openstack/kolla-ansible
Code Issues Proposed changes

Drop Murano

Browse Source 
It's inactive and hasn't produced a 2024.1 release [1].
In addition to that, there's a CVE that hasn't really been patched [2].

Also drop outward_rabbitmq that was used only with Murano.

[1]: https://governance.openstack.org/tc/reference/emerging-technology-and-inactive-projects.html#current-inactive-projects
[2]: https://lists.openstack.org/archives/list/openstack-announce@lists.openstack.org/thread/4FYM6GSIM5WZSJQIG4TT5Q3UBKQIHLWX/

Change-Id: I691205730b0e10a42ce61f3340cc39ee51bd1010
This commit is contained in:
Michal Nasiadka 2024-04-24 17:35:16 +02:00
parent b3f19f8146
commit 6c31bb676d
50 changed files with 13 additions and 1035 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.rst
View File

@ -58,7 +58,6 @@ Kolla Ansible deploys containers for the following OpenStack projects:
- `Manila <https://docs.openstack.org/manila/latest/>`__
- `Masakari <https://docs.openstack.org/masakari/latest/>`__ (deprecated)
- `Mistral <https://docs.openstack.org/mistral/latest/>`__
- `Murano <https://docs.openstack.org/murano/latest/>`__
- `Neutron <https://docs.openstack.org/neutron/latest/>`__
- `Nova <https://docs.openstack.org/nova/latest/>`__
- `Octavia <https://docs.openstack.org/octavia/latest/>`__

27
ansible/group_vars/all.yml
View File

@ -494,12 +494,6 @@ mistral_api_port: "8989"
mistral_api_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else mistral_api_port }}"
mistral_api_listen_port: "{{ mistral_api_port }}"
murano_internal_fqdn: "{{ kolla_internal_fqdn }}"
murano_external_fqdn: "{{ kolla_external_fqdn }}"
murano_api_port: "8082"
murano_api_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else murano_api_port }}"
murano_api_listen_port: "{{ murano_api_listen_port }}"
neutron_internal_fqdn: "{{ kolla_internal_fqdn }}"
neutron_external_fqdn: "{{ kolla_external_fqdn }}"
neutron_server_port: "9696"
@ -550,12 +544,6 @@ ovn_sb_db_port: "6642"
ovn_nb_connection: "{% for host in groups['ovn-nb-db'] %}tcp:{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ ovn_nb_db_port }}{% if not loop.last %},{% endif %}{% endfor %}"
ovn_sb_connection: "{% for host in groups['ovn-sb-db'] %}tcp:{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ ovn_sb_db_port }}{% if not loop.last %},{% endif %}{% endfor %}"
outward_rabbitmq_port: "5674"
outward_rabbitmq_management_port: "15674"
outward_rabbitmq_cluster_port: "25674"
outward_rabbitmq_epmd_port: "4371"
outward_rabbitmq_prometheus_port: "15694"
ovsdb_port: "6640"
placement_internal_fqdn: "{{ kolla_internal_fqdn }}"
@ -744,7 +732,6 @@ enable_memcached: "yes"
enable_neutron: "{{ enable_openstack_core | bool }}"
enable_nova: "{{ enable_openstack_core | bool }}"
enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
enable_outward_rabbitmq: "{{ enable_murano | bool }}"
# NOTE: Most memcached clients handle load-balancing via client side
# hashing (consistent or not) logic, so going under the covers and messing
@ -795,7 +782,6 @@ enable_horizon_magnum: "{{ enable_magnum | bool }}"
enable_horizon_manila: "{{ enable_manila | bool }}"
enable_horizon_masakari: "{{ enable_masakari | bool }}"
enable_horizon_mistral: "{{ enable_mistral | bool }}"
enable_horizon_murano: "{{ enable_murano | bool }}"
enable_horizon_neutron_vpnaas: "{{ enable_neutron_vpnaas | bool }}"
enable_horizon_octavia: "{{ enable_octavia | bool }}"
enable_horizon_tacker: "{{ enable_tacker | bool }}"
@ -823,7 +809,6 @@ enable_masakari_instancemonitor: "{{ enable_masakari | bool }}"
enable_masakari_hostmonitor: "{{ enable_masakari | bool }}"
enable_mistral: "no"
enable_multipathd: "no"
enable_murano: "no"
enable_neutron_vpnaas: "no"
enable_neutron_sriov: "no"
enable_neutron_mlnx: "no"
@ -873,7 +858,6 @@ ironic_keystone_user: "ironic"
neutron_keystone_user: "neutron"
nova_keystone_user: "nova"
placement_keystone_user: "placement"
murano_keystone_user: "murano"
cinder_keystone_user: "cinder"
glance_keystone_user: "glance"
@ -924,8 +908,6 @@ osprofiler_backend_connection_string: "{{ redis_connection_string if osprofiler_
####################
rabbitmq_user: "openstack"
rabbitmq_monitoring_user: ""
outward_rabbitmq_user: "openstack"
outward_rabbitmq_external_fqdn: "{{ kolla_external_fqdn }}"
# Whether to enable TLS encryption for RabbitMQ client-server communication.
rabbitmq_enable_tls: "no"
# CA certificate bundle in RabbitMQ container.
@ -1155,17 +1137,10 @@ nova_console: "novnc"
#######################
nova_database_shard_id: "{{ mariadb_default_database_shard_id | int }}"
#######################
# Murano options
#######################
murano_agent_rabbitmq_vhost: "muranoagent"
murano_agent_rabbitmq_user: "muranoagent"
#######################
# Horizon options
#######################
horizon_backend_database: "{{ enable_murano | bool }}"
horizon_backend_database: false
horizon_keystone_multidomain: False
# Enable deploying custom horizon policy files for services that don't have a

13
ansible/inventory/all-in-one
View File

@ -65,9 +65,6 @@ control
[rabbitmq:children]
control
[outward-rabbitmq:children]
control
[keystone:children]
control
@ -106,9 +103,6 @@ control
[heat:children]
control
[murano:children]
control
[ironic:children]
control
@ -355,13 +349,6 @@ heat
[heat-engine:children]
heat
# Murano
[murano-api:children]
murano
[murano-engine:children]
murano
# Ironic
[ironic-api:children]
ironic

