openstack/kolla-ansible
Code Issues Proposed changes
Files
ffd200f5f18743f384d25551626a1a54b5960383
kolla-ansible/ansible/roles/octavia/defaults/main.yml
Mark Goddard fbd80bcdc8 octavia: Ensure service auth project exists 
Kolla Ansible supports configuration of the project used by Octavia to
communicate with other services, via octavia_service_auth_project. Until
Ussuri, this was set to admin. In Ussuri it changed to service. It may
also be set to a different value.

Kolla Ansible currently gives the octavia user the admin role in the
project, but it does not ensure that the project exists. For admin and
service projects, this is not a problem. If the project has been
customised however, it will not necessarily exist, which will cause
Octavia deployment to fail.

This change fixes the issue by ensuring that the service auth project
exists, in addition to the service project.

Closes-Bug: #1922100
Change-Id: I968efbf3ad1de676548b4e3aeefc20bf80ca94a0
2021-03-31 15:57:07 +01:00

346 lines
16 KiB
YAML
Raw Blame History

---
project_name: "octavia"
octavia_services:
octavia-api:
container_name: octavia_api
group: octavia-api
enabled: true
image: "{{ octavia_api_image_full }}"
volumes: "{{ octavia_api_default_volumes + octavia_api_extra_volumes }}"
dimensions: "{{ octavia_api_dimensions }}"
healthcheck: "{{ octavia_api_healthcheck }}"
haproxy:
octavia_api:
enabled: "{{ enable_octavia }}"
mode: "http"
external: false
port: "{{ octavia_api_port }}"
listen_port: "{{ octavia_api_listen_port }}"
tls_backend: "{{ octavia_enable_tls_backend }}"
octavia_api_external:
enabled: "{{ enable_octavia }}"
mode: "http"
external: true
port: "{{ octavia_api_port }}"
listen_port: "{{ octavia_api_listen_port }}"
tls_backend: "{{ octavia_enable_tls_backend }}"
octavia-driver-agent:
container_name: octavia_driver_agent
group: octavia-driver-agent
enabled: "{{ enable_octavia_driver_agent }}"
image: "{{ octavia_driver_agent_image_full }}"
volumes: "{{ octavia_driver_agent_default_volumes + octavia_driver_agent_extra_volumes }}"
dimensions: "{{ octavia_driver_agent_dimensions }}"
octavia-health-manager:
container_name: octavia_health_manager
group: octavia-health-manager
enabled: true
image: "{{ octavia_health_manager_image_full }}"
volumes: "{{ octavia_health_manager_default_volumes + octavia_health_manager_extra_volumes }}"
dimensions: "{{ octavia_health_manager_dimensions }}"
healthcheck: "{{ octavia_health_manager_healthcheck }}"
octavia-housekeeping:
container_name: octavia_housekeeping
group: octavia-housekeeping
enabled: true
image: "{{ octavia_housekeeping_image_full }}"
volumes: "{{ octavia_housekeeping_default_volumes + octavia_housekeeping_extra_volumes }}"
dimensions: "{{ octavia_housekeeping_dimensions }}"
healthcheck: "{{ octavia_housekeeping_healthcheck }}"
octavia-worker:
container_name: octavia_worker
group: octavia-worker
enabled: true
image: "{{ octavia_worker_image_full }}"
volumes: "{{ octavia_worker_default_volumes + octavia_worker_extra_volumes }}"
dimensions: "{{ octavia_worker_dimensions }}"
healthcheck: "{{ octavia_worker_healthcheck }}"
octavia_required_roles:
- load-balancer_observer
- load-balancer_global_observer
- load-balancer_member
- load-balancer_admin
- load-balancer_quota_admin
####################
# Database
####################
octavia_database_name: "octavia"
octavia_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}octavia{% endif %}"
octavia_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
####################
# Docker
####################
octavia_install_type: "{{ kolla_install_type }}"
octavia_tag: "{{ openstack_tag }}"
octavia_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ octavia_install_type }}-octavia-api"
octavia_api_tag: "{{ octavia_tag }}"
octavia_api_image_full: "{{ octavia_api_image }}:{{ octavia_api_tag }}"
octavia_driver_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ octavia_install_type }}-octavia-driver-agent"
octavia_driver_agent_tag: "{{ octavia_tag }}"
octavia_driver_agent_image_full: "{{ octavia_driver_agent_image }}:{{ octavia_driver_agent_tag }}"
octavia_health_manager_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ octavia_install_type }}-octavia-health-manager"
octavia_health_manager_tag: "{{ octavia_tag }}"
octavia_health_manager_image_full: "{{ octavia_health_manager_image }}:{{ octavia_health_manager_tag }}"
octavia_housekeeping_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ octavia_install_type }}-octavia-housekeeping"
octavia_housekeeping_tag: "{{ octavia_tag }}"
octavia_housekeeping_image_full: "{{ octavia_housekeeping_image }}:{{ octavia_housekeeping_tag }}"
