openstack
/
openstack-ansible-os_adjutant
Code Issues Proposed changes

Make role fit to the OSA standards 

We've pulled that role from github, and we need to make
an adjustments to standardize approach across all other
roles, like service and db create, uwsgi usage, etc.

We're also adding integrated CI.

Needed-By: https://review.opendev.org/756310
Change-Id: Ie95b9c723f29eb20f9e1e95e284d7ed20346aaff
This commit is contained in:
Dmitriy Rabotyagov 2020-10-06 17:08:19 +03:00
parent 763cb4e2f1
commit c5fbb4d2f5
35 changed files with 795 additions and 616 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.rst
View File

@ -25,7 +25,7 @@ Required Variables
adjutant_service_password
adjutant_rabbitmq_password
adjutant_container_mysql_password
adjutant_galera_password
adjutant_galera_address
Example Playbook
@ -42,6 +42,6 @@ Example Playbook
external_lb_vip_address: 172.16.24.1
internal_lb_vip_address: 192.168.0.1
adjutant_galera_address: "{{ internal_lb_vip_address }}"
adjutant_container_mysql_password: "SuperSecretePassword1"
adjutant_galera_password: "SuperSecretePassword1"
adjutant_service_password: "SuperSecretePassword2"
adjutant_rabbitmq_password: "SuperSecretePassword3"

77
defaults/main.yml
View File

@ -32,16 +32,12 @@ adjutant_system_home_folder: "/var/lib/{{ adjutant_system_user_name }}"
adjutant_venv_tag: untagged
adjutant_bin: "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}/bin"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
adjutant_venv_download: "{{ not adjutant_developer_mode | bool }}"
adjutant_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/adjutant.tgz
adjutant_git_repo: https://opendev.org/openstack/adjutant
adjutant_git_install_branch: stable/queens
adjutant_developer_constraints:
adjutant_git_install_branch: master
adjutant_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"
adjutant_git_constraints:
- "git+{{ adjutant_git_repo }}@{{ adjutant_git_install_branch }}#egg=adjutant"
- "--constraint {{ adjutant_upper_constraints_url }}"
adjutant_user_domain_name: Default
adjutant_user_domain_id: default
@ -50,12 +46,24 @@ adjutant_keystone_auth_plugin: password
adjutant_galera_address: "{{ galera_address | default('127.0.0.1') }}"
adjutant_galera_database: adjutant
adjutant_galera_user: adjutant
adjutant_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
adjutant_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
adjutant_galera_port: 3306
adjutant_galera_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
adjutant_galera_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((adjutant_galera_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"
## Service Type and Data
adjutant_role_name: admin
adjutant_service_region: RegionOne
adjutant_service_name: adjutant
adjutant_service_type: registration
adjutant_service_description: "Adjutant Registration Service"
adjutant_service_port: 5050
adjutant_service_project_name: service
adjutant_service_in_ldap: false
adjutant_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
adjutant_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((adjutant_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"
adjutant_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
adjutant_service_proto: http
adjutant_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(adjutant_service_proto) }}"
adjutant_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(adjutant_service_proto) }}"
@ -68,33 +76,11 @@ adjutant_service_internaluri: "{{ adjutant_service_internaluri_proto }}://{{ int
adjutant_service_internalurl: "{{ adjutant_service_internaluri }}/v1/"
adjutant_horizon_publicurl: "{{ openstack_service_publicuri_proto | default(adjutant_service_proto) }}://{{ external_lb_vip_address }}/"
#: Set this to false to disable API service through Apache + mod_wsgi
adjutant_use_mod_wsgi: true
# Apache setup
adjutant_apache_log_level: info
adjutant_apache_servertokens: "Prod"
adjutant_apache_serversignature: "Off"
# uWSGI settings
adjutant_wsgi_threads: 1
adjutant_wsgi_processes_max: 16
adjutant_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, adjutant_wsgi_processes_max] | min }}"
# set adjutant_ssl to true to enable SSL configuration on the adjutant containers
adjutant_ssl: false
adjutant_ssl_cert: /etc/ssl/certs/adjutant.pem
adjutant_ssl_key: /etc/ssl/private/adjutant.key
adjutant_ssl_ca_cert: /etc/ssl/certs/adjutant-ca.pem
adjutant_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
adjutant_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
# if using a self-signed certificate, set this to true to regenerate it
adjutant_ssl_self_signed_regen: false
adjutant_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
# Set these in user_variables to deploy custom certificates
#adjutant_user_ssl_cert: <path to cert on ansible deployment host>
#adjutant_user_ssl_key: <path to cert on ansible deployment host>
#adjutant_user_ssl_ca_cert: <path to cert on ansible deployment host>
adjutant_use_uwsgi: True
adjutant_email_backend: django.core.mail.backends.smtp.EmailBackend
adjutant_email_host: localhost
@ -239,6 +225,7 @@ adjutant_quota_sizes_asc:
- small
- medium
- large
adjutant_quota_services:
"*":
- cinder
@ -248,6 +235,7 @@ adjutant_quota_services:
# - octavia
adjutant_adjutant_conf_overrides: {}
adjutant_api_uwsgi_ini_overrides: {}
adjutant_api_init_overrides: {}
## Service Name-Group Mapping
@ -255,20 +243,19 @@ adjutant_services:
adjutant-api:
group: adjutant_api
service_name: adjutant-api
service_enabled: "{{ adjutant_use_mod_wsgi | ternary(false, true) }}"
service_enabled: true
init_config_overrides: "{{ adjutant_api_init_overrides }}"
execstarts: "{{ adjutant_bin }}/adjutant-api"
wsgi_app: "{{ adjutant_use_uwsgi }}"
wsgi_name: adjutant-api-wsgi
uwsgi_overrides: "{{ adjutant_api_uwsgi_ini_overrides }}"
uwsgi_bind_address: "{{ adjutant_bind_address }}"
uwsgi_port: "{{ adjutant_service_port }}"
adjutant_pip3_install_args: "{{ pip_install_options | default('') }}"
adjutant_venv_python_executable: python3
adjutant_venv_rebuild: no
adjutant_pip_install_args: "{{ pip_install_options | default('') }}"
adjutant_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}"
adjutant_pip3_packages:
- python-adjutant==0.5.0
adjutant_pip_packages:
- python-adjutant
- cryptography
- mod_wsgi
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
adjutant_role_project_group: adjutant_all
- systemd-python

