Enable functional convergence testing
This change adds variables and tasks for enabling developer mode to allow for installing barbican without a repo server, moves the tasks creating the barbican rabbit virtual host and mysql database from the role to a playbook, and adds functional convergence test playbooks to deploy rabbitmq, galera, keystone, and barbican. The barbican.conf template has been updated to make use of the deployed rabbit and galera servers and all other templated configuration files have been updated from the current head of master. Change-Id: I2716fbe6a5dbad2a3b7ce6e406098e463cf7d943
This commit is contained in:
parent
d8583df31c
commit
37d90c5dd9
|
@ -53,17 +53,24 @@ barbican_api_audit_map_overrides: {}
|
|||
barbican_vassals_api_overrides: {}
|
||||
|
||||
barbican_git_repo: "https://git.openstack.org/openstack/barbican"
|
||||
barbican_git_install_branch: 7b0cce90a59e5690d0a53a9dd3ef551103022845
|
||||
barbican_git_install_branch: master
|
||||
barbican_git_dest: "/opt/barbican_{{ barbican_git_install_branch |replace('/', '_') }}"
|
||||
|
||||
barbican_requirements_git_repo: https://git.openstack.org/openstack/requirements
|
||||
barbican_requirements_git_install_branch: master
|
||||
|
||||
barbican_developer_mode: false
|
||||
barbican_developer_constraints:
|
||||
- "git+{{ barbican_git_repo }}@{{ barbican_git_install_branch }}#egg=barbican"
|
||||
|
||||
# Database vars
|
||||
barbican_galera_database_name: barbican_service
|
||||
barbican_galera_database: barbican
|
||||
barbican_galera_user: barbican
|
||||
|
||||
# Rabbit vars
|
||||
barbican_rpc_backend: rabbit
|
||||
barbican_rabbitmq_userid: barbican
|
||||
barbican_rabbitmq_virtualhost: /barbican
|
||||
barbican_rabbitmq_vhost: /barbican
|
||||
|
||||
# Keystone AuthToken/Middleware
|
||||
barbican_keystone_auth_plugin: password
|
||||
|
@ -135,6 +142,7 @@ barbican_pip_packages:
|
|||
- pecan
|
||||
- pycadf
|
||||
- pycrypto
|
||||
- PyMySQL
|
||||
- pyOpenSSL
|
||||
- ldap3
|
||||
- keystonemiddleware
|
||||
|
|
|
@ -74,6 +74,61 @@
|
|||
when: is_metal | bool
|
||||
tags:
|
||||
- barbican-logs
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ barbican_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['barbican_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- barbican-rabbitmq
|
||||
- barbican-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
user: "{{ barbican_rabbitmq_userid }}"
|
||||
password: "{{ barbican_rabbitmq_password }}"
|
||||
vhost: "{{ barbican_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['barbican_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- barbican-rabbitmq
|
||||
- barbican-rabbitmq-user
|
||||
- name: Keystone create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ galera_address }}"
|
||||
name: "{{ barbican_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['barbican_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Keystone grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ galera_address }}"
|
||||
name: "{{ barbican_galera_database }}"
|
||||
password: "{{ barbican_galera_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ barbican_galera_database }}.*:ALL"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
when: inventory_hostname == groups['barbican_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
