From 335b5be62c7b8b839f96f64dbcc32c3b55c38e5f Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Mon, 2 Nov 2015 22:21:52 -0600 Subject: [PATCH] IRR for openstack_hosts The change moves the role out from the main repo openstack-ansible repository and into its own standalone repository. Items within this change: * The role has been updated to ensure it runs standalone. * Tests added to the role within tox. * Functional tests added to the role that can either be run via the run_tests.sh script or using tox. * dev requirements have been updated for testing usecases. * Docs added to both the README.rst file as well as the docs folder. Signed-off-by: Kevin Carter --- CONTRIBUTING.rst | 85 ++++++++ LICENSE | 202 ++++++++++++++++++ README.rst | 15 ++ defaults/main.yml | 108 ++++++++++ dev-requirements.txt | 6 + doc/Makefile | 195 +++++++++++++++++ doc/source/conf.py | 290 ++++++++++++++++++++++++++ doc/source/index.rst | 19 ++ handlers/main.yml | 21 ++ meta/main.yml | 32 +++ run_tests.sh | 38 ++++ setup.cfg | 24 +++ setup.py | 22 ++ tasks/main.yml | 25 +++ tasks/openstack_authorized_keys.yml | 44 ++++ tasks/openstack_host_packages.yml | 37 ++++ tasks/openstack_kernel_check.yml | 34 +++ tasks/openstack_kernel_modules.yml | 31 +++ tasks/openstack_kernel_tuning.yml | 26 +++ tasks/openstack_lvm_config.yml | 42 ++++ tasks/openstack_proxy_settings.yml | 23 ++ tasks/openstack_release.yml | 23 ++ tasks/openstack_sysstat.yml | 26 +++ tasks/openstack_update_hosts_file.yml | 47 +++++ templates/lvm.conf.j2 | 121 +++++++++++ templates/openstack-release.j2 | 6 + templates/sysstat.cron.j2 | 10 + templates/sysstat.default.j2 | 11 + tests/ansible-role-requirements.yml | 3 + tests/ansible.cfg | 3 + tests/inventory | 11 + tests/test.yml | 76 +++++++ tox.ini | 97 +++++++++ 33 files changed, 1753 insertions(+) create mode 100644 CONTRIBUTING.rst create mode 100644 LICENSE create mode 100644 README.rst create mode 100644 defaults/main.yml create mode 100644 dev-requirements.txt create mode 100644 doc/Makefile create mode 100644 doc/source/conf.py create mode 100644 doc/source/index.rst create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 run_tests.sh create mode 100644 setup.cfg create mode 100644 setup.py create mode 100644 tasks/main.yml create mode 100644 tasks/openstack_authorized_keys.yml create mode 100644 tasks/openstack_host_packages.yml create mode 100644 tasks/openstack_kernel_check.yml create mode 100644 tasks/openstack_kernel_modules.yml create mode 100644 tasks/openstack_kernel_tuning.yml create mode 100644 tasks/openstack_lvm_config.yml create mode 100644 tasks/openstack_proxy_settings.yml create mode 100644 tasks/openstack_release.yml create mode 100644 tasks/openstack_sysstat.yml create mode 100644 tasks/openstack_update_hosts_file.yml create mode 100644 templates/lvm.conf.j2 create mode 100644 templates/openstack-release.j2 create mode 100644 templates/sysstat.cron.j2 create mode 100644 templates/sysstat.default.j2 create mode 100644 tests/ansible-role-requirements.yml create mode 100644 tests/ansible.cfg create mode 100644 tests/inventory create mode 100644 tests/test.yml create mode 100644 tox.ini diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 00000000..a487f432 --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack host setup +#################### +:tags: openstack, host, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..8f71f43f --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.rst b/README.rst new file mode 100644 index 00000000..211d75aa --- /dev/null +++ b/README.rst @@ -0,0 +1,15 @@ +OpenStack host setup +#################### +:tags: openstack, host, cloud, ansible +:category: \*nix + +Role for basic setup and configuration of a host machine for the intended purpose of +use within OpenStack. + +.. code-block:: yaml + + - name: Basic host setup + hosts: "hosts" + user: root + roles: + - { role: "openstack_hosts", tags: [ "openstack-hosts-setup" ] } diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 00000000..5bd85cac --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,108 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +openstack_code_name: Mitaka +openstack_release: master + +openstack_host_systat_enabled: true +openstack_host_systat_interval: 1 +openstack_host_systat_statistics_hour: 23 + +## Defined required kernel. presently 3.13.0-32-generic +openstack_host_required_kernel: 3.13.0-34-generic + +## Kernel modules loaded on hosts +openstack_host_kernel_modules: + - 8021q + - dm_multipath + - dm_snapshot + - ip6table_filter + - ip6_tables + - ip_tables + - ipt_MASQUERADE + - ipt_REJECT + - iptable_filter + - iptable_mangle + - iptable_nat + - iscsi_tcp + - nbd + - nf_conntrack + - nf_conntrack_ipv4 + - nf_defrag_ipv4 + - nf_nat + - nf_nat_ipv4 + - scsi_dh + - vhost_net + - x_tables + +## Base packages +openstack_host_apt_packages: + - apparmor-utils + - apt-transport-https + - bridge-utils + - build-essential + - cgroup-lite + - curl + - dmeventd + - dstat + - htop + - iptables + - irqbalance + - libkmod-dev + - libkmod2 + - lvm2 + - python-software-properties + - python-dev + - rsync + - rsyslog + - sshpass + - sysstat + - time + - vlan + - wget + +# The following garbage collection values are set to better support lots of neutron networks/routers. +# Used for setting the net.ipv4/6.neigh.default.gc_thresh* values. This assumes that facts were +# gathered to obtain the total amount of memory available on a given host. If no facts are gathered +# the default set will be 1024 unless its defined by the user. +gc_val: "{{ ansible_memtotal_mb | default(1024) | bit_length_power_of_2 }}" +# The ste value has a Max allowable value of 8192 unless set by the user. +set_gc_val: "{{ gc_val if (gc_val | int <= 8192) else 8192 }}" + +# System control kernel tuning +openstack_kernel_options: + - { key: 'fs.inotify.max_user_watches', value: 36864 } + - { key: 'net.ipv4.conf.all.rp_filter', value: 0 } + - { key: 'net.ipv4.conf.default.rp_filter', value: 0 } + - { key: 'net.ipv4.ip_forward', value: 1 } + - { key: 'net.netfilter.nf_conntrack_max', value: 262144 } + - { key: 'vm.dirty_background_ratio', value: 5 } + - { key: 'vm.dirty_ratio', value: 10 } + - { key: 'vm.swappiness', value: 5 } + - { key: 'net.bridge.bridge-nf-call-ip6tables', value: 0 } + - { key: 'net.bridge.bridge-nf-call-iptables', value: 0 } + - { key: 'net.bridge.bridge-nf-call-arptables', value: 0 } + - { key: 'net.ipv4.neigh.default.gc_thresh1', value: "{{ set_gc_val | int // 2 }}" } + - { key: 'net.ipv4.neigh.default.gc_thresh2', value: "{{ set_gc_val | int }}" } + - { key: 'net.ipv4.neigh.default.gc_thresh3', value: "{{ set_gc_val | int * 2 }}" } + - { key: 'net.ipv4.route.gc_thresh', value: "{{ set_gc_val | int * 2 }}" } + - { key: 'net.ipv4.neigh.default.gc_interval', value: 60 } + - { key: 'net.ipv4.neigh.default.gc_stale_time', value: 120 } + - { key: 'net.ipv6.neigh.default.gc_thresh1', value: "{{ set_gc_val | int // 2 }}" } + - { key: 'net.ipv6.neigh.default.gc_thresh2', value: "{{ set_gc_val | int }}" } + - { key: 'net.ipv6.neigh.default.gc_thresh3', value: "{{ set_gc_val | int * 2 }}" } + - { key: 'net.ipv6.route.gc_thresh', value: "{{ set_gc_val | int * 2 }}" } + - { key: 'net.ipv6.neigh.default.gc_interval', value: 60 } + - { key: 'net.ipv6.neigh.default.gc_stale_time', value: 120 } diff --git a/dev-requirements.txt b/dev-requirements.txt new file mode 100644 index 00000000..f9f762ea --- /dev/null +++ b/dev-requirements.txt @@ -0,0 +1,6 @@ +ansible-lint +ansible>=1.9.1,<2.0.0 + +# this is required for the docs build jobs +sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 +oslosphinx>=2.5.0 # Apache-2.0 diff --git a/doc/Makefile b/doc/Makefile new file mode 100644 index 00000000..ce667a69 --- /dev/null +++ b/doc/Makefile @@ -0,0 +1,195 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) +$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " applehelp to make an Apple Help Book" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + @echo " coverage to run coverage check of the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-openstack_hosts.