16
doc/requirements.txt Normal file
View File

@ -0,0 +1,16 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
# WARNING:
# This file is maintained in the openstack-ansible-tests repository.
# https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/sync/doc/requirements.txt
# If you need to modify this file, update the one in the
# openstack-ansible-tests repository. Once it merges there, the changes will
# automatically be proposed to all the repositories which use it.
sphinx>=2.0.0,!=2.1.0 # BSD
sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD
openstackdocstheme>=2.2.1 # Apache-2.0
reno>=3.1.0 # Apache-2.0
doc8>=0.6.0 # Apache-2.0

0
doc/source/_static/ .placeholder Normal file
View File

60
doc/source/conf.py
View File

@ -22,9 +22,6 @@
# All configuration values have a default; values that are commented out
# serve to show the default.
import pbr.version
import os
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
@ -41,7 +38,7 @@ import os
extensions = [
'openstackdocstheme',
'sphinx.ext.autodoc',
'sphinxmark'
'sphinxcontrib.rsvgconverter',
]
# Add any paths that contain templates here, relative to this directory.
@ -66,28 +63,13 @@ description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.'
project = 'OpenStack-Ansible'
role_name = 'os_adjutant'
target_name = 'openstack-ansible-' + role_name
title = 'OpenStack-Ansible Documentation: ' + role_name + 'role'
# The link to the browsable source code (for the left hand menu)
oslosphinx_cgit_link = (
"https://git.openstack.org/cgit/openstack/{}".format(target_name)
)
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version_info = pbr.version.VersionInfo(target_name)
# The full version, including alpha/beta/rc tags.
release = version_info.version_string_with_vcs()
# The short X.Y version.
version = version_info.canonical_version_string()
title = 'OpenStack-Ansible Documentation: ' + role_name + ' role'
# openstackdocstheme options
repository_name = 'openstack/' + target_name
bug_project = project.lower()
bug_tag = ''
openstackdocs_repo_name = 'openstack/' + target_name
openstackdocs_pdf_link = True
openstackdocs_bug_project = project.lower()
openstackdocs_bug_tag = ''
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@ -122,7 +104,7 @@ exclude_patterns = []
# show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
pygments_style = 'native'
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
@ -174,10 +156,6 @@ html_static_path = ['_static']
# directly to the root of the documentation.
# html_extra_path = []
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
html_last_updated_fmt = '%Y-%m-%d %H:%M'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
# html_use_smartypants = True
@ -252,10 +230,12 @@ latex_elements = {
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, target_name + '.tex',
title, author, 'manual'),
(master_doc, 'doc-' + target_name + '.tex',
title.replace("_", r"\_"), author, 'manual'),
]
latex_use_xindy = False
# The name of an image file (relative to this directory) to place at the top of
# the title page.
# latex_logo = None
@ -312,17 +292,11 @@ texinfo_documents = [
# If true, do not generate a @detailmenu in the "Top" node's menu.
# texinfo_no_detailmenu = False
# -- Options for PDF output --------------------------------------------------
pdf_documents = [
(master_doc, target_name,
title, author)
]
watermark = os.popen("git branch --contains $(git rev-parse HEAD)\
| awk -F/ '/stable/ {print $2}'").read().strip(' \n\t').capitalize()
if watermark == "":
watermark = "Pre-release"
# -- Options for sphinxmark -----------------------------------------------
sphinxmark_enable = True
sphinxmark_div = 'docs-body'
sphinxmark_image = 'text'
sphinxmark_text = watermark
sphinxmark_text_color = (128, 128, 128)
sphinxmark_text_size = 70
locale_dirs = ['locale/']

6
examples/playbook.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Install os_adjutant service
hosts: localhost
user: root
roles:
- role: "os_adjutant"

2
extras/user_secrets_adjutant.yml
View File

@ -1,4 +1,4 @@
## Adjutant passwords
adjutant_service_password:
adjutant_container_mysql_password:
adjutant_galera_password:
adjutant_secret_key:

18
handlers/main.yml
View File

@ -22,13 +22,13 @@
- name: Stop services
service:
name: "{{ item.value.service_name }}"
enabled: "{{ (item.value.service_enabled | bool) | ternary('yes', 'no') }}"
enabled: yes
state: "stopped"
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
with_dict: "{{ adjutant_services }}"
when: inventory_hostname in groups[item.value.group]
register: _stop
until: _stop | success
until: _stop is success
retries: 5
delay: 2
@ -43,18 +43,6 @@
- inventory_hostname in groups[item.value.group]
- item.value.service_enabled | bool
register: _start
until: _start | success
retries: 5
delay: 2
- name: Restart Apache
service:
name: "{{ adjutant_system_service_name }}"
enabled: yes
state: "restarted"
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
when: adjutant_use_mod_wsgi | bool
register: _restart
until: _restart | success
until: _start is success
retries: 5
delay: 2

0
releasenotes/notes/.placeholder Normal file
View File

0
releasenotes/source/_static/ .placeholder Normal file
View File

276
releasenotes/source/conf.py Normal file
View File

@ -0,0 +1,276 @@
#!/usr/bin/env python3
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file is execfile()d with the current directory set to its
# containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
# sys.path.insert(0, os.path.abspath('.'))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'openstackdocstheme',
'reno.sphinxext',
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
author = 'OpenStack-Ansible Contributors'
category = 'Miscellaneous'
copyright = '2014-2016, OpenStack-Ansible Contributors'
description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.'
project = 'OpenStack-Ansible'
role_name = 'os_adjutant'
target_name = 'openstack-ansible-' + role_name
title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role'
# Release notes do not need a version number in the title, they
# cover multiple releases.
# The full version, including alpha/beta/rc tags.
release = ''
# The short X.Y version.
version = ''
# openstackdocstheme options
openstackdocs_repo_name = 'openstack/' + target_name
openstackdocs_bug_project = project.lower()
openstackdocs_bug_tag = ''
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
# language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
# today = ''
# Else, today_fmt is used as the format for a strftime call.
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = []
# The reST default role (used for this markup: `text`) to use for all
# documents.
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
# show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'native'
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
# keep_warnings = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
# html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
# html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
# html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
# html_extra_path = []
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
# html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
# html_additional_pages = {}
# If false, no module index is generated.
# html_domain_indices = True
# If false, no index is generated.
# html_use_index = True
# If true, the index is split into individual pages for each letter.
# html_split_index = False
# If true, links to the reST sources are added to the pages.
# html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
# html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = target_name + '-docs'
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
# 'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
# 'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
# 'preamble': '',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, target_name + '.tex',
title, author, 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
# latex_use_parts = False
# If true, show page references after internal links.
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
# latex_appendices = []
# If false, no module index is generated.
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
(master_doc, target_name,
title, [author], 1)
]
# If true, show URL addresses after external links.
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, target_name,
title, author, project,
description, category),
]
# Documents to append as an appendix to all manuals.
# texinfo_appendices = []
# If false, no module index is generated.
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
# texinfo_no_detailmenu = False
# -- Options for Internationalization output ------------------------------
locale_dirs = ['locale/']

8
releasenotes/source/index.rst Normal file
View File

@ -0,0 +1,8 @@
================================
OpenStack-Ansible Release Notes
================================
.. toctree::
:maxdepth: 1
unreleased

5
releasenotes/source/unreleased.rst Normal file
View File

@ -0,0 +1,5 @@
==============================
Current Series Release Notes
==============================
.. release-notes::

90
tasks/adjutant_apache.yml
View File

@ -1,90 +0,0 @@
---
# Copyright 2018, Elastx AB.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Drop apache2 virtual host and ports file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
with_items: "{{ adjutant_apache_config }}"
notify:
- Restart Apache
- name: Disable default apache site
file:
path: "{{ item }}"
state: "absent"
with_items: "{{ adjutant_apache_default_sites }}"
notify:
- Restart Apache
- name: Enabled adjutant vhost
file:
src: "{{ adjutant_apache_site_available }}"
dest: "{{ adjutant_apache_site_enabled }}"
state: "link"
when:
- adjutant_apache_site_available is defined
- adjutant_apache_site_enabled is defined
notify:
- Restart Apache
- name: Ensure Apache ServerName
lineinfile:
dest: "{{ adjutant_apache_conf }}"
line: "ServerName {{ inventory_hostname }}"
notify:
- Restart Apache
- name: Ensure Apache ServerTokens
lineinfile:
dest: "{{ adjutant_apache_security_conf }}"
regexp: '^ServerTokens'
line: "ServerTokens {{ adjutant_apache_servertokens }}"
notify:
- Restart Apache
- name: Ensure Apache ServerSignature
lineinfile:
dest: "{{ adjutant_apache_security_conf }}"
regexp: '^ServerSignature'
line: "ServerSignature {{ adjutant_apache_serversignature }}"
notify:
- Restart Apache
- name: Remove Listen from Apache config
lineinfile:
dest: "{{ adjutant_apache_security_conf }}"
regexp: '^(Listen.*)'
backrefs: yes
line: '#\1'
notify:
- Restart Apache
- name: Enable/disable mods for apache2
apache2_module:
name: "{{ item.name }}"
state: "{{ item.state }}"
when:
- ansible_pkg_mgr == 'apt'
with_items:
- name: ssl
state: "{{ adjutant_ssl | bool | ternary('present', 'absent') }}"
- name: rewrite
state: present
notify:
- Restart Apache