13
ansible/inventory/multinode
View File

@ -89,9 +89,6 @@ control
[rabbitmq:children]
control
[outward-rabbitmq:children]
control
[keystone:children]
control
@ -130,9 +127,6 @@ control
[heat:children]
control
[murano:children]
control
[ironic:children]
control
@ -364,13 +358,6 @@ heat
[heat-engine:children]
heat
# Murano
[murano-api:children]
murano
[murano-engine:children]
murano
# Ironic
[ironic-api:children]
ironic

69
ansible/rabbitmq.yml
View File

@ -68,72 +68,3 @@
vars:
role_rabbitmq_cluster_cookie: '{{ rabbitmq_cluster_cookie }}'
role_rabbitmq_groups: rabbitmq
- name: Apply role rabbitmq (outward)
gather_facts: false
hosts:
- outward-rabbitmq
- '&enable_outward_rabbitmq_True'
max_fail_percentage: >-
{{ rabbitmq_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
tags:
- rabbitmq
tasks:
- import_role:
name: rabbitmq
vars:
project_name: outward_rabbitmq
role_rabbitmq_cluster_cookie: '{{ outward_rabbitmq_cluster_cookie }}'
role_rabbitmq_cluster_port: '{{ outward_rabbitmq_cluster_port }}'
role_rabbitmq_epmd_port: '{{ outward_rabbitmq_epmd_port }}'
role_rabbitmq_groups: outward-rabbitmq
role_rabbitmq_management_port: '{{ outward_rabbitmq_management_port }}'
role_rabbitmq_password: '{{ outward_rabbitmq_password }}'
role_rabbitmq_port: '{{ outward_rabbitmq_port }}'
role_rabbitmq_prometheus_port: '{{ outward_rabbitmq_prometheus_port }}'
role_rabbitmq_user: '{{ outward_rabbitmq_user }}'
- name: Restart rabbitmq (outward) services
gather_facts: false
hosts:
- outward_rabbitmq_restart
- '&enable_outward_rabbitmq_True'
# Restart in batches
serial: "33%"
max_fail_percentage: >-
{{ rabbitmq_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
tags:
- rabbitmq
tasks:
- import_role:
name: rabbitmq
tasks_from: restart_services.yml
vars:
project_name: outward_rabbitmq
role_rabbitmq_cluster_cookie: '{{ outward_rabbitmq_cluster_cookie }}'
role_rabbitmq_groups: outward-rabbitmq
- name: Apply rabbitmq (outward) post-configuration
gather_facts: false
hosts:
- outward-rabbitmq
- '&enable_outward_rabbitmq_True'
max_fail_percentage: >-
{{ rabbitmq_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
tags:
- rabbitmq
tasks:
- name: Include rabbitmq (outward) post-deploy.yml
include_role:
name: rabbitmq
when: kolla_action in ['deploy', 'reconfigure']
vars:
project_name: outward_rabbitmq
role_rabbitmq_cluster_cookie: '{{ outward_rabbitmq_cluster_cookie }}'
role_rabbitmq_groups: outward-rabbitmq

2
ansible/roles/common/defaults/main.yml
View File

@ -176,8 +176,6 @@ fluentd_input_openstack_services:
enabled: "{{ enable_masakari | bool }}"
- name: mistral
enabled: "{{ enable_mistral | bool }}"
- name: murano
enabled: "{{ enable_murano | bool }}"
- name: neutron
enabled: "{{ enable_neutron | bool }}"
- name: nova

2
ansible/roles/common/tasks/config.yml
View File

@ -240,7 +240,6 @@
- { name: "mariadb", enabled: "{{ enable_mariadb | bool }}" }
- { name: "masakari", enabled: "{{ enable_masakari | bool }}" }
- { name: "mistral", enabled: "{{ enable_mistral | bool }}" }
- { name: "murano", enabled: "{{ enable_murano | bool }}" }
- { name: "neutron", enabled: "{{ enable_neutron | bool }}" }
- { name: "neutron-tls-proxy", enabled: "{{ neutron_enable_tls_backend | bool }}" }
- { name: "nova", enabled: "{{ enable_nova | bool }}" }
@ -248,7 +247,6 @@
- { name: "octavia", enabled: "{{ enable_octavia | bool }}" }
- { name: "opensearch", enabled: "{{ enable_opensearch | bool or enable_opensearch_dashboards | bool }}" }
- { name: "openvswitch", enabled: "{{ enable_openvswitch | bool }}" }
- { name: "outward-rabbitmq", enabled: "{{ enable_outward_rabbitmq | bool }}" }
- { name: "placement", enabled: "{{ enable_placement | bool }}" }
- { name: "prometheus", enabled: "{{ enable_prometheus | bool }}" }
- { name: "proxysql", enabled: "{{ enable_proxysql | bool }}" }

5
ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2
View File

@ -91,11 +91,6 @@
pattern ^(trove-api|trove-conductor|trove-manage|trove-taskmanager)$
tag openstack_python
</rule>
<rule>
key programname
pattern ^(murano-api|murano-engine)$
tag openstack_python
</rule>
<rule>
key programname
pattern ^(watcher-api|watcher-applier|watcher-db-manage|watcher-decision-engine)$

3
ansible/roles/common/templates/cron-logrotate-murano.conf.j2
View File

@ -1,3 +0,0 @@
"/var/log/kolla/murano/*.log"
{
}

3
ansible/roles/common/templates/cron-logrotate-outward-rabbitmq.conf.j2
View File