roles:
|
||||
- role: "openstack-ansible-barbican"
|
||||
barbican_galera_address: "{{ galera_address }}"
|
||||
|
@ -85,12 +140,12 @@
|
|||
bind_port: "{{ barbican_service_port }}"
|
||||
rpc_backend: "{{ barbican_rpc_backend }}"
|
||||
host_href: "http://{{ barbican_rpc_backend }}:{{ barbican_service_port }}"
|
||||
sql_connection: "mysql://{{ barbican_galera_user}}:{{ barbican_galera_password}}@{{ barbican_galera_address }}/{{ barbican_galera_database_name }}?charset=utf8"
|
||||
sql_connection: "mysql://{{ barbican_galera_user}}:{{ barbican_galera_password }}@{{ barbican_galera_address }}/{{ barbican_galera_database }}?charset=utf8"
|
||||
rabbit_port: "{{ rabbitmq_port }}"
|
||||
rabbit_hosts: "{{ rabbitmq_servers }}"
|
||||
rabbit_userid: "{{ barbican_rabbitmq_userid }}"
|
||||
rabbit_password: "{{ barbican_rabbitmq_password }}"
|
||||
rabbit_virtual_host: "{{ barbican_rabbitmq_virtualhost }}"
|
||||
rabbit_virtual_host: "{{ barbican_rabbitmq_vhost }}"
|
||||
rabbit_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||
rabbit_notification_exchange: barbican
|
||||
rabbit_notification_topic: notification
|
||||
|
@ -99,7 +154,7 @@
|
|||
rabbit_port: "{{ rabbitmq_port }}"
|
||||
rabbit_userid: "{{ barbican_rabbitmq_userid }}"
|
||||
rabbit_password: "{{ barbican_rabbitmq_password }}"
|
||||
rabbit_virtual_host: "{{ barbican_rabbitmq_virtualhost }}"
|
||||
rabbit_virtual_host: "{{ barbican_rabbitmq_vhost }}"
|
||||
rabbit_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||
rabbit_notification_exchange: barbican
|
||||
rabbit_notification_topic: notification
|
||||
|
|
|
@ -15,7 +15,11 @@ galaxy_info:
|
|||
- barbican
|
||||
|
||||
dependencies:
|
||||
- role: pip_lock_down
|
||||
when:
|
||||
- not barbican_developer_mode | bool
|
||||
- role: pip_install
|
||||
when:
|
||||
- barbican_developer_mode | bool
|
||||
- apt_package_pinning
|
||||
- galera_client
|
||||
- pip_install
|
||||
- pip_lock_down
|
||||
|
|
|
@ -13,36 +13,6 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Create Barbican's database tables
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ barbican_galera_address }}"
|
||||
name: "{{ barbican_galera_database_name }}"
|
||||
state: "present"
|
||||
tags:
|
||||
- barbican-database-setup
|
||||
- barbican-db-setup
|
||||
- barbican-setup
|
||||
|
||||
- name: Give Barbican database access
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ barbican_galera_address }}"
|
||||
name: "{{ barbican_galera_user }}"
|
||||
password: "{{ barbican_galera_password }}"
|
||||
priv: "{{ barbican_galera_database_name }}.*:ALL"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- barbican-database-setup
|
||||
- barbican-db-setup
|
||||
- barbican-setup
|
||||
|
||||
- name: Perform a synchronization of the Barbican database
|
||||
command: "barbican-db-manage upgrade"
|
||||
sudo: yes
|
||||
|
|
|
@ -39,11 +39,55 @@
|
|||
- barbican-apt-packages
|
||||
- barbican-install
|
||||
|
||||
- name: Create developer mode constraint file
|
||||
copy:
|
||||
dest: "/opt/developer-pip-constraints.txt"
|
||||
content: |
|
||||
{% for item in barbican_developer_constraints %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
when:
|
||||
- barbican_developer_mode | bool
|
||||
tags:
|
||||
- barbican-install
|
||||