26
tasks/adjutant_db_setup.yml → tasks/adjutant_db_sync.yml
View File

@ -15,32 +15,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ adjutant_galera_address }}"
name: "{{ adjutant_galera_database }}"
state: "present"
delegate_to: "{{ groups['galera_all'][0] }}"
no_log: true
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ adjutant_galera_address }}"
name: "{{ adjutant_galera_user }}"
password: "{{ adjutant_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ adjutant_galera_database }}.*:ALL"
delegate_to: "{{ groups['galera_all'][0] }}"
no_log: true
with_items:
- "localhost"
- "%"
- name: Perform adjutant migrate
command: "{{ adjutant_bin }}/adjutant-api migrate"
become: yes

96
tasks/adjutant_domain_setup.yml
View File

@ -1,96 +0,0 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# (C) 2016 Michael Rice <michael.rice@rackspace.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure adjutant specific roles
keystone:
command: "ensure_role"
role_name: "{{ item }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
with_items:
- "project_admin"
- "project_mod"
no_log: True
- name: Ensure adjutant user
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ adjutant_service_user_name }}"
domain_name: "{{ adjutant_user_domain_name }}"
password: "{{ adjutant_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
no_log: True
- name: Add adjutant user to service admin role
keystone:
command: "ensure_user_role"
user_name: "{{ adjutant_service_user_name }}"
project_name: "service"
role_name: "admin"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
no_log: True
- name: Ensure adjutant service
keystone:
command: "ensure_service"
service_name: "{{ adjutant_service_name }}"
service_type: "{{ adjutant_service_type }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
no_log: True
- name: Ensure adjutant endpoints
keystone:
command: "ensure_endpoint"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
region_name: "{{ adjutant_service_region }}"
service_name: "{{ adjutant_service_name }}"
service_type: "{{ adjutant_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ adjutant_service_publicurl }}"
interface: "public"
- url: "{{ adjutant_service_internalurl }}"
interface: "internal"
- url: "{{ adjutant_service_adminurl }}"
interface: "admin"
register: add_endpoint
until: add_endpoint|success
retries: 5
delay: 10
no_log: True

60
tasks/adjutant_init_systemd.yml
View File

@ -1,60 +0,0 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create TEMP run dir
file:
path: "/var/run/{{ item.value.service_name }}"
state: directory
owner: "{{ adjutant_system_user_name }}"
group: "{{ adjutant_system_group_name }}"
mode: "02755"
with_dict: "{{ adjutant_services }}"
when: inventory_hostname in groups[item.value.group]
- name: Create TEMP lock dir
file:
path: "/var/lock/{{ item.value.service_name }}"
state: directory
owner: "{{ adjutant_system_user_name }}"
group: "{{ adjutant_system_group_name }}"
mode: "02755"
with_dict: "{{ adjutant_services }}"
when: inventory_hostname in groups[item.value.group]
- name: Create tempfile.d entry
template:
src: "adjutant-systemd-tempfiles.j2"
dest: "/etc/tmpfiles.d/adjutant.conf"
mode: "0644"
owner: "root"
group: "root"
with_dict: "{{ adjutant_services }}"
when: inventory_hostname in groups[item.value.group]
notify:
- Restart adjutant services
- name: Place the systemd init script
config_template:
src: "adjutant-systemd-init.j2"
dest: "/etc/systemd/system/{{ item.value.service_name }}.service"
mode: "0644"
owner: "root"
group: "root"
config_overrides: "{{ item.value.init_config_overrides }}"
config_type: "ini"
with_dict: "{{ adjutant_services }}"
when: inventory_hostname in groups[item.value.group]
notify:
- Restart adjutant services

7
tasks/adjutant_post_install.yml
View File

@ -31,15 +31,14 @@
config_type: "yaml"
notify:
- Restart adjutant services
- Restart Apache
- name: Drop Adjutant WSGI Configs
template:
src: wsgi.py.j2
dest: /var/www/cgi-bin/adjutant/adjutant-api
dest: "{{ adjutant_bin }}/adjutant-api-wsgi"
owner: "{{ adjutant_system_user_name }}"
group: "{{ adjutant_system_group_name }}"
mode: "0755"
when: adjutant_use_mod_wsgi | bool
when: adjutant_use_uwsgi | bool
notify:
- Restart Apache
- Restart adjutant services

34
tasks/adjutant_pre_install.yml
View File

@ -41,38 +41,4 @@
with_items:
- { path: "/openstack", mode: "0755", owner: "root", group: "root" }
- { path: "/etc/adjutant" }
- name: Create Apache mod_wsgi dirs
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(adjutant_system_user_name) }}"
group: "{{ item.owner|default(adjutant_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/var/www/cgi-bin", owner: root, group: root }
- { path: "/var/www/cgi-bin/adjutant" }
when: adjutant_use_mod_wsgi | bool
- name: Test for log directory or link
shell: |
if [ -h "/var/log/adjutant" ]; then
chown -h {{ adjutant_system_user_name }}:{{ adjutant_system_group_name }} "/var/log/adjutant"
chown -R {{ adjutant_system_user_name }}:{{ adjutant_system_group_name }} "$(readlink /var/log/adjutant)"
else
exit 1
fi
register: log_dir
failed_when: false
changed_when: log_dir.rc != 0
- name: Create adjutant log dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(adjutant_system_user_name) }}"
group: "{{ item.group|default(adjutant_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/var/log/adjutant" }
when: log_dir.rc != 0