@ -1,3 +0,0 @@
"/var/log/kolla/outward-rabbitmq/*.log"
{
}

5
ansible/roles/horizon/defaults/main.yml
View File

@ -15,7 +15,6 @@ horizon_services:
ENABLE_MANILA: "{{ 'yes' if enable_horizon_manila | bool else 'no' }}"
ENABLE_MASAKARI: "{{ 'yes' if enable_horizon_masakari | bool else 'no' }}"
ENABLE_MISTRAL: "{{ 'yes' if enable_horizon_mistral | bool else 'no' }}"
ENABLE_MURANO: "{{ 'yes' if enable_horizon_murano | bool else 'no' }}"
ENABLE_NEUTRON_VPNAAS: "{{ 'yes' if enable_horizon_neutron_vpnaas | bool else 'no' }}"
ENABLE_OCTAVIA: "{{ 'yes' if enable_horizon_octavia | bool else 'no' }}"
ENABLE_TACKER: "{{ 'yes' if enable_horizon_tacker | bool else 'no' }}"
@ -125,7 +124,6 @@ horizon_default_volumes:
- "{{ node_config_directory }}/horizon/:{{ container_config_directory }}/:ro"
- "{{ kolla_dev_repos_directory ~ '/horizon/horizon:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/horizon' if horizon_dev_mode | bool else '' }}"
- "{{ kolla_dev_repos_directory ~ '/horizon/openstack_dashboard:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/openstack_dashboard' if horizon_dev_mode | bool else '' }}"
- "{{ kolla_dev_repos_directory ~ '/murano-dashboard/muranodashboard:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/muranodashboard' if horizon_murano_dev_mode | bool else '' }}"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
@ -151,13 +149,10 @@ horizon_wsgi_threads: 1
# Kolla
####################
horizon_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
murano_dashboard_git_repository: "{{ kolla_dev_repos_git }}/murano-dashboard"
horizon_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
horizon_dev_mode: "{{ kolla_dev_mode }}"
horizon_murano_dev_mode: "{{ kolla_dev_mode }}"
horizon_source_version: "{{ kolla_source_version }}"
horizon_murano_source_version: "{{ kolla_source_version }}"
# This variable was created for administrators to define which one of the Keystone's URLs should be configured in Horizon.
# In some cases, such as when using OIDC, horizon will need to be configured with Keystone's public URL.

10
ansible/roles/horizon/tasks/clone.yml
View File

@ -6,13 +6,3 @@
dest: "{{ kolla_dev_repos_directory }}/{{ project_name }}"
update: "{{ horizon_dev_repos_pull }}"
version: "{{ horizon_source_version }}"
- name: Cloning murano-dashboard source repositories for development
become: true
git:
repo: "{{ murano_dashboard_git_repository }}"
dest: "{{ kolla_dev_repos_directory }}/murano-dashboard"
update: "{{ horizon_dev_repos_pull }}"
version: "{{ horizon_murano_source_version }}"
when:
- horizon_murano_dev_mode | bool

1
ansible/roles/horizon/tasks/config.yml
View File

@ -33,7 +33,6 @@
- { name: "manila", enabled: "{{ enable_horizon_manila }}" }
- { name: "masakari", enabled: "{{ enable_horizon_masakari }}" }
- { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
- { name: "murano", enabled: "{{ enable_horizon_murano }}" }
- { name: "neutron", enabled: "{{ enable_neutron_horizon_policy_file }}" }
- { name: "nova", enabled: "{{ enable_nova_horizon_policy_file }}" }
- { name: "octavia", enabled: "{{ enable_horizon_octavia }}" }

10
ansible/roles/horizon/templates/_9998-kolla-settings.py.j2
View File

@ -378,13 +378,3 @@ REST_API_REQUIRED_SETTINGS = [
'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN',
]
{% if enable_murano | bool and enable_barbican | bool %}
KEY_MANAGER = {
'auth_url': '{{ keystone_internal_url }}',
'username': '{{ murano_keystone_user }}',
'user_domain_name': '{{ default_project_domain_name }}',
'password': '{{ murano_keystone_password }}',
'project_name': 'service',
'project_domain_name': '{{ default_project_domain_name }}'
}
{% endif %}

25
ansible/roles/loadbalancer/tasks/precheck.yml
View File

@ -518,19 +518,6 @@
- haproxy_stat.find('mistral_api') == -1
- haproxy_vip_prechecks
- name: Checking free port for Murano API HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"
port: "{{ murano_api_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- enable_murano | bool
- inventory_hostname in groups['loadbalancer']
- haproxy_stat.find('murano_api') == -1
- haproxy_vip_prechecks
- name: Checking free port for Neutron Server HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"
@ -677,18 +664,6 @@
- haproxy_stat.find('rabbitmq_management') == -1
- haproxy_vip_prechecks
- name: Checking free port for outward RabbitMQ Management HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"
port: "{{ outward_rabbitmq_management_port }}"
connect_timeout: 1
state: stopped
when:
- enable_outward_rabbitmq | bool
- inventory_hostname in groups['loadbalancer']
- haproxy_stat.find('outward_rabbitmq_management') == -1
- haproxy_vip_prechecks
- name: Checking free port for Swift Proxy Server HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"