- barbican-pip-packages
|
||||
|
||||
- name: Clone requirements git repository
|
||||
git:
|
||||
repo: "{{ barbican_requirements_git_repo }}"
|
||||
dest: "/opt/requirements"
|
||||
clone: yes
|
||||
update: yes
|
||||
version: "{{ barbican_requirements_git_install_branch }}"
|
||||
when:
|
||||
- barbican_developer_mode | bool
|
||||
tags:
|
||||
- barbican-install
|
||||
- barbican-pip-packages
|
||||
|
||||
- name: Add constraints to pip_install_options fact for developer mode
|
||||
set_fact:
|
||||
pip_install_options_fact: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt --constraint /opt/requirements/upper-constraints.txt"
|
||||
when:
|
||||
- barbican_developer_mode | bool
|
||||
tags:
|
||||
- barbican-install
|
||||
- barbican-pip-packages
|
||||
|
||||
- name: Set pip_install_options_fact when not in developer mode
|
||||
set_fact:
|
||||
pip_install_options_fact: "{{ pip_install_options|default('') }}"
|
||||
when:
|
||||
- not barbican_developer_mode | bool
|
||||
tags:
|
||||
- barbican-install
|
||||
- barbican-pip-packages
|
||||
|
||||
- name: Install pip packages for Barbican
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: "present"
|
||||
extra_args: "{{ pip_install_options |default('') }}"
|
||||
extra_args: "{{ pip_install_options_fact }}"
|
||||
register: install_barbican_pip_packages
|
||||
until: install_barbican_pip_packages |success
|
||||
retries: 5
|
||||
|
|
|
@ -17,10 +17,6 @@
|
|||
|
||||
- include: pre-install.yml
|
||||
|
||||
- include: messaging-setup.yml
|
||||
when: >
|
||||
inventory_hostname == groups['barbican_all'][0]
|
||||
|
||||
- include: install.yml
|
||||
|
||||
- include: post-install.yml
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
---
|
||||
# Copyright 2016, Ian Cordasco
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Ensure the Barbican RabbitMQ virtualhost exists
|
||||
rabbitmq_vhost:
|
||||
name: "{{ barbican_rabbitmq_virtualhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
tags:
|
||||
- barbican-rabbitmq
|
||||
- barbican-rabbitmq-vhost
|
||||
- barbican-rabbitmq-virtualhost
|
||||
|
||||
- name: Ensure the Barbican RabbitMQ user exists
|
||||
rabbitmq_user:
|
||||
user: "{{ barbican_rabbitmq_userid }}"
|
||||
password: "{{ barbican_rabbitmq_password }}"
|
||||
vhost: "{{ barbican_rabbitmq_virtualhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
tags:
|
||||
- barbican-rabbitmq
|
||||
- barbican-rabbitmq-user
|
|
@ -71,6 +71,3 @@ unwind = false
|
|||
[filter:cors]
|
||||
paste.filter_factory = oslo_middleware.cors:filter_factory
|
||||
oslo_config_project = barbican
|
||||
latent_allow_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles
|
||||
latent_expose_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles
|
||||
latent_allow_methods = GET, PUT, POST, DELETE, PATCH
|
||||
|
|
|
@ -38,7 +38,7 @@ max_allowed_request_size_in_bytes = 1000000
|
|||
#sql_connection = sqlite:///barbican.sqlite
|
||||
# Note: For absolute addresses, use '////' slashes after 'sqlite:'
|
||||
# Uncomment for a more global development environment
|
||||
sql_connection = sqlite:////var/lib/barbican/barbican.sqlite
|
||||
sql_connection = mysql+pymysql://{{ barbican_galera_user }}:{{ barbican_galera_password }}@{{ barbican_galera_address }}/{{ barbican_galera_database }}?charset=utf8
