From 284c318e6ea23d7d8c41a8f49fd2fbc9b32246be Mon Sep 17 00:00:00 2001 From: Michael Rice Date: Sun, 8 May 2016 12:03:41 -0500 Subject: [PATCH] first commit --- .gitignore | 63 +++ License | 202 +++++++++ README.rst | 1 + defaults/main.yml | 684 ++++++++++++++++++++++++++++++ handlers/main.yml | 22 + meta/main.yml | 41 ++ tasks/cloudkitty_db_setup.yml | 60 +++ tasks/cloudkitty_domain_setup.yml | 103 +++++ tasks/cloudkitty_install.yml | 219 ++++++++++ tasks/cloudkitty_post_install.yml | 59 +++ tasks/cloudkitty_pre_install.yml | 89 ++++ tasks/cloudkitty_service_add.yml | 108 +++++ tasks/install_apt.yml | 44 ++ tasks/main.yml | 43 ++ templates/api-paste.ini.j2 | 18 + templates/cloudkitty.conf.j2 | 199 +++++++++ templates/policy.json.j2 | 23 + 17 files changed, 1978 insertions(+) create mode 100644 .gitignore create mode 100644 License create mode 100644 README.rst create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/cloudkitty_db_setup.yml create mode 100644 tasks/cloudkitty_domain_setup.yml create mode 100644 tasks/cloudkitty_install.yml create mode 100644 tasks/cloudkitty_post_install.yml create mode 100644 tasks/cloudkitty_pre_install.yml create mode 100644 tasks/cloudkitty_service_add.yml create mode 100644 tasks/install_apt.yml create mode 100644 tasks/main.yml create mode 100644 templates/api-paste.ini.j2 create mode 100644 templates/cloudkitty.conf.j2 create mode 100644 templates/policy.json.j2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..eca0492 --- /dev/null +++ b/.gitignore @@ -0,0 +1,63 @@ +# Override Files # +rpc_deployment/playbooks/lab_plays +rpc_deployment/vars/overrides/*.yml + +# Compiled source # +################### +*.com +*.class +*.dll +*.exe +*.o +*.so +*.pyc +build/ +dist/ +doc/build/ + +# Packages # +############ +# it's better to unpack these files and commit the raw source +# git has its own built in compression methods +*.7z +*.dmg +*.gz +*.iso +*.jar +*.rar +*.tar +*.zip + +# Logs and databases # +###################### +*.log +*.sql +*.sqlite + +# OS generated files # +###################### +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +.idea +.tox +*.sublime* +*.egg-info +Icon? +ehthumbs.db +Thumbs.db +.eggs + +# User driven backup files # +############################ +*.bak + +# Generated by pbr while building docs +###################################### +AUTHORS +ChangeLog + +# Files created by releasenotes build +releasenotes/build diff --git a/License b/License new file mode 100644 index 0000000..50d8447 --- /dev/null +++ b/License @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2016 Michael Rice + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..0005ceb --- /dev/null +++ b/README.rst @@ -0,0 +1 @@ + openstack-ansible-cloudkitty diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..273ebc6 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,684 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +cloudkitty_username: cloudkitty +cloudkitty_user_password: secrete +cloudkitty_git_repo: https://github.com/openstack/cloudkitty.git +cloudkitty_git_install_branch: master +cloudkitty_requirements_git_repo: https://git.openstack.org/openstack/requirements +cloudkitty_requirements_git_install_branch: master +cloudkitty_developer_mode: false +cloudkitty_developer_constraints: + - "git+{{ cloudkitty_git_repo }}@{{ cloudkitty_git_install_branch }}#egg=cloudkitty" + +# Name of the virtual env to deploy into +cloudkitty_venv_tag: untagged +cloudkitty_venv_bin: "/openstack/venvs/cloudkitty-{{ cloudkitty_venv_tag }}/bin" + +# Set this to enable or disable installing in a venv +cloudkitty_venv_enabled: true + +# The bin path defaults to the venv path however if installation in a +# venv is disabled the bin path will be dynamically set based on the +# system path used when the installing. +cloudkitty_bin: "{{ cloudkitty_venv_bin }}" + + +# CloudKitty conf file settings +# Configuration file for WSGI definition of API. (string value) +cloudkitty_api_paste_config: api_paste.ini +# The strategy to use for auth. Supports noauth and keystone (string value) +# Supported values: noauth, keystone +cloudkitty_auth_strategy: keystone +# Name of this node. This can be an opaque identifier. It is not +# necessarily a hostname, FQDN, or IP address. However, the node name +# must be valid within an AMQP key, and if using ZeroMQ, a valid +# hostname, FQDN, or IP address. (string value) +cloudkitty_host: shock +# From oslo.messaging +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +cloudkitty_rpc_conn_pool_size: 30 +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve to this +# address. (string value) +cloudkitty_rpc_zmq_bind_address: * +# MatchMaker driver. (string value) +cloudkitty_rpc_zmq_matchmaker: local +# ZeroMQ receiver listening port. (integer value) +cloudkitty_rpc_zmq_port: 9501 +# Number of ZeroMQ contexts, defaults to 1. (integer value) +cloudkitty_rpc_zmq_contexts: 1 +# Maximum number of ingress messages to locally buffer per topic. +# Default is unlimited. (integer value) +cloudkitty_rpc_zmq_topic_backlog: 0 +# Directory for holding IPC sockets. (string value) +cloudkitty_rpc_zmq_ipc_dir: /var/run/openstack +# Name of this node. Must be a valid hostname, FQDN, or IP address. +# Must match "host" option, if running Nova. (string value) +cloudkitty_rpc_zmq_host: localhost +# Seconds to wait before a cast expires (TTL). Only supported by +# impl_zmq. (integer value) +cloudkitty_rpc_cast_timeout: 30 +# Heartbeat frequency. (integer value) +cloudkitty_matchmaker_heartbeat_freq: 300 +# Heartbeat time-to-live. (integer value) +cloudkitty_matchmaker_heartbeat_ttl: 600 +# Size of executor thread pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size +cloudkitty_executor_thread_pool_size: 64 +# The Drivers(s) to handle sending notifications. Possible values are +# messaging, messagingv2, routing, log, test, noop (multi valued) +cloudkitty_notification_driver: + - messaging + - messagingv2 + - routing + - log + - test + - noop +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +cloudkitty_notification_topics: notifications +# Seconds to wait for a response from a call. (integer value) +cloudkitty_rpc_response_timeout: 60 +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend option +# and driver specific configuration. (string value) +cloudkitty_transport_url: +# The messaging driver to use, defaults to rabbit. Other drivers +# include qpid and zmq. (string value) +cloudkitty_rpc_backend: rabbit +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the transport_url +# option. (string value) +cloudkitty_control_exchange: openstack +# Host serving the API. (string value) +cloudkitty_api_host_ip: 0.0.0.0 +# Host port serving the API. (integer value) +cloudkitty_api_port: 8889 +# Data collector. (string value) +# FIXME: possible values are ceilometer, gnocchi, fake +cloudkitty_collector: ceilometer +# Number of samples to collect per call. (integer value) +cloudkitty_window: 1800 +# Rating period in seconds. (integer value) +cloudkitty_period: 3600 +# Wait for N periods before collecting new data. (integer value) +cloudkitty_wait_periods: 2 +# Services