diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..f910d3b2 --- /dev/null +++ b/.gitignore @@ -0,0 +1,71 @@ +# Compiled source # +################### +*.com +*.class +*.dll +*.exe +*.o +*.so +*.pyc +build/ +dist/ +doc/build/ + +# Packages # +############ +# it's better to unpack these files and commit the raw source +# git has its own built in compression methods +*.7z +*.dmg +*.gz +*.iso +*.jar +*.rar +*.tar +*.zip + +# Logs and databases # +###################### +*.log +*.sql +*.sqlite +logs/* + +# OS generated files # +###################### +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +.idea +.tox +*.sublime* +*.egg-info +Icon? +ehthumbs.db +Thumbs.db +.eggs + +# User driven backup files # +############################ +*.bak +*.swp + +# Generated by pbr while building docs +###################################### +AUTHORS +ChangeLog + +# Files created by releasenotes build +releasenotes/build + +# Test temp files +tests/plugins +tests/common +tests/*.retry + +# Vagrant artifacts +.vagrant + + diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 00000000..c77d8101 --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,100 @@ +OpenStack-Ansible Heat +###################### +:tags: openstack, heat, cloud, ansible +:category: \*nix + +Contributor Guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net +/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following +criteria are met: + * The description clearly states or describes the original problem or root + cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External + access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, +following the workflow documented at: +"http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without +regard. + + +Extra +----- + +Tags: If it's a bug that needs fixing in a branch in addition to Master, add a + '\-backport-potential' tag (eg ``juno-backport-potential``). + There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please + set to High, and only use Critical if you have found a bug that can take + down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then +using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals +and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following +criteria are met: + * The description clearly states or describes the original problem or root + cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, + add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External + access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..e06d2081 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.rst b/README.rst new file mode 100644 index 00000000..8d14f291 --- /dev/null +++ b/README.rst @@ -0,0 +1,19 @@ +======================== +Team and repository tags +======================== + +.. image:: http://governance.openstack.org/badges/openstack-ansible-os_octavia.svg + :target: http://governance.openstack.org/reference/tags/index.html + +.. Change things from this point on + +========================= +OpenStack-Ansible Octavia +========================= + +Ansible role that installs and configures OpenStack Octavia. + +Documentation for the project can be found at: +``_ + +The project home is at: ``_ diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 00000000..6b92f5ba --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,12 @@ +Vagrant.configure(2) do |config| + config.vm.box = "ubuntu/xenial64" + config.vm.provider "virtualbox" do |v| + v.memory = 2048 + v.cpus = 2 + end + config.vm.provision "shell", inline: <<-SHELL + sudo su - + cd /vagrant + ./run_tests.sh + SHELL +end diff --git a/bindep.txt b/bindep.txt new file mode 100644 index 00000000..a200b7c3 --- /dev/null +++ b/bindep.txt @@ -0,0 +1,42 @@ +# This file facilitates OpenStack-CI package installation +# before the execution of any tests. +# +# See the following for details: +# - http://docs.openstack.org/infra/bindep/ +# - https://github.com/openstack-infra/bindep +# +# Even if the role does not make use of this facility, it +# is better to have this file empty, otherwise OpenStack-CI +# will fall back to installing its default packages which +# will potentially be detrimental to the tests executed. + +# Base requirements for Ubuntu +build-essential [platform:dpkg] +git-core [platform:dpkg] +libssl-dev [platform:dpkg] +libffi-dev [platform:dpkg] +python2.7 [platform:dpkg] +python-apt [platform:dpkg] +python-dev [platform:dpkg] + +# Base requirements for CentOS +gcc [platform:rpm] +gcc-c++ [platform:rpm] +git [platform:rpm] +python-devel [platform:rpm] +libffi-devel [platform:rpm] +openssl-devel [platform:rpm] + +# For SELinux +libselinux-python [platform:rpm] + +# For SSL SNI support +python-pyasn1 [platform:dpkg] +python-openssl [platform:dpkg] +python-ndg-httpsclient [platform:ubuntu] +python2-pyasn1 [platform:rpm] +pyOpenSSL [platform:rpm] +python-ndg_httpsclient [platform:rpm] + +# Required for compressing collected log files in CI +gzip diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 00000000..703c6447 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,268 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## Verbosity Options +debug: False + +# Set the package install state for distribution and pip packages +# Options are 'present' and 'latest' +octavia_package_state: "latest" +octavia_pip_package_state: "latest" + +octavia_git_repo: https://git.openstack.org/openstack/octavia +octavia_git_install_branch: master +octavia_developer_mode: false +octavia_developer_constraints: + - "git+{{ octavia_git_repo }}@{{ octavia_git_install_branch }}#egg=octavia" + +# Name of the virtual env to deploy into +octavia_venv_tag: untagged +octavia_bin: "/openstack/venvs/octavia-{{ octavia_venv_tag }}/bin" + +octavia_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/octavia.tgz + +octavia_fatal_deprecations: False + +octavia_clients_endpoint: internalURL + +## DB +octavia_galera_user: octavia +octavia_galera_database: octavia +octavia_db_max_overflow: 20 +octavia_db_pool_size: 120 +octavia_db_pool_timeout: 30 + +## RabbitMQ info + +## Configuration for RPC communications +octavia_rpc_backend: octavia.openstack.common.rpc.impl_kombu +octavia_rabbitmq_userid: octavia +octavia_rabbitmq_vhost: /octavia +octavia_rabbitmq_servers: 127.0.0.1 +octavia_rabbitmq_use_ssl: False +octavia_rabbitmq_port: 5672 + +## Configuration for notifications communication, i.e. [oslo_messaging_notifications] +octavia_rabbitmq_telemetry_userid: "{{ octavia_rabbitmq_userid }}" +octavia_rabbitmq_telemetry_password: "{{ octavia_rabbitmq_password }}" +octavia_rabbitmq_telemetry_vhost: "{{ octavia_rabbitmq_vhost }}" +octavia_rabbitmq_telemetry_port: "{{ octavia_rabbitmq_port }}" +octavia_rabbitmq_telemetry_servers: "{{ octavia_rabbitmq_servers }}" +octavia_rabbitmq_telemetry_use_ssl: "{{ octavia_rabbitmq_use_ssl }}" + + +## octavia User / Group +octavia_system_user_name: octavia +octavia_system_group_name: octavia +octavia_system_shell: /bin/false +octavia_system_comment: octavia system user +octavia_system_home_folder: "/var/lib/{{ octavia_system_user_name }}" + +## Default domain +octavia_project_domain_name: Default +octavia_project_name: admin +octavia_user_domain_name: Default + +## Stack +octavia_stack_domain_admin: stack_domain_admin +octavia_stack_owner_name: octavia_stack_owner +octavia_stack_domain_description: Owns users and projects created by octavia +octavia_stack_user_domain_name: octavia +octavia_max_nested_stack_depth: 5 + +octavia_deferred_auth_method: trusts +octavia_trusts_delegated_roles: [] + +## Cinder backups +octavia_cinder_backups_enabled: false + +# osprofiler +octavia_profiler_enabled: false +octavia_profiler_trace_sqlalchemy: false + +## Auth +octavia_service_region: RegionOne +octavia_service_project_name: "service" +octavia_service_user_name: "octavia" +octavia_service_role_name: admin +octavia_service_project_domain_id: default +octavia_service_user_domain_id: default +octavia_keystone_auth_plugin: password +octavia_ansible_endpoint_type: "internal" # endpoint for ansible + +## Trustee Auth +octavia_service_trustee_project_name: "service" +octavia_service_trustee_user_name: "octavia" +octavia_service_trustee_password: "{{ octavia_service_password }}" +octavia_service_trustee_project_domain_id: "default" +octavia_service_trustee_user_domain_id: "default" +octavia_keystone_trustee_auth_plugin: "{{ octavia_keystone_trustee_auth_type }}" +octavia_keystone_trustee_auth_type: password + +## octavia api service type and data +octavia_service_name: octavia +octavia_service_description: "Octavia Load Balancing Service" +octavia_service_port: 9876 +octavia_service_proto: http +octavia_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(octavia_service_proto) }}" +octavia_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(octavia_service_proto) }}" +octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}" +octavia_service_type: load-balancing +octavia_service_publicuri: "{{ octavia_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ octavia_service_port }}" +octavia_service_publicurl: "{{ octavia_service_publicuri }}/v1/%(tenant_id)s" +octavia_service_adminuri: "{{ octavia_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}" +octavia_service_adminurl: "{{ octavia_service_adminuri }}/v1/%(tenant_id)s" +octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}" +octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s" + +octavia_service_in_ldap: false + +## RPC +octavia_rpc_backend: rabbit +octavia_rpc_thread_pool_size: 64 +octavia_rpc_conn_pool_size: 30 +octavia_rpc_response_timeout: 60 +octavia_rpc_workers: 2 + +## Plugin dirs +octavia_plugin_dirs: + - /usr/lib/octavia + - /usr/local/lib/octavia + +# octavia packages that must be installed before anything else +octavia_requires_pip_packages: + - virtualenv + - virtualenv-tools + - python-keystoneclient # Keystoneclient needed to OSA keystone lib + - httplib2 + +# Common pip packages +octavia_pip_packages: + - keystonemiddleware + - PyMySQL + - python-memcached + - pycrypto + - python-ceilometerclient + - python-cinderclient + - python-glanceclient + - python-heatclient + - python-keystoneclient + - python-neutronclient + - python-novaclient + - python-openstackclient + - python-swiftclient + - python-troveclient + - octavia + +## Service Name-Group Mapping +octavia_services: + octavia-api: + group: octavia_api + service_name: octavia-api + octavia-worker: + group: octavia_worker + service_name: octavia-worker + octavia-housekeeping: + group: octavia_housekeeping + service_name: octavia-housekeeping + octavia-health-manager: + group: octavia_health_manager + service_name: octavia-health-manager + +# Required secrets for the role +octavia_required_secrets: + - keystone_auth_admin_password + - octavia_stack_domain_admin_password + - octavia_auth_encryption_key + - octavia_container_mysql_password + - octavia_rabbitmq_password + - octavia_service_password + - memcached_encryption_key + +# This variable is used by the repo_build process to determine +# which host group to check for members of before building the +# pip packages required by this role. The value is picked up +# by the py_pkgs lookup. +octavia_role_project_group: octavia_all + + +## Octavia configs +# Load balancer topology options are SINGLE, ACTIVE_STANDBY +# ACTIVE_STANDBY is recommended for production settings +octavia_loadbalancer_topology: SINGLE + +# Image tag for the amphora image in glance +octavia_glance_image_tag: octavia-amphora-image +# add here the id of the image owner to avoid faked images being used +octavia_amp_image_owner_id: +# Name of the Octavia management network +octavia_neutron_management_network_name: mgmt +# Name of the Octavia security group +octavia_security_group_name: octavia_sec_grp +# Restrict access to only authorized hosts +octavia_security_group_rule_cidr: +# ssh enabled - switch to True if you need ssh access to the amphora +# and make sure to uplaod a key with the name below +octavia_ssh_enabled: False +octavia_ssh_key_name: octavia_key +# port the agent listens on +octavia_agent_port: "9443" +octavia_health_manager_port: 5555 + +#Octavia Nova flavor +octavia_amp_flavor_name: "m1.amphora" +octavia_amp_ram: 1024 +octavia_amp_vcpu: 1 +octavia_amp_disk: 2 + +# client certs +octavia_client_ca: "{{ octavia_system_home_folder }}/certs/ca_01.pem" +octavia_client_cert: "{{ octavia_system_home_folder }}/certs/client.pem" +# server +octavia_server_ca: "{{ octavia_system_home_folder }}/certs/ca_01.pem" +# ca certs +octavia_ca_private_key: "{{ octavia_system_home_folder }}/certs/private/cakey.pem" +octavia_ca_certificate: "{{ octavia_system_home_folder }}/certs/ca_01.pem" +octavia_ca_private_key_passphrase: foobar +octavia_signing_digest: sha256 + +# spare pool - increase to speed up load balancer creation and fail over +octavia_spare_amphora_pool_size: 1 + +# only increase when it's a really busy system since this is by deployed host, +# e.g. 3 hosts, 5 workers (this param) per host, results in 15 worker total +octavia_task_flow_max_workers: 5 + +# event_streamer - set to False if you don't need up to date lb information and/or +# your queue is crashing (Octavia will stream events to the neutron DB) +octavia_event_streamer: True + +octavia_hm_group: "octavia-health-manager" +octavia_hm_hosts: "{% for host in groups[octavia_hm_group] %}{{ hostvars[host]['ansible_host'] }}{% if not loop.last %},{% endif %}{% endfor %}" + +# Set up the drivers +octavia_amphora_driver: amphora_haproxy_rest_driver +octavia_compute_driver: compute_nova_driver +octavia_network_driver: allowed_address_pairs_driver + +## Tunable overrides +octavia_octavia_conf_overrides: {} +octavia_api_paste_ini_overrides: {} +octavia_policy_overrides: {} + + + + + diff --git a/doc/Makefile b/doc/Makefile new file mode 100644 index 00000000..e275f794 --- /dev/null +++ b/doc/Makefile @@ -0,0 +1,195 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) +$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " applehelp to make an Apple Help Book" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + @echo " coverage to run coverage check of the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-os_heat.