|
||||
|
||||
# Period in seconds after which SQLAlchemy should reestablish its connection
|
||||
# to the database.
|
||||
|
@ -117,14 +117,14 @@ max_limit_paging = 100
|
|||
|
||||
# Rabbit and HA configuration:
|
||||
ampq_durable_queues = True
|
||||
rabbit_userid=guest
|
||||
rabbit_password=guest
|
||||
rabbit_userid = {{ barbican_rabbitmq_userid }}
|
||||
rabbit_password = {{ barbican_rabbitmq_password }}
|
||||
rabbit_ha_queues = True
|
||||
rabbit_port=5672
|
||||
rabbit_port = {{ rabbitmq_port }}
|
||||
|
||||
# For HA, specify queue nodes in cluster, comma delimited:
|
||||
# For example: rabbit_hosts=192.168.50.8:5672, 192.168.50.9:5672
|
||||
rabbit_hosts=localhost:5672
|
||||
rabbit_hosts={{ rabbitmq_servers }}
|
||||
|
||||
# For HA, specify queue nodes in cluster as 'user@host:5672', comma delimited, ending with '/offset':
|
||||
# For example: transport_url = rabbit://guest@192.168.50.8:5672,guest@192.168.50.9:5672/
|
||||
|
|
|
@ -74,5 +74,9 @@
|
|||
"quotas:get": "rule:all_users",
|
||||
"project_quotas:get": "rule:service_admin",
|
||||
"project_quotas:put": "rule:service_admin",
|
||||
"project_quotas:delete": "rule:service_admin"
|
||||
"project_quotas:delete": "rule:service_admin",
|
||||
"secret_meta:get": "rule:all_but_audit",
|
||||
"secret_meta:post": "rule:admin_or_creator",
|
||||
"secret_meta:put": "rule:admin_or_creator",
|
||||
"secret_meta:delete": "rule:admin_or_creator"
|
||||
}
|
||||
|
|
|
@ -6,6 +6,34 @@
|
|||
src: https://git.openstack.org/openstack/openstack-ansible-galera_client
|
||||
scm: git
|
||||
version: master
|
||||
- name: galera_server
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-galera_server
|
||||
scm: git
|
||||
version: master
|
||||
- name: lxc_container_create
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
|
||||
scm: git
|
||||
version: master
|
||||
- name: lxc_hosts
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
|
||||
scm: git
|
||||
version: master
|
||||
- name: memcached_server
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
|
||||
scm: git
|
||||
version: master
|
||||
- name: openstack_hosts
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
|
||||
scm: git
|
||||
version: master
|
||||
- name: openstack_openrc
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
|
||||
scm: git
|
||||
version: master
|
||||
- name: os_keystone
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
|
||||
scm: git
|
||||
version: master
|
||||
- name: pip_install
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-pip_install
|
||||
scm: git
|
||||
|
@ -14,3 +42,7 @@
|
|||
src: https://git.openstack.org/openstack/openstack-ansible-pip_lock_down
|
||||
scm: git
|
||||
version: master
|
||||
- name: rabbitmq_server
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
|
||||
scm: git
|
||||
version: master
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
ansible_ssh_host: "{{ ansible_host }}"
|
||||
container_name: "{{ inventory_hostname }}"
|
||||
container_networks:
|
||||
management_address:
|
||||
address: "{{ ansible_host }}"
|
||||
bridge: "lxcbr0"
|
||||
interface: "eth1"
|
||||
netmask: "255.255.252.0"
|
||||
type: "veth"
|
||||
physical_host: localhost
|
||||
properties:
|
||||
service_name: "{{ inventory_hostname }}"
|
|
@ -1,2 +1,29 @@
|
|||
[all]
|
||||
localhost ansible_connection=local ansible_become=True
|
||||
infra1 ansible_host=10.100.100.2 ansible_become=True ansible_user=root
|
||||
keystone1 ansible_host=10.100.100.3 ansible_become=True ansible_user=root
|
||||
barbican1 ansible_host=10.100.100.4 ansible_become=True ansible_user=root
|
||||
|
||||
[all_containers]
|
||||
infra1
|
||||
keystone1
|
||||
barbican1
|
||||
|
||||
[rabbitmq_all]
|
||||
infra1
|
||||
|
||||
[galera_all]
|
||||
infra1
|
||||
|
||||
[service_all:children]
|
||||
rabbitmq_all
|
||||
galera_all
|
||||
|
||||
[keystone_all]
|
||||
keystone1
|
||||
|
||||
[barbican_api]
|
||||
barbican1
|
||||
|
||||
[barbican_all:children]
|
||||
barbican_api
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Deploy Barbican
|
||||
hosts: barbican_all
|
||||
user: root
|
