diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 10987a2cf2..583c2b84ec 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -118,6 +118,8 @@ aodh_api_port: "8042" ceilometer_api_port: "8777" +congress_api_port: "1789" + iscsi_port: "3260" mariadb_port: "{{ database_port }}" @@ -227,6 +229,7 @@ enable_ceph: "no" enable_ceph_rgw: "no" enable_cinder: "no" enable_cinder_backend_lvm: "no" +enable_congress: "no" enable_heat: "yes" enable_horizon: "yes" enable_ironic: "no" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 8f98d3ce87..ac28357747 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -90,6 +90,9 @@ control [aodh:children] control +[congress:children] +control + # Tempest [tempest:children] control @@ -269,6 +272,16 @@ ceilometer [ceilometer-compute:children] compute +# Congress +[congress-api:children] +congress + +[congress-datasource:children] +congress + +[congress-policy-engine:children] +congress + # Multipathd [multipathd:children] compute diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index ddcb066ba2..dcdcdc7d07 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -107,6 +107,9 @@ control [aodh:children] control +[congress:children] +control + # Tempest [tempest:children] control @@ -286,6 +289,16 @@ aodh [aodh-notifier:children] aodh +# Congress +[congress-api:children] +congress + +[congress-datasource:children] +congress + +[congress-policy-engine:children] +congress + # Multipathd [multipathd:children] compute diff --git a/ansible/roles/congress/defaults/main.yml b/ansible/roles/congress/defaults/main.yml new file mode 100644 index 0000000000..f54059c43b --- /dev/null +++ b/ansible/roles/congress/defaults/main.yml @@ -0,0 +1,39 @@ +--- +project_name: "congress" + +#################### +# Database +#################### +congress_database_name: "congress" +congress_database_user: "congress" +congress_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + + +#################### +# Docker +#################### +congress_policy_engine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-congress-policy-engine" +congress_policy_engine_tag: "{{ openstack_release }}" +congress_policy_engine_image_full: "{{ congress_policy_engine_image }}:{{ congress_policy_engine_tag }}" + +congress_datasource_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-congress-datasource" +congress_datasource_tag: "{{ openstack_release }}" +congress_datasource_image_full: "{{ congress_datasource_image }}:{{ congress_datasource_tag }}" + +congress_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-congress-api" +congress_api_tag: "{{ openstack_release }}" +congress_api_image_full: "{{ congress_api_image }}:{{ congress_api_tag }}" + + +#################### +# OpenStack +#################### +congress_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}" +congress_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}" +congress_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ congress_api_port }}" + +congress_logging_debug: "{{ openstack_logging_debug }}" + +congress_keystone_user: "congress" + +openstack_congress_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/congress/meta/main.yml b/ansible/roles/congress/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/congress/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/congress/tasks/bootstrap.yml b/ansible/roles/congress/tasks/bootstrap.yml new file mode 100644 index 0000000000..3049594160 --- /dev/null +++ b/ansible/roles/congress/tasks/bootstrap.yml @@ -0,0 +1,41 @@ +--- +- name: Creating congress database + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ congress_database_name }}'" + register: database + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and + (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['congress-api'][0] }}" + +- name: Reading json from variable + set_fact: + database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + +- name: Creating congress database user and setting permissions + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ congress_database_name }}' + password='{{ congress_database_password }}' + host='%' + priv='{{ congress_database_name }}.*:ALL' + append_privs='yes'" + register: database_user_create + changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and + (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['congress-api'][0] }}" + +- include: bootstrap_service.yml + when: database_created diff --git a/ansible/roles/congress/tasks/bootstrap_service.yml b/ansible/roles/congress/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..03959d6680 --- /dev/null +++ b/ansible/roles/congress/tasks/bootstrap_service.yml @@ -0,0 +1,20 @@ +--- +- name: Running congress bootstrap container + kolla_docker: + action: "start_container" + common_options: "{{docker_common_options}}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ congress_api_image_full }}" + labels: + BOOTSTRAP: + name: "bootstrap_congress" + restart_policy: "never" + volumes: + - "{{ node_config_directory }}/congress-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + run_once: True + delegate_to: "{{ groups['congress-api'][0] }}" diff --git a/ansible/roles/congress/tasks/config.yml b/ansible/roles/congress/tasks/config.yml new file mode 100644 index 0000000000..832a2da865 --- /dev/null +++ b/ansible/roles/congress/tasks/config.yml @@ -0,0 +1,37 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item }}" + state: "directory" + recurse: yes + with_items: + - "congress-api" + - "congress-policy-engine" + - "congress-datasource" + +- name: Copying over config.json files for services + template: + src: "{{ item }}.json.j2" + dest: "{{ node_config_directory }}/{{ item }}/config.json" + with_items: + - "congress-api" + - "congress-policy-engine" + - "congress-datasource" + +- name: Copying over congress.conf + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/congress.conf.j2" + - "{{ node_custom_config }}/global.conf" + - "{{ node_custom_config }}/database.conf" + - "{{ node_custom_config }}/messaging.conf" + - "{{ node_custom_config }}/congress.conf" + - "{{ node_custom_config }}/congress/{{ item }}.conf" + - "{{ node_custom_config }}/congress/{{ inventory_hostname }}/congress.conf" + dest: "{{ node_config_directory }}/{{ item }}/congress.conf" + with_items: + - "congress-api" + - "congress-policy-engine" + - "congress-datasource" diff --git a/ansible/roles/congress/tasks/deploy.yml b/ansible/roles/congress/tasks/deploy.yml new file mode 100644 index 0000000000..4672d2dfda --- /dev/null +++ b/ansible/roles/congress/tasks/deploy.yml @@ -0,0 +1,16 @@ +--- +- include: register.yml + when: inventory_hostname in groups['congress-api'] + +- include: config.yml + when: inventory_hostname in groups['congress-api'] or + inventory_hostname in groups['congress-policy-engine'] or + inventory_hostname in groups['congress-datasource'] + +- include: bootstrap.yml + when: inventory_hostname in groups['congress-api'] + +- include: start.yml + when: inventory_hostname in groups['congress-api'] or + inventory_hostname in groups['congress-policy-engine'] or + inventory_hostname in groups['congress-datasource'] diff --git a/ansible/roles/congress/tasks/main.yml b/ansible/roles/congress/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/congress/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/congress/tasks/pull.yml b/ansible/roles/congress/tasks/pull.yml new file mode 100644 index 0000000000..f48e9971f0 --- /dev/null +++ b/ansible/roles/congress/tasks/pull.yml @@ -0,0 +1,21 @@ +--- +- name: Pulling congress-api image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ congress_api_image_full }}" + when: inventory_hostname in groups['congress-api'] + +- name: Pulling congress-policy-engine image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ congress_policy_engine_image_full }}" + when: inventory_hostname in groups['congress-policy-engine'] + +- name: Pulling congress-datasource image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ congress_datasource_image_full }}" + when: inventory_hostname in groups['congress-datasource'] diff --git a/ansible/roles/congress/tasks/register.yml b/ansible/roles/congress/tasks/register.yml new file mode 100644 index 0000000000..e0a387acb3 --- /dev/null +++ b/ansible/roles/congress/tasks/register.yml @@ -0,0 +1,40 @@ +--- +- name: Creating the congress service and endpoint + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=congress + service_type=application_catalog + description='Openstack Application Catalog' + endpoint_region={{ openstack_region_name }} + url='{{ item.url }}' + interface='{{ item.interface }}' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_congress_auth }}' }}" + -e "{'openstack_congress_auth':{{ openstack_congress_auth }}}" + register: congress_endpoint + changed_when: "{{ congress_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (congress_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: congress_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ congress_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ congress_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ congress_public_endpoint }}'} + +- name: Creating the congress project, user, and role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user=congress + password={{ congress_keystone_password }} + role=admin + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_congress_auth }}' }}" + -e "{'openstack_congress_auth':{{ openstack_congress_auth }}}" + register: congress_user + changed_when: "{{ congress_user.stdout.find('localhost | SUCCESS => ') != -1 and (congress_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: congress_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/congress/tasks/start.yml b/ansible/roles/congress/tasks/start.yml new file mode 100644 index 0000000000..724d85e711 --- /dev/null +++ b/ansible/roles/congress/tasks/start.yml @@ -0,0 +1,36 @@ +--- +- name: Starting congress-policy-engine container + kolla_docker: + action: "start_container" + name: "congress_policy_engine" + common_options: "{{docker_common_options}}" + image: "{{ congress_policy_engine_image_full }}" + volumes: + - "{{ node_config_directory }}/congress-policy-engine/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['congress-policy-engine'] + +- name: Starting congress-datasource container + kolla_docker: + action: "start_container" + name: "congress_datasource" + common_options: "{{docker_common_options}}" + image: "{{ congress_datasource_image_full }}" + volumes: + - "{{ node_config_directory }}/congress-datasource/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['congress-datasource'] + +- name: Starting congress-api container + kolla_docker: + action: "start_container" + name: "congress_api" + common_options: "{{docker_common_options}}" + image: "{{ congress_api_image_full }}" + volumes: + - "{{ node_config_directory }}/congress-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['congress-api'] diff --git a/ansible/roles/congress/templates/congress-api.json.j2 b/ansible/roles/congress/templates/congress-api.json.j2 new file mode 100644 index 0000000000..794d4a00e4 --- /dev/null +++ b/ansible/roles/congress/templates/congress-api.