octavia_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ octavia_install_type }}-octavia-worker"
octavia_worker_tag: "{{ octavia_tag }}"
octavia_worker_image_full: "{{ octavia_worker_image }}:{{ octavia_worker_tag }}"
octavia_api_dimensions: "{{ default_container_dimensions }}"
octavia_driver_agent_dimensions: "{{ default_container_dimensions }}"
octavia_health_manager_dimensions: "{{ default_container_dimensions }}"
octavia_housekeeping_dimensions: "{{ default_container_dimensions }}"
octavia_worker_dimensions: "{{ default_container_dimensions }}"
octavia_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
octavia_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
octavia_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
octavia_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
octavia_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if octavia_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ octavia_api_listen_port }}"]
octavia_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
octavia_api_healthcheck:
interval: "{{ octavia_api_healthcheck_interval }}"
retries: "{{ octavia_api_healthcheck_retries }}"
start_period: "{{ octavia_api_healthcheck_start_period }}"
test: "{% if octavia_api_enable_healthchecks | bool %}{{ octavia_api_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ octavia_api_healthcheck_timeout }}"
octavia_health_manager_enable_healthchecks: "{{ enable_container_healthchecks }}"
octavia_health_manager_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
octavia_health_manager_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
octavia_health_manager_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
octavia_health_manager_healthcheck_test: ["CMD-SHELL", "healthcheck_port octavia-health-manager {{ database_port }}"]
octavia_health_manager_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
octavia_health_manager_healthcheck:
interval: "{{ octavia_health_manager_healthcheck_interval }}"
retries: "{{ octavia_health_manager_healthcheck_retries }}"
start_period: "{{ octavia_health_manager_healthcheck_start_period }}"
test: "{% if octavia_health_manager_enable_healthchecks | bool %}{{ octavia_health_manager_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ octavia_health_manager_healthcheck_timeout }}"
octavia_housekeeping_enable_healthchecks: "{{ enable_container_healthchecks }}"
octavia_housekeeping_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
octavia_housekeeping_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
octavia_housekeeping_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
octavia_housekeeping_healthcheck_test: ["CMD-SHELL", "healthcheck_port octavia-housekeeping {{ database_port }}"]
octavia_housekeeping_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
octavia_housekeeping_healthcheck:
interval: "{{ octavia_housekeeping_healthcheck_interval }}"
retries: "{{ octavia_housekeeping_healthcheck_retries }}"
start_period: "{{ octavia_housekeeping_healthcheck_start_period }}"
test: "{% if octavia_housekeeping_enable_healthchecks | bool %}{{ octavia_housekeeping_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ octavia_housekeeping_healthcheck_timeout }}"
octavia_worker_enable_healthchecks: "{{ enable_container_healthchecks }}"
octavia_worker_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
octavia_worker_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
octavia_worker_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
octavia_worker_healthcheck_test: ["CMD-SHELL", "healthcheck_port octavia-worker {{ om_rpc_port }}"]
octavia_worker_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
octavia_worker_healthcheck:
interval: "{{ octavia_worker_healthcheck_interval }}"
retries: "{{ octavia_worker_healthcheck_retries }}"
start_period: "{{ octavia_worker_healthcheck_start_period }}"
test: "{% if octavia_worker_enable_healthchecks | bool %}{{ octavia_worker_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ octavia_worker_healthcheck_timeout }}"
octavia_api_default_volumes:
- "{{ node_config_directory }}/octavia-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
- "octavia_driver_agent:/var/run/octavia/"
octavia_health_manager_default_volumes:
- "{{ node_config_directory }}/octavia-health-manager/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
octavia_driver_agent_default_volumes:
- "{{ node_config_directory }}/octavia-driver-agent/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
- "octavia_driver_agent:/var/run/octavia/"
octavia_housekeeping_default_volumes:
- "{{ node_config_directory }}/octavia-housekeeping/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
octavia_worker_default_volumes:
