Merge "Add karbor ansible role"
This commit is contained in:
commit
78b8f47bd5
@ -216,6 +216,8 @@ trove_api_port: "8779"
|
|||||||
etcd_client_port: "2379"
|
etcd_client_port: "2379"
|
||||||
etcd_peer_port: "2380"
|
etcd_peer_port: "2380"
|
||||||
|
|
||||||
|
karbor_api_port: "8799"
|
||||||
|
|
||||||
kuryr_port: "23750"
|
kuryr_port: "23750"
|
||||||
|
|
||||||
searchlight_api_port: "9393"
|
searchlight_api_port: "9393"
|
||||||
@ -299,6 +301,7 @@ enable_horizon_watcher: "{{ enable_watcher | bool }}"
|
|||||||
enable_influxdb: "no"
|
enable_influxdb: "no"
|
||||||
enable_ironic: "no"
|
enable_ironic: "no"
|
||||||
enable_iscsid: "{{ enable_cinder_backend_iscsi | bool or enable_cinder_backend_lvm | bool or enable_ironic | bool }}"
|
enable_iscsid: "{{ enable_cinder_backend_iscsi | bool or enable_cinder_backend_lvm | bool or enable_ironic | bool }}"
|
||||||
|
enable_karbor: "no"
|
||||||
enable_kuryr: "no"
|
enable_kuryr: "no"
|
||||||
enable_magnum: "no"
|
enable_magnum: "no"
|
||||||
enable_manila: "no"
|
enable_manila: "no"
|
||||||
|
@ -29,6 +29,9 @@ monitoring
|
|||||||
[etcd:children]
|
[etcd:children]
|
||||||
control
|
control
|
||||||
|
|
||||||
|
[karbor:children]
|
||||||
|
control
|
||||||
|
|
||||||
[kibana:children]
|
[kibana:children]
|
||||||
control
|
control
|
||||||
|
|
||||||
@ -254,6 +257,16 @@ ironic-conductor
|
|||||||
[tgtd:children]
|
[tgtd:children]
|
||||||
storage
|
storage
|
||||||
|
|
||||||
|
# Karbor
|
||||||
|
[karbor-api:children]
|
||||||
|
karbor
|
||||||
|
|
||||||
|
[karbor-protection:children]
|
||||||
|
karbor
|
||||||
|
|
||||||
|
[karbor-operationengine:children]
|
||||||
|
karbor
|
||||||
|
|
||||||
# Manila
|
# Manila
|
||||||
[manila-api:children]
|
[manila-api:children]
|
||||||
manila
|
manila
|
||||||
|
@ -48,6 +48,9 @@ control
|
|||||||
[influxdb:children]
|
[influxdb:children]
|
||||||
monitoring
|
monitoring
|
||||||
|
|
||||||
|
[karbor:children]
|
||||||
|
control
|
||||||
|
|
||||||
[kibana:children]
|
[kibana:children]
|
||||||
control
|
control
|
||||||
|
|
||||||
@ -270,6 +273,16 @@ ironic-conductor
|
|||||||
[tgtd:children]
|
[tgtd:children]
|
||||||
storage
|
storage
|
||||||
|
|
||||||
|
# Karbor
|
||||||
|
[karbor-api:children]
|
||||||
|
karbor
|
||||||
|
|
||||||
|
[karbor-protection:children]
|
||||||
|
karbor
|
||||||
|
|
||||||
|
[karbor-operationengine:children]
|
||||||
|
karbor
|
||||||
|
|
||||||
# Manila
|
# Manila
|
||||||
[manila-api:children]
|
[manila-api:children]
|
||||||
manila
|
manila
|
||||||
|
@ -87,6 +87,7 @@
|
|||||||
- { name: "haproxy", enabled: "{{ enable_haproxy }}" }
|
- { name: "haproxy", enabled: "{{ enable_haproxy }}" }
|
||||||
- { name: "heat", enabled: "{{ enable_heat }}" }
|
- { name: "heat", enabled: "{{ enable_heat }}" }
|
||||||
- { name: "iscsid", enabled: "{{ enable_iscsid }}" }
|
- { name: "iscsid", enabled: "{{ enable_iscsid }}" }
|
||||||
|
- { name: "karbor", enabled: "{{ enable_karbor }}" }
|
||||||
- { name: "keepalived", enabled: "{{ enable_haproxy }}" }
|
- { name: "keepalived", enabled: "{{ enable_haproxy }}" }
|
||||||
- { name: "keystone", enabled: "{{ enable_keystone }}" }
|
- { name: "keystone", enabled: "{{ enable_keystone }}" }
|
||||||
- { name: "magnum", enabled: "{{ enable_magnum }}" }
|
- { name: "magnum", enabled: "{{ enable_magnum }}" }
|
||||||
|
@ -0,0 +1,3 @@
|
|||||||
|
"/var/log/kolla/karbor/*.log"
|
||||||
|
{
|
||||||
|
}
|
@ -14,6 +14,7 @@
|
|||||||
( 'haproxy', enable_haproxy ),
|
( 'haproxy', enable_haproxy ),
|
||||||
( 'heat', enable_heat ),
|
( 'heat', enable_heat ),
|
||||||
( 'iscsid', enable_iscsid ),
|
( 'iscsid', enable_iscsid ),
|