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "congress-server --api --node_id=api-node --config-file /etc/congress/congress.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/congress.conf", + "dest": "/etc/congress/congress.conf", + "owner": "congress", + "perm": "0644" + } + ] +} diff --git a/ansible/roles/congress/templates/congress-datasource.json.j2 b/ansible/roles/congress/templates/congress-datasource.json.j2 new file mode 100644 index 0000000000..3f17482ab3 --- /dev/null +++ b/ansible/roles/congress/templates/congress-datasource.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "congress-server --datasources --node_id=data-node --config-file /etc/congress/congress.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/congress.conf", + "dest": "/etc/congress/congress.conf", + "owner": "congress", + "perm": "0644" + } + ] +} diff --git a/ansible/roles/congress/templates/congress-policy-engine.json.j2 b/ansible/roles/congress/templates/congress-policy-engine.json.j2 new file mode 100644 index 0000000000..9aafdf0fbc --- /dev/null +++ b/ansible/roles/congress/templates/congress-policy-engine.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "congress-server --policy_engine --node_id=policy-node --config-file /etc/congress/congress.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/congress.conf", + "dest": "/etc/congress/congress.conf", + "owner": "congress", + "perm": "0644" + } + ] +} diff --git a/ansible/roles/congress/templates/congress.conf.j2 b/ansible/roles/congress/templates/congress.conf.j2 new file mode 100644 index 0000000000..87985076cd --- /dev/null +++ b/ansible/roles/congress/templates/congress.conf.j2 @@ -0,0 +1,56 @@ +[DEFAULT] +debug = {{ congress_logging_debug }} + +log_dir = /var/log/kolla/congress + +drivers = congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver,congress.datasources.swift_driver.SwiftDriver,congress.datasources.plexxi_driver.PlexxiDriver,congress.datasources.vCenter_driver.VCenterDriver,congress.datasources.murano_driver.MuranoDriver,congress.datasources.ironic_driver.IronicDriver + +rpc_backend = rabbit + +auth_strategy = keystone + +os_region_name = {{ openstack_region_name }} + +# NOTE: set use_stderr to False or the logs will also be sent to +# stderr and collected by Docker +use_stderr = False + +my_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} + +api_paste_config = /etc/congress/api-paste.ini + +{% if service_name == 'congress-api' %} +bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +bind_port = {{ congress_api_port }} +{% endif %} + +[database] +connection = mysql+pymysql://{{ congress_database_user }}:{{ congress_database_password }}@{{ congress_database_address }}/{{ congress_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ congress_keystone_user }} +password = {{ congress_keystone_password }} + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + + +[congress] +url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }} + +[oslo_messaging_rabbit] +rabbit_userid = {{ rabbitmq_user }} +rabbit_password = {{ rabbitmq_password }} +rabbit_ha_queues = true +rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[oslo_messaging_notifications] +driver = noop diff --git a/ansible/site.yml b/ansible/site.yml index 6332dcc84d..87b6b98f49 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -247,6 +247,17 @@ tags: aodh, when: enable_aodh | bool } +- hosts: + - congress-api + - congress-policy-engine + - congress-datasource + - rabbitmq + - memcached + roles: + - { role: congress, + tags: congress, + when: enable_congress | bool } + - hosts: - tempest roles: diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index e3776775e0..bef77a1e25 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -127,6 +127,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_ceph_rgw: "no" #enable_cinder: "no" #enable_cinder_backend_lvm: "no" +#enable_congress: "no" #enable_heat: "yes" #enable_horizon: "yes" #enable_ironic: "no" diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index f01567aa51..1817baec4b 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -67,6 +67,9 @@ ceilometer_keystone_password: watcher_database_password: watcher_keystone_password: +congress_database_password: +congress_keystone_password: + horizon_secret_key: telemetry_secret_key: diff --git a/releasenotes/notes/add-congress-877644b4b0e2ed0a.yaml b/releasenotes/notes/add-congress-877644b4b0e2ed0a.yaml new file mode 100644 index 0000000000..4a150d0948 --- /dev/null +++ b/releasenotes/notes/add-congress-877644b4b0e2ed0a.yaml @@ -0,0 +1,5 @@ +--- +features: +- Add ansible role for openstack congress project which provide + policy as a service across any collection of cloud services in + order to offer governance and compliance for dynamic infrastructures.