- "{{ node_config_directory }}/octavia-worker/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
- "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
octavia_extra_volumes: "{{ default_extra_volumes }}"
octavia_api_extra_volumes: "{{ octavia_extra_volumes }}"
octavia_driver_agent_extra_volumes: "{{ octavia_extra_volumes }}"
octavia_health_manager_extra_volumes: "{{ octavia_extra_volumes }}"
octavia_housekeeping_extra_volumes: "{{ octavia_extra_volumes }}"
octavia_worker_extra_volumes: "{{ octavia_extra_volumes }}"
####################
# OpenStack
####################
octavia_logging_debug: "{{ openstack_logging_debug }}"
octavia_keystone_user: "octavia"
# Project that Octavia will use to interact with other services. Note that in
# Train and earlier releases this was "admin".
octavia_service_auth_project: "service"
openstack_octavia_auth: "{{ openstack_auth }}"
####################
# Keystone
####################
octavia_ks_services:
- name: "octavia"
type: "load-balancer"
description: "Octavia Load Balancing Service"
endpoints:
- {'interface': 'admin', 'url': '{{ octavia_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ octavia_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ octavia_public_endpoint }}'}
octavia_ks_users:
- project: "service"
user: "{{ octavia_keystone_user }}"
password: "{{ octavia_keystone_password }}"
role: "admin"
# NOTE(mgoddard): The default for the service auth project is service, but
# may be customised. Ensure the project exists, and assign the octavia user
# the admin role in it.
- project: "{{ octavia_service_auth_project }}"
user: "{{ octavia_keystone_user }}"
password: "{{ octavia_keystone_password }}"
role: "admin"
####################
# Kolla
####################
octavia_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
octavia_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
octavia_dev_mode: "{{ kolla_dev_mode }}"
octavia_source_version: "{{ kolla_source_version }}"
#####################
# Integration Options
#####################
octavia_amp_ssh_key_name: "octavia_ssh_key"
octavia_amp_listen_port: "9443"
octavia_amp_image_tag: "amphora"
octavia_network_type: "provider"
# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
octavia_loadbalancer_topology: "SINGLE"
# OpenStack auth used when registering resources for Octavia.
octavia_user_auth:
auth_url: "{{ keystone_admin_url }}"
username: "octavia"
password: "{{ octavia_keystone_password }}"
project_name: "{{ octavia_service_auth_project }}"
domain_name: "{{ default_project_domain_name }}"
# Octavia amphora flavor.
# See os_nova_flavor for details. Supported parameters:
# - disk
# - ephemeral (optional)
# - extra_specs (optional)
# - flavorid (optional)
# - is_public (optional)
# - name
# - ram
# - swap (optional)
# - vcpus
octavia_amp_flavor:
name: "amphora"
is_public: no
vcpus: 1
ram: 1024
disk: 5
# Octavia security groups. lb-mgmt-sec-grp is for amphorae.
# lb-health-mgr-sec-grp is used for health manager ports.
octavia_amp_security_groups:
mgmt-sec-grp:
name: "lb-mgmt-sec-grp"
enabled: true
rules:
- protocol: icmp
- protocol: tcp
src_port: 22
dst_port: 22
- protocol: tcp
src_port: "{{ octavia_amp_listen_port }}"
dst_port: "{{ octavia_amp_listen_port }}"
health-mgr-sec-grp:
name: "lb-health-mgr-sec-grp"
enabled: "{{ true if octavia_network_type == 'tenant' else false }}"
rules:
- protocol: udp
src_port: "{{ octavia_health_manager_port }}"
dst_port: "{{ octavia_health_manager_port }}"
# Octavia management network.
# See os_network and os_subnet for details. Supported parameters:
# - external (optional)
# - mtu (optional)
# - name
# - provider_network_type (optional)
# - provider_physical_network (optional)
# - provider_segmentation_id (optional)
# - shared (optional)
# - subnet
# The subnet parameter has the following supported parameters:
# - allocation_pool_start (optional)
# - allocation_pool_end (optional)
# - cidr
# - enable_dhcp (optional)
# - gateway_ip (optional)
# - name
# - no_gateway_ip (optional)
# - ip_version (optional)
# - ipv6_address_mode (optional)
# - ipv6_ra_mode (optional)
octavia_amp_network:
name: lb-mgmt-net
shared: false
subnet:
name: lb-mgmt-subnet
cidr: "{{ octavia_amp_network_cidr }}"
no_gateway_ip: yes
enable_dhcp: yes
# Octavia management network subnet CIDR.
octavia_amp_network_cidr: 10.1.0.0/24
# Octavia provider drivers
octavia_provider_drivers: "amphora:Amphora provider{% if neutron_plugin_agent == 'ovn'%}, ovn:OVN provider{% endif %}"
octavia_provider_agents: "amphora_agent{% if neutron_plugin_agent == 'ovn'%}, ovn{% endif %}"
####################
# TLS
####################
octavia_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
View Git Blame Copy Permalink