||||||
|
( 'karbor', enable_karbor ),
|
||||||
( 'keepalived', enable_haproxy ),
|
( 'keepalived', enable_haproxy ),
|
||||||
( 'keystone', enable_keystone ),
|
( 'keystone', enable_keystone ),
|
||||||
( 'magnum', enable_magnum ),
|
( 'magnum', enable_magnum ),
|
||||||
|
@ -221,6 +221,16 @@
|
|||||||
when:
|
when:
|
||||||
- enable_keystone | bool
|
- enable_keystone | bool
|
||||||
- "{{ 'keystone_external' not in haproxy_stat }}"
|
- "{{ 'keystone_external' not in haproxy_stat }}"
|
||||||
|
|
||||||
|
- name: Checking free port for Karbor Admin HAProxy
|
||||||
|
wait_for:
|
||||||
|
host: "{{ kolla_internal_vip_address }}"
|
||||||
|
port: "{{ karbor_api_port }}"
|
||||||
|
connect_timeout: 1
|
||||||
|
state: stopped
|
||||||
|
when:
|
||||||
|
- enable_karbor | bool
|
||||||
|
- "{{ 'karbor_api' not in haproxy_stat }}"
|
||||||
- inventory_hostname in groups['haproxy']
|
- inventory_hostname in groups['haproxy']
|
||||||
|
|
||||||
- name: Checking free port for Kibana HAProxy
|
- name: Checking free port for Kibana HAProxy
|
||||||
|
@ -363,6 +363,22 @@ listen ironic_api_external
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if enable_karbor | bool %}
|
||||||
|
listen karbor_api
|
||||||
|
bind {{ kolla_internal_vip_address }}:{{ karbor_api_port }}
|
||||||
|
{% for host in groups['karbor-api'] %}
|
||||||
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5
|
||||||
|
{% endfor %}
|
||||||
|
{% if haproxy_enable_external_vip | bool %}
|
||||||
|
|
||||||
|
listen karbor_api_external
|
||||||
|
bind {{ kolla_external_vip_address }}:{{ karbor_api_port }} {{ tls_bind_info }}
|
||||||
|
{% for host in groups['karbor-api'] %}
|
||||||
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ karbor_api_port }} check inter 2000 rise 2 fall 5
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if enable_senlin | bool %}
|
{% if enable_senlin | bool %}
|
||||||
listen senlin_api
|
listen senlin_api
|
||||||
bind {{ kolla_internal_vip_address }}:{{ senlin_api_port }}
|
bind {{ kolla_internal_vip_address }}:{{ senlin_api_port }}
|
||||||
|
39
ansible/roles/karbor/defaults/main.yml
Normal file
39
ansible/roles/karbor/defaults/main.yml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
project_name: "karbor"
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Database
|
||||||
|
####################
|
||||||
|
karbor_database_name: "karbor"
|
||||||
|
karbor_database_user: "karbor"
|
||||||
|
karbor_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Docker
|
||||||
|
####################
|
||||||
|
karbor_protection_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-karbor-protection"
|
||||||
|
karbor_protection_tag: "{{ openstack_release }}"
|
||||||
|
karbor_protection_image_full: "{{ karbor_protection_image }}:{{ karbor_protection_tag }}"
|
||||||
|
|
||||||
|
karbor_operationengine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-karbor-operationengine"
|
||||||
|
karbor_operationengine_tag: "{{ openstack_release }}"
|
||||||
|
karbor_operationengine_image_full: "{{ karbor_operationengine_image }}:{{ karbor_operationengine_tag }}"
|
||||||
|
|
||||||
|
karbor_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-karbor-api"
|
||||||
|
karbor_api_tag: "{{ openstack_release }}"
|
||||||
|
karbor_api_image_full: "{{ karbor_api_image }}:{{ karbor_api_tag }}"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# OpenStack
|
||||||
|
####################
|
||||||
|
karbor_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ karbor_api_port }}/v1/%(tenant_id)s"
|
||||||
|
karbor_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ karbor_api_port }}/v1/%(tenant_id)s"