to monitor. (list value) +cloudkitty_services: + - compute + - image + - volume + - network.bw.in + - network.bw.out + - network.floating +# From oslo.middleware.cors +# Indicate whether this resource may be shared with the domain +# received in the requests "origin" header. (list value) +# FIXME +cloudkitty_cors_allowed_origin: +# Indicate that the actual request can include user credentials +# (boolean value) +cloudkitty_cors_allow_credentials: true +# Indicate which headers are safe to expose to the API. Defaults to +# HTTP Simple Headers. (list value) +cloudkitty_cors_expose_headers: + - X-Auth-Token + - X-Subject-Token + - X-Service-Token + - X-OpenStack-Request-ID + - X-Server-Management-Url +# Maximum cache age of CORS preflight requests. (integer value) +cloudkitty_cors_max_age: 3600 +# Indicate which methods can be used during the actual request. (list +# value) +cloudkitty_cors_allow_methods: + - GET + - PUT + - POST + - DELETE + - PATCH +# Indicate which header field names may be used during the actual +# request. (list value) +cloudkitty_cors_allow_headers: + - X-Auth-Token + - X-Identity-Status + - X-Roles + - X-Service-Catalog + - X-User-Id + - X-Tenant-Id + - X-OpenStack-Request-ID + - X-Server-Management-Url +# From oslo.middleware.cors +# Indicate whether this resource may be shared with the domain +# received in the requests "origin" header. (list value) +cloudkitty_cors_subdomain_allowed_origin: +# Indicate that the actual request can include user credentials +# (boolean value) +cloudkitty_cors_subdomain_allow_credentials: true + +# Indicate which headers are safe to expose to the API. Defaults to +# HTTP Simple Headers. (list value) +cloudkitty_cors_subdomain_expose_headers: + - X-Auth-Token + - X-Subject-Token + - X-Service-Token + - X-OpenStack-Request-ID + - X-Server-Management-Url + +# Maximum cache age of CORS preflight requests. (integer value) +cloudkitty_cors_subdomain_max_age: 3600 + +# Indicate which methods can be used during the actual request. (list value) +cloudkitty_cors_subdomain_allow_methods: + - GET + - PUT + - POST + - DELETE + - PATCH + +# Indicate which header field names may be used during the actual +# request. (list value) +cloudkitty_cors_subdomain_allow_headers: + - X-Auth-Token + - X-Identity-Status + - X-Roles + - X-Service-Catalog + - X-User-Id + - X-Tenant-Id + - X-OpenStack-Request-ID + - X-Server-Management-Url +#[database] +# From oslo.db +# The file name to use with SQLite. (string value) +# Deprecated group/name - [DEFAULT]/sqlite_db +cloudkitty_sqlite_db: oslo.sqlite +# If True, SQLite uses synchronous mode. (boolean value) +# Deprecated group/name - [DEFAULT]/sqlite_synchronous +cloudkitty_sqlite_synchronous: true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +cloudkitty_database_backend: sqlalchemy +# The SQLAlchemy connection string to use to connect to the database. +# (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +cloudkitty_database_connection: +# The SQLAlchemy connection string to use to connect to the slave +# database. (string value) +cloudkitty_database_slave_connection: +# The SQL mode to be used for MySQL sessions. This option, including +# the default, overrides any server-set SQL mode. To use whatever SQL +# mode is set by the server configuration, set this to no value. +# Example: mysql_sql_mode= (string value) +cloudkitty_mysql_sql_mode: TRADITIONAL +# Timeout before idle SQL connections are reaped. (integer value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +cloudkitty_database_idle_timeout: 3600 +# Minimum number of SQL connections to keep open in a pool. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +cloudkitty_database_min_pool_size: 1 +# Maximum number of SQL connections to keep open in a pool. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +cloudkity_database_max_pool_size: +# Maximum number of database connection retries during startup. Set to +# -1 to specify an infinite retry count. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +cloudkitty_database_max_retries: 10 +# Interval between retries of opening a SQL connection. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +cloudkitty_database_retry_interval: 10 +# If set, use this value for max_overflow with SQLAlchemy. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +cloudkitty_database_max_overflow: +# Verbosity of SQL debugging information: 0=None, 100=Everything. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +cloudkitty_database_connection_debug: 0 +# Add Python stack traces to SQL as comment strings. (boolean value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +cloudkitty_database_connection_trace: false +# If set, use this value for pool_timeout with SQLAlchemy. (integer +# value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +cloudkitty_database_pool_timeout: +# Enable the experimental use of database reconnect on connection +# lost. (boolean value) +cloudkitty_database_use_db_reconnect: false +# Seconds between retries of a database transaction. (integer value) +cloudkitty_database_db_retry_interval: 1 +# If True, increases the interval between retries of a database +# operation up to db_max_retry_interval. (boolean value) +cloudkitty_database_db_inc_retry_interval: true +# If db_inc_retry_interval is set, the maximum seconds between retries +# of a database operation. (integer value) +cloudkitty_database_db_max_retry_interval: 10 +# Maximum retries in case of connection error or deadlock error before +# error is raised. Set to -1 to specify an infinite retry count. +# (integer value) +cloudkitty_database_db_max_retries: 20 + +#[keystone_authtoken] +# From keystonemiddleware.auth_token +# Complete public Identity API endpoint. (string value) +cloudkitty_keystone_authtoken_auth_uri: +# API version of the admin Identity API endpoint. (string value) +cloudkitty_keystone_authtoken_auth_version: +# Do not handle authorization requests within the middleware, but +# delegate the authorization decision to downstream WSGI components. +# (boolean value) +cloudkitty_keystone_authtoken_delay_auth_decision: false +# Request timeout value for communicating with Identity API server. +# (integer value) +cloudkitty_keystone_authtoken_http_connect_timeout: +# How many times are we trying to reconnect when communicating with +# Identity API Server. (integer value) +cloudkitty_keystone_authtoken_http_request_max_retries: 3 +# Env key for the swift cache. (string value) +cloudkitty_keystone_authtoken_cache: +# Required if identity server requires client certificate (string value) +cloudkitty_keystone_authtoken_certfile: +# Required if identity server requires client certificate (string value) +cloudkitty_keystone_authtoken_keyfile: +# A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. Defaults to system CAs. (string value) +cloudkitty_keystone_authtoken_cafile: +# Verify HTTPS connections. (boolean value) +cloudkitty_keystone_authtoken_insecure: false +# Directory used to cache files related to PKI tokens. (string value) +cloudkitty_keystone_authtoken_signing_dir: +# Optionally specify a list of memcached server(s) to use for caching. +# If