140
ansible/roles/murano/defaults/main.yml
View File

@ -1,140 +0,0 @@
---
murano_services:
murano-api:
container_name: murano_api
group: murano-api
enabled: true
image: "{{ murano_api_image_full }}"
volumes: "{{ murano_api_default_volumes + murano_api_extra_volumes }}"
dimensions: "{{ murano_api_dimensions }}"
haproxy:
murano_api:
enabled: "{{ enable_murano }}"
mode: "http"
external: false
port: "{{ murano_api_port }}"
listen_port: "{{ murano_api_listen_port }}"
murano_api_external:
enabled: "{{ enable_murano }}"
mode: "http"
external: true
external_fqdn: "{{ murano_external_fqdn }}"
port: "{{ murano_api_public_port }}"
listen_port: "{{ murano_api_listen_port }}"
murano-engine:
container_name: murano_engine
group: murano-engine
enabled: true
image: "{{ murano_engine_image_full }}"
volumes: "{{ murano_engine_default_volumes + murano_engine_extra_volumes }}"
dimensions: "{{ murano_engine_dimensions }}"
####################
# Config Validate
####################
murano_config_validation:
- generator: "/murano/etc/oslo-config-generator/murano.conf"
config: "/etc/murano/murano.conf"
####################
# Database
####################
murano_database_name: "murano"
murano_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}murano{% endif %}"
murano_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
####################
# Database sharding
####################
murano_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ murano_database_shard_id }}{% else %}{{ database_user }}{% endif %}"
murano_database_shard_id: "{{ mariadb_default_database_shard_id | int }}"
murano_database_shard:
users:
- user: "{{ murano_database_user }}"
password: "{{ murano_database_password }}"
rules:
- schema: "{{ murano_database_name }}"
shard_id: "{{ murano_database_shard_id }}"
####################
# Docker
####################
murano_tag: "{{ openstack_tag }}"
murano_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/murano-api"
murano_api_tag: "{{ murano_tag }}"
murano_api_image_full: "{{ murano_api_image }}:{{ murano_api_tag }}"
murano_engine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/murano-engine"
murano_engine_tag: "{{ murano_tag }}"
murano_engine_image_full: "{{ murano_engine_image }}:{{ murano_engine_tag }}"
murano_api_dimensions: "{{ default_container_dimensions }}"
murano_engine_dimensions: "{{ default_container_dimensions }}"
murano_api_default_volumes:
- "{{ node_config_directory }}/murano-api/:{{ container_config_directory }}/:ro"
- "{{ kolla_dev_repos_directory ~ '/murano/murano:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/murano' if murano_dev_mode | bool else '' }}"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
murano_engine_default_volumes:
- "{{ node_config_directory }}/murano-engine/:{{ container_config_directory }}/:ro"
- "{{ kolla_dev_repos_directory ~ '/murano/murano:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/murano' if murano_dev_mode | bool else '' }}"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
murano_extra_volumes: "{{ default_extra_volumes }}"
murano_api_extra_volumes: "{{ murano_extra_volumes }}"
murano_engine_extra_volumes: "{{ murano_extra_volumes }}"
####################
# OpenStack
####################
murano_internal_endpoint: "{{ murano_internal_fqdn | kolla_url(internal_protocol, murano_api_port) }}"
murano_public_endpoint: "{{ murano_external_fqdn | kolla_url(public_protocol, murano_api_public_port) }}"
murano_logging_debug: "{{ openstack_logging_debug }}"
openstack_murano_auth: "{{ openstack_auth }}"
murano_agent_timeout: 3600
murano_engine_workers: "{{ openstack_service_workers }}"
murano_api_workers: "{{ openstack_service_workers }}"
####################
# Kolla
####################
murano_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
murano_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
murano_dev_mode: "{{ kolla_dev_mode }}"
murano_source_version: "{{ kolla_source_version }}"
####################
# Notifications
####################
murano_notification_topics:
- name: notifications
enabled: "{{ enable_ceilometer | bool }}"
murano_enabled_notification_topics: "{{ murano_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
murano_ks_services:
- name: "murano"
type: "application-catalog"
description: "Openstack Application Catalogue"
endpoints:
- {'interface': 'internal', 'url': '{{ murano_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ murano_public_endpoint }}'}
murano_ks_users:
- project: "service"
user: "{{ murano_keystone_user }}"
password: "{{ murano_keystone_password }}"
role: "admin"

31
ansible/roles/murano/handlers/main.yml
View File

@ -1,31 +0,0 @@
---
- name: Restart murano-api container
vars:
service_name: "murano-api"
service: "{{ murano_services[service_name] }}"
become: true
kolla_container:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
- name: Restart murano-engine container
vars:
service_name: "murano-engine"
service: "{{ murano_services[service_name] }}"
become: true
kolla_container:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
privileged: "{{ service.privileged | default(False) }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"

38
ansible/roles/murano/tasks/bootstrap.yml
View File

@ -1,38 +0,0 @@
---
- name: Creating Murano database
become: true
kolla_toolbox:
container_engine: "{{ kolla_container_engine }}"
module_name: mysql_db
module_args:
login_host: "{{ database_address }}"
login_port: "{{ database_port }}"
login_user: "{{ murano_database_shard_root_user }}"
login_password: "{{ database_password }}"
name: "{{ murano_database_name }}"
run_once: True
delegate_to: "{{ groups['murano-api'][0] }}"
when:
- not use_preconfigured_databases | bool
- name: Creating Murano database user and setting permissions
become: true
kolla_toolbox:
container_engine: "{{ kolla_container_engine }}"
module_name: mysql_user
module_args:
login_host: "{{ database_address }}"
login_port: "{{ database_port }}"
login_user: "{{ murano_database_shard_root_user }}"
login_password: "{{ database_password }}"
name: "{{ murano_database_user }}"
password: "{{ murano_database_password }}"
host: "%"
priv: "{{ murano_database_name }}.*:ALL"
append_privs: "yes"
run_once: True
delegate_to: "{{ groups['murano-api'][0] }}"
when:
- not use_preconfigured_databases | bool
- import_tasks: bootstrap_service.yml

21
ansible/roles/murano/tasks/bootstrap_service.yml
View File

@ -1,21 +0,0 @@
---
- name: Running Murano bootstrap container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
detach: False
environment:
KOLLA_BOOTSTRAP:
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
image: "{{ murano_api_image_full }}"
labels:
BOOTSTRAP:
name: "bootstrap_murano"
restart_policy: oneshot
volumes:
- "{{ node_config_directory }}/murano-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
run_once: True
delegate_to: "{{ groups['murano-api'][0] }}"

16
ansible/roles/murano/tasks/check-containers.yml
View File

@ -1,16 +0,0 @@
---
- name: Check murano containers
become: true
kolla_container:
action: "compare_container"
common_options: "{{ docker_common_options }}"
name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}"
volumes: "{{ item.value.volumes }}"
dimensions: "{{ item.value.dimensions }}"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ murano_services }}"
notify:
- "Restart {{ item.key }} container"

1
ansible/roles/murano/tasks/check.yml
View File

@ -1 +0,0 @@
---

8
ansible/roles/murano/tasks/clone.yml
View File

@ -1,8 +0,0 @@
---
- name: Cloning source repositories for development
become: true
git:
repo: "{{ murano_git_repository }}"
dest: "{{ kolla_dev_repos_directory }}/{{ project_name }}"
update: "{{ murano_dev_repos_pull }}"
version: "{{ murano_source_version }}"

82
ansible/roles/murano/tasks/config.yml
View File

@ -1,82 +0,0 @@
---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ murano_services }}"
- name: Check if policies shall be overwritten
stat:
path: "{{ item }}"
delegate_to: localhost
run_once: True
register: murano_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/murano/"
skip: true
- name: Set murano policy file
set_fact:
murano_policy_file: "{{ murano_policy.results.0.stat.path | basename }}"
murano_policy_file_path: "{{ murano_policy.results.0.stat.path }}"
when:
- murano_policy.results
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ murano_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over murano.conf
vars:
service_name: "{{ item.key }}"
merge_configs:
sources:
- "{{ role_path }}/templates/murano.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/murano.conf"
- "{{ node_custom_config }}/murano/{{ item.key }}.conf"
- "{{ node_custom_config }}/murano/{{ inventory_hostname }}/murano.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/murano.conf"
mode: "0660"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ murano_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over existing policy file
template:
src: "{{ murano_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ murano_policy_file }}"
mode: "0660"
when:
- murano_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ murano_services }}"
notify:
- "Restart {{ item.key }} container"

