diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 0ddc191c50..83033f7cb3 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -133,6 +133,8 @@ kibana_port: "5601" elasticsearch_port: "9200" +manila_api_port: "8786" + public_protocol: "http" internal_protocol: "http" admin_protocol: "http" @@ -191,6 +193,7 @@ enable_magnum: "no" enable_mistral: "no" enable_elk: "no" enable_mongodb: "no" +enable_manila: "no" ironic_keystone_user: "ironic" neutron_keystone_user: "neutron" @@ -240,3 +243,10 @@ ceph_nova_pool_name: "vms" ceph_erasure_profile: "k=4 m=2 ruleset-failure-domain=host" ceph_rule: "default host {{ 'indep' if ceph_pool_type == 'erasure' else 'firstn' }}" ceph_cache_rule: "cache host firstn" + + +####################################### +# Manila - Shared File Systems Options +####################################### +manila_enable_dhss: "yes" +manila_dhss: "{{ 'True' if manila_enable_dhss | bool else 'False' }}" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 0c72fde5f8..3bf301583f 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -81,6 +81,9 @@ control [mistral:children] control +[manila:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -143,6 +146,16 @@ cinder [cinder-volume:children] storage +# Manila +[manila-api:children] +manila + +[manila-scheduler:children] +manila + +[manila-share:children] +storage + # Swift [swift-proxy-server:children] swift diff --git a/ansible/roles/manila/defaults/main.yml b/ansible/roles/manila/defaults/main.yml new file mode 100644 index 0000000000..e08b72463b --- /dev/null +++ b/ansible/roles/manila/defaults/main.yml @@ -0,0 +1,42 @@ +--- +project_name: "manila" + +#################### +## Database +##################### +manila_database_name: "manila" +manila_database_user: "manila" +manila_database_address: "{{ kolla_internal_fqdn }}" + + +##################### +## Docker +##################### +manila_share_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-manila-share" +manila_share_tag: "{{ openstack_release }}" +manila_share_image_full: "{{ manila_share_image }}:{{ manila_share_tag }}" + +manila_scheduler_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-manila-scheduler" +manila_scheduler_tag: "{{ openstack_release }}" +manila_scheduler_image_full: "{{ manila_scheduler_image }}:{{ manila_scheduler_tag }}" + +manila_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-manila-api" +manila_api_tag: "{{ openstack_release }}" +manila_api_image_full: "{{ manila_api_image }}:{{ manila_api_tag }}" + + +##################### +## OpenStack +##################### +manila_public_address: "{{ kolla_external_fqdn }}" +manila_admin_address: "{{ kolla_internal_fqdn }}" +manila_internal_address: "{{ kolla_internal_fqdn }}" + +manila_logging_debug: "{{ openstack_logging_debug }}" + +manila_keystone_user: "manila" + +manila_tenant_name: "manila_tenant" + +openstack_manila_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" + diff --git a/ansible/roles/manila/meta/main.yml b/ansible/roles/manila/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/manila/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/manila/tasks/bootstrap.yml b/ansible/roles/manila/tasks/bootstrap.yml new file mode 100644 index 0000000000..ee76ac18d8 --- /dev/null +++ b/ansible/roles/manila/tasks/bootstrap.yml @@ -0,0 +1,55 @@ +--- +- name: Creating Manila database + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ manila_database_name }}'" + register: database + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and + (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['manila-api'][0] }}" + +- name: Reading json from variable + set_fact: + database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + +- name: Creating Manila database user and setting permissions + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ manila_database_name }}' + password='{{ manila_database_password }}' + host='%' + priv='{{ manila_database_name }}.*:ALL' + append_privs='yes'" + register: database_user_create + changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and + (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['manila-api'][0] }}" + +- name: Running Manila bootstrap container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ manila_api_image_full }}" + labels: + BOOTSTRAP: + name: "bootstrap_manila" + restart_policy: "never" + volumes: + - "{{ node_config_directory }}/manila-api/:{{ container_config_directory }}/:ro" + run_once: True + delegate_to: "{{ groups['manila-api'][0] }}" + when: database_created diff --git a/ansible/roles/manila/tasks/config.yml b/ansible/roles/manila/tasks/config.yml new file mode 100644 index 0000000000..169350cf7e --- /dev/null +++ b/ansible/roles/manila/tasks/config.yml @@ -0,0 +1,36 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item }}" + state: "directory" + recurse: yes + with_items: + - "manila-api" + - "manila-scheduler" + - "manila-share" + +- name: Copying over config.json files for services + template: + src: "{{ item }}.json.j2" + dest: "{{ node_config_directory }}/{{ item }}/config.json" + with_items: + - "manila-api" + - "manila-scheduler" + - "manila-share" + +- name: Copying over manila.conf + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/manila.conf.j2" + - "/etc/kolla/config/global.conf" + - "/etc/kolla/config/database.conf" + - "/etc/kolla/config/messaging.conf" + - "/etc/kolla/config/manila.conf" + - "/etc/kolla/config/manila/{{ item }}.conf" + dest: "{{ node_config_directory }}/{{ item }}/manila.conf" + with_items: + - "manila-api" + - "manila-scheduler" + - "manila-share" diff --git a/ansible/roles/manila/tasks/deploy.yml b/ansible/roles/manila/tasks/deploy.yml new file mode 100644 index 0000000000..c4e32b6e46 --- /dev/null +++ b/ansible/roles/manila/tasks/deploy.yml @@ -0,0 +1,16 @@ +--- +- include: register.yml + when: inventory_hostname in groups['manila-api'] + +- include: config.yml + when: inventory_hostname in groups['manila-api'] or + inventory_hostname in groups['manila-share'] or + inventory_hostname in groups['manila-scheduler'] + +- include: bootstrap.yml + when: inventory_hostname in groups['manila-api'] + +- include: start.yml + when: inventory_hostname in groups['manila-api'] or + inventory_hostname in groups['manila-share'] or + inventory_hostname in groups['manila-scheduler'] diff --git a/ansible/roles/manila/tasks/main.yml b/ansible/roles/manila/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/manila/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/manila/tasks/pull.yml b/ansible/roles/manila/tasks/pull.yml new file mode 100644 index 0000000000..608646f698 --- /dev/null +++ b/ansible/roles/manila/tasks/pull.yml @@ -0,0 +1,21 @@ +--- +- name: Pulling manila-api image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ manila_api_image_full }}" + when: inventory_hostname in groups['manila-api'] + +- name: Pulling manila-scheduler image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ manila_scheduler_image_full }}" + when: inventory_hostname in groups['manila-scheduler'] + +- name: Pulling manila-share image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ manila_share_image_full }}" + when: inventory_hostname in groups['manila-share'] diff --git a/ansible/roles/manila/tasks/register.yml b/ansible/roles/manila/tasks/register.yml new file mode 100644 index 0000000000..e5dcbe925c --- /dev/null +++ b/ansible/roles/manila/tasks/register.yml @@ -0,0 +1,57 @@ +--- +- name: Creating the Manila service and endpoint + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=manila + service_type=share + description='Openstack Shared Filesystems' + endpoint_region={{ openstack_region_name }} + admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s' + internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s' + public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_manila_auth }}' }}" + -e "{'openstack_manila_auth':{{ openstack_manila_auth }}}" + register: manila_endpoint + changed_when: "{{ manila_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (manila_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: manila_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + +- name: Creating the Manila v2 service and endpoint + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=manilav2 + service_type=sharev2 + description='Openstack Shared Filesystems' + endpoint_region={{ openstack_region_name }} + admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s' + internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s' + public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_manila_auth }}' }}" + -e "{'openstack_manila_auth':{{ openstack_manila_auth }}}" + register: manila_endpoint + changed_when: "{{ manila_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (manila_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: manila_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + +- name: Creating the Manila project, user and role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user=manila + password={{ manila_keystone_password }} + role=admin + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_manila_auth }}' }}" + -e "{'openstack_manila_auth':{{ openstack_manila_auth }}}" + register: manila_user + changed_when: "{{ manila_user.stdout.find('localhost | SUCCESS => ') != -1 and (manila_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: manila_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/manila/tasks/start.yml b/ansible/roles/manila/tasks/start.yml new file mode 100644 index 0000000000..d68cb48dff --- /dev/null +++ b/ansible/roles/manila/tasks/start.yml @@ -0,0 +1,35 @@ +--- +- name: Starting manila-api container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + name: "manila_api" + image: "{{ manila_api_image_full }}" + volumes: + - "{{ node_config_directory }}/manila-api/:{{ container_config_directory }}/:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['manila-api'] + +- name: Starting manila-scheduler container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + name: "manila_scheduler" + image: "{{ manila_scheduler_image_full }}" + volumes: + - "{{ node_config_directory }}/manila-scheduler/:{{ container_config_directory }}/:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['manila-scheduler'] + +- name: Starting manila-share container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + name: "manila_share" + image: "{{ manila_share_image_full }}" + privileged: True + volumes: + - "{{ node_config_directory }}/manila-share/:{{ container_config_directory }}/:ro" + - "/run/:/run/" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['manila-share'] diff --git a/ansible/roles/manila/templates/manila-api.json.j2 b/ansible/roles/manila/templates/manila-api.json.j2 new file mode 100644 index 0000000000..07e86dd75e --- /dev/null +++ b/ansible/roles/manila/templates/manila-api.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "manila-api --config-file /etc/manila/manila.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/manila.conf", + "dest": "/etc/manila/manila.conf", + "owner": "manila", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/manila/templates/manila-scheduler.json.j2 b/ansible/roles/manila/templates/manila-scheduler.json.j2 new file mode 100644 index 0000000000..b2c19b27b2 --- /dev/null +++ b/ansible/roles/manila/templates/manila-scheduler.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "manila-scheduler --config-file /etc/manila/manila.