left undefined, tokens will instead be cached in-process. (list value) +# Deprecated group/name - [DEFAULT]/memcache_servers +cloudkitty_keystone_authtoken_memcached_servers: +# In order to prevent excessive effort spent validating tokens, the +# middleware caches previously-seen tokens for a configurable duration +# (in seconds). Set to -1 to disable caching completely. (integer value) +cloudkitty_keystone_authtoken_token_cache_time: 300 +# Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of +# revocation events combined with a low cache duration may +# significantly reduce performance. (integer value) +cloudkitty_keystone_authtoken_revocation_cache_time: 10 +# (Optional) If defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable values are +# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in +# the cache. If ENCRYPT, token data is encrypted and authenticated in +# the cache. If the value is not one of these options or empty, +# auth_token will raise an exception on initialization. (string value) +cloudkitty_keystone_authtoken_memcache_security_strategy: +# (Optional, mandatory if memcache_security_strategy is defined) This +# string is used for key derivation. (string value) +cloudkitty_keystone_authtoken_memcache_secret_key: +# (Optional) Number of seconds memcached server is considered dead +# before it is tried again. (integer value) +cloudkitty_keystone_authtoken_memcache_pool_dead_retry: 300 +# (Optional) Maximum total number of open connections to every +# memcached server. (integer value) +cloudkitty_keystone_authtoken_memcache_pool_maxsize: 10 +# (Optional) Socket timeout in seconds for communicating with a +# memcached server. (integer value) +cloudkitty_keystone_authtoken_memcache_pool_socket_timeout: 3 +# (Optional) Number of seconds a connection to memcached is held +# unused in the pool before it is closed. (integer value) +cloudkitty_keystone_authtoken_memcache_pool_unused_timeout: 60 +# (Optional) Number of seconds that an operation will wait to get a +# memcached client connection from the pool. (integer value) +cloudkitty_keystone_authtoken_memcache_pool_conn_get_timeout: 10 +# (Optional) Use the advanced (eventlet safe) memcached client pool. +# The advanced pool will only work under python 2.x. (boolean value) +cloudkitty_keystone_authtoken_memcache_use_advanced_pool: false +# (Optional) Indicate whether to set the X-Service-Catalog header. If +# False, middleware will not ask for service catalog on token +# validation and will not set the X-Service-Catalog header. (boolean value) +cloudkitty_keystone_authtoken_include_service_catalog: true +# Used to control the use and type of token binding. Can be set to: +# "disabled" to not check token binding. "permissive" (default) to +# validate binding information if the bind type is of a form known to +# the server and ignore it if not. "strict" like "permissive" but if +# the bind type is unknown the token will be rejected. "required" any +# form of token binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string value) +cloudkitty_keystone_authtoken_enforce_token_bind: permissive +# If true, the revocation list will be checked for cached tokens. This +# requires that PKI tokens are configured on the identity server. (boolean value) +cloudkitty_keystone_authtoken_check_revocations_for_cached: false +# Hash algorithms to use for hashing PKI tokens. This may be a single +# algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, +# so put the preferred one first for performance. The result of the +# first hash will be stored in the cache. This will typically be set +# to multiple values only while migrating from a less secure algorithm +# to a more secure one. Once all the old tokens are expired this +# option should be set to a single value for better performance. (list value) +cloudkitty_keystone_authtoken_hash_algorithms: md5 +# Complete admin Identity API endpoint. This should specify the +# unversioned root endpoint e.g. https://localhost:35357/ (string +# value) +cloudkitty_keystone_authtoken_identity_uri: +# Service username. (string value) +cloudkitty_keystone_authtoken_admin_user: +# Service user password. (string value) +cloudkitty_keystone_authtoken_admin_password: +# Service tenant name. (string value) +cloudkitty_keystone_authtoken_admin_tenant_name: admin +#[keystone_fetcher] +# From cloudkitty.common.config +# Keystone version to use. (string value) +cloudkitty_keystone_version: 2 +#[matchmaker_redis] +# From oslo.messaging +# Host to locate redis. (string value) +cloudkitty_matchmaker_redis_host: 127.0.0.1 +# Use this port to connect to redis host. (integer value) +cloudkitty_matchmaker_redis_port: 6379 +# Password for Redis server (optional). (string value) +cloudkitty_matchmaker_redis_password: + +#[matchmaker_ring] + +# +# From oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +cloudkitty_matchmaker_ring_ringfile: /etc/oslo/matchmaker_ring.json + + +#[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# address prefix used when sending to a specific server (string value) +# Deprecated group/name - [amqp1]/server_request_prefix +cloudkitty_oslo_messaging_amqp_server_request_prefix: exclusive + +# address prefix used when broadcasting to all servers (string value) +# Deprecated group/name - [amqp1]/broadcast_prefix +cloudkitty_oslo_messaging_amqp_broadcast_prefix: broadcast + +# address prefix when sending to any server in group (string value) +# Deprecated group/name - [amqp1]/group_request_prefix +cloudkitty_oslo_messaging_amqp_group_request_prefix: unicast + +# Name for the AMQP container (string value) +# Deprecated group/name - [amqp1]/container_name +cloudkitty_oslo_messaging_amqp_container_name: + +# Timeout for inactive connections (in seconds) (integer value) +# Deprecated group/name - [amqp1]/idle_timeout +cloudkitty_oslo_messaging_amqp_idle_timeout: 0 + +# Debug: dump AMQP frames to stdout (boolean value) +# Deprecated group/name - [amqp1]/trace +cloudkitty_oslo_messaging_amqp_trace: {{ debug }} + +# CA certificate PEM file to verify server certificate (string value) +# Deprecated group/name - [amqp1]/ssl_ca_file +cloudkitty_oslo_messaging_amqp_ssl_ca_file: + +# Identifying certificate PEM file to present to clients (string +# value) +# Deprecated group/name - [amqp1]/ssl_cert_file +cloudkitty_oslo_messaging_amqp_ssl_cert_file: + +# Private key PEM file used to sign cert_file certificate (string +# value) +# Deprecated group/name - [amqp1]/ssl_key_file +cloudkitty_oslo_messaging_amqp_ssl_key_file: + +# Password for decrypting ssl_key_file (if encrypted) (string value) +# Deprecated group/name - [amqp1]/ssl_key_password +cloudkitty_oslo_messaging_amqp_ssl_key_password: + +# Accept clients using either SSL or plain TCP (boolean value) +# Deprecated group/name - [amqp1]/allow_insecure_clients +cloudkitty_oslo_messaging_amqp_allow_insecure_clients: false + + +#[oslo_messaging_qpid] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_durable_queues +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +cloudkitty_oslo_messaging_qpid_amqp_durable_queues: false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +cloudkitty_oslo_messaging_qpid_amqp_auto_delete: false + +# Send a single AMQP reply to call message. The current behaviour +# since oslo-incubator is to send two AMQP replies - first one with +# the payload, a second one to ensure the other have finish to send +# the payload. We are going to remove it in the N release, but we must +# keep backward compatible at the same time. This option provides such +# compatibility - it defaults to False in Liberty and can be turned on +# for early adopters with a new installations or for testing. Please +# note, that this option will be removed in the Mitaka release. +# (boolean value) +cloudkitty_oslo_messaging_qpid_send_single_reply: false + +# Qpid broker hostname. (string value) +# Deprecated group/name - [DEFAULT]/qpid_hostname +cloudkitty_oslo_messaging_qpid_qpid_hostname: localhost + +# Qpid broker port. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_port +cloudkitty_oslo_messaging_qpid_qpid_port: 5672 + +# Qpid HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/qpid_hosts +cloudkitty_oslo_messaging_qpid_qpid_hosts: $qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_username +cloudkitty_oslo_messaging_qpid_qpid_username: + +# Password for Qpid connection. (string value) +# Deprecated group/name - [DEFAULT]/qpid_password +cloudkitty_oslo_messaging_qpid_qpid_password: + +# Space separated list of SASL mechanisms to use for auth. (string +# value) +# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms +cloudkitty_oslo_messaging_qpid_qpid_sasl_mechanisms: + +# Seconds between connection keepalive heartbeats. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_heartbeat +cloudkitty_oslo_messaging_qpid_qpid_heartbeat: 60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +# Deprecated group/name - [DEFAULT]/qpid_protocol +cloudkitty_oslo_messaging_qpid_qpid_protocol: tcp + +# Whether to disable the Nagle algorithm. (boolean value) +# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay +cloudkitty_oslo_messaging_qpid_qpid_tcp_nodelay: true + +# The number of prefetched messages held by receiver. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity +cloudkitty_oslo_messaging_qpid_qpid_receiver_capacity: 1 + +# The qpid topology version to use. Version 1 is what was originally +# used by impl_qpid. Version 2 includes some backwards-incompatible +# changes that allow broker federation to work. Users should update +# to version 2 when they are able to take everything down, as it +# requires a clean break. (integer value) +# Deprecated group/name - [DEFAULT]/qpid_topology_version +cloudkitty_oslo_messaging_qpid_qpid_topology_version: 1 + + +#[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_durable_queues +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +cloudkitty_oslo_messaging_rabbit_amqp_durable_queues: false + +# Auto-delete queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_auto_delete +cloudkitty_oslo_messaging_rabbit_amqp_auto_delete: false + +# Send a single AMQP reply to call message. The current behaviour +# since oslo-incubator is to send two AMQP replies - first one with +# the payload, a second one to ensure the other have finish to send +# the payload. We are going to remove it in the N release, but we must +# keep backward compatible at the same time. This option provides such +# compatibility - it defaults to False in Liberty and can be turned on +# for early adopters with a new installations or for testing. Please +# note, that this option will be removed in the Mitaka release. +# (boolean value) +cloudkitty_oslo_messaging_rabbit_send_single_reply: false + +# SSL version to use (valid only if SSL enabled). Valid values are +# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be +# available on some distributions. (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_version +cloudkitty_oslo_messaging_rabbit_kombu_ssl_version: + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile +cloudkitty_oslo_messaging_rabbit_kombu_ssl_keyfile: + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile +cloudkitty_oslo_messaging_rabbit_kombu_ssl_certfile: + +# SSL certification authority file (valid only if SSL enabled). +# (string value) +# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs +cloudkitty_oslo_messaging_rabbit_kombu_ssl_ca_certs: + +# How long to wait before reconnecting in response to an AMQP consumer +# cancel notification. (floating point value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay +cloudkitty_oslo_messaging_rabbit_kombu_reconnect_delay: 1.0 + +# How long to wait before considering a reconnect attempt to have +# failed. This value should not be longer than rpc_response_timeout. +# (integer value) +cloudkitty_oslo_messaging_rabbit_kombu_reconnect_timeout: 60 + +# The RabbitMQ broker address where a single node is used. (string +# value) +# Deprecated group/name - [DEFAULT]/rabbit_host +cloudkitty_oslo_messaging_rabbit_rabbit_host: localhost + +# The RabbitMQ broker port where a single node is used. (integer +# value) +# Deprecated group/name - [DEFAULT]/rabbit_port +cloudkitty_oslo_messaging_rabbit_rabbit_port: 5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +# Deprecated group/name - [DEFAULT]/rabbit_hosts +cloudkitty_oslo_messaging_rabbit_rabbit_hosts: "{{ cloudkitty_oslo_messaging_rabbit_rabbit_host }}:{{ cloudkitty_oslo_messaging_rabbit_rabbit_port }}" + +# Connect over SSL for RabbitMQ. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_use_ssl +cloudkitty_oslo_messaging_rabbit_rabbit_use_ssl: false + +# The RabbitMQ userid. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_userid +cloudkitty_oslo_messaging_rabbit_rabbit_userid: guest + +# The RabbitMQ password. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_password +cloudkitty_oslo_messaging_rabbit_rabbit_password: guest + +# The RabbitMQ login method. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_login_method +cloudkitty_oslo_messaging_rabbit_rabbit_login_method: AMQPLAIN + +# The RabbitMQ virtual host. (string value) +# Deprecated group/name - [DEFAULT]/rabbit_virtual_host +cloudkitty_oslo_messaging_rabbit_rabbit_virtual_host: / + +# How frequently to retry connecting with RabbitMQ. (integer value) +cloudkitty_oslo_messaging_rabbit_rabbit_retry_interval: 1 + +# How long to backoff for between retries when connecting to RabbitMQ. +# (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff +cloudkitty_oslo_messaging_rabbit_rabbit_retry_backoff: 2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +# Deprecated group/name - [DEFAULT]/rabbit_max_retries +cloudkitty_oslo_messaging_rabbit_rabbit_max_retries: 0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this +# option, you must wipe the RabbitMQ database. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_ha_queues +cloudkitty_oslo_messaging_rabbit_rabbit_ha_queues: false + +# Number of seconds after which the Rabbit broker is considered down +# if heartbeat's keep-alive fails (0 disable the heartbeat). +# EXPERIMENTAL (integer value) +cloudkitty_oslo_messaging_rabbit_heartbeat_timeout_threshold: 60 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +cloudkitty_oslo_messaging_rabbit_heartbeat_rate: 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +# Deprecated group/name - [DEFAULT]/fake_rabbit +cloudkitty_oslo_messaging_rabbit_fake_rabbit: false +#[output] +# From cloudkitty.common.config +# Backend for the output manager. (string value) +cloudkitty_output_backend: cloudkitty.backend.file.FileBackend +# Storage directory for the file output backend. (string value) +cloudkitty_output_basepath: /var/lib/cloudkitty/states/ +# Output pipeline (list value) +cloudkitty_output_pipeline: osrf +#[state] +# From cloudkitty.common.config +# Backend for the state manager. (string value) +cloudkitty_state_backend: cloudkitty.backend.file.FileBackend +# Storage directory for the file state backend. (string value) +cloudkitty_state_basepath: /var/lib/cloudkitty/states/ +#[storage] +# From cloudkitty.common.config +# Name of the storage backend driver. (string value) +cloudkitty_storage_backend: sqlalchemy +#[tenant_fetcher] +# From cloudkitty.common.config +# Driver used to fetch tenant list. (string value) +cloudkitty_tenant_fetcher_backend: keystone diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..f17f877 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Restart cloudkitty services + service: + name: "{{ item }}" + state: restarted + pattern: "{{ item }}" + with_items: "{{ cloudkitty_service_names }}" + failed_when: false diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..5145123 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of cloudkitty + company: Rackspace + license: Apache2 + min_ansible_version: 1.9 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - cloudkitty + - development + - openstack +dependencies: + - role: pip_lock_down + when: + - not cloudkitty_developer_mode | bool + - role: pip_install + when: + - cloudkitty_developer_mode | bool + - apt_package_pinning + - galera_client + - openstack_openrc diff --git a/tasks/cloudkitty_db_setup.yml b/tasks/cloudkitty_db_setup.yml new file mode 100644 index 0000000..c00879c --- /dev/null +++ b/tasks/cloudkitty_db_setup.yml @@ -0,0 +1,60 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ cloudkitty_galera_address }}" + name: "{{ cloudkitty_galera_database }}" + state: "present" + tags: + - cloudkitty-db-setup + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ cloudkitty_galera_address }}" + name: "{{ cloudkitty_galera_user }}" + password: "{{ cloudkitty_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ cloudkitty_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + tags: + - cloudkitty-db-setup + +- name: Perform a cloudkitty DB sync + command: "{{ cloudkitty_bin }}/cloudkitty-dbsync upgrade" + become: yes + become_user: "{{ cloudkitty_system_user_name }}" + tags: + - cloudkitty-db-sync + - cloudkitty-setup + - cloudkitty-command-bin + +- name: Init cloudkitty storage backend + command: "{{ cloudkitty_bin }}/cloudkitty-storage-init" + become: yes + become_user: "{{ cloudkitty_system_user_name }}" + tags: + - cloudkitty-db-sync + - cloudkitty-setup + - cloudkitty-command-bin diff --git a/tasks/cloudkitty_domain_setup.yml b/tasks/cloudkitty_domain_setup.yml new file mode 100644 index 0000000..5c9ff91 --- /dev/null +++ b/tasks/cloudkitty_domain_setup.yml @@ -0,0 +1,103 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure cloudkitty rating role + keystone: + command: "ensure_role" + role_name: "rating" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + tags: + - cloudkitty-domain + - cloudkitty-domain-role + - cloudkitty-domain-setup + - cloudkitty-config + +- name: Ensure cloudkitty user + keystone: + command: "ensure_user" + user_name: "{{ cloudkitty_username }}" + password: "{{ cloudkitty_user_password }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + tags: + - cloudkitty-domain + - cloudkitty-domain-setup + - cloudkitty-config + - cloudkitty-command-bin + +- name: Add cloudkitty user to service admin role + keystone: + command: "ensure_user_role" + user_name: "{{ cloudkitty_username }}" + project_name: "service" + role_name: "admin" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + tags: + - cloudkitty-domain + - cloudkitty-domain-setup + - cloudkitty-config + - cloudkitty-command-bin + +- name: Ensure cloudkitty service + keystone: + command: "ensure_service" + service_name: "CloudKitty" + service_type: "rating" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + tags: + - cloudkitty-domain + - cloudkitty-domain-setup + - cloudkitty-config + - cloudkitty-command-bin + +- name: Ensure cloudkitty endpoints + keystone: + command: "ensure_endpoint" + service_name: "CloudKitty" + service_type: "rating" + endpoint_list: + - url: "{{ cloudkitty_service_publicurl }}" + interface: "public" + - url: "{{ cloudkitty_service_internalurl }}" + interface: "internal" + - url: "{{ cloudkitty_service_adminurl }}" + interface: "admin" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + tags: + - cloudkitty-domain + - cloudkitty-domain-setup + - cloudkitty-config + - cloudkitty-command-bin diff --git a/tasks/cloudkitty_install.yml b/tasks/cloudkitty_install.yml new file mode 100644 index 0000000..3606c7d --- /dev/null +++ b/tasks/cloudkitty_install.yml @@ -0,0 +1,219 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: install-apt.yml + when: + - ansible_pkg_mgr == 'apt' + tags: + - install-apt + +- name: Create developer mode constraint file + copy: + dest: "/opt/developer-pip-constraints.txt" + content: | + {% for item in cloudkitty_developer_constraints %} + {{ item }} + {% endfor %} + when: + - cloudkitty_developer_mode | bool + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Clone requirements git repository + git: + repo: "{{ cloudkitty_requirements_git_repo }}" + dest: "/opt/requirements" + clone: yes + update: yes + version: "{{ cloudkitty_requirements_git_install_branch }}" + when: + - cloudkitty_developer_mode | bool + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Add constraints to pip_install_options fact for developer mode + set_fact: + pip_install_options_fact: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt --constraint /opt/requirements/upper-constraints.txt" + when: + - cloudkitty_developer_mode | bool + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Set pip_install_options_fact when not in developer mode + set_fact: + pip_install_options_fact: "{{ pip_install_options|default('') }}" + when: + - not cloudkitty_developer_mode | bool + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Install required pip packages + pip: + name: "{{ item }}" + state: latest + extra_args: "{{ pip_install_options_fact }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: "{{ cloudkitty_requires_pip_packages }}" + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Get local venv checksum + stat: + path: "/var/cache/{{ cloudkitty_venv_download_url | basename }}" + get_md5: False + when: + - not cloudkitty_developer_mode | bool + - cloudkitty_venv_enabled | bool + register: local_venv_stat + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Get remote venv checksum + uri: + url: "{{ cloudkitty_venv_download_url | replace('tgz', 'checksum') }}" + return_content: True + when: + - not cloudkitty_developer_mode | bool + - cloudkitty_venv_enabled | bool + register: remote_venv_checksum + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +# TODO: When project moves to ansible 2 we can pass this a sha256sum which will: +# a) allow us to remove force: yes +# b) allow the module to calculate the checksum of dest file which would +# result in file being downloaded only if provided and dest sha256sum +# checksums differ +- name: Attempt venv download + get_url: + url: "{{ cloudkitty_venv_download_url }}" + dest: "/var/cache/{{ cloudkitty_venv_download_url | basename }}" + force: yes + ignore_errors: true + register: get_venv + when: + - not cloudkitty_developer_mode | bool + - cloudkitty_venv_enabled | bool + - (local_venv_stat.stat.exists == False or + {{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }}) + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Set cloudkitty get_venv fact + set_fact: + cloudkitty_get_venv: "{{ get_venv }}" + when: cloudkitty_venv_enabled | bool + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Remove existing venv + file: + path: "{{ cloudkitty_venv_bin | dirname }}" + state: absent + when: + - cloudkitty_venv_enabled | bool + - cloudkitty_get_venv | changed + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Create cloudkitty venv dir + file: + path: "{{ cloudkitty_venv_bin | dirname }}" + state: directory + when: + - not cloudkitty_developer_mode | bool + - cloudkitty_venv_enabled | bool + - cloudkitty_get_venv | changed + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Unarchive pre-built venv + unarchive: + src: "/var/cache/{{ cloudkitty_venv_download_url | basename }}" + dest: "{{ cloudkitty_venv_bin | dirname }}" + copy: "no" + when: + - not cloudkitty_developer_mode | bool + - cloudkitty_venv_enabled | bool + - cloudkitty_get_venv | changed + notify: Restart cloudkitty services + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Update virtualenv path + command: > + virtualenv-tools --update-path=auto {{ cloudkitty_venv_bin | dirname }} + when: + - not cloudkitty_developer_mode | bool + - cloudkitty_venv_enabled | bool + - cloudkitty_get_venv | success + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Install pip packages (venv) + pip: + name: "{{ item }}" + state: latest + virtualenv: "{{ cloudkitty_venv_bin | dirname }}" + virtualenv_site_packages: "no" + extra_args: "{{ pip_install_options_fact }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: "{{ cloudkitty_pip_packages }}" + when: + - cloudkitty_venv_enabled | bool + - cloudkitty_get_venv | failed or cloudkitty_developer_mode | bool + notify: Restart cloudkitty services + tags: + - cloudkitty-install + - cloudkitty-pip-packages + +- name: Install pip packages (no venv) + pip: + name: "{{ item }}" + state: latest + extra_args: "{{ pip_install_options_fact }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: "{{ cloudkitty_pip_packages }}" + when: + - not cloudkitty_developer_mode | bool + - not cloudkitty_venv_enabled | bool + notify: Restart cloudkitty services + tags: + - cloudkitty-install + - cloudkitty-pip-packages diff --git a/tasks/cloudkitty_post_install.yml b/tasks/cloudkitty_post_install.yml new file mode 100644 index 0000000..499f83b --- /dev/null +++ b/tasks/cloudkitty_post_install.yml @@ -0,0 +1,59 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Drop cloudkitty Config(s) + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ cloudkitty_system_user_name }}" + group: "{{ cloudkitty_system_group_name }}" + mode: "0644" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "cloudkitty.conf.j2" + dest: "/etc/cloudkitty/cloudkitty.conf" + config_overrides: "{{ cloudkitty_cloudkitty_conf_overrides }}" + config_type: "ini" + - src: "api-paste.ini.j2" + dest: "/etc/cloudkitty/api-paste.ini" + config_overrides: "{{ cloudkitty_api_paste_ini_overrides }}" + config_type: "ini" + - src: "policy.json.j2" + dest: "/etc/cloudkitty/policy.json" + config_overrides: "{{ cloudkitty_policy_overrides }}" + config_type: "json" + notify: + - Restart cloudkitty services + tags: + - cloudkitty-config + +- name: Get cloudkitty command path + command: which cloudkitty + register: cloudkitty_command_path + when: + - not cloudkitty_venv_enabled | bool + tags: + - cloudkitty-command-bin + +- name: Set cloudkitty command path + set_fact: + cloudkitty_bin: "{{ cloudkitty_command_path.stdout | dirname }}" + when: + - not cloudkitty_venv_enabled | bool + tags: + - cloudkitty-command-bin diff --git a/tasks/cloudkitty_pre_install.yml b/tasks/cloudkitty_pre_install.yml new file mode 100644 index 0000000..bee3c7d --- /dev/null +++ b/tasks/cloudkitty_pre_install.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ cloudkitty_system_group_name }}" + state: "present" + system: "yes" + tags: + - cloudkitty-group + +- name: Create the cloudkitty system user + user: + name: "{{ cloudkitty_system_user_name }}" + group: "{{ cloudkitty_system_group_name }}" + comment: "{{ cloudkitty_system_comment }}" + shell: "{{ cloudkitty_system_shell }}" + system: "yes" + createhome: "yes" + home: "/var/lib/{{ cloudkitty_system_user_name }}" + tags: + - cloudkitty-user + +- name: Create cloudkitty dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(cloudkitty_system_user_name) }}" + group: "{{ item.group|default(cloudkitty_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/openstack", mode: "0755", owner: "root", group: "root" } + - { path: "/etc/cloudkitty" } + tags: + - cloudkitty-dirs + +- name: Create cloudkitty venv dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/venvs" } + - { path: "{{ cloudkitty_venv_bin }}" } + when: cloudkitty_venv_enabled | bool + tags: + - cloudkitty-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/cloudkitty" ]; then + chown -h {{ cloudkitty_system_user_name }}:{{ cloudkitty_system_group_name }} "/var/log/cloudkitty" + chown -R {{ cloudkitty_system_user_name }}:{{ cloudkitty_system_group_name }} "$(readlink /var/log/cloudkitty)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - cloudkitty-dirs + - cloudkitty-logs + +- name: Create cloudkitty log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(cloudkitty_system_user_name) }}" + group: "{{ item.group|default(cloudkitty_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/cloudkitty" } + when: log_dir.rc != 0 + tags: + - cloudkitty-dirs + - cloudkitty-logs diff --git a/tasks/cloudkitty_service_add.yml b/tasks/cloudkitty_service_add.yml new file mode 100644 index 0000000..b2c010a --- /dev/null +++ b/tasks/cloudkitty_service_add.yml @@ -0,0 +1,108 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure cloudkitty service + keystone: + command: "ensure_service" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + description: "{{ service_description }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - cloudkitty-api-setup + - cloudkitty-service-add + - cloudkitty-setup + +# Create an admin user +- name: Ensure cloudkitty user + keystone: + command: "ensure_user" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + password: "{{ service_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not