|
||||||
|
karbor_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ karbor_api_port }}/v1/%(tenant_id)s"
|
||||||
|
|
||||||
|
karbor_logging_debug: "{{ openstack_logging_debug }}"
|
||||||
|
|
||||||
|
karbor_keystone_user: "karbor"
|
||||||
|
|
||||||
|
openstack_karbor_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
|
3
ansible/roles/karbor/meta/main.yml
Normal file
3
ansible/roles/karbor/meta/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- { role: common }
|
41
ansible/roles/karbor/tasks/bootstrap.yml
Normal file
41
ansible/roles/karbor/tasks/bootstrap.yml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
---
|
||||||
|
- name: Creating Karbor database
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m mysql_db
|
||||||
|
-a "login_host='{{ database_address }}'
|
||||||
|
login_port='{{ database_port }}'
|
||||||
|
login_user='{{ database_user }}'
|
||||||
|
login_password='{{ database_password }}'
|
||||||
|
name='{{ karbor_database_name }}'"
|
||||||
|
register: database
|
||||||
|
changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||||
|
(database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
failed_when: database.stdout.split()[2] != 'SUCCESS'
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['karbor-api'][0] }}"
|
||||||
|
|
||||||
|
- name: Reading json from variable
|
||||||
|
set_fact:
|
||||||
|
database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
|
||||||
|
- name: Creating Karbor database user and setting permissions
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m mysql_user
|
||||||
|
-a "login_host='{{ database_address }}'
|
||||||
|
login_port='{{ database_port }}'
|
||||||
|
login_user='{{ database_user }}'
|
||||||
|
login_password='{{ database_password }}'
|
||||||
|
name='{{ karbor_database_name }}'
|
||||||
|
password='{{ karbor_database_password }}'
|
||||||
|
host='%'
|
||||||
|
priv='{{ karbor_database_name }}.*:ALL'
|
||||||
|
append_privs='yes'"
|
||||||
|
register: database_user_create
|
||||||
|
changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
|
||||||
|
(database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['karbor-api'][0] }}"
|
||||||
|
|
||||||
|
- include: bootstrap_service.yml
|
||||||
|
when: database_created
|
20
ansible/roles/karbor/tasks/bootstrap_service.yml
Normal file
20
ansible/roles/karbor/tasks/bootstrap_service.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
- name: Running Karbor bootstrap container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
detach: False
|
||||||
|
environment:
|
||||||
|
KOLLA_BOOTSTRAP:
|
||||||
|
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||||
|
image: "{{ karbor_api_image_full }}"
|
||||||
|
labels:
|
||||||
|
BOOTSTRAP:
|
||||||
|
name: "bootstrap_karbor"
|
||||||
|
restart_policy: "never"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/karbor-api/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['karbor-api'][0] }}"
|
47
ansible/roles/karbor/tasks/config.yml
Normal file
47
ansible/roles/karbor/tasks/config.yml
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
---
|
||||||
|
- name: Ensuring config directories exist
|
||||||
|
file:
|
||||||
|
path: "{{ node_config_directory }}/{{ item }}"
|
||||||
|
path: "{{ node_config_directory }}/{{ item }}/providers.d"
|
||||||
|
state: "directory"
|
||||||
|
recurse: yes
|
||||||
|
with_items:
|
||||||
|
- "karbor-api"
|
||||||
|
- "karbor-protection"
|
||||||
|
- "karbor-operationengine"
|
||||||
|
|
||||||
|
- name: Copying over config.json files for services
|
||||||
|
template:
|
||||||
|