48
tasks/db_setup.yml Normal file
View File

@ -0,0 +1,48 @@
---
# Copyright 2019, VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# WARNING:
# This file is maintained in the openstack-ansible-tests repository.
# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/sync/tasks/db_setup.yml
# If you need to modify this file, update the one in the openstack-ansible-tests
# repository. Once it merges there, the changes will automatically be proposed to
# all the repositories which use it.
- name: Setup Database Service (MariaDB)
delegate_to: "{{ _oslodb_setup_host }}"
vars:
ansible_python_interpreter: "{{ _oslodb_ansible_python_interpreter }}"
tags:
- common-mariadb
block:
- name: Create database for service
community.mysql.mysql_db:
name: "{{ item.name }}"
login_host: "{{ _oslodb_setup_endpoint | default(omit) }}"
login_port: "{{ _oslodb_setup_port | default(omit) }}"
loop: "{{ _oslodb_databases }}"
no_log: true
- name: Grant access to the database for the service
community.mysql.mysql_user:
name: "{{ item.1.username }}"
password: "{{ item.1.password }}"
host: "{{ item.1.host | default('%') }}"
priv: "{{ item.0.name }}.*:{{ item.1.priv | default('ALL') }}"
append_privs: yes
login_host: "{{ _oslodb_setup_endpoint | default(omit) }}"
login_port: "{{ _oslodb_setup_port | default(omit) }}"
loop: "{{ _oslodb_databases | subelements('users') }}"
no_log: true

125
tasks/main.yml
View File

@ -27,81 +27,122 @@
tags:
- always
- name: Check init system
command: cat /proc/1/comm
changed_when: false
register: _pid1_name
- import_tasks: db_setup.yml
when: inventory_hostname == groups['adjutant_all'][0]
vars:
_oslodb_setup_host: "{{ adjutant_galera_setup_host }}"
_oslodb_ansible_python_interpreter: "{{ adjutant_galera_setup_python_interpreter }}"
_oslodb_setup_endpoint: "{{ adjutant_galera_address }}"
_oslodb_setup_port: "{{ adjutant_galera_port }}"
_oslodb_databases:
- name: "{{ adjutant_galera_database }}"
users:
- username: "{{ adjutant_galera_user }}"
password: "{{ adjutant_galera_password }}"
tags:
- always
- common-db
- adjutant-config
- name: Set the name of pid1
set_fact:
pid1_name: "{{ _pid1_name.stdout }}"
tags:
- always
- include: adjutant_pre_install.yml
tags:
- adjutant-install
- name: Install distro packages
package:
pkg: virtualenv
state: present
update_cache: "{{ (ansible_pkg_mgr == 'apt') | ternary('yes', omit) }}"
cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
- import_tasks: adjutant_pre_install.yml
tags:
- adjutant-install
- name: Install the python venv
import_role:
name: "ansible-role-python_venv_build"
name: "python_venv_build"
vars:
venv_python_executable: "{{ adjutant_venv_python_executable }}"
venv_build_constraints: "{{ adjutant_git_constraints }}"
venv_build_distro_package_list: "{{ adjutant_devel_distro_packages }}"
venv_install_destination_path: "{{ adjutant_bin | dirname }}"
venv_install_distro_package_list: "{{ adjutant_distro_packages }}"
venv_pip_install_args: "{{ adjutant_pip3_install_args }}"
venv_pip_packages: "{{ adjutant_pip3_packages }}"
venv_pip_install_args: "{{ adjutant_pip_install_args }}"
venv_pip_packages: "{{ adjutant_pip_packages }}"
venv_facts_when_changed:
- section: "adjutant"
option: "venv_tag"
value: "{{ adjutant_venv_tag }}"
venv_rebuild: "{{ adjutant_venv_rebuild | default('no') }}"
venv_wheel_build_enable: false
tags:
- adjutant-install
- include: adjutant_post_install.yml
- import_tasks: adjutant_post_install.yml
static: no
tags:
- adjutant-config
- include: adjutant_domain_setup.yml
- import_tasks: adjutant_db_sync.yml
when: inventory_hostname == groups['adjutant_all'][0]
tags:
- adjutant-config
- include: adjutant_db_setup.yml
- import_tasks: service_setup.yml
vars:
_service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}"
_service_in_ldap: "{{ adjutant_service_in_ldap }}"
_service_setup_host: "{{ adjutant_service_setup_host }}"
_service_setup_host_python_interpreter: "{{ adjutant_service_setup_host_python_interpreter }}"
_service_project_name: "{{ adjutant_service_project_name }}"
_service_region: "{{ adjutant_service_region }}"
_service_users:
- name: "{{ adjutant_service_user_name }}"
password: "{{ adjutant_service_password }}"
role: "{{ adjutant_role_name }}"
- role: "project_mod"
- role: "project_admin"
_service_catalog:
- name: "{{ adjutant_service_name }}"
type: "{{ adjutant_service_type }}"
description: "{{ adjutant_service_description }}"
_service_endpoints:
- interface: "public"
url: "{{ adjutant_service_publicurl }}"
service: "{{ adjutant_service_name }}"
- interface: "internal"
url: "{{ adjutant_service_internalurl }}"
service: "{{ adjutant_service_name }}"
- interface: "admin"
url: "{{ adjutant_service_adminurl }}"
service: "{{ adjutant_service_name }}"
when: inventory_hostname == groups['adjutant_all'][0]
tags:
- adjutant-config
- include: "adjutant_init_{{ ansible_service_mgr }}.yml"
static: no
- name: Run the systemd service role
include_role:
name: systemd_service
vars:
systemd_user_name: "{{ adjutant_system_user_name }}"
systemd_group_name: "{{ adjutant_system_group_name }}"
systemd_tempd_prefix: openstack
systemd_slice_name: adjutant
systemd_lock_path: /var/lock/adjutant
systemd_CPUAccounting: true
systemd_BlockIOAccounting: true
systemd_MemoryAccounting: true
systemd_TasksAccounting: true
systemd_services:
- service_name: "{{ service_var.service_name }}"
enabled: yes
state: started
execstarts: "{{ service_var.execstarts }}"
execreloads: "{{ service_var.execreloads | default([]) }}"
config_overrides: "{{ service_var.init_config_overrides }}"
with_items: "{{ filtered_adjutant_services }}"
loop_control:
loop_var: service_var
tags:
- adjutant-setup
- adjutant-config
- systemd-service
- include: adjutant_apache.yml
static: no
when:
- adjutant_use_mod_wsgi | bool
- name: Import uwsgi role
import_role:
name: uwsgi
vars:
uwsgi_services: "{{ uwsgi_adjutant_services }}"
uwsgi_install_method: "source"
tags:
- adjutant-setup
- adjutant-install
- adjutant-config
- uwsgi
- name: Flush handlers
meta: flush_handlers