7
ansible/roles/murano/tasks/config_validate.yml
View File

@ -1,7 +0,0 @@
---
- import_role:
name: service-config-validate
vars:
service_config_validate_services: "{{ murano_services }}"
service_name: "{{ project_name }}"
service_config_validation: "{{ murano_config_validation }}"

6
ansible/roles/murano/tasks/copy-certs.yml
View File

@ -1,6 +0,0 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ murano_services }}"

2
ansible/roles/murano/tasks/deploy-containers.yml
View File

@ -1,2 +0,0 @@
---
- import_tasks: check-containers.yml

17
ansible/roles/murano/tasks/deploy.yml
View File

@ -1,17 +0,0 @@
---
- import_tasks: register.yml
- import_tasks: config.yml
- import_tasks: check-containers.yml
- include_tasks: clone.yml
when:
- murano_dev_mode | bool
- import_tasks: bootstrap.yml
- name: Flush handlers
meta: flush_handlers
- import_tasks: import_library_packages.yml

61
ansible/roles/murano/tasks/import_library_packages.yml
View File

@ -1,61 +0,0 @@
---
- name: Waiting for Murano API service to be ready on first node
wait_for:
host: "{{ api_interface_address }}"
port: "{{ murano_api_port }}"
connect_timeout: 1
timeout: 60
run_once: True
register: check_murano_port
until: check_murano_port is success
retries: 10
delay: 6
delegate_to: "{{ groups['murano-api'][0] }}"
- name: Checking if Murano core and applications library packages exist
become: true
command: >
{{ kolla_container_engine }} exec murano_api murano
--os-username {{ openstack_auth.username }}
--os-password {{ openstack_auth.password }}
--os-project-name {{ openstack_auth.project_name }}
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }}{% endif %}
--os-auth-url {{ openstack_auth.auth_url }}
--murano-url {{ murano_internal_endpoint }}
package-list
register: status
changed_when: False
run_once: True
delegate_to: "{{ groups['murano-api'][0] }}"
- name: Importing Murano core library package
become: true
command: >
{{ kolla_container_engine }} exec murano_api murano
--os-username {{ openstack_auth.username }}
--os-password {{ openstack_auth.password }}
--os-project-name {{ openstack_auth.project_name }}
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }}{% endif %}
--os-auth-url {{ openstack_auth.auth_url }}
--murano-url {{ murano_internal_endpoint }}
package-import --exists-action u --is-public /io.murano.zip
run_once: True
delegate_to: "{{ groups['murano-api'][0] }}"
when:
- status.stdout.find("io.murano") == -1 or kolla_action == "upgrade"
- name: Importing Murano applications library package
become: true
command: >
{{ kolla_container_engine }} exec murano_api murano
--os-username {{ openstack_auth.username }}
--os-password {{ openstack_auth.password }}
--os-project-name {{ openstack_auth.project_name }}
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }}{% endif %}
--os-auth-url {{ openstack_auth.auth_url }}
--murano-url {{ murano_internal_endpoint }}
package-import --exists-action u --is-public /io.murano.applications.zip
run_once: True
delegate_to: "{{ groups['murano-api'][0] }}"
when:
- status.stdout.find("io.murano.applications") == -1 or kolla_action == "upgrade"

7
ansible/roles/murano/tasks/loadbalancer.yml
View File

@ -1,7 +0,0 @@
---
- name: "Configure loadbalancer for {{ project_name }}"
import_role:
name: loadbalancer-config
vars:
project_services: "{{ murano_services }}"
tags: always

2
ansible/roles/murano/tasks/main.yml
View File

@ -1,2 +0,0 @@
---
- include_tasks: "{{ kolla_action }}.yml"

26
ansible/roles/murano/tasks/precheck.yml
View File

@ -1,26 +0,0 @@
---
- import_role:
name: service-precheck
vars:
service_precheck_services: "{{ murano_services }}"
service_name: "{{ project_name }}"
- name: Get container facts
become: true
kolla_container_facts:
container_engine: "{{ kolla_container_engine }}"
name:
- murano_api
check_mode: false
register: container_facts
- name: Checking free port for Murano API
wait_for:
host: "{{ api_interface_address }}"
port: "{{ murano_api_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts['murano_api'] is not defined
- inventory_hostname in groups['murano-api']

3
ansible/roles/murano/tasks/pull.yml
View File

@ -1,3 +0,0 @@
---
- import_role:
role: service-images-pull

2
ansible/roles/murano/tasks/reconfigure.yml
View File

@ -1,2 +0,0 @@
---
- import_tasks: deploy.yml

7
ansible/roles/murano/tasks/register.yml
View File

@ -1,7 +0,0 @@
---
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_murano_auth }}"
service_ks_register_services: "{{ murano_ks_services }}"
service_ks_register_users: "{{ murano_ks_users }}"

6
ansible/roles/murano/tasks/stop.yml
View File

@ -1,6 +0,0 @@
---
- import_role:
name: service-stop
vars:
project_services: "{{ murano_services }}"
service_name: "{{ project_name }}"

11
ansible/roles/murano/tasks/upgrade.yml
View File

@ -1,11 +0,0 @@
---
- import_tasks: config.yml
- import_tasks: check-containers.yml
- import_tasks: bootstrap_service.yml
- name: Flush handlers
meta: flush_handlers
- import_tasks: import_library_packages.yml

24
ansible/roles/murano/templates/murano-api.json.j2
View File

@ -1,24 +0,0 @@
{
"command": "murano-api --config-file /etc/murano/murano.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/murano.conf",
"dest": "/etc/murano/murano.conf",
"owner": "murano",
"perm": "0600"
}{% if murano_policy_file is defined %},
{
"source": "{{ container_config_directory }}/{{ murano_policy_file }}",
"dest": "/etc/murano/{{ murano_policy_file }}",
"owner": "murano",
"perm": "0600"
}{% endif %}
],
"permissions": [
{
"path": "/var/log/kolla/murano",
"owner": "murano:murano",
"recurse": true
}
]
}