src: "{{ item }}.json.j2"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item }}/config.json"
|
||||||
|
with_items:
|
||||||
|
- "karbor-api"
|
||||||
|
- "karbor-protection"
|
||||||
|
- "karbor-operationengine"
|
||||||
|
|
||||||
|
- name: Copying over karbor.conf
|
||||||
|
merge_configs:
|
||||||
|
vars:
|
||||||
|
service_name: "{{ item }}"
|
||||||
|
sources:
|
||||||
|
- "{{ role_path }}/templates/karbor.conf.j2"
|
||||||
|
- "{{ node_config_directory }}/config/global.conf"
|
||||||
|
- "{{ node_config_directory }}/config/database.conf"
|
||||||
|
- "{{ node_config_directory }}/config/messaging.conf"
|
||||||
|
- "{{ node_config_directory }}/config/karbor.conf"
|
||||||
|
- "{{ node_config_directory }}/config/karbor/{{ item }}.conf"
|
||||||
|
- "{{ node_config_directory }}/config/karbor/{{ inventory_hostname }}/karbor.conf"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item }}/karbor.conf"
|
||||||
|
with_items:
|
||||||
|
- "karbor-api"
|
||||||
|
- "karbor-protection"
|
||||||
|
- "karbor-operationengine"
|
||||||
|
|
||||||
|
- name: Copying over openstack-infra.conf
|
||||||
|
template:
|
||||||
|
src: "providers.d/openstack-infra.conf.j2"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item }}/providers.d/openstack-infra.conf"
|
||||||
|
with_items:
|
||||||
|
- "karbor-api"
|
||||||
|
- "karbor-protection"
|
||||||
|
- "karbor-operationengine"
|
16
ansible/roles/karbor/tasks/deploy.yml
Normal file
16
ansible/roles/karbor/tasks/deploy.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- include: register.yml
|
||||||
|
when: inventory_hostname in groups['karbor-api']
|
||||||
|
|
||||||
|
- include: config.yml
|
||||||
|
when: inventory_hostname in groups['karbor-api'] or
|
||||||
|
inventory_hostname in groups['karbor-protection'] or
|
||||||
|
inventory_hostname in groups['karbor-operationengine']
|
||||||
|
|
||||||
|
- include: bootstrap.yml
|
||||||
|
when: inventory_hostname in groups['karbor-api']
|
||||||
|
|
||||||
|
- include: start.yml
|
||||||
|
when: inventory_hostname in groups['karbor-api'] or
|
||||||
|
inventory_hostname in groups['karbor-protection'] or
|
||||||
|
inventory_hostname in groups['karbor-operationengine']
|
2
ansible/roles/karbor/tasks/main.yml
Normal file
2
ansible/roles/karbor/tasks/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
- include: "{{ action }}.yml"
|
16
ansible/roles/karbor/tasks/precheck.yml
Normal file
16
ansible/roles/karbor/tasks/precheck.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- name: Get container facts
|
||||||
|
kolla_container_facts:
|
||||||
|
name:
|
||||||
|
- karbor_api
|
||||||
|
register: container_facts
|
||||||
|
|
||||||
|
- name: Checking free port for Karbor Admin
|
||||||
|
wait_for:
|
||||||
|
host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
|
||||||
|
port: "{{ karbor_api_port }}"
|
||||||
|
connect_timeout: 1
|
||||||
|
state: stopped
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups['karbor-api']
|
||||||
|
- container_facts['karbor-api'] is not defined
|
21
ansible/roles/karbor/tasks/pull.yml
Normal file
21
ansible/roles/karbor/tasks/pull.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
- name: Pulling karbor-api image
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ karbor_api_image_full }}"
|
||||||
|
when: inventory_hostname in groups['karbor-api']
|
||||||
|
|
||||||
|
- name: Pulling karbor-protection image
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ karbor_protection_image_full }}"
|
||||||
|
when: inventory_hostname in groups['karbor-protection']
|
||||||
|
|
||||||
|
- name: Pulling karbor-operationengine image