162
tasks/service_setup.yml Normal file
View File

@ -0,0 +1,162 @@
---
# Copyright 2019, VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# WARNING:
# This file is maintained in the openstack-ansible-tests repository.
# https://opendev.org/openstack/openstack-ansible-tests/src/sync/tasks/service_setup.yml
# If you need to modify this file, update the one in the openstack-ansible-tests
# repository. Once it merges there, the changes will automatically be proposed to
# all the repositories which use it.
# We set the python interpreter to the ansible runtime venv if
# the delegation is to localhost so that we get access to the
# appropriate python libraries in that venv. If the delegation
# is to another host, we assume that it is accessible by the
# system python instead.
- name: Setup the OS service
delegate_to: "{{ _service_setup_host }}"
vars:
ansible_python_interpreter: "{{ _service_setup_host_python_interpreter }}"
block:
- name: Add keystone domain
openstack.cloud.os_keystone_domain:
cloud: default
state: present
description: "{{ _domain_name_description | default(omit) }}"
name: "{{ _domain_name }}"
endpoint_type: admin
verify: "{{ not _service_adminuri_insecure }}"
register: add_domain
when: _domain_name is defined
until: add_domain is success
retries: 5
delay: 10
- name: Add service project
openstack.cloud.os_project:
cloud: default
state: present
name: "{{ _project_name }}"
description: "{{ _project_description | default(omit) }}"
domain_id: "{{ _project_domain | default('default') }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
when:
- not (_service_in_ldap | default(False) | bool)
- _project_name is defined
until: add_service is success
retries: 5
delay: 10
- name: Add services to the keystone service catalog
openstack.cloud.os_keystone_service:
cloud: default
state: "{{ item.state | default('present') }}"
name: "{{ item.name }}"
service_type: "{{ item.type }}"
description: "{{ item.description | default('') }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
with_items: "{{ _service_catalog }}"
when: _service_catalog is defined
until: add_service is success
retries: 5
delay: 10
- name: Add keystone roles
openstack.cloud.os_keystone_role:
cloud: default
state: present
name: "{{ item.role }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
when:
- not (_service_in_ldap | default(False) | bool)
- _service_users is defined
- "'role' in item"
- (item.condition | default(True)) | bool
until: add_service is success
with_items: "{{ _service_users }}"
retries: 5
delay: 10
no_log: True
- name: Add service users
openstack.cloud.os_user:
cloud: default
state: present
name: "{{ item.name }}"
password: "{{ item.password }}"
domain: "{{ item.domain | default('default') }}"
default_project: "{{ item.project | default(_service_project_name) }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
update_password: always
register: add_service
when:
- not (_service_in_ldap | default(False) | bool)
- _service_users is defined
- "'name' in item"
- "'password' in item"
- (item.condition | default(True)) | bool
until: add_service is success
with_items: "{{ _service_users }}"
retries: 5
delay: 10
no_log: True
- name: Add service users to the role
openstack.cloud.os_user_role:
cloud: default
state: present
user: "{{ item.name }}"
role: "{{ item.role }}"
project: "{{ item.project | default(_service_project_name) }}"
domain: "{{ item.domain | default(omit) }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
when:
- not (_service_in_ldap | default(False) | bool)
- _service_users is defined
- "'name' in item"
- "'role' in item"
- (item.condition | default(True)) | bool
until: add_service is success
with_items: "{{ _service_users }}"
retries: 5
delay: 10
no_log: True
- name: Add endpoints to keystone endpoint catalog
openstack.cloud.os_keystone_endpoint:
cloud: default
state: "{{ item.state | default('present') }}"
service: "{{ item.service }}"
endpoint_interface: "{{ item.interface }}"
url: "{{ item.url }}"
region: "{{ _service_region | default('RegionOne') }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
until: add_service is success
retries: 5
delay: 10
with_items: "{{ _service_endpoints }}"
when: _service_endpoints is defined

