Add ansible support for Manila

Co-Authored-By: Marc Koderer <marc@koderer.com> Change-Id: I16bab281f2eca341b7a649f766bae5f2cf18a117 Partially-Implements: blueprint enable-manila-containers
2016-03-01 10:46:48 -05:00 · 2016-03-01 10:46:48 -05:00 · 9786fd646f
parent 3aedf52489
commit 9786fd646f
18 changed files with 451 additions and 0 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -133,6 +133,8 @@ kibana_port: "5601"

 elasticsearch_port: "9200"

+manila_api_port: "8786"
+
 public_protocol: "http"
 internal_protocol: "http"
 admin_protocol: "http"
@ -191,6 +193,7 @@ enable_magnum: "no"
 enable_mistral: "no"
 enable_elk: "no"
 enable_mongodb: "no"
+enable_manila: "no"

 ironic_keystone_user: "ironic"
 neutron_keystone_user: "neutron"
@ -240,3 +243,10 @@ ceph_nova_pool_name: "vms"
 ceph_erasure_profile: "k=4 m=2 ruleset-failure-domain=host"
 ceph_rule: "default host {{ 'indep' if ceph_pool_type == 'erasure' else 'firstn' }}"
 ceph_cache_rule: "cache host firstn"
+
+
+#######################################
+# Manila - Shared File Systems Options
+#######################################
+manila_enable_dhss: "yes"
+manila_dhss: "{{ 'True' if manila_enable_dhss | bool else 'False' }}"
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@ -81,6 +81,9 @@ control
 [mistral:children]
 control

+[manila:children]
+control
+
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
 #
@ -143,6 +146,16 @@ cinder
 [cinder-volume:children]
 storage