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-os_heat.qhc" + +applehelp: + $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp + @echo + @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." + @echo "N.B. You won't be able to view it unless you put it in" \ + "~/Library/Documentation/Help or install it in your application" \ + "bundle." + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-os_heat" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-os_heat" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +coverage: + $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage + @echo "Testing of coverage in the sources finished, look at the " \ + "results in $(BUILDDIR)/coverage/python.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." + +livehtml: html + sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100644 index 00000000..7c3bb742 --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,338 @@ +#!/usr/bin/env python3 + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import openstackdocstheme +import pbr.version +import os + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'oslosphinx', + 'sphinxmark' +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +author = 'OpenStack-Ansible Contributors' +category = 'Miscellaneous' +copyright = '2014-2016, OpenStack-Ansible Contributors' +description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' +project = 'OpenStack-Ansible' +role_name = 'os_octavia' +target_name = 'openstack-ansible-' + role_name +title = 'OpenStack-Ansible Documentation: ' + role_name + 'role' + +# The link to the browsable source code (for the left hand menu) +oslosphinx_cgit_link = 'http://git.openstack.org/cgit/openstack/' + target_name + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version_info = pbr.version.VersionInfo(target_name) +# The full version, including alpha/beta/rc tags. +release = version_info.version_string_with_vcs() +# The short X.Y version. +version = version_info.canonical_version_string() + +# A few variables have to be set for the log-a-bug feature. +# giturl: The location of conf.py on Git. Must be set manually. +# gitsha: The SHA checksum of the bug description. +# Automatically extracted from git log. +# bug_tag: Tag for categorizing the bug. Must be set manually. +# These variables are passed to the logabug code via html_context. +giturl = ("http://git.openstack.org/cgit/openstack/{0}" + "/tree/doc/source").format(target_name) +git_cmd = "/usr/bin/git log | head -n1 | cut -f2 -d' '" +gitsha = os.popen(git_cmd).read().strip('\n') +bug_project = project.lower() +bug_title = "Documentation bug" +html_context = {"gitsha": gitsha, "giturl": giturl, + "bug_tag": "docs", "bug_title": bug_title, + "bug_project": bug_project} + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'openstackdocs' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +html_theme_path = [openstackdocstheme.get_html_theme_path()] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +html_last_updated_fmt = '%Y-%m-%d %H:%M' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr' +# html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +# html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +# html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = target_name + '-docs' + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', + + # Latex figure (float) alignment + # 'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, target_name + '.tex', + title, author, 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, target_name, + title, [author], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, target_name, + title, author, project, + description, category), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + + +watermark = os.popen("git branch --contains $(git rev-parse HEAD)\ +| awk -F/ '/stable/ {print $2}'").read().strip(' \n\t').capitalize() +if watermark == "": + watermark = "Pre-release" + +# -- Options for sphinxmark ----------------------------------------------- +sphinxmark_enable = True +sphinxmark_div = 'docs-body' +sphinxmark_image = 'text' +sphinxmark_text = watermark +sphinxmark_text_color = (128, 128, 128) +sphinxmark_text_size = 70 diff --git a/doc/source/configure-octavia.rst b/doc/source/configure-octavia.rst new file mode 100644 index 00000000..e78d4a89 --- /dev/null +++ b/doc/source/configure-octavia.rst @@ -0,0 +1,173 @@ +========================================================= +Configuring the Octavia Load Balancing service (optional) +========================================================= + +.. note:: + + This feature is experimental at this time and it has not been fully + production tested yet. + +Octavia is an OpenStack project which provides