44
templates/adjutant-httpd.conf.j2
View File

@ -1,44 +0,0 @@
# {{ ansible_managed }}
<VirtualHost *:{{ adjutant_service_port }}>
ServerName {{ ansible_hostname }}
WSGIDaemonProcess adjutant lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ adjutant_system_user_name }} group={{ adjutant_system_group_name }} processes={{ adjutant_wsgi_processes }} threads={{ adjutant_wsgi_threads }} display-name=%{GROUP}
WSGIProcessGroup adjutant
WSGIScriptAlias / /var/www/cgi-bin/adjutant/adjutant-api
WSGIApplicationGroup %{GLOBAL}
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel {{ adjutant_apache_log_level }}
ErrorLog /var/log/adjutant/adjutant-apache-error.log
CustomLog /var/log/adjutant/adjutant-access.log combined
{% if adjutant_ssl | bool and adjutant_service_internaluri_proto == "https" -%}
SSLEngine on
SSLCertificateFile {{ adjutant_ssl_cert }}
SSLCertificateKeyFile {{ adjutant_ssl_key }}
{% if adjutant_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ adjutant_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol {{ adjutant_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ adjutant_ssl_cipher_suite }}
SSLOptions +StdEnvVars +ExportCertData
{% endif %}
</VirtualHost>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options +ExecCGI -Includes
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>

3
templates/adjutant-ports.conf.j2
View File

@ -1,3 +0,0 @@
# {{ ansible_managed }}
Listen {{ adjutant_service_port }}

34
templates/adjutant-systemd-init.j2
View File

@ -1,34 +0,0 @@
# {{ ansible_managed }}
[Unit]
Description=adjutant openstack service
After=syslog.target
After=network.target
[Service]
Type=simple
User={{ adjutant_system_user_name }}
Group={{ adjutant_system_group_name }}
{% if program_override is defined %}
ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/adjutant/{{ item.value.service_name }}.log
{% else %}
ExecStart={{ adjutant_bin }}/{{ item.value.service_name }} {{ program_config_options|default('') }} --log-file=/var/log/adjutant/{{ item.value.service_name }}.log
{% endif %}
# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec=120
Restart=on-failure
RestartSec=2
# This creates a specific slice which all services will operate from
# The accounting options give us the ability to see resource usage through
# the `systemd-cgtop` command.
Slice=adjutant.slice
CPUAccounting=true
BlockIOAccounting=true
MemoryAccounting=false
TasksAccounting=true
[Install]
WantedBy=multi-user.target

4
templates/adjutant-systemd-tempfiles.j2
View File

@ -1,4 +0,0 @@
# {{ ansible_managed }}
D /var/lock/{{ item.value.service_name }} 2755 {{ adjutant_system_user_name }} {{ adjutant_system_group_name }}
D /var/run/{{ item.value.service_name }} 2755 {{ adjutant_system_user_name }} {{ adjutant_system_group_name }}

4
templates/adjutant-wsgi.load.j2
View File

@ -1,4 +0,0 @@
# {{ ansible_managed }}
LoadModule wsgi_module "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}/lib/python3.5/site-packages/mod_wsgi/server/mod_wsgi-py35.cpython-35m-x86_64-linux-gnu.so"
WSGIPythonHome "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}"

25
templates/adjutant.yaml.j2
View File

@ -10,15 +10,34 @@ django:
ENGINE: django.db.backends.mysql
HOST: '{{ adjutant_galera_address }}'
NAME: '{{ adjutant_galera_database }}'
PASSWORD: '{{ adjutant_container_mysql_password }}'
PASSWORD: '{{ adjutant_galera_password }}'
USER: '{{ adjutant_galera_user }}'
log_file: adjutant.log
logging:
version: 1
disable_existing_loggers: False
handlers:
syslog:
class: logging.handlers.SysLogHandler
address: /dev/log
loggers:
adjutant:
handlers:
- syslog
propagate: False
django:
handlers:
- syslog
propagate: False
keystonemiddleware:
handlers:
- syslog
propagate: False
email:
email_backend: {{ adjutant_email_backend }}
host: {{ adjutant_email_host }}
port: {{ adjutant_email_port }}
host_user: {{ adjutant_email_host_user }}
host_password: {{ adjutant_email_host_password }}
host_password: {{ adjutant_email_host_password | default('') }}
use_tls: {{ adjutant_email_use_tls }}
use_ssl: {{ adjutant_email_use_ssl }}