24
ansible/roles/murano/templates/murano-engine.json.j2
View File

@ -1,24 +0,0 @@
{
"command": "murano-engine --config-file /etc/murano/murano.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/murano.conf",
"dest": "/etc/murano/murano.conf",
"owner": "murano",
"perm": "0600"
}{% if murano_policy_file is defined %},
{
"source": "{{ container_config_directory }}/{{ murano_policy_file }}",
"dest": "/etc/murano/{{ murano_policy_file }}",
"owner": "murano",
"perm": "0600"
}{% endif %}
],
"permissions": [
{
"path": "/var/log/kolla/murano",
"owner": "murano:murano",
"recurse": true
}
]
}

119
ansible/roles/murano/templates/murano.conf.j2
View File

@ -1,119 +0,0 @@
[DEFAULT]
debug = {{ murano_logging_debug }}
log_dir = /var/log/kolla/murano
{% if service_name == 'murano-api' %}
bind_host = {{ api_interface_address }}
bind_port = {{ murano_api_port }}
{% endif %}
transport_url = {{ rpc_transport_url }}
[engine]
engine_workers = {{ murano_engine_workers }}
agent_timeout = {{ murano_agent_timeout }}
[database]
connection = mysql+pymysql://{{ murano_database_user }}:{{ murano_database_password }}@{{ murano_database_address }}/{{ murano_database_name }}
connection_recycle_time = {{ database_connection_recycle_time }}
max_pool_size = {{ database_max_pool_size }}
max_retries = -1
[keystone_authtoken]
service_type = application-catalog
www_authenticate_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ murano_keystone_user }}
password = {{ murano_keystone_password }}
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[murano_auth]
auth_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_name = {{ default_user_domain_name }}
project_name = service
username = {{ murano_keystone_user }}
password = {{ murano_keystone_password }}
cafile = {{ openstack_cacert }}
[murano]
url = {{ murano_internal_endpoint }}
api_workers = {{ murano_api_workers }}
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if murano_enabled_notification_topics %}
driver = messagingv2
topics = {{ murano_enabled_notification_topics | map(attribute='name') | join(',') }}
{% else %}
driver = noop
{% endif %}
[oslo_messaging_rabbit]
heartbeat_in_pthread = false
{% if om_enable_rabbitmq_tls | bool %}
ssl = true
ssl_ca_file = {{ om_rabbitmq_cacert }}
{% endif %}
{% if om_enable_rabbitmq_high_availability | bool %}
amqp_durable_queues = true
{% endif %}
{% if om_enable_rabbitmq_quorum_queues | bool %}
rabbit_quorum_queue = true
{% endif %}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if murano_policy_file is defined %}
[oslo_policy]
policy_file = {{ murano_policy_file }}
{% endif %}
{% if service_name == 'murano-engine' %}
[rabbitmq]
host = {{ rabbitmq_external_fqdn }}
port = {{ outward_rabbitmq_port }}
login = {{ murano_agent_rabbitmq_user }}
password = {{ murano_agent_rabbitmq_password }}
virtual_host = {{ murano_agent_rabbitmq_vhost }}
{% if enable_barbican | bool %}
[key_manager]
auth_type = keystone_password
auth_url = {{ keystone_internal_url }}
username = {{ murano_keystone_user }}
password = {{ murano_keystone_password }}
user_domain_name = {{ default_project_domain_name }}
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
{% endif %}
{% endif %}
[neutron]
endpoint_type = internalURL
cafile = {{ openstack_cacert }}
[heat]
endpoint_type = internalURL
cafile = {{ openstack_cacert }}
[glance]
endpoint_type = internalURL
cafile = {{ openstack_cacert }}
[mistral]
endpoint_type = internalURL
cafile = {{ openstack_cacert }}

2
ansible/roles/murano/vars/main.yml
View File

@ -1,2 +0,0 @@
---
project_name: "murano"

23
ansible/roles/rabbitmq/defaults/main.yml
View File

@ -23,29 +23,6 @@ rabbitmq_services:
mode: "http"
port: "{{ rabbitmq_management_port }}"
host_group: "rabbitmq"
rabbitmq_outward_management:
enabled: "{{ enable_outward_rabbitmq }}"
mode: "http"
port: "{{ outward_rabbitmq_management_port }}"
host_group: "outward-rabbitmq"
rabbitmq_outward_external:
enabled: "{{ enable_outward_rabbitmq }}"
mode: "tcp"
external: true
external_fqdn: "{{ outward_rabbitmq_external_fqdn }}"
port: "{{ outward_rabbitmq_port }}"
host_group: "outward-rabbitmq"
frontend_tcp_extra:
- "timeout client {{ haproxy_outward_rabbitmq_client_timeout }}"
backend_tcp_extra:
- "timeout server {{ haproxy_outward_rabbitmq_server_timeout }}"
####################
# HAProxy
####################
haproxy_outward_rabbitmq_client_timeout: "1h"
haproxy_outward_rabbitmq_server_timeout: "1h"
####################
# Docker