||||
gather_facts: true
|
||||
pre_tasks:
|
||||
- name: Ensure rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ barbican_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "10.100.100.2"
|
||||
when: inventory_hostname == groups['barbican_all'][0]
|
||||
tags:
|
||||
- barbican-rabbitmq
|
||||
- barbican-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
user: "{{ barbican_rabbitmq_userid }}"
|
||||
password: "{{ barbican_rabbitmq_password }}"
|
||||
vhost: "{{ barbican_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "10.100.100.2"
|
||||
when: inventory_hostname == groups['barbican_all'][0]
|
||||
tags:
|
||||
- barbican-rabbitmq
|
||||
- barbican-rabbitmq-user
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "root"
|
||||
login_password: "secrete"
|
||||
login_host: "localhost"
|
||||
name: "{{ barbican_galera_database }}"
|
||||
state: "present"
|
||||
delegate_to: "10.100.100.2"
|
||||
when: inventory_hostname == groups['barbican_all'][0]
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "root"
|
||||
login_password: "secrete"
|
||||
login_host: "localhost"
|
||||
name: "{{ barbican_galera_database }}"
|
||||
password: "{{ barbican_galera_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ barbican_galera_database }}.*:ALL"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
delegate_to: "10.100.100.2"
|
||||
when: inventory_hostname == groups['barbican_all'][0]
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
roles:
|
||||
- role: "{{ rolename | basename }}"
|
||||
vars_files:
|
||||
- test-vars.yml
|
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Deploy infrastructure services
|
||||
hosts: service_all
|
||||
user: root
|
||||
gather_facts: true
|
||||
roles:
|
||||
- role: "rabbitmq_server"
|
||||
rabbitmq_cookie_token: secrete
|
||||
- role: "galera_server"
|
||||
galera_root_password: secrete
|
||||
galera_root_user: root
|
||||
galera_innodb_buffer_pool_size: 512M
|
||||
galera_innodb_log_buffer_size: 32M
|
||||
galera_server_id: "{{ inventory_hostname | string_2_int }}"
|
||||
galera_wsrep_node_name: "{{ inventory_hostname }}"
|
||||
galera_wsrep_provider_options:
|
||||
- { option: "gcache.size", value: "32M" }
|
||||
galera_server_id: "{{ inventory_hostname | string_2_int }}"
|
|
@ -0,0 +1,75 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Deploy keystone
|
||||
hosts: keystone_all
|
||||
user: root
|
||||
gather_facts: true
|
||||
pre_tasks:
|
||||
- name: Ensure rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ keystone_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "10.100.100.2"
|
||||
when: inventory_hostname == groups['keystone_all'][0]
|
||||
tags:
|
||||
- keystone-rabbitmq
|
||||
- keystone-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
user: "{{ keystone_rabbitmq_userid }}"
|
||||
password: "{{ keystone_rabbitmq_password }}"
|
||||
vhost: "{{ keystone_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "10.100.100.2"
|
||||
when: inventory_hostname == groups['keystone_all'][0]
|
||||
tags:
|
||||
- keystone-rabbitmq
|
||||
- keystone-rabbitmq-user
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "root"
|
||||
login_password: "secrete"
|
||||
login_host: "localhost"
|
||||
name: "{{ keystone_galera_database }}"
|
||||
state: "present"
|
||||
delegate_to: "10.100.100.2"
|
||||
when: inventory_hostname == groups['keystone_all'][0]
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "root"
|
||||
login_password: "secrete"
|
||||
login_host: "localhost"
|
||||
name: "{{ keystone_galera_database }}"
|
||||
password: "{{ keystone_container_mysql_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ keystone_galera_database }}.*:ALL"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
delegate_to: "10.100.100.2"
|
||||
when: inventory_hostname == groups['keystone_all'][0]
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
roles:
|
||||
- role: os_keystone
|
||||
vars_files:
|
||||
- test-vars.yml
|
|
@ -0,0 +1,54 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Create test containers
|
||||
hosts: all_containers
|
||||
connection: local
|
||||