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-openstack_hosts.qhc" + +applehelp: + $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp + @echo + @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." + @echo "N.B. You won't be able to view it unless you put it in" \ + "~/Library/Documentation/Help or install it in your application" \ + "bundle." + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-openstack_hosts" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-openstack_hosts" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +coverage: + $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage + @echo "Testing of coverage in the sources finished, look at the " \ + "results in $(BUILDDIR)/coverage/python.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." + +livehtml: html + sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100644 index 00000000..9e7da129 --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,290 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +# +# openstack-ansible-openstack_hosts documentation build configuration file, created by +# sphinx-quickstart on Mon Apr 13 20:42:26 2015. +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'oslosphinx' +] + +# The link to the browsable source code (for the left hand menu) +oslosphinx_cgit_link = 'http://git.openstack.org/cgit/openstack/openstack-ansible-openstack_hosts' + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = 'openstack-ansible-openstack_hosts' +copyright = '2015, openstack-ansible-openstack_hosts contributors' +author = 'openstack-ansible-openstack_hosts contributors' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = 'master' +# The full version, including alpha/beta/rc tags. +release = 'master' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# html_theme = 'alabaster' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +# html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr' +# html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +# html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +# html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'openstack-ansible-openstack_hostsdoc' + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', + + # Latex figure (float) alignment + # 'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, 'openstack-ansible-openstack_hosts.tex', + 'openstack-ansible-openstack_hosts Documentation', + 'openstack-ansible-openstack_hosts contributors', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, 'openstack-ansible-openstack_hosts', + 'openstack-ansible-openstack_hosts Documentation', + [author], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, 'openstack-ansible-openstack_hosts', + 'openstack-ansible-openstack_hosts Documentation', + author, 'openstack-ansible-openstack_hosts', 'One line description of project.', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 00000000..bec90de3 --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,19 @@ +OpenStack_hosts Role Docs +========================= + +Role for basic setup and configuration of a host machine for the intended purpose of +use within OpenStack. This role was created to tune a host to receive OpenStack. +The basic operations within the role allow it to install, setup, and tune