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ karbor_operationengine_image_full }}"
|
||||||
|
when: inventory_hostname in groups['karbor-operationengine']
|
71
ansible/roles/karbor/tasks/reconfigure.yml
Normal file
71
ansible/roles/karbor/tasks/reconfigure.yml
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
---
|
||||||
|
- name: Ensuring the containers up
|
||||||
|
kolla_docker:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
action: "get_container_state"
|
||||||
|
register: container_state
|
||||||
|
failed_when: container_state.Running == false
|
||||||
|
when: inventory_hostname in groups[item.group]
|
||||||
|
with_items:
|
||||||
|
- { name: karbor_api, group: karbor-api }
|
||||||
|
- { name: karbor_protection, group: karbor-protection }
|
||||||
|
- { name: karbor_operationengine, group: karbor-operationengine }
|
||||||
|
|
||||||
|
- include: config.yml
|
||||||
|
|
||||||
|
- name: Check the configs
|
||||||
|
command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
register: check_results
|
||||||
|
when: inventory_hostname in groups[item.group]
|
||||||
|
with_items:
|
||||||
|
- { name: karbor_api, group: karbor-api }
|
||||||
|
- { name: karbor_protection, group: karbor-protection }
|
||||||
|
- { name: karbor_operationengine, group: karbor-operationengine }
|
||||||
|
|
||||||
|
- name: Containers config strategy
|
||||||
|
kolla_docker:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
action: "get_container_env"
|
||||||
|
register: container_envs
|
||||||
|
when: inventory_hostname in groups[item.group]
|
||||||
|
with_items:
|
||||||
|
- { name: karbor_api, group: karbor-api }
|
||||||
|
- { name: karbor_protection, group: karbor-protection }
|
||||||
|
- { name: karbor_operationengine, group: karbor-operationengine }
|
||||||
|
|
||||||
|
- name: Remove the containers
|
||||||
|
kolla_docker:
|
||||||
|
name: "{{ item[0]['name'] }}"
|
||||||
|
action: "remove_container"
|
||||||
|
register: remove_containers
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item[0]['group']]
|
||||||
|
- config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
|
||||||
|
- item[2]['rc'] == 1
|
||||||
|
with_together:
|
||||||
|
- [{ name: karbor_api, group: karbor-api },
|
||||||
|
{ name: karbor_protection, group: karbor-protection },
|
||||||
|
{ name: karbor_operationengine, group: karbor-operationengine }]
|
||||||
|
- "{{ container_envs.results }}"
|
||||||
|
- "{{ check_results.results }}"
|
||||||
|
|
||||||
|
- include: start.yml
|
||||||
|
when: remove_containers.changed
|
||||||
|
|
||||||
|
- name: Restart containers
|
||||||
|
kolla_docker:
|
||||||
|
name: "{{ item[0]['name'] }}"
|
||||||
|
action: "restart_container"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item[0]['group']]
|
||||||
|
- config_strategy == 'COPY_ALWAYS'
|
||||||
|
- item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
|
||||||
|
- item[2]['rc'] == 1
|
||||||
|
with_together:
|
||||||
|
- [{ name: karbor_api, group: karbor-api },
|
||||||
|
{ name: karbor_protection, group: karbor-protection },
|
||||||
|
{ name: karbor_operationengine, group: karbor-operationengine }]
|
||||||
|
- "{{ container_envs.results }}"
|
||||||
|
- "{{ check_results.results }}"
|
40
ansible/roles/karbor/tasks/register.yml
Normal file
40
ansible/roles/karbor/tasks/register.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
---
|
||||||
|
- name: Creating the Karbor service and endpoint
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m kolla_keystone_service
|
||||||
|
-a "service_name=karbor
|
||||||
|
service_type=data-protect
|
||||||
|
description='Application Data Protection Service'
|
||||||