gather_facts: false
|
||||
pre_tasks:
|
||||
- name: Destroy test containers
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
state: "absent"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
tags:
|
||||
- container-destroy
|
||||
- name: Destroy container service directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: "absent"
|
||||
with_items:
|
||||
- "/openstack/{{ container_name }}"
|
||||
- "/openstack/backup/{{ container_name }}"
|
||||
- "/openstack/log/{{ container_name }}"
|
||||
- "/var/lib/lxc/{{ container_name }}"
|
||||
- "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
tags:
|
||||
- container-directories
|
||||
roles:
|
||||
- role: "lxc_container_create"
|
||||
lxc_container_release: trusty
|
||||
lxc_container_backing_store: dir
|
||||
global_environment_variables:
|
||||
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
post_tasks:
|
||||
- name: Wait for ssh to be available
|
||||
local_action:
|
||||
module: wait_for
|
||||
port: "{{ ansible_ssh_port | default('22') }}"
|
||||
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
|
||||
search_regex: OpenSSH
|
||||
delay: 1
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Perform basic LXC host setup
|
||||
hosts: localhost
|
||||
pre_tasks:
|
||||
- name: Ensure root's new public ssh key is in authorized_keys
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
||||
manage_dir: no
|
||||
- set_fact:
|
||||
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
||||
- name: Check if this is an OpenStack-CI nodepool instance
|
||||
stat:
|
||||
path: /etc/nodepool/provider
|
||||
register: nodepool
|
||||
- name: Set the files to copy into the container cache for OpenStack-CI instances
|
||||
set_fact:
|
||||
lxc_container_cache_files:
|
||||
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
|
||||
- { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' }
|
||||
when: nodepool.stat.exists | bool
|
||||
- name: Determine the existing Ubuntu repo configuration
|
||||
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
|
||||
register: ubuntu_repo
|
||||
changed_when: false
|
||||
- name: Set apt repo facts based on discovered information
|
||||
set_fact:
|
||||
lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
|
||||
lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
|
||||
roles:
|
||||
- role: "lxc_hosts"
|
||||
lxc_net_address: 10.100.100.1
|
||||
lxc_net_dhcp_range: 10.100.100.8,10.100.100.253
|
||||
lxc_net_bridge: lxcbr0
|
||||
lxc_kernel_options:
|
||||
- { key: 'fs.inotify.max_user_instances', value: 1024 }
|
||||
lxc_container_caches:
|
||||
- url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
|
||||
name: "trusty.tgz"
|
||||
sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
|
||||
chroot_path: trusty/rootfs-amd64
|
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# NOTE: we use become_user because setting become: no or become: false
|
||||
# doesn't seem to override the ansible_become=true in the
|
||||
# inventory
|
||||
- name: Create ssh key pairs for use with containers
|
||||
hosts: localhost
|
||||
become_user: "{{ ansible_ssh_user }}"
|
||||
tasks:
|
||||
- name: Create ssh key pair for root
|
||||
user:
|
||||
name: "{{ ansible_ssh_user }}"
|
||||
generate_ssh_key: "yes"
|
||||
ssh_key_bits: 2048
|
||||
ssh_key_file: ".ssh/id_rsa"
|
||||
- name: get the calling users key
|
||||
command: cat ~/.ssh/id_rsa.pub
|
||||
register: key_get
|
||||
- set_fact:
|
||||
lxc_container_ssh_key: "{{ key_get.stdout }}"
|
|
@ -0,0 +1,50 @@
|
|||
debug: true
|
||||
external_lb_vip_address: 10.100.100.3
|
||||
galera_client_drop_config_file: false
|
||||
galera_client_drop_config_file: false
|
||||
galera_root_password: secrete
|
||||
internal_lb_vip_address: 10.100.100.3
|
||||
keystone_admin_tenant_name: admin
|
||||
keystone_admin_user_name: admin
|
||||
keystone_auth_admin_password: SuperSecretePassword
|
||||
keystone_container_mysql_password: SuperSecrete
|
||||
keystone_developer_mode: true
|
||||
keystone_galera_address: 10.100.100.2
|
||||
keystone_galera_database: keystone
|
||||