+# Manila
+[manila-api:children]
+manila
+
+[manila-scheduler:children]
+manila
+
+[manila-share:children]
+storage
+
 # Swift
 [swift-proxy-server:children]
 swift
--- a/ansible/roles/manila/defaults/main.yml
+++ b/ansible/roles/manila/defaults/main.yml
@ -0,0 +1,42 @@
+---
+project_name: "manila"
+
+####################
+## Database
+#####################
+manila_database_name: "manila"
+manila_database_user: "manila"
+manila_database_address: "{{ kolla_internal_fqdn }}"
+
+
+#####################
+## Docker
+#####################
+manila_share_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-manila-share"
+manila_share_tag: "{{ openstack_release }}"
+manila_share_image_full: "{{ manila_share_image }}:{{ manila_share_tag }}"
+
+manila_scheduler_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-manila-scheduler"
+manila_scheduler_tag: "{{ openstack_release }}"
+manila_scheduler_image_full: "{{ manila_scheduler_image }}:{{ manila_scheduler_tag }}"
+
+manila_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-manila-api"
+manila_api_tag: "{{ openstack_release }}"
+manila_api_image_full: "{{ manila_api_image }}:{{ manila_api_tag }}"
+
+
+#####################
+## OpenStack
+#####################
+manila_public_address: "{{ kolla_external_fqdn }}"
+manila_admin_address: "{{ kolla_internal_fqdn }}"
+manila_internal_address: "{{ kolla_internal_fqdn }}"
+
+manila_logging_debug: "{{ openstack_logging_debug }}"
+
+manila_keystone_user: "manila"
+
+manila_tenant_name: "manila_tenant"
+
+openstack_manila_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+
--- a/ansible/roles/manila/meta/main.yml
+++ b/ansible/roles/manila/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/manila/tasks/bootstrap.yml
+++ b/ansible/roles/manila/tasks/bootstrap.yml
@ -0,0 +1,55 @@
+---
+- name: Creating Manila database
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_db
+    -a "login_host='{{ database_address }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ manila_database_name }}'"
+  register: database
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['manila-api'][0] }}"
+
+- name: Reading json from variable
+  set_fact:
+    database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating Manila database user and setting permissions
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ database_address }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ manila_database_name }}'
+        password='{{ manila_database_password }}'
+        host='%'
+        priv='{{ manila_database_name }}.*:ALL'
+        append_privs='yes'"
+  register: database_user_create
+  changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['manila-api'][0] }}"
+
+- name: Running Manila bootstrap container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    detach: False
+    environment:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+    image: "{{ manila_api_image_full }}"
+    labels:
+      BOOTSTRAP:
+    name: "bootstrap_manila"
+    restart_policy: "never"
+    volumes:
+      - "{{ node_config_directory }}/manila-api/:{{ container_config_directory }}/:ro"
+  run_once: True
+  delegate_to: "{{ groups['manila-api'][0] }}"
+  when: database_created
--- a/ansible/roles/manila/tasks/config.yml
+++ b/ansible/roles/manila/tasks/config.yml
@ -0,0 +1,36 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item }}"
+    state: "directory"
+    recurse: yes
+  with_items:
+    - "manila-api"
+    - "manila-scheduler"
+    - "manila-share"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item }}/config.json"
+  with_items:
+    - "manila-api"
+    - "manila-scheduler"
+    - "manila-share"
+
+- name: Copying over manila.conf
+  merge_configs:
+    vars:
+      service_name: "{{ item }}"
+    sources:
+      - "{{ role_path }}/templates/manila.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/database.conf"
+      - "/etc/kolla/config/messaging.conf"
+      - "/etc/kolla/config/manila.conf"
+      - "/etc/kolla/config/manila/{{ item }}.conf"
+    dest: "{{ node_config_directory }}/{{ item }}/manila.conf"
+  with_items:
+    - "manila-api"
+    - "manila-scheduler"
+    - "manila-share"
--- a/ansible/roles/manila/tasks/deploy.yml
+++ b/ansible/roles/manila/tasks/deploy.yml
@ -0,0 +1,16 @@
+---
+- include: register.yml
+  when: inventory_hostname in groups['manila-api']
+
+- include: config.yml
+  when: inventory_hostname in groups['manila-api'] or
+        inventory_hostname in groups['manila-share'] or
+        inventory_hostname in groups['manila-scheduler']
+
+- include: bootstrap.yml
+  when: inventory_hostname in groups['manila-api']
+
+- include: start.yml
+  when: inventory_hostname in groups['manila-api'] or
+        inventory_hostname in groups['manila-share'] or
+        inventory_hostname in groups['manila-scheduler']
--- a/ansible/roles/manila/tasks/main.yml
+++ b/ansible/roles/manila/tasks/main.yml
@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"
--- a/ansible/roles/manila/tasks/pull.yml
+++ b/ansible/roles/manila/tasks/pull.yml
@ -0,0 +1,21 @@
+---
+- name: Pulling manila-api image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ manila_api_image_full }}"
+  when: inventory_hostname in groups['manila-api']
+
+- name: Pulling manila-scheduler image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ manila_scheduler_image_full }}"
+  when: inventory_hostname in groups['manila-scheduler']
+
+- name: Pulling manila-share image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ manila_share_image_full }}"
+  when: inventory_hostname in groups['manila-share']
--- a/ansible/roles/manila/tasks/register.yml
+++ b/ansible/roles/manila/tasks/register.yml
@ -0,0 +1,57 @@
+---
+- name: Creating the Manila service and endpoint
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=manila
+        service_type=share
+        description='Openstack Shared Filesystems'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s'
+        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_manila_auth }}' }}"
+    -e  "{'openstack_manila_auth':{{ openstack_manila_auth }}}"
+  register: manila_endpoint
+  changed_when: "{{ manila_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (manila_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: manila_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+
+- name: Creating the Manila v2 service and endpoint
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=manilav2
+        service_type=sharev2
+        description='Openstack Shared Filesystems'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s'
+        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_manila_auth }}' }}"
+    -e  "{'openstack_manila_auth':{{ openstack_manila_auth }}}"
+  register: manila_endpoint
+  changed_when: "{{ manila_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (manila_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: manila_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+
+- name: Creating the Manila project, user and role
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user=manila
+        password={{ manila_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_manila_auth }}' }}"
+    -e "{'openstack_manila_auth':{{ openstack_manila_auth }}}"
+  register: manila_user