|
endpoint_region={{ openstack_region_name }}
|
||||||
|
url='{{ item.url }}'
|
||||||
|
interface='{{ item.interface }}'
|
||||||
|
region_name={{ openstack_region_name }}
|
||||||
|
auth={{ '{{ openstack_karbor_auth }}' }}"
|
||||||
|
-e "{'openstack_karbor_auth':{{ openstack_karbor_auth }}}"
|
||||||
|
register: karbor_endpoint
|
||||||
|
changed_when: "{{ karbor_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (karbor_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
until: karbor_endpoint.stdout.split()[2] == 'SUCCESS'
|
||||||
|
retries: 10
|
||||||
|
delay: 5
|
||||||
|
run_once: True
|
||||||
|
with_items:
|
||||||
|
- {'interface': 'admin', 'url': '{{ karbor_admin_endpoint }}'}
|
||||||
|
- {'interface': 'internal', 'url': '{{ karbor_internal_endpoint }}'}
|
||||||
|
- {'interface': 'public', 'url': '{{ karbor_public_endpoint }}'}
|
||||||
|
|
||||||
|
- name: Creating the Karbor project, user, and role
|
||||||
|
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
|
||||||
|
-m kolla_keystone_user
|
||||||
|
-a "project=service
|
||||||
|
user=karbor
|
||||||
|
password={{ karbor_keystone_password }}
|
||||||
|
role=admin
|
||||||
|
region_name={{ openstack_region_name }}
|
||||||
|
auth={{ '{{ openstack_karbor_auth }}' }}"
|
||||||
|
-e "{'openstack_karbor_auth':{{ openstack_karbor_auth }}}"
|
||||||
|
register: karbor_user
|
||||||
|
changed_when: "{{ karbor_user.stdout.find('localhost | SUCCESS => ') != -1 and (karbor_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
|
||||||
|
until: karbor_user.stdout.split()[2] == 'SUCCESS'
|
||||||
|
retries: 10
|
||||||
|
delay: 5
|
||||||
|
run_once: True
|
36
ansible/roles/karbor/tasks/start.yml
Normal file
36
ansible/roles/karbor/tasks/start.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
- name: Starting karbor-api container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ karbor_api_image_full }}"
|
||||||
|
name: "karbor_api"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/karbor-api/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
when: inventory_hostname in groups['karbor-api']
|
||||||
|
|
||||||
|
- name: Starting karbor-protection container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ karbor_protection_image_full }}"
|
||||||
|
name: "karbor_protection"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/karbor-protection/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
when: inventory_hostname in groups['karbor-protection']
|
||||||
|
|
||||||
|
- name: Starting karbor-operationengine container
|
||||||
|
kolla_docker:
|
||||||
|
action: "start_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ karbor_operationengine_image_full }}"
|
||||||
|
name: "karbor_operationengine"
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/karbor-operationengine/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla/"
|
||||||
|
when: inventory_hostname in groups['karbor-operationengine']
|
6
ansible/roles/karbor/tasks/upgrade.yml
Normal file
6
ansible/roles/karbor/tasks/upgrade.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- include: config.yml
|
||||||
|
|
||||||
|
- include: bootstrap_service.yml
|
||||||
|
|
||||||
|
- include: start.yml
|
18
ansible/roles/karbor/templates/karbor-api.json.j2
Normal file
18
ansible/roles/karbor/templates/karbor-api.json.j2
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{
|
||||||
|
"command": "karbor-api --config-file /etc/karbor/karbor.conf",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/karbor.conf",
|
||||||
|
"dest": "/etc/karbor/karbor.conf",
|
||||||
|
"owner": "karbor",
|
||||||
|