2
tests/os_adjutant-overrides.yml
View File

@ -16,6 +16,6 @@
adjutant_venv_tag: "testing"
adjutant_developer_mode: true
adjutant_galera_address: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}"
adjutant_container_mysql_password: "SuperSecrete"
adjutant_galera_password: "SuperSecrete"
adjutant_service_password: "secrete"
adjutant_secret_key: "secretkey"

15
tox.ini
View File

@ -31,10 +31,20 @@ setenv =
[testenv:docs]
deps = -r{toxinidir}/doc/requirements.txt
commands=
bash -c "rm -rf doc/build"
doc8 doc
python setup.py build_sphinx
sphinx-build -W --keep-going -b html doc/source doc/build/html
[testenv:pdf-docs]
deps = {[testenv:docs]deps}
whitelist_externals =
make
commands =
sphinx-build -W --keep-going -b latex doc/source doc/build/pdf
make -C doc/build/pdf
[doc8]
@ -43,8 +53,9 @@ extensions = .rst
[testenv:releasenotes]
deps = -r{toxinidir}/doc/requirements.txt
commands =
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html
# environment used by the -infra templated docs job

24
vars/debian.yml Normal file
View File

@ -0,0 +1,24 @@
---
# Copyright 2016, Walmart Stores, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## APT Cache options
cache_timeout: 600
adjutant_devel_distro_packages:
- cmake
- gcc
- python3-dev
- git-core
- libsystemd-dev

48
vars/main.yml Normal file
View File

@ -0,0 +1,48 @@
---
# Copyright 2020, City Network International AB.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
filtered_adjutant_services: |-
{% set services = [] %}
{% for key, value in adjutant_services.items() %}
{% if (value['group'] in group_names) and
(('condition' not in value) or
('condition' in value and value['condition'])) and
not ('wsgi_app' in value and value['wsgi_app']) %}
{% set _ = value.update({'service_key': key}) %}
{% set _ = services.append(value) %}
{% endif %}
{% endfor %}
{{ services | sort(attribute='start_order') }}
uwsgi_adjutant_services: |-
{% set services = {} %}
{% for key, value in adjutant_services.items() %}
{% if (value['group'] in group_names) and
(('condition' not in value) or ('condition' in value and value['condition']))
and ('wsgi_app' in value and value['wsgi_app']) %}
{% set _ = value.update(
{
'wsgi_path': adjutant_bin ~ '/' ~ value.wsgi_name,
'wsgi_venv': adjutant_bin | dirname,
'uwsgi_uid': adjutant_system_user_name,
'uwsgi_guid': adjutant_system_group_name,
'uwsgi_processes': adjutant_wsgi_processes,
'uwsgi_threads': adjutant_wsgi_threads,
}
) %}
{% set _ = services.update({key: value}) %}
{% endif %}
{% endfor %}
{{ services }}

22
vars/redhat-7.yml → vars/redhat.yml
View File

@ -13,23 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
adjutant_distro_packages:
- git
- httpd
- httpd-tools
- mod_wsig
- libmysqlclient-dev
adjutant_devel_distro_packages:
- git-core
- openssl-devel
- virtualenv
- python-keystoneclient
adjutant_system_service_name: httpd
adjutant_apache_config:
- { src: "adjutant-ports.conf.j2", dest: "/etc/httpd/conf.d/ports.conf" }
- { src: "adjutant-httpd.conf.j2", dest: "/etc/httpd/conf.d/adjutant-httpd.conf" }
adjutant_apache_default_sites:
- "/etc/httpd/conf.d/userdir.conf"
- "/etc/httpd/conf.d/welcome.conf"
- "/etc/httpd/conf.d/ssl.conf"
adjutant_apache_conf: "/etc/httpd/conf/httpd.conf"
adjutant_apache_security_conf: "{{ adjutant_apache_conf }}"
- systemd-devel

44
vars/ubuntu.yml
View File

@ -1,44 +0,0 @@
---
# Copyright 2016, Walmart Stores, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## APT Cache options
cache_timeout: 600
adjutant_devel_distro_packages:
- cmake
- gcc
- python3-dev
- apache2-dev
- libmysqlclient-dev
- libssl-dev
adjutant_distro_packages:
- apache2
- apache2-utils
- git
- python-keystoneclient
- libapache2-mod-wsgi
adjutant_system_service_name: apache2
adjutant_apache_config:
- { src: "adjutant-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
- { src: "adjutant-httpd.conf.j2", dest: "/etc/apache2/sites-available/adjutant-httpd.conf" }
- { src: "adjutant-wsgi.load.j2", dest: "/etc/apache2/mods-available/wsgi.load" }
adjutant_apache_default_sites:
- "/etc/apache2/sites-enabled/000-default.conf"
adjutant_apache_site_available: "/etc/apache2/sites-available/adjutant-httpd.conf"
adjutant_apache_site_enabled: "/etc/apache2/sites-enabled/adjutant-httpd.conf"
adjutant_apache_conf: "/etc/apache2/apache2.conf"
adjutant_apache_security_conf: "/etc/apache2/conf-available/security.conf"

22
zuul.d/project.yaml Normal file
View File

@ -0,0 +1,22 @@
---
# Copyright 2020, City Network International AB.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- project:
templates:
- check-requirements
- openstack-ansible-linters-jobs
- openstack-ansible-deploy-aio_metal-jobs
- publish-openstack-docs-pti
- release-notes-jobs-python3