operator-grade Load Balancing +(as opposed to the namespace driver) by deploying each individual load +balancer to its own virtual machine and leveraging haproxy to perform the +load balancing. + +Octavia is scalable and has built-in high availability through active-passive. + +OpenStack-Ansible deployment +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +#. Create the openstack-ansible container(s) for Octavia +#. Run the os-octavia playbook +#. Eventually the os-neutron playbook needs to be rerun. + +Setup a neutron network for use by octavia +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In a general case, neutron networking can be a simple flat network. However, +in a complex case, this can be whatever you need and want. Ensure +you adjust the deployment accordingly. The following is an example: + + +.. code-block:: bash + + neutron net-create cleaning-net --shared \ + --provider:network_type flat \ + --provider:physical_network mgmt + + neutron subnet-create ironic-net 172.19.0.0/22 --name mgmt-subnet + --ip-version=4 \ + --allocation-pool start=172.19.1.100,end=172.19.1.200 \ + --enable-dhcp \ + --dns-nameservers list=true 8.8.4.4 8.8.8.8 + +Building Octavia images +~~~~~~~~~~~~~~~~~~~~~~~ + +Images using the ``diskimage-builder`` must be built outside of a container. +For this process, use one of the physical hosts within the environment. + +#. Install the necessary packages: + + .. code-block:: bash + + apt-get install -y qemu uuid-runtime curl kpartx git jq python-pip + +#. Install the necessary pip packages: + + .. code-block:: bash + + pip install argparse Babel>=1.3 dib-utils PyYAML + +#. Clone the necessary repositories + + .. code-block:: bash + + git clone https://github.com/openstack/octavia.git + git clone https://git.openstack.org/openstack/diskimage-builder.git + + +#. Run Octavia's diskimage script + + In the ``octavia/diskimage-create`` directory run: + .. code-block:: bash + + ./diskimage-create.sh + + +#. Upload the created user images into the Image (glance) Service: + + .. code-block:: bash + + glance image-create --name amphora-x64-haproxy --visibility private --disk-format qcow2 \ + --container-format bare --tags octavia-amphora-image /dev/null || {apt-get install -y python-pip} + pip install argparse Babel>=1.3 dib-utils PyYAML + pushd /tmp + git clone https://github.com/openstack/octavia.git + git clone https://git.openstack.org/openstack/diskimage-builder.git + pushd octavia/diskimage-create + ./diskimage-create.sh + mv amphora-x64-haproxy.qcow2 /tmp + popd + popd + #upload image + glance image-create --name amphora-x64-haproxy --visibility private --disk-format qcow2 \ + --container-format bare --tags octavia-amphora-image octavia_key + + .. note:: + To find the octavia user's username and credentials review + the octavia-config file + on any octavia container in /etc/octavia. + +#. Configure Octavia accordingly + + Add a ``octavia_ssh_enabled: True`` to the user file in + /etc/openstack-deploy + + +Optional: Tuning Octavia for production use +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Please have a close look at the ``main.yml`` for tunable parameters. +The most important change is to set Octavia into ACTIVE_STANDBY mode +by adding ``octavia_loadbalancer_topology: ACTIVE_STANDBY`` to the +user file in /etc/openstack-deploy + +To speed up the creation of load balancers or in a SINGLE topolgy +to speed up the failover a spare pool can be used. +The variable ``octavia_spare_amphora_pool_size`` controls +the size of the pool. The system will try +to prebuild this number so using too big a number will +consumes a lot of unnecessary resources. diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 00000000..7ca944a3 --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,46 @@ +============================================================= +OpenStack-Ansible role for the Octavia Load Balancing Service +============================================================= + +.. toctree:: + :maxdepth: 2 + + configure-octavia.rst + +This is an OpenStack-Ansible role to deploy the Octavia Load Balancing +service. See the `role-octavia spec`_ for more information. + +.. _role-octavia spec: TBD + + +To clone or view the source code for this repository, visit the role repository +for `os_octavia `_. + +Default variables +~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../defaults/main.yml + :language: yaml + :start-after: under the License. + + +Required variables +~~~~~~~~~~~~~~~~~~ + +None. + + +Example playbook +~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../examples/playbook.yml + :language: yaml + + +Tags +==== + +This role supports the ``octavia-install`` and ``octavia-config`` tags. +Use the ``octavia-install`` tag to install and upgrade. Use the +``octavia-config`` tag to maintain configuration of the service. + diff --git a/examples/playbook.yml b/examples/playbook.yml new file mode 100644 index 00000000..209965c5 --- /dev/null +++ b/examples/playbook.yml @@ -0,0 +1,11 @@ +- name: Install octavia server + hosts: octavia_all + user: root + roles: + - { role: "os_octavia", tags: [ "os-octavia" ] } + vars: + external_lb_vip_address: 172.16.24.1 + internal_lb_vip_address: 192.168.0.1 + octavia_galera_address: "{{ internal_lb_vip_address }}" + keystone_admin_user_name: admin + keystone_admin_tenant_name: admin diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 00000000..db3d7778 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Reload systemd daemon + command: "systemctl daemon-reload" + notify: + - Restart octavia services + +- name: Restart octavia services + service: + name: "{{ item.value.service_name }}" + state: "restarted" + with_dict: "{{ octavia_services }}" + +- name: Start octavia services + service: + name: "{{ item.value.service_name }}" + state: "started" + with_dict: "{{ octavia_services }}" + +- name: Stop octavia services + service: + name: "{{ item.value.service_name }}" + state: "stopped" + with_dict: "{{ octavia_services }}" diff --git a/manual-test.rc b/manual-test.rc new file mode 100644 index 00000000..7016c453 --- /dev/null +++ b/manual-test.rc @@ -0,0 +1,33 @@ +export VIRTUAL_ENV=$(pwd) +export ANSIBLE_HOST_KEY_CHECKING=False +export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r + +# TODO (odyssey4me) These are only here as they are non-standard folder +# names for Ansible 1.9.x. We are using the standard folder names for +# Ansible v2.x. We can remove this when we move to Ansible 2.x. +export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action +export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback +export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter +export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup + +# This is required as the default is the current path or a path specified +# in ansible.cfg +export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library + +# This is required as the default is '/etc/ansible/roles' or a path +# specified in ansible.cfg +export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/.. + +export ANSIBLE_SSH_ARGS="-o ControlMaster=no \ + -o UserKnownHostsFile=/dev/null \ + -o StrictHostKeyChecking=no \ + -o ServerAliveInterval=64 \ + -o ServerAliveCountMax=1024 \ + -o Compression=no \ + -o TCPKeepAlive=yes \ + -o VerifyHostKeyDNS=no \ + -o ForwardX11=no \ + -o ForwardAgent=yes" + +echo "Run manual functional tests by executing the following:" +echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 00000000..e78e0f21 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,38 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of octavia + company: Rackspace + license: Apache2 + min_ansible_version: 2.0 + platforms: + - name: Ubuntu + versions: + - xenial + categories: + - cloud + - development + - octavia + - openstack + - python +dependencies: + - pip_install + - role: apt_package_pinning + when: + - ansible_pkg_mgr == 'apt' + - galera_client + - openstack_openrc \ No newline at end of file diff --git a/releasenotes/notes/.placeholder b/releasenotes/notes/.placeholder new file mode 100644 index 00000000..e69de29b diff --git a/releasenotes/source/_static/.placeholder b/releasenotes/source/_static/.placeholder new file mode 100644 index 00000000..e69de29b diff --git a/releasenotes/source/_templates/.placeholder b/releasenotes/source/_templates/.placeholder new file mode 100644 index 00000000..e69de29b diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py new file mode 100644 index 00000000..3e39571b --- /dev/null +++ b/releasenotes/source/conf.py @@ -0,0 +1,284 @@ +#!/usr/bin/env python3 + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import pbr.version + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'oslosphinx', + 'reno.sphinxext', +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +author = 'OpenStack-Ansible Contributors' +category = 'Miscellaneous' +copyright = '2014-2016, OpenStack-Ansible Contributors' +description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' +project = 'OpenStack-Ansible' +role_name = 'os_heat' +target_name = 'openstack-ansible-' + role_name +title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role' + +# The link to the browsable source code (for the left hand menu) +oslosphinx_cgit_link = 'http://git.openstack.org/cgit/openstack/' + target_name + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version_info = pbr.version.VersionInfo(target_name) +# The full version