"perm": "0644"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"path": "/var/log/kolla/karbor",
|
||||||
|
"owner": "karbor:karbor",
|
||||||
|
"recurse": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,18 @@
|
|||||||
|
{
|
||||||
|
"command": "karbor-operationengine --config-file /etc/karbor/karbor.conf",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/karbor.conf",
|
||||||
|
"dest": "/etc/karbor/karbor.conf",
|
||||||
|
"owner": "karbor",
|
||||||
|
"perm": "0644"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"path": "/var/log/kolla/karbor",
|
||||||
|
"owner": "karbor:karbor",
|
||||||
|
"recurse": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
24
ansible/roles/karbor/templates/karbor-protection.json.j2
Normal file
24
ansible/roles/karbor/templates/karbor-protection.json.j2
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{
|
||||||
|
"command": "karbor-protection --config-file /etc/karbor/karbor.conf",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/karbor.conf",
|
||||||
|
"dest": "/etc/karbor/karbor.conf",
|
||||||
|
"owner": "karbor",
|
||||||
|
"perm": "0644"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/providers.d/openstack-infra.conf",
|
||||||
|
"dest": "/etc/karbor/providers.d/openstack-infra.conf",
|
||||||
|
"owner": "karbor",
|
||||||
|
"perm": "0644"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"permissions": [
|
||||||
|
{
|
||||||
|
"path": "/var/log/kolla/karbor",
|
||||||
|
"owner": "karbor:karbor",
|
||||||
|
"recurse": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
46
ansible/roles/karbor/templates/karbor.conf.j2
Normal file
46
ansible/roles/karbor/templates/karbor.conf.j2
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
[DEFAULT]
|
||||||
|
debug = {{ karbor_logging_debug }}
|
||||||
|
log_dir = /var/log/kolla/karbor
|
||||||
|
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
|
{% if service_name == 'karbor-api' %}
|
||||||
|
osapi_karbor_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
|
||||||
|
osapi_karbor_listen_port = {{ karbor_api_port }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[database]
|
||||||
|
connection = mysql+pymysql://{{ karbor_database_user }}:{{ karbor_database_password }}@{{ karbor_database_address }}/{{ karbor_database_name }}
|
||||||
|
max_retries = -1
|
||||||
|
|
||||||
|
[trustee]
|
||||||
|
user_domain_id = default
|
||||||
|
username = {{ karbor_keystone_user }}
|
||||||
|
password = {{ karbor_keystone_password }}
|
||||||
|
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:35357
|
||||||
|
auth_type = password
|
||||||
|
|
||||||
|
[clients_keystone]
|
||||||
|
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:5000
|
||||||
|
|
||||||
|
[karbor_client]
|
||||||
|
version = 1
|
||||||
|
service_type = data-protect
|
||||||
|
service_name = karbor
|
||||||
|
|
||||||
|
[keystone_authtoken]
|
||||||
|
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:5000
|
||||||
|
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:35357
|
||||||
|
project_domain_name = Default
|
||||||
|
auth_type = password
|
||||||
|
project_domain_id = default
|
||||||
|
user_domain_id = default
|
||||||
|
project_name = service
|
||||||
|
username = {{ karbor_keystone_user }}
|
||||||
|
password = {{ karbor_keystone_password }}
|
||||||
|
|
||||||
|
memcache_security_strategy = ENCRYPT
|
||||||
|
memcache_secret_key = {{ memcache_secret_key }}
|
||||||
|
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
|
[oslo_messaging_rabbit]
|
||||||
|
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
@ -0,0 +1,21 @@
|
|||||||
|
[provider]
|
||||||
|
name = OS Infra Provider
|
||||||
|