96
ansible/roles/rabbitmq/tasks/precheck.yml
View File

@ -11,7 +11,6 @@
container_engine: "{{ kolla_container_engine }}"
name:
- rabbitmq
- outward_rabbitmq
check_mode: false
register: container_facts
@ -105,101 +104,6 @@
- not kolla_externally_managed_cert | bool
- rabbitmq_enable_tls | bool
- name: Checking free port for outward RabbitMQ
wait_for:
host: "{{ api_interface_address }}"
port: "{{ outward_rabbitmq_port }}"
connect_timeout: 1
state: stopped
when:
- enable_outward_rabbitmq | bool
- inventory_hostname in groups['outward-rabbitmq']
- container_facts['outward_rabbitmq'] is not defined
- name: Checking free port for outward RabbitMQ Management
wait_for:
host: "{{ api_interface_address }}"
port: "{{ outward_rabbitmq_management_port }}"
connect_timeout: 1
state: stopped
when:
- enable_outward_rabbitmq | bool
- inventory_hostname in groups['outward-rabbitmq']
- container_facts['outward_rabbitmq'] is not defined
- name: Checking free port for outward RabbitMQ Cluster
wait_for:
host: "{{ api_interface_address }}"
port: "{{ outward_rabbitmq_cluster_port }}"
connect_timeout: 1
state: stopped
when:
- enable_outward_rabbitmq | bool
- inventory_hostname in groups['outward-rabbitmq']
- container_facts['outward_rabbitmq'] is not defined
- name: Checking free port for outward RabbitMQ EPMD
wait_for:
host: "{{ api_interface_address }}"
port: "{{ outward_rabbitmq_epmd_port }}"
connect_timeout: 1
state: stopped
when:
- enable_outward_rabbitmq | bool
- inventory_hostname in groups['outward-rabbitmq']
- container_facts['outward_rabbitmq'] is not defined
- name: Check if all outward rabbit hostnames are resolvable
vars:
nss_database: "{{ 'ahostsv4' if api_address_family == 'ipv4' else 'ahostsv6' }}"
command: "getent {{ nss_database }} {{ hostvars[item].ansible_facts.hostname }}"
changed_when: false
check_mode: false
register: outward_rabbitmq_hostnames
with_items: "{{ groups['outward-rabbitmq'] }}"
when:
- enable_outward_rabbitmq | bool
- name: Check if each rabbit hostname resolves uniquely to the proper IP address
fail:
msg: Hostname has to resolve uniquely to the IP address of api_interface
with_subelements:
- "{{ outward_rabbitmq_hostnames.results }}"
- stdout_lines
when:
- enable_outward_rabbitmq | bool
- not item.1 is match('^'+('api' | kolla_address(item.0.item))+'\\b')
- name: Check if TLS certificate exists for outward RabbitMQ
assert:
that: cert | length > 0
fail_msg: No TLS certificate provided for outward RabbitMQ.
vars:
cert: "{{ query('first_found', paths, errors='ignore') }}"
paths:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/outward_rabbitmq-cert.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
- "{{ kolla_certificates_dir }}/outward_rabbitmq-cert.pem"
when:
- not kolla_externally_managed_cert | bool
- enable_outward_rabbitmq | bool
- rabbitmq_enable_tls | bool
- name: Check if TLS key exists for outward RabbitMQ
assert:
that: key | length > 0
msg: No TLS key provided for outward RabbitMQ.
vars:
key: "{{ query('first_found', paths, errors='ignore') }}"
paths:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/outward_rabbitmq-key.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
- "{{ kolla_certificates_dir }}/outward_rabbitmq-key.pem"
when:
- not kolla_externally_managed_cert | bool
- enable_outward_rabbitmq | bool
- rabbitmq_enable_tls | bool
- block:
- name: List RabbitMQ policies
become: true

16
ansible/roles/rabbitmq/templates/definitions.json.j2
View File

@ -1,26 +1,18 @@
{
"vhosts": [
{"name": "/"}{% if project_name == 'outward_rabbitmq' %},
{"name": "{{ murano_agent_rabbitmq_vhost }}"}
{% endif %}
{"name": "/"}
],
"users": [
{"name": "{{ role_rabbitmq_user }}", "password": "{{ role_rabbitmq_password }}", "tags": "administrator"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
{"name": "{{ role_rabbitmq_monitoring_user }}", "password": "{{ role_rabbitmq_monitoring_password }}", "tags": "monitoring"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
{"name": "{{ murano_agent_rabbitmq_user }}", "password": "{{ murano_agent_rabbitmq_password }}", "tags": "management"}
{% endif %}
{"name": "{{ role_rabbitmq_monitoring_user }}", "password": "{{ role_rabbitmq_monitoring_password }}", "tags": "monitoring"}{% endif %}
],
"permissions": [
{"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %},
{"user": "{{ role_rabbitmq_monitoring_user }}", "vhost": "/", "configure": "^$", "write": "^$", "read": ".*"}{% endif %}{% if project_name == 'outward_rabbitmq' %},
{"user": "{{ murano_agent_rabbitmq_user }}", "vhost": "{{ murano_agent_rabbitmq_vhost }}", "configure": ".*", "write": ".*", "read": ".*"}
{% endif %}
{"user": "{{ role_rabbitmq_monitoring_user }}", "vhost": "/", "configure": "^$", "write": "^$", "read": ".*"}{% endif %}
],
{% if om_enable_rabbitmq_high_availability | bool %}
"policies":[
{"vhost": "/", "name": "ha-all", "pattern": "^(?!(amq\\.)|(.*_fanout_)|(reply_)).*", "apply-to": "all", "definition": {"ha-mode":{% if rabbitmq_ha_replica_count is not none %}"exactly","ha-params":{{ rabbitmq_ha_replica_count | int }}{% else %}"all"{% endif %}{% if rabbitmq_ha_promote_on_shutdown is not none %},"ha-promote-on-shutdown":"{{ rabbitmq_ha_promote_on_shutdown }}"{% endif %}{% if rabbitmq_message_ttl_ms is not none %},"message-ttl":{{ rabbitmq_message_ttl_ms | int }}{% endif %}{% if rabbitmq_queue_expiry_ms is not none %},"expires":{{ rabbitmq_queue_expiry_ms | int }}{% endif %}}, "priority":0}{% if project_name == 'outward_rabbitmq' %},
{"vhost": "{{ murano_agent_rabbitmq_vhost }}", "name": "ha-all", "pattern": "^(?!(amq\\.)|(.*_fanout_)|(reply_)).*", "apply-to": "all", "definition": {"ha-mode":{% if rabbitmq_ha_replica_count is not none %}"exactly","ha-params":{{ rabbitmq_ha_replica_count | int }}{% else %}"all"{% endif %}{% if rabbitmq_ha_promote_on_shutdown is not none %},"ha-promote-on-shutdown":"{{ rabbitmq_ha_promote_on_shutdown }}"{% endif %}{% if rabbitmq_message_ttl_ms is not none %},"message-ttl":{{ rabbitmq_message_ttl_ms | int }}{% endif %}{% if rabbitmq_queue_expiry_ms is not none %},"expires":{{ rabbitmq_queue_expiry_ms | int }}{% endif %}}, "priority":0}
{% endif %}
{"vhost": "/", "name": "ha-all", "pattern": "^(?!(amq\\.)|(.*_fanout_)|(reply_)).*", "apply-to": "all", "definition": {"ha-mode":{% if rabbitmq_ha_replica_count is not none %}"exactly","ha-params":{{ rabbitmq_ha_replica_count | int }}{% else %}"all"{% endif %}{% if rabbitmq_ha_promote_on_shutdown is not none %},"ha-promote-on-shutdown":"{{ rabbitmq_ha_promote_on_shutdown }}"{% endif %}{% if rabbitmq_message_ttl_ms is not none %},"message-ttl":{{ rabbitmq_message_ttl_ms | int }}{% endif %}{% if rabbitmq_queue_expiry_ms is not none %},"expires":{{ rabbitmq_queue_expiry_ms | int }}{% endif %}}, "priority":0}
]
{% else %}
"policies":[]