keystone_git_install_branch: stable/mitaka
|
||||
keystone_rabbitmq_password: secrete
|
||||
keystone_rabbitmq_port: 5671
|
||||
keystone_rabbitmq_servers: 10.100.100.2
|
||||
keystone_rabbitmq_use_ssl: false
|
||||
keystone_rabbitmq_userid: keystone
|
||||
keystone_rabbitmq_vhost: /keystone
|
||||
keystone_requirements_git_install_branch: stable/mitaka
|
||||
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
|
||||
keystone_service_adminuri_insecure: false
|
||||
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
|
||||
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
|
||||
keystone_service_internaluri_insecure: false
|
||||
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
|
||||
keystone_service_password: secrete
|
||||
keystone_service_region: RegionOne
|
||||
keystone_venv_tag: testing
|
||||
memcached_encryption_key: secrete
|
||||
memcached_servers: 127.0.0.1
|
||||
barbican_galera_password: SuperSecrete
|
||||
barbican_developer_mode: true
|
||||
barbican_galera_address: 10.100.100.2
|
||||
barbican_galera_database: barbican
|
||||
barbican_git_install_branch: stable/mitaka
|
||||
barbican_rabbitmq_password: secrete
|
||||
barbican_rabbitmq_userid: barbican
|
||||
barbican_rabbitmq_vhost: /barbican
|
||||
barbican_requirements_git_install_branch: stable/mitaka
|
||||
barbican_service_password: secrete
|
||||
barbican_venv_tag: testing
|
||||
openrc_os_auth_url: "http://127.0.0.1:5000/v3"
|
||||
openrc_os_domain_name: Default
|
||||
openrc_os_password: "{{ keystone_auth_admin_password }}"
|
||||
rabbitmq_port: 5671
|
||||
rabbitmq_servers: 10.100.100.2
|
||||
rabbitmq_use_ssl: true
|
||||
verbose: true
|
|
@ -1,5 +1,32 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- role: "{{ rolename | basename }}"
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Prepare the user ssh keys
|
||||
- include: test-prepare-keys.yml
|
||||
|
||||
# Prepare the host
|
||||
- include: test-prepare-host.yml
|
||||
|
||||
# Prepare the containers
|
||||
- include: test-prepare-containers.yml
|
||||
|
||||
# Install RabbitMQ/MariaDB
|
||||
- include: test-install-infra.yml
|
||||
|
||||
# Install Keystone
|
||||
- include: test-install-keystone.yml
|
||||
|
||||
# Install Barbican
|
||||
- include: test-install-barbican.yml
|
||||
|
|
32
tox.ini
32
tox.ini
|
@ -106,26 +106,20 @@ commands =
|
|||
|
||||
[testenv:functional]
|
||||
commands =
|
||||
echo -e "\n *******************************************************\n" \
|
||||
"**** Functional Testing is still to be implemented ****\n" \
|
||||
"**** TODO: Write tests here ****\n" \
|
||||
"*******************************************************\n"
|
||||
# As a temporary measure, while functional testing is being worked on, we
|
||||
# will not execute the functional test. This allows other patches to be
|
||||
# worked on while the functional testing is being worked out.
|
||||
#rm -rf {homedir}/.ansible
|
||||
#git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
|
||||
# {homedir}/.ansible/plugins
|
||||
rm -rf {homedir}/.ansible
|
||||
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
|
||||
{homedir}/.ansible/plugins
|
||||
# This plugin makes the ansible-playbook output easier to read
|
||||
#wget -O {homedir}/.ansible/plugins/callback/human_log.py \
|
||||
# https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py
|
||||
#ansible-galaxy install \
|
||||
# --role-file={toxinidir}/tests/ansible-role-requirements.yml \
|
||||
# --ignore-errors \
|
||||
# --force
|
||||
#ansible-playbook -i {toxinidir}/tests/inventory \
|
||||
# -e "rolename={toxinidir}" \
|
||||
# {toxinidir}/tests/test.yml
|
||||
wget -O {homedir}/.ansible/plugins/callback/human_log.py \
|
||||
https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py
|
||||
ansible-galaxy install \
|
||||
--role-file={toxinidir}/tests/ansible-role-requirements.yml \
|
||||
--ignore-errors \
|
||||
--force
|
||||
ansible-playbook -i {toxinidir}/tests/inventory \
|
||||
-e "rolename={toxinidir}" \
|
||||
-vv \
|
||||
{toxinidir}/tests/test.yml
|
||||
|
||||
|
||||
[testenv:linters]
|
||||
|
|
Loading…
Reference in New Issue