specific +kernel options that all OpenStack powered hosts will need to perform nominally. + + +Basic Role Example +^^^^^^^^^^^^^^^^^^ + +.. code-block:: yaml + + - name: Basic host setup + hosts: "hosts" + user: root + roles: + - { role: "openstack_hosts", tags: [ "openstack-hosts-setup" ] } diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 00000000..f05c2b02 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Restart sysstat + service: + name: "sysstat" + state: "restarted" + pattern: "sysstat" + enabled: "yes" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 00000000..f9d7c1b5 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Base host setup for a OpenStack Private Cloud host + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - host + - development + - openstack +dependencies: + - apt_package_pinning diff --git a/run_tests.sh b/run_tests.sh new file mode 100644 index 00000000..2e24671f --- /dev/null +++ b/run_tests.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -euov + +ROLE_NAME=$(basename $(pwd)) +FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true} + +pushd tests + ansible-galaxy install \ + --role-file=ansible-role-requirements.yml \ + --ignore-errors \ + --force + + ansible-playbook -i inventory \ + --syntax-check \ + --list-tasks \ + -e "rolename=${ROLE_NAME}" \ + test.yml + + ansible-lint test.yml + + if ${FUNCTIONAL_TEST}; then + ansible-playbook -i inventory -e "rolename=${ROLE_NAME}" test.yml + fi +popd diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 00000000..6bdd0545 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,24 @@ +[metadata] +name = openstack-ansible-openstack_hosts +summary = APT package pinning for OpenStack Ansible +description-file = + README.rst +author = OpenStack +author-email = openstack-dev@lists.openstack.org +home-page = http://www.openstack.org/ +classifier = + Intended Audience :: Developers + Intended Audience :: System Administrators + License :: OSI Approved :: Apache Software License + Operating System :: POSIX :: Linux + +[build_sphinx] +all_files = 1 +build-dir = doc/build +source-dir = doc/source + +[pbr] +warnerrors = True + +[wheel] +universal = 1 diff --git a/setup.py b/setup.py new file mode 100644 index 00000000..70c2b3f3 --- /dev/null +++ b/setup.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python +# Copyright (c) 2013 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT +import setuptools + +setuptools.setup( + setup_requires=['pbr'], + pbr=True) diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 00000000..51c50025 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: openstack_proxy_settings.yml +- include: openstack_host_packages.yml +- include: openstack_sysstat.yml +- include: openstack_update_hosts_file.yml +- include: openstack_lvm_config.yml +- include: openstack_kernel_check.yml +- include: openstack_kernel_modules.yml +- include: openstack_kernel_tuning.yml +- include: openstack_authorized_keys.yml +- include: openstack_release.yml diff --git a/tasks/openstack_authorized_keys.yml b/tasks/openstack_authorized_keys.yml new file mode 100644 index 00000000..810ffd70 --- /dev/null +++ b/tasks/openstack_authorized_keys.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure ssh directory + file: + path: "{{ ansible_env.HOME }}/.ssh" + state: "directory" + group: "{{ ansible_user_id }}" + owner: "{{ ansible_user_id }}" + mode: "0755" + tags: + - openstack-host-keys + +- name: Update SSH keys + get_url: + url: "{{ ssh_key_url }}" + dest: "{{ ansible_env.HOME }}/.ssh/remotekeys" + mode: "0640" + when: ssh_key_url is defined + tags: + - openstack-host-keys + +- name: Ensure all keys in authorized_keys + shell: | + while read key; do + if [[ ! "$(grep "$key" {{ ansible_env.HOME }}/.ssh/authorized_keys)" ]];then + echo "$key" | tee -a {{ ansible_env.HOME }}/.ssh/authorized_keys + fi + done < /root/.ssh/remotekeys + when: ssh_key_url is defined + tags: + - openstack-host-keys diff --git a/tasks/openstack_host_packages.yml b/tasks/openstack_host_packages.yml new file mode 100644 index 00000000..25765b94 --- /dev/null +++ b/tasks/openstack_host_packages.