1
ansible/roles/telegraf/defaults/main.yml
View File

@ -36,4 +36,3 @@ influxdb_proto: "http"
rabbitmq_proto: "http"
mariadb_proto: "tcp"
opensearch_proto: "http"
outward_rabbitmq_proto: "http"

6
ansible/roles/telegraf/templates/telegraf.conf.j2
View File

@ -67,12 +67,6 @@
username = "{{ rabbitmq_user }}"
password = "{{ rabbitmq_password }}"
{% endif %}
{% if inventory_hostname in groups['outward-rabbitmq'] and enable_outward_rabbitmq | bool %}
[[inputs.rabbitmq]]
url = "{{ outward_rabbitmq_proto }}://{{ api_interface_address | put_address_in_context('url') }}:{{ outward_rabbitmq_management_port }}"
username = "{{ outward_rabbitmq_user }}"
password = "{{ outward_rabbitmq_password }}"
{% endif %}
{% if inventory_hostname in groups['redis'] and enable_redis | bool %}
[[inputs.redis]]
servers = ["tcp://:{{ redis_master_password }}@{{ api_interface_address | put_address_in_context('url') }}:{{ redis_port }}"]

24
ansible/site.yml
View File

@ -53,14 +53,12 @@
- enable_memcached_{{ enable_memcached | bool }}
- enable_mistral_{{ enable_mistral | bool }}
- enable_multipathd_{{ enable_multipathd | bool }}
- enable_murano_{{ enable_murano | bool }}
- enable_neutron_{{ enable_neutron | bool }}
- enable_nova_{{ enable_nova | bool }}
- enable_octavia_{{ enable_octavia | bool }}
- enable_opensearch_{{ enable_opensearch | bool }}
- enable_opensearch_dashboards_{{ enable_opensearch_dashboards | bool }}
- enable_openvswitch_{{ enable_openvswitch | bool }}_enable_ovs_dpdk_{{ enable_ovs_dpdk | bool }}
- enable_outward_rabbitmq_{{ enable_outward_rabbitmq | bool }}
- enable_ovn_{{ enable_ovn | bool }}
- enable_placement_{{ enable_placement | bool }}
- enable_prometheus_{{ enable_prometheus | bool }}
@ -243,11 +241,6 @@
tasks_from: loadbalancer
tags: mistral
when: enable_mistral | bool
- include_role:
name: murano
tasks_from: loadbalancer
tags: murano
when: enable_murano | bool
- include_role:
name: neutron
tasks_from: loadbalancer
@ -293,7 +286,7 @@
vars:
role_rabbitmq_cluster_cookie:
role_rabbitmq_groups:
when: enable_rabbitmq | bool or enable_outward_rabbitmq | bool
when: enable_rabbitmq | bool
- include_role:
name: skyline
tasks_from: loadbalancer
@ -760,21 +753,6 @@
- { role: horizon,
tags: horizon }
- name: Apply role murano
gather_facts: false
hosts:
- murano-api
- murano-engine
- '&enable_murano_True'
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ murano_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: murano,
tags: murano }
- name: Apply role magnum
gather_facts: false
hosts:

5
etc/kolla/globals.yml
View File

@ -322,7 +322,6 @@ workaround_ansible_issue_8743: yes
#enable_neutron: "{{ enable_openstack_core | bool }}"
#enable_nova: "{{ enable_openstack_core | bool }}"
#enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
#enable_outward_rabbitmq: "{{ enable_murano | bool }}"
# OpenStack services can be enabled or disabled with these options
#enable_aodh: "no"
@ -367,7 +366,6 @@ workaround_ansible_issue_8743: yes
#enable_horizon_manila: "{{ enable_manila | bool }}"
#enable_horizon_masakari: "{{ enable_masakari | bool }}"
#enable_horizon_mistral: "{{ enable_mistral | bool }}"
#enable_horizon_murano: "{{ enable_murano | bool }}"
#enable_horizon_neutron_vpnaas: "{{ enable_neutron_vpnaas | bool }}"
#enable_horizon_octavia: "{{ enable_octavia | bool }}"
#enable_horizon_tacker: "{{ enable_tacker | bool }}"
@ -392,7 +390,6 @@ workaround_ansible_issue_8743: yes
#enable_masakari: "no"
#enable_mistral: "no"
#enable_multipathd: "no"
#enable_murano: "no"
#enable_neutron_vpnaas: "no"
#enable_neutron_sriov: "no"
#enable_neutron_dvr: "no"
@ -642,7 +639,7 @@ workaround_ansible_issue_8743: yes
#############################
# Horizon - Dashboard Options
#############################
#horizon_backend_database: "{{ enable_murano | bool }}"
#horizon_backend_database: false
#############################
# Ironic options

6
etc/kolla/passwords.yml
View File

@ -107,10 +107,6 @@ heat_database_password:
heat_keystone_password:
heat_domain_admin_password:
murano_database_password:
murano_keystone_password:
murano_agent_rabbitmq_password:
ironic_database_password:
ironic_keystone_password:
@ -211,8 +207,6 @@ gnocchi_user_id:
rabbitmq_password:
rabbitmq_monitoring_password:
rabbitmq_cluster_cookie:
outward_rabbitmq_password:
outward_rabbitmq_cluster_cookie:
####################
# HAProxy options

6
releasenotes/notes/drop-murano-51796e817e8331b4.yaml Normal file
View File

@ -0,0 +1,6 @@
---
upgrade:
- |
Support for deploying ``Murano`` has been dropped.
In addition to that support for deploying outward RabbitMQ (only used
for Murano) has been dropped as well.

13
tests/templates/inventory.j2
View File

@ -141,9 +141,6 @@ control
[rabbitmq:children]
control
[outward-rabbitmq:children]
control
[keystone:children]
control
@ -182,9 +179,6 @@ control
[heat:children]
control
[murano:children]
control
[ironic:children]
control
@ -416,13 +410,6 @@ heat
[heat-engine:children]
heat
# Murano
[murano-api:children]
murano
[murano-engine:children]
murano
# Ironic
[ironic-api:children]
ironic