description = This provider uses OpenStack's own services (swift, cinder) as storage
|
||||||
|
id = {{ karbor_openstack_infra_id }}
|
||||||
|
|
||||||
|
plugin=karbor-volume-protection-plugin
|
||||||
|
plugin=karbor-image-protection-plugin
|
||||||
|
plugin=karbor-server-protection-plugin
|
||||||
|
bank=karbor-swift-bank-plugin
|
||||||
|
|
||||||
|
[swift_client]
|
||||||
|
swift_auth_url={{ internal_protocol }}://{{ kolla_internal_fqdn }}:5000/v2.0/
|
||||||
|
swift_auth_version=2
|
||||||
|
swift_user=admin
|
||||||
|
swift_key={{ keystone_admin_password }}
|
||||||
|
swift_tenant_name=admin
|
||||||
|
|
||||||
|
[swift_bank_plugin]
|
||||||
|
lease_expire_window=120
|
||||||
|
lease_renew_window=100
|
||||||
|
lease_validity_window=100
|
@ -138,8 +138,7 @@
|
|||||||
when: enable_etcd | bool }
|
when: enable_etcd | bool }
|
||||||
|
|
||||||
- name: Apply role keystone
|
- name: Apply role keystone
|
||||||
hosts:
|
hosts: keystone
|
||||||
- keystone
|
|
||||||
serial: '{{ serial|default("0") }}'
|
serial: '{{ serial|default("0") }}'
|
||||||
roles:
|
roles:
|
||||||
- { role: keystone,
|
- { role: keystone,
|
||||||
@ -157,6 +156,14 @@
|
|||||||
tags: ceph,
|
tags: ceph,
|
||||||
when: enable_ceph | bool }
|
when: enable_ceph | bool }
|
||||||
|
|
||||||
|
- name: Apply role karbor
|
||||||
|
hosts: karbor
|
||||||
|
serial: '{{ serial|default("0") }}'
|
||||||
|
roles:
|
||||||
|
- { role: karbor,
|
||||||
|
tags: karbor,
|
||||||
|
when: enable_karbor | bool }
|
||||||
|
|
||||||
- name: Apply role swift
|
- name: Apply role swift
|
||||||
hosts:
|
hosts:
|
||||||
- swift-account-server
|
- swift-account-server
|
||||||
|
@ -150,6 +150,7 @@ kolla_internal_vip_address: "10.10.10.254"
|
|||||||
#enable_horizon_watcher: "{{ enable_watcher | bool }}"
|
#enable_horizon_watcher: "{{ enable_watcher | bool }}"
|
||||||
#enable_influxdb: "no"
|
#enable_influxdb: "no"
|
||||||
#enable_ironic: "no"
|
#enable_ironic: "no"
|
||||||
|
#enable_karbor: "no"
|
||||||
#enable_kuryr: "no"
|
#enable_kuryr: "no"
|
||||||
#enable_magnum: "no"
|
#enable_magnum: "no"
|
||||||
#enable_manila: "no"
|
#enable_manila: "no"
|
||||||
|
@ -39,6 +39,10 @@ glance_keystone_password:
|
|||||||
gnocchi_database_password:
|
gnocchi_database_password:
|
||||||
gnocchi_keystone_password:
|
gnocchi_keystone_password:
|
||||||
|
|
||||||
|
karbor_database_password:
|
||||||
|
karbor_keystone_password:
|
||||||
|
karbor_openstack_infra_id:
|
||||||
|
|
||||||
kuryr_keystone_password:
|
kuryr_keystone_password:
|
||||||
|
|
||||||
nova_database_password:
|
nova_database_password:
|
||||||
|
@ -53,7 +53,8 @@ def main():
|
|||||||
# These keys should be random uuids
|
# These keys should be random uuids
|
||||||
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
|
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
|
||||||
'gnocchi_project_id', 'gnocchi_resource_id',
|
'gnocchi_project_id', 'gnocchi_resource_id',
|
||||||
'gnocchi_user_id', 'designate_pool_id']
|
'gnocchi_user_id', 'designate_pool_id',
|
||||||
|
'karbor_openstack_infra_id']
|
||||||
|
|
||||||
# SSH key pair
|
# SSH key pair
|
||||||
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
|
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
|
||||||
|
5
releasenotes/notes/add-karbor-role-96e8956cce8a7175.yaml
Normal file
5
releasenotes/notes/add-karbor-role-96e8956cce8a7175.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- Add Karbor ansible role, Karbor is an OpenStack project
|
||||||
|
that provides a pluggable framework for protecting and
|
||||||
|
restoring Data and Metadata.
|
Loading…
Reference in New Issue
Block a user