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Update apt sources + apt: + update_cache: yes + cache_valid_time: 600 + register: apt_update + until: apt_update|success + retries: 5 + delay: 2 + tags: + - openstack-apt-packages + +- name: Install host packages + apt: + pkg: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: openstack_host_apt_packages + tags: + - openstack-apt-packages diff --git a/tasks/openstack_kernel_check.yml b/tasks/openstack_kernel_check.yml new file mode 100644 index 00000000..6a1f5f9d --- /dev/null +++ b/tasks/openstack_kernel_check.yml @@ -0,0 +1,34 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Check Kernel Variant + fail: + msg: > + Wrong kernel Variant found + [ {{ ansible_kernel.split('-')[2] }} != generic ] + Resolve this issue before continuing. + when: ansible_kernel.split('-')[2] != 'generic' + tags: + - openstack-host-kernel-check + +- name: Check Kernel Version + fail: + msg: > + Wrong kernel Version found + [ {{ ansible_kernel }} < {{ openstack_host_required_kernel }} ] + Resolve this issue before continuing. + when: ansible_kernel | version_compare(openstack_host_required_kernel, '<') + tags: + - openstack-host-kernel-check diff --git a/tasks/openstack_kernel_modules.yml b/tasks/openstack_kernel_modules.yml new file mode 100644 index 00000000..0170ca20 --- /dev/null +++ b/tasks/openstack_kernel_modules.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "Ensure kernel module(s)" + modprobe: + name: "{{ item }}" + with_items: openstack_host_kernel_modules + when: openstack_host_kernel_modules is defined + tags: + - openstack-host-kernel-modules + +- name: "Ensure kernel module(s) loaded at boot" + lineinfile: + dest: /etc/modules + line: "{{ item }}" + with_items: openstack_host_kernel_modules + when: openstack_host_kernel_modules is defined + tags: + - openstack-host-kernel-modules diff --git a/tasks/openstack_kernel_tuning.yml b/tasks/openstack_kernel_tuning.yml new file mode 100644 index 00000000..22d7bd13 --- /dev/null +++ b/tasks/openstack_kernel_tuning.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Adding new system tuning + sysctl: + name: "{{ item.key }}" + value: "{{ item.value }}" + sysctl_set: "{{ item.set|default('yes') }}" + state: "{{ item.state|default('present') }}" + reload: "{{ item.reload|default('yes') }}" + with_items: openstack_kernel_options + ignore_errors: true + tags: + - openstack-host-kernel-tuning diff --git a/tasks/openstack_lvm_config.yml b/tasks/openstack_lvm_config.yml new file mode 100644 index 00000000..01af7dd1 --- /dev/null +++ b/tasks/openstack_lvm_config.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Discover lvm devices + shell: | + /sbin/pvdisplay | awk '/PV\ Name/ {print $3}' | sed 's/\/dev\///g' + register: lvm_devices + changed_when: lvm_devices.rc != 0 + failed_when: false + tags: + - openstack-host-lvm-config + +- name: Ensure "/etc/lvm" directory + file: + state: "directory" + path: "/etc/lvm" + when: lvm_devices.rc == 0 + tags: + - openstack-host-lvm-config + +- name: Drop lvm Config + template: + src: "lvm.conf.j2" + dest: "/etc/lvm/lvm.conf" + owner: "root" + group: "root" + backup: "yes" + when: lvm_devices.rc == 0 + tags: + - openstack-host-lvm-config diff --git a/tasks/openstack_proxy_settings.yml b/tasks/openstack_proxy_settings.yml new file mode 100644 index 00000000..d761ef28 --- /dev/null +++ b/tasks/openstack_proxy_settings.