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/manila.conf", + "dest": "/etc/manila/manila.conf", + "owner": "manila", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/manila/templates/manila-share.json.j2 b/ansible/roles/manila/templates/manila-share.json.j2 new file mode 100644 index 0000000000..f3c28532a0 --- /dev/null +++ b/ansible/roles/manila/templates/manila-share.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "manila-share --config-file /etc/manila/manila.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/manila.conf", + "dest": "/etc/manila/manila.conf", + "owner": "manila", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2 new file mode 100644 index 0000000000..16355c760d --- /dev/null +++ b/ansible/roles/manila/templates/manila.conf.j2 @@ -0,0 +1,101 @@ +[DEFAULT] +debug = {{ manila_logging_debug }} + +log_dir = /var/log/kolla/manila +use_forwarded_for = true + +my_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} + +# Following opt is used for definition of share backends that should be enabled. +# Values are conf groupnames that contain per manila-share service opts. +enabled_share_backends = generic + +# Manila requires ‘share-type’ for share creation. +# So, set here name of some share-type that will be used by default. +default_share_type = default_share_type + +rootwrap_config = /etc/manila/rootwrap.conf +api_paste_config = /etc/manila/api-paste.ini + +rpc_backend = rabbit + +auth_strategy = keystone + +os_region_name = {{ openstack_region_name }} + +neutron_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }} +neutron_admin_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0 +neutron_admin_project_name = service +neutron_admin_username = {{ neutron_keystone_user }} +neutron_admin_password = {{ neutron_keystone_password }} + +cinder_admin_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0 +cinder_admin_tenant_name = service +cinder_admin_username = cinder +cinder_admin_password = {{ cinder_keystone_password }} + +nova_admin_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0 +nova_admin_tenant_name = service +nova_admin_username = {{ nova_keystone_user }} +nova_admin_password = {{ nova_keystone_password }} + +[generic] +# This is custom opt group that is used for storing opts of share-service. +# This one is used only when enabled using opt `enabled_share_backends` +# from DEFAULT group. + +# Set usage of Generic driver which uses Cinder as backend. +share_driver = manila.share.drivers.generic.GenericShareDriver + +# Vif driver. Used only with Neutron. (string value) +{% if neutron_plugin_agent == "openvswitch" %} +interface_driver = manila.network.linux.interface.OVSInterfaceDriver +{% elif neutron_plugin_agent == "linuxbridge" %} +interface_driver = manila.network.linux.interface.BridgeInterfaceDriver +{% endif %} + +# Generic driver supports both driver modes - with and without handling +# of share servers. So, we need to define explicitly which one we are +# enabling using this driver. +{% if manila_dhss == "True" %} +driver_handles_share_servers = True +{% elif manila_dhss == "False" %} +driver_handles_share_servers = False +{% endif %} + +# Generic driver is the only driver that uses image from Glance for building +# service VMs in Nova. And following are data for some specific image. +# We used one defined in [1] +# [1] https://github.com/openstack/manila/blob/6785cad9/devstack/plugin.sh#L86 +service_instance_password = {{ service_instance_password }} +service_instance_user = {{ service_instance_user }} +service_image_name = manila-service-image + +# These will be used for keypair creation and inserted into service VMs. +path_to_private_key = /home/stack/.ssh/id_rsa +path_to_public_key = /home/stack/.ssh/id_rsa.pub + +# Custom name for share backend. +share_backend_name = GENERIC + +[oslo_messaging_rabbit] +rabbit_userid = {{ rabbitmq_user }} +rabbit_password = {{ rabbitmq_password }} +rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[oslo_concurrency] +lock_path = /var/lib/manila/tmp + +[database] +connection = mysql+pymysql://{{ manila_database_user }}:{{ manila_database_password }}@{{ manila_database_address }}/{{ manila_database_name }} + +[keystone_authtoken] +signing_dir = /var/cache/manila +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ manila_keystone_user }} +password = {{ manila_keystone_password }} diff --git a/ansible/site.yml b/ansible/site.yml index ded4f6ef8b..cf1141239d 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -184,3 +184,13 @@ - { role: mongodb, tags: mongodb, when: enable_mongodb | bool } + +- hosts: + - manila-api + - manila-share + - manila-scheduler + - rabbitmq + roles: + - { role: manila, + tags: manila, + when: enable_manila | bool } diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index f286e96bfa..44f72ead76 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -99,3 +99,9 @@ neutron_external_interface: "eth1" # A requirement for using the erasure-coded pools is you must setup a cache tier # Valid options are [ erasure, replicated ] # ceph_pool_type: "replicated" + + +####################################### +# Manila - Shared File Systems Options +####################################### +# manila_enable_dhss: "yes" diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 7dc9626dee..b0c2d99655 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -64,6 +64,17 @@ mistral_keystone_password: "password" horizon_secret_key: "password" +manila_database_password: "password" +manila_keystone_password: "password" + + +#################### +# Manila options +#################### +service_instance_password: "manila" +service_instance_user: "manila" + + #################### # RabbitMQ options ####################