2 new file mode 100644 index 0000000000..4a92da5ced --- /dev/null +++ b/ansible/roles/zun/templates/zun-compute.json.j2 @@ -0,0 +1,25 @@ +{ + "command": "zun-compute --config-file /etc/zun/zun.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/zun.conf", + "dest": "/etc/zun/zun.conf", + "owner": "zun", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/zun/policy.json", + "owner": "zun", + "perm": "0600", + "optional": true + } + ], + "permissions": [ + { + "path": "/var/log/kolla/zun", + "owner": "zun:zun", + "recurse": true + } + ] +} diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2 new file mode 100644 index 0000000000..d1f6064fff --- /dev/null +++ b/ansible/roles/zun/templates/zun.conf.j2 @@ -0,0 +1,33 @@ +[DEFAULT] +debug = {{ zun_logging_debug }} +log_dir = /var/log/kolla/zun +transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} + +{% if service_name == 'zun-api' %} +osapi_zun_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +osapi_zun_listen_port = {{ zun_api_port }} +{% endif %} + +[database] +connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }} +max_retries = -1 + +[zun_client] +version = 1 +service_type = container +service_name = zun + +[keystone_authtoken] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +project_domain_name = Default +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ zun_keystone_user }} +password = {{ zun_keystone_password }} + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} diff --git a/ansible/site.yml b/ansible/site.yml index ecddd05ea5..41c8afce7b 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -612,3 +612,14 @@ - { role: octavia, tags: octavia, when: enable_octavia | bool } + +- name: Apply role zun + gather_facts: false + hosts: + - zun-api + - zun-compute + serial: '{{ serial|default("0") }}' + roles: + - { role: zun, + tags: zun, + when: enable_zun | bool } diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index d3d1cbb584..cc2360924f 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -192,6 +192,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_trove: "no" #enable_vmtp: "no" #enable_watcher: "no" +#enable_zun: "no" ################### # Ceph options diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 50262c1dfb..10f2dd551a 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -144,6 +144,9 @@ searchlight_keystone_password: tacker_database_password: tacker_keystone_password: +zun_database_password: +zun_keystone_password: + memcache_secret_key: nova_ssh_key: diff --git a/releasenotes/notes/add-zun-role-275d41711e0fe206.yaml b/releasenotes/notes/add-zun-role-275d41711e0fe206.yaml new file mode 100644 index 0000000000..6ecfaabaa0 --- /dev/null +++ b/releasenotes/notes/add-zun-role-275d41711e0fe206.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add zun ansible role,Zun is an OpenStack project for the management of containers. + zun quick start guide link is + https://github.com/openstack/zun/blob/master/doc/source/dev/quickstart.rst