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install host proxy settings + lineinfile: + dest: /etc/environment + state: present + line: "{% if item.value %}{{ item.key }}={{ item.value }}{% endif %}" + with_dict: global_environment_variables |default({}) + tags: + - openstack-host-proxies diff --git a/tasks/openstack_release.yml b/tasks/openstack_release.yml new file mode 100644 index 00000000..52c0bd99 --- /dev/null +++ b/tasks/openstack_release.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Drop openstack release file + template: + src: "openstack-release.j2" + dest: "/etc/openstack-release" + owner: "root" + group: "root" + tags: + - openstack-release diff --git a/tasks/openstack_sysstat.yml b/tasks/openstack_sysstat.yml new file mode 100644 index 00000000..481b052e --- /dev/null +++ b/tasks/openstack_sysstat.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Enable sysstat + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode|default('0644')}}" + with_items: + - { src: "sysstat.default.j2", dest: "/etc/default/sysstat" } + - { src: "sysstat.cron.j2", dest: "/etc/cron.d/sysstat", mode: "0755" } + notify: Restart sysstat + tags: + - openstack-host-sysstat diff --git a/tasks/openstack_update_hosts_file.yml b/tasks/openstack_update_hosts_file.yml new file mode 100644 index 00000000..cffdb262 --- /dev/null +++ b/tasks/openstack_update_hosts_file.yml @@ -0,0 +1,47 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Update hosts file remove stale IP entries + lineinfile: + dest: /etc/hosts + regexp: "^{{ hostvars[item]['ansible_ssh_host'] }} (?!{{ item }}$)" + state: absent + with_items: + - "{{ groups['all_containers'] }}" + - "{{ groups['hosts'] }}" + tags: + - openstack-host-hostfile + +- name: Update hosts file remove stale Host entries + lineinfile: + dest: /etc/hosts + regexp: "(? 0 %} + {% for net in lv_devices %} + {% if net != '' %} + {% set lv_device = '"a/' + net + '/"' %} + {% if used_lvm_devices.append(lv_device) %}{% endif %} + {% endif %} + {% endfor %} +{% endif %} + +# Ansible Discovered LVM Devices {{ lv_devices }} + +{% if used_lvm_devices|length <= 0 %} + {% if used_lvm_devices.append('"a/.*/"') %}{% endif %} +{% else %} + {% if used_lvm_devices.append('"r/.*/"') %}{% endif %} +{% endif %} + +{% set use_udev = 1 %} + +devices { + dir = "/dev" + scan = [ "/dev" ] + obtain_device_list_from_udev = {{ use_udev }} + preferred_names = [ ] + filter = [ {{ used_lvm_devices|join(', ') }} ] + cache_dir = "/run/lvm" + cache_file_prefix = "" + write_cache_state = 1 + sysfs_scan = 1 + multipath_component_detection = 1 + md_component_detection = 1 + md_chunk_alignment = 1 + data_alignment_detection = 1 + data_alignment = 0 + data_alignment_offset_detection = 1 + ignore_suspended_devices = 0 + disable_after_error_count = 0 + require_restorefile_with_uuid = 1 + pv_min_size = 2048 + issue_discards = 1 +} +allocation { + maximise_cling = 1 + mirror_logs_require_separate_pvs = 0 + thin_pool_metadata_require_separate_pvs = 0 +} +log { + verbose = 0 + silent = 0 + syslog = 1 + overwrite = 0 + level = 0 + indent = 1 + command_names = 0 + prefix = " " +} +backup { + backup = 1 + backup_dir = "/etc/lvm/backup" + archive = 1 + archive_dir = "/etc/lvm/archive" + retain_min = 10 + retain_days = 30 +} +shell { + history_size = 100 +} +global { + umask = 077 + test = 0 + units = "h" + si_unit_consistency = 1 + activation = 1 + proc = "/proc" + locking_type = 1 + wait_for_locks = 1 + fallback_to_clustered_locking = 1 + fallback_to_local_locking = 1 + locking_dir = "/run/lock/lvm" + prioritise_write_locks = 1 + abort_on_internal_errors = 0 + detect_internal_vg_cache_corruption = 0 + metadata_read_only = 0 + mirror_segtype_default = "mirror" + use_lvmetad = 0 + thin_check_executable = "/usr/sbin/thin_check" + thin_check_options = [ "-q" ] +} +activation { + checks = 0 + udev_sync = {{ use_udev }} + udev_rules = {{ use_udev }} + verify_udev_operations = 0 + retry_deactivation = 1 + missing_stripe_filler = "error" + use_linear_target = 1 + reserved_stack = 64 + reserved_memory = 8192 + process_priority = -18 + mirror_region_size = 512 + readahead = "auto" + raid_fault_policy = "warn" + mirror_log_fault_policy = "allocate" + mirror_image_fault_policy = "remove" + snapshot_autoextend_threshold = 100 + snapshot_autoextend_percent = 20 + thin_pool_autoextend_threshold = 100 + thin_pool_autoextend_percent = 20 + use_mlockall = 0 + monitoring = 0 + polling_interval = 15 +} +dmeventd { + mirror_library = "libdevmapper-event-lvm2mirror.so" + snapshot_library = "libdevmapper-event-lvm2snapshot.so" + thin_library = "libdevmapper-event-lvm2thin.so" +} diff --git a/templates/openstack-release.j2 b/templates/openstack-release.j2 new file mode 100644 index 00000000..a35c342e --- /dev/null +++ b/templates/openstack-release.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +DISTRIB_ID="OASD" +DISTRIB_RELEASE="{{ openstack_release }}" +DISTRIB_CODENAME="{{ openstack_code_name }}" +DISTRIB_DESCRIPTION="OpenStack Cloud" diff --git a/templates/sysstat.cron.j2 b/templates/sysstat.cron.j2 new file mode 100644 index 00000000..6414cd38 --- /dev/null +++ b/templates/sysstat.cron.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +# The first element of the path is a directory where the debian-sa1 script is located +PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin + +# Activity reports every 10 minutes everyday +*/{{ openstack_host_systat_interval }} * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 + +# Additional run at 23:59 to rotate the statistics file +59 {{ openstack_host_systat_statistics_hour }} * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2 diff --git a/templates/sysstat.default.j2 b/templates/sysstat.default.j2 new file mode 100644 index 00000000..e97b0f2a --- /dev/null +++ b/templates/sysstat.default.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} + +# +# Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat +# and /etc/cron.daily/sysstat files +# + +# Should sadc collect system activity informations? Valid values +# are "true" and "false". Please do not put other values, they +# will be overwritten by debconf! +ENABLED="{{ openstack_host_systat_enabled }}" diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml new file mode 100644 index 00000000..d45fcdd1 --- /dev/null +++ b/tests/ansible-role-requirements.yml @@ -0,0 +1,3 @@ +- name: apt_package_pinning + src: https://github.com/os-cloud/openstack-ansible-apt_package_pinning + version: master diff --git a/tests/ansible.cfg b/tests/ansible.cfg new file mode 100644 index 00000000..cb234805 --- /dev/null +++ b/tests/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +roles_path = ../../ + diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 00000000..56041a44 --- /dev/null +++ b/tests/inventory @@ -0,0 +1,11 @@ +[all] +localhost ansible_ssh_host=127.0.0.1 ansible_connection=local +test1 ansible_ssh_host=127.111.111.101 +test2 ansible_ssh_host=127.111.111.102 + +[all_containers] +test1 +test2 + +[hosts] +localhost diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 00000000..722decf3 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,76 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for role testing + hosts: localhost + connection: local + roles: + - role: "{{ rolename | basename }}" + openstack_host_kernel_modules: + - dm_multipath + openstack_kernel_options: + - { key: 'vm.swappiness', value: 5 } + # The $HOME directory is mocked to work with tox + # by defining the 'ansible_env' hash. This should + # NEVER be done outside of testing. + ansible_env: ## NEVER DO THIS OUTSIDE OF TESTING + HOME: "/tmp" + global_environment_variables: + PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" + post_tasks: + - name: Open modules file + slurp: + src: /etc/modules + register: modules_file + - name: Open sysctl file + slurp: + src: /etc/sysctl.conf + register: sysctl_file + - name: Open hosts file + slurp: + src: /etc/hosts + register: hosts_file + - name: Read files + set_fact: + modules_content: "{{ modules_file.content | b64decode }}" + sysctl_content: "{{ sysctl_file.content | b64decode }}" + hosts_content: "{{ hosts_file.content | b64decode }}" + - name: Check for release file + stat: + path: /etc/openstack-release + register: release_file + - name: Check for systat file + stat: + path: /etc/default/sysstat + register: systat_file + - name: Check for environment file + stat: + path: /etc/environment + register: environment_file + - name: Check for ssh dir + stat: + path: /tmp/.ssh + register: ssh_dir + - name: Check role functions + assert: + that: + - "'dm_multipath' in modules_content" + - "'vm.swappiness' in sysctl_content" + - "'127.111.111.101 test1' in hosts_content" + - "'127.111.111.102 test2' in hosts_content" + - "release_file.stat.exists" + - "systat_file.stat.exists" + - "environment_file.stat.exists" + - "ssh_dir.stat.isdir" diff --git a/tox.ini b/tox.ini new file mode 100644 index 00000000..6d3d2aa3 --- /dev/null +++ b/tox.ini @@ -0,0 +1,97 @@ +[tox] +minversion = 1.6 +skipsdist = True +envlist = docs,pep8,bashate,ansible-syntax,ansible-lint + +[testenv] +usedevelop = True +install_command = pip install -U {opts} {packages} +setenv = VIRTUAL_ENV={envdir} +deps = -r{toxinidir}/dev-requirements.txt +commands = + /usr/bin/find . -type f -name "*.pyc" -delete + ansible-galaxy install \ + --role-file=ansible-role-requirements.yml \ + --ignore-errors \ + --force + +[testenv:docs] +commands = python setup.py build_sphinx + +# environment used by the -infra templated docs job +[testenv:venv] +deps = -r{toxinidir}/dev-requirements.txt +commands = {posargs} + +# Run hacking/flake8 check for all python files +[testenv:pep8] +deps = flake8 +whitelist_externals = bash +commands = + bash -c "grep -Irl \ + -e '!/usr/bin/env python' \ + -e '!/bin/python' \ + -e '!/usr/bin/python' \ + --exclude-dir '.*' \ + --exclude-dir 'doc' \ + --exclude-dir '*.egg' \ + --exclude-dir '*.egg-info' \ + --exclude 'tox.ini' \ + --exclude '*.sh' \ + {toxinidir} | xargs flake8 --verbose" + +[flake8] +# Ignores the following rules due to how ansible modules work in general +# F403 'from ansible.module_utils.basic import *' used; unable to detect undefined names +# H303 No wildcard (*) import. +ignore=F403,H303 + +# Run bashate check for all bash scripts +# Ignores the following rules: +# E003: Indent not multiple of 4 (we prefer to use multiples of 2) +[testenv:bashate] +deps = bashate +whitelist_externals = bash +commands = + bash -c "grep -Irl \ + -e '!/usr/bin/env bash' \ + -e '!/bin/bash' \ + -e '!/bin/sh' \ + --exclude-dir '.*' \ + --exclude-dir '*.egg' \ + --exclude-dir '*.egg-info' \ + --exclude 'tox.ini' \ + {toxinidir} | xargs bashate --verbose --ignore=E003" + +[testenv:ansible-syntax] +changedir = tests +commands = + ansible-galaxy install \ + --role-file=ansible-role-requirements.yml \ + --ignore-errors \ + --force + ansible-playbook -i inventory \ + --syntax-check \ + --list-tasks \ + -e "rolename={toxinidir}" \ + test.yml + +[testenv:ansible-lint] +changedir = tests +commands = + ansible-galaxy install \ + --role-file=ansible-role-requirements.yml \ + --ignore-errors \ + --force + ansible-lint test.yml + +[testenv:ansible-functional] +changedir = tests +commands = + ansible-galaxy install \ + --role-file=ansible-role-requirements.yml \ + --ignore-errors \ + --force + ansible-playbook -i inventory \ + -e "rolename={toxinidir}" \ + test.yml