cloudkitty_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + tags: + - cloudkitty-api-setup + - cloudkitty-service-add + - cloudkitty-setup + +# Add a role to the user +- name: Ensure cloudkitty user to admin role + keystone: + command: "ensure_user_role" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + role_name: "{{ cloudkitty_service_role_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not cloudkitty_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + tags: + - cloudkitty-api-setup + - cloudkitty-service-add + - cloudkitty-setup + +# Create an endpoint +- name: Ensure cloudkitty endpoint + keystone: + command: "ensure_endpoint" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + region_name: "{{ service_region }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_list: + - url: "{{ service_publicurl }}" + interface: "public" + - url: "{{ service_internalurl }}" + interface: "internal" + - url: "{{ service_adminurl }}" + interface: "admin" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - cloudkitty-api-setup + - cloudkitty-service-add + - cloudkitty-setup diff --git a/tasks/install_apt.yml b/tasks/install_apt.yml new file mode 100644 index 0000000..26743cf --- /dev/null +++ b/tasks/install_apt.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#TODO: Replace the next 2 tasks by a standard apt with cache +#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged +#in 1.9.x or we move to 2.0 (if tested working) +- name: Check apt last update file + stat: + path: /var/cache/apt + register: apt_cache_stat + tags: + - cloudkitty-apt-packages + +- name: Update apt if needed + apt: + update_cache: yes + when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}" + tags: + - cloudkitty-apt-packages + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: "{{ cloudkitty_apt_packages }}" + tags: + - cloudkitty-install + - cloudkitty-apt-packages diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..5946714 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# (C) 2016 Michael Rice +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- include: cloudkitty_pre_install.yml +- include: cloudkitty_install.yml +- include: cloudkitty_post_install.yml + +- include: cloudkitty_domain_setup.yml + when: > + inventory_hostname == groups['cloudkitty_all'][0] +- include: cloudkitty_db_setup.yml + when: > + inventory_hostname == groups['cloudkitty_all'][0] +- include: cloudkitty_service_setup.yml + when: > + inventory_hostname == groups['cloudkitty_all'][0] +- include: cloudkitty_upstart_init.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/templates/api-paste.ini.j2 b/templates/api-paste.ini.j2 new file mode 100644 index 0000000..659da56 --- /dev/null +++ b/templates/api-paste.ini.j2 @@ -0,0 +1,18 @@ +# {{ ansible_managed }} + +[pipeline:main] +pipeline = cors request_id authtoken ck_api_v1 + +[app:ck_api_v1] +paste.app_factory = cloudkitty.api.app:app_factory + +[filter:authtoken] +acl_public_routes = /, /v1 +paste.filter_factory = cloudkitty.api.middleware:AuthTokenMiddleware.factory + +[filter:request_id] +paste.filter_factory = oslo_middleware:RequestId.factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = cloudkitty diff --git a/templates/cloudkitty.conf.j2 b/templates/cloudkitty.conf.j2 new file mode 100644 index 0000000..354e912 --- /dev/null +++ b/templates/cloudkitty.conf.j2 @@ -0,0 +1,199 @@ +# {{ ansible_managed }} + +[DEFAULT] +api_paste_config = {{ cloudkitty_api_paste_config }} +auth_strategy = {{ cloudkitty_auth_strategy }} +host = {{ cloudkitty_host }} +rpc_conn_pool_size = {{ cloudkitty_rpc_conn_pool_size }} +rpc_zmq_bind_address = {{ cloudkitty_rpc_zmq_bind_address }} +rpc_zmq_matchmaker = {{ cloudkitty_rpc_zmq_matchmaker }} +rpc_zmq_port = {{ cloudkitty_rpc_zmq_port }} +rpc_zmq_contexts = {{ cloudkitty_rpc_zmq_contexts }} +rpc_zmq_topic_backlog = {{ cloudkitty_rpc_zmq_topic_backlog }} +rpc_zmq_ipc_dir = {{ cloudkitty_rpc_zmq_ipc_dir }} +rpc_zmq_host = {{ cloudkitty_rpc_zmq_host }} +rpc_cast_timeout = {{ cloudkitty_rpc_cast_timeout }} +matchmaker_heartbeat_freq = {{ cloudkitty_matchmaker_heartbeat_freq }} +matchmaker_heartbeat_ttl = {{ cloudkitty_matchmaker_heartbeat_ttl }} +executor_thread_pool_size = {{ cloudkitty_executor_thread_pool_size }} +notification_driver = {{ cloudkitty_notification_driver }} +notification_topics = {{ cloudkitty_notification_topics }} +rpc_response_timeout = {{ cloudkitty_rpc_response_timeout }} +transport_url = {{ cloudkitty_transport_url }} +rpc_backend = {{ cloudkitty_rpc_backend }} +control_exchange = {{ cloudkitty_control_exchange }} + +[api] +host_ip = {{ cloudkitty_api_host_ip }} +port = {{ cloudkitty_api_port }} + +[collect] +collector = {{ cloudkitty_collector }} +window = {{ cloudkitty_window }} +period = {{ cloudkitty_period }} +wait_periods = {{ cloudkitty_wait_periods }} +services = {{ cloudkitty_services }} + +[cors] +allowed_origin = {{ cloudkitty_cors_allowed_origin }} +allow_credentials = {{ cloudkitty_cors_allow_credentials }} +expose_headers = {{ cloudkitty_cors_expose_headers }} +max_age = {{ cloudkitty_cors_max_age }} +allow_methods = {{ cloudkitty_cors_allow_methods }} +allow_headers = {{ cloudkitty_cors_allow_headers }} + + +[cors.subdomain] +allowed_origin = {{ cloudkitty_cors_subdomain_allowed_origin }} +allow_credentials = {{ cloudkitty_cors_subdomain_allow_credentials }} +expose_headers = {{ cloudkitty_cors_subdomain_expose_headers }} +max_age = {{ cloudkitty_cors_subdomain_max_age }} +allow_methods = {{ cloudkitty_cors_subdomain_allow_methods }} +allow_headers = {{ cloudkitty_cors_subdomain_allow_headers }} + +[database] +sqlite_db = {{ cloudkitty_sqlite_db }} +sqlite_synchronous = {{ cloudkitty_sqlite_synchronous }} +backend = {{ cloudkitty_database_backend }} +connection = {{ cloudkitty_database_connection }} +slave_connection = {{ cloudkitty_database_slave_connection }} +mysql_sql_mode = {{ cloudkitty_mysql_sql_mode }} +idle_timeout = {{ cloudkitty_database_idle_timeout }} +min_pool_size = {{ cloudkitty_database_min_pool_size }} +max_pool_size = {{ cloudkitty_database_max_pool_size }} +max_retries = {{ cloudkitty_database_max_retries }} +retry_interval = {{ cloudkitty_database_retry_interval }} +max_overflow = {{ cloudkitty_database_max_overflow }} +connection_debug = {{ cloudkitty_database_connection_debug }} +connection_trace = {{ cloudkitty_database_connection_trace }} +pool_timeout = {{ cloudkitty_database_pool_timeout }} +use_db_reconnect = {{ cloudkitty_database_use_db_reconnect }} +db_retry_interval = {{ cloudkitty_database_db_retry_interval }} +db_inc_retry_interval = {{ cloudkitty_database_db_inc_retry_interval }} +db_max_retry_interval = {{ cloudkitty_database_db_max_retry_interval }} +db_max_retries = {{ cloudkitty_database_db_max_retries }} + + +[keystone_authtoken] +auth_uri = {{ cloudkitty_keystone_authtoken_auth_uri }} +auth_version = {{ cloudkitty_keystone_authtoken_auth_version }} +delay_auth_decision = {{ cloudkitty_keystone_authtoken_delay_auth_decision }} +http_connect_timeout = {{ cloudkitty_keystone_authtoken_http_connect_timeout }} +http_request_max_retries = {{ cloudkitty_keystone_authtoken_http_request_max_retries }} +cache = {{ cloudkitty_keystone_authtoken_cache }} +certfile = {{ cloudkitty_keystone_authtoken_certfile }} +keyfile = {{ cloudkitty_keystone_authtoken_keyfile }} +cafile = {{ cloudkitty_keystone_authtoken_cafile }} +insecure = {{ cloudkitty_keystone_authtoken_insecure }} +signing_dir = {{ cloudkitty_keystone_authtoken_signing_dir }} +memcached_servers = {{ cloudkitty_keystone_authtoken_memcached_servers }} +token_cache_time = {{ cloudkitty_keystone_authtoken_token_cache_time }} +revocation_cache_time = {{ cloudkitty_keystone_authtoken_revocation_cache_time }} +memcache_security_strategy = {{ cloudkitty_keystone_authtoken_memcache_security_strategy }} +memcache_secret_key = {{ cloudkitty_keystone_authtoken_memcache_secret_key }} +memcache_pool_dead_retry = {{ cloudkitty_keystone_authtoken_memcache_pool_dead_retry }} +memcache_pool_maxsize = {{ cloudkitty_keystone_authtoken_memcache_pool_maxsize }} +memcache_pool_socket_timeout = {{ cloudkitty_keystone_authtoken_memcache_pool_unused_timeout }} +memcache_pool_unused_timeout = {{ cloudkitty_keystone_authtoken_memcache_pool_unused_timeout }} +memcache_pool_conn_get_timeout = {{ cloudkitty_keystone_authtoken_memcache_pool_conn_get_timeout }} +memcache_use_advanced_pool = {{ cloudkitty_keystone_authtoken_memcache_use_advanced_pool }} +include_service_catalog = {{ cloudkitty_keystone_authtoken_include_service_catalog }} +enforce_token_bind = {{ cloudkitty_keystone_authtoken_enforce_token_bind }} +check_revocations_for_cached = {{ cloudkitty_keystone_authtoken_check_revocations_for_cached }} +hash_algorithms = {{ cloudkitty_keystone_authtoken_hash_algorithms }} +identity_uri = {{ cloudkitty_keystone_authtoken_identity_uri }} +admin_user = {{ cloudkitty_keystone_authtoken_admin_user }} +admin_password = {{ cloudkitty_keystone_authtoken_admin_password }} +admin_tenant_name = {{ cloudkitty_keystone_authtoken_admin_tenant_name }} + + +[keystone_fetcher] + +keystone_version = {{ cloudkitty_keystone_version }} + + +[matchmaker_redis] +host = {{ cloudkitty_matchmaker_redis_host }} +port = {{ cloudkitty_matchmaker_redis_port }} +password = {{ cloudkitty_matchmaker_redis_password }} + + +[matchmaker_ring] +ringfile = {{ cloudkitty_matchmaker_ring_ringfile }} + + +[oslo_messaging_amqp] +server_request_prefix = {{ cloudkitty_oslo_messaging_amqp_server_request_prefix }} +broadcast_prefix = {{ cloudkitty_oslo_messaging_amqp_broadcast_prefix }} +group_request_prefix = {{ cloudkitty_oslo_messaging_amqp_group_request_prefix }} +container_name = {{ cloudkitty_oslo_messaging_amqp_container_name }} +idle_timeout = {{ cloudkitty_oslo_messaging_amqp_idle_timeout }} +trace = {{ cloudkitty_oslo_messaging_amqp_trace }} +ssl_ca_file = {{ cloudkitty_oslo_messaging_amqp_ssl_ca_file }} +ssl_cert_file = {{ cloudkitty_oslo_messaging_amqp_ssl_cert_file }} +ssl_key_file = {{ cloudkitty_oslo_messaging_amqp_ssl_key_file }} +ssl_key_password = {{ cloudkitty_oslo_messaging_amqp_ssl_key_password }} +allow_insecure_clients = {{ cloudkitty_oslo_messaging_amqp_allow_insecure_clients }} + + +[oslo_messaging_qpid] +amqp_durable_queues = {{ cloudkitty_oslo_messaging_qpid_amqp_durable_queues }} +amqp_auto_delete = {{ cloudkitty_oslo_messaging_qpid_amqp_auto_delete }} +send_single_reply = {{ cloudkitty_oslo_messaging_qpid_send_single_reply }} +qpid_hostname = {{ cloudkitty_oslo_messaging_qpid_qpid_hostname }} +qpid_port = {{ cloudkitty_oslo_messaging_qpid_qpid_port }} +qpid_hosts = {{ cloudkitty_oslo_messaging_qpid_qpid_hosts }} +qpid_username = {{ cloudkitty_oslo_messaging_qpid_qpid_username }} +qpid_password = {{ cloudkitty_oslo_messaging_qpid_qpid_password }} +qpid_sasl_mechanisms = {{ cloudkitty_oslo_messaging_qpid_qpid_sasl_mechanisms }} +qpid_heartbeat = {{ cloudkitty_oslo_messaging_qpid_qpid_heartbeat }} +qpid_protocol = {{ cloudkitty_oslo_messaging_qpid_qpid_protocol }} +qpid_tcp_nodelay = {{ cloudkitty_oslo_messaging_qpid_qpid_tcp_nodelay }} +qpid_receiver_capacity = {{ cloudkitty_oslo_messaging_qpid_qpid_receiver_capacity }} +qpid_topology_version = {{ cloudkitty_oslo_messaging_qpid_qpid_topology_version }} + + +[oslo_messaging_rabbit] +amqp_durable_queues = {{ cloudkitty_oslo_messaging_rabbit_amqp_durable_queues }} +amqp_auto_delete = {{ cloudkitty_oslo_messaging_rabbit_amqp_auto_delete }} +send_single_reply = {{ cloudkitty_oslo_messaging_rabbit_send_single_reply }} +kombu_ssl_version = {{ cloudkitty_oslo_messaging_rabbit_kombu_ssl_version }} +kombu_ssl_keyfile = {{ cloudkitty_oslo_messaging_rabbit_kombu_ssl_keyfile }} +kombu_ssl_certfile = {{ cloudkitty_oslo_messaging_rabbit_kombu_ssl_certfile }} +kombu_ssl_ca_certs = {{ cloudkitty_oslo_messaging_rabbit_kombu_ssl_ca_certs }} +kombu_reconnect_delay = {{ cloudkitty_oslo_messaging_rabbit_kombu_reconnect_delay }} +kombu_reconnect_timeout = {{ cloudkitty_oslo_messaging_rabbit_kombu_reconnect_timeout }} +rabbit_host = {{ cloudkitty_oslo_messaging_rabbit_rabbit_host }} +rabbit_port = {{ cloudkitty_oslo_messaging_rabbit_rabbit_port }} +rabbit_hosts = {{ cloudkitty_oslo_messaging_rabbit_rabbit_hosts }} +rabbit_use_ssl = {{ cloudkitty_oslo_messaging_rabbit_rabbit_use_ssl }} +rabbit_userid = {{ cloudkitty_oslo_messaging_rabbit_rabbit_userid }} +rabbit_password = {{ cloudkitty_oslo_messaging_rabbit_rabbit_password }} +rabbit_login_method = {{ cloudkitty_oslo_messaging_rabbit_rabbit_login_method }} +rabbit_virtual_host = {{ cloudkitty_oslo_messaging_rabbit_rabbit_virtual_host }} +rabbit_retry_interval = {{ cloudkitty_oslo_messaging_rabbit_rabbit_retry_interval }} +rabbit_retry_backoff = {{ cloudkitty_oslo_messaging_rabbit_rabbit_retry_backoff }} +rabbit_max_retries = {{ cloudkitty_oslo_messaging_rabbit_rabbit_max_retries }} +rabbit_ha_queues = {{ cloudkitty_oslo_messaging_rabbit_rabbit_ha_queues }} +heartbeat_timeout_threshold = {{ cloudkitty_oslo_messaging_rabbit_heartbeat_timeout_threshold }} +heartbeat_rate = {{ cloudkitty_oslo_messaging_rabbit_heartbeat_rate }} +fake_rabbit = {{ cloudkitty_oslo_messaging_rabbit_fake_rabbit }} + + +[output] +backend = {{ cloudkitty_output_backend }} +basepath = {{ cloudkitty_output_basepath }} +pipeline = {{ cloudkitty_output_pipeline }} + + +[state] +backend = {{ cloudkitty_state_backend }} +basepath = {{ cloudkitty_state_basepath }} + + +[storage] +backend = {{ cloudkitty_storage_backend }} + + +[tenant_fetcher] +backend = {{ cloudkitty_tenant_fetcher_backend }} diff --git a/templates/policy.json.j2 b/templates/policy.json.j2 new file mode 100644 index 0000000..0553a32 --- /dev/null +++ b/templates/policy.json.j2 @@ -0,0 +1,23 @@ +# {{ ansible_managed }} +{ + "context_is_admin": "role:admin", + "default": "", + + "rating:list_modules": "role:admin", + "rating:get_module": "role:admin", + "rating:update_module": "role:admin", + "rating:quote": "", + + "report:list_tenants": "role:admin", + "report:get_total": "", + + "collector:list_mappings": "role:admin", + "collector:get_mapping": "role:admin", + "collector:manage_mappings": "role:admin", + "collector:get_state": "role:admin", + "collector:update_state": "role:admin", + + "storage:list_data_frames": "", + + "rating:module_config": "role:admin" +}