+  changed_when: "{{ manila_user.stdout.find('localhost | SUCCESS => ') != -1 and (manila_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: manila_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
--- a/ansible/roles/manila/tasks/start.yml
+++ b/ansible/roles/manila/tasks/start.yml
@ -0,0 +1,35 @@
+---
+- name: Starting manila-api container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    name: "manila_api"
+    image: "{{ manila_api_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/manila-api/:{{ container_config_directory }}/:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['manila-api']
+
+- name: Starting manila-scheduler container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    name: "manila_scheduler"
+    image: "{{ manila_scheduler_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/manila-scheduler/:{{ container_config_directory }}/:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['manila-scheduler']
+
+- name: Starting manila-share container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    name: "manila_share"
+    image: "{{ manila_share_image_full }}"
+    privileged: True
+    volumes:
+      - "{{ node_config_directory }}/manila-share/:{{ container_config_directory }}/:ro"
+      - "/run/:/run/"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['manila-share']
--- a/ansible/roles/manila/templates/manila-api.json.j2
+++ b/ansible/roles/manila/templates/manila-api.json.j2
@ -0,0 +1,11 @@
+{
+    "command": "manila-api --config-file /etc/manila/manila.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/manila.conf",
+            "dest": "/etc/manila/manila.conf",
+            "owner": "manila",
+            "perm": "0600"
+        }
+    ]
+}
--- a/ansible/roles/manila/templates/manila-scheduler.json.j2
+++ b/ansible/roles/manila/templates/manila-scheduler.json.j2
@ -0,0 +1,11 @@
+{
+    "command": "manila-scheduler --config-file /etc/manila/manila.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/manila.conf",
+            "dest": "/etc/manila/manila.conf",
+            "owner": "manila",
+            "perm": "0600"
+        }
+    ]
+}
--- a/ansible/roles/manila/templates/manila-share.json.j2
+++ b/ansible/roles/manila/templates/manila-share.json.j2
@ -0,0 +1,11 @@
+{
+    "command": "manila-share --config-file /etc/manila/manila.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/manila.conf",
+            "dest": "/etc/manila/manila.conf",
+            "owner": "manila",
+            "perm": "0600"
+        }
+    ]
+}
--- a/ansible/roles/manila/templates/manila.conf.j2
+++ b/ansible/roles/manila/templates/manila.conf.j2
@ -0,0 +1,101 @@
+[DEFAULT]
+debug = {{ manila_logging_debug }}
+
+log_dir = /var/log/kolla/manila
+use_forwarded_for = true
+
+my_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+
+# Following opt is used for definition of share backends that should be enabled.
+# Values are conf groupnames that contain per manila-share service opts.
+enabled_share_backends = generic
+
+# Manila requires ‘share-type’ for share creation.
+# So, set here name of some share-type that will be used by default.
+default_share_type = default_share_type
+
+rootwrap_config = /etc/manila/rootwrap.conf
+api_paste_config = /etc/manila/api-paste.ini
+
+rpc_backend = rabbit
+
+auth_strategy = keystone
+
+os_region_name = {{ openstack_region_name }}
+
+neutron_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}
+neutron_admin_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0
+neutron_admin_project_name = service
+neutron_admin_username = {{ neutron_keystone_user }}
+neutron_admin_password = {{ neutron_keystone_password }}
+
+cinder_admin_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0
+cinder_admin_tenant_name = service
+cinder_admin_username = cinder
+cinder_admin_password = {{ cinder_keystone_password }}
+
+nova_admin_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0
+nova_admin_tenant_name = service
+nova_admin_username = {{ nova_keystone_user }}
+nova_admin_password = {{ nova_keystone_password }}
+
+[generic]
+# This is custom opt group that is used for storing opts of share-service.
+# This one is used only when enabled using opt `enabled_share_backends`
+# from DEFAULT group.
+
+# Set usage of Generic driver which uses Cinder as backend.
+share_driver = manila.share.drivers.generic.GenericShareDriver
+
+# Vif driver. Used only with Neutron. (string value)
+{% if neutron_plugin_agent == "openvswitch" %}
+interface_driver = manila.network.linux.interface.OVSInterfaceDriver
+{% elif neutron_plugin_agent == "linuxbridge" %}
+interface_driver = manila.network.linux.interface.BridgeInterfaceDriver
+{% endif %}
+
+# Generic driver supports both driver modes - with and without handling
+# of share servers. So, we need to define explicitly which one we are
+# enabling using this driver.
+{% if manila_dhss == "True" %}
+driver_handles_share_servers = True
+{% elif manila_dhss == "False" %}
+driver_handles_share_servers = False
+{% endif %}
+
+# Generic driver is the only driver that uses image from Glance for building
+# service VMs in Nova. And following are data for some specific image.
+# We used one defined in [1]
+# [1] https://github.com/openstack/manila/blob/6785cad9/devstack/plugin.sh#L86
+service_instance_password = {{ service_instance_password }}
+service_instance_user = {{ service_instance_user }}
+service_image_name = manila-service-image
+
+# These will be used for keypair creation and inserted into service VMs.
+path_to_private_key = /home/stack/.ssh/id_rsa
+path_to_public_key = /home/stack/.ssh/id_rsa.pub
+
+# Custom name for share backend.
+share_backend_name = GENERIC
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[oslo_concurrency]
+lock_path = /var/lib/manila/tmp
+
+[database]
+connection = mysql+pymysql://{{ manila_database_user }}:{{ manila_database_password }}@{{ manila_database_address }}/{{ manila_database_name }}
+
+[keystone_authtoken]
+signing_dir = /var/cache/manila
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ manila_keystone_user }}
+password = {{ manila_keystone_password }}
--- a/ansible/site.yml
+++ b/ansible/site.yml
@ -184,3 +184,13 @@
    - { role: mongodb,
        tags: mongodb,
        when: enable_mongodb | bool }
+
+- hosts:
+    - manila-api
+    - manila-share
+    - manila-scheduler
+    - rabbitmq
+  roles:
+    - { role: manila,
+        tags: manila,
+        when: enable_manila | bool }
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@ -99,3 +99,9 @@ neutron_external_interface: "eth1"
 # A requirement for using the erasure-coded pools is you must setup a cache tier
 # Valid options are [ erasure, replicated ]
 # ceph_pool_type: "replicated"
+
+
+#######################################
+# Manila - Shared File Systems Options
+#######################################
+# manila_enable_dhss: "yes"
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@ -64,6 +64,17 @@ mistral_keystone_password: "password"

 horizon_secret_key: "password"

+manila_database_password: "password"
+manila_keystone_password: "password"
+
+
+####################
+# Manila options
+####################
+service_instance_password: "manila"
+service_instance_user: "manila"
+
+
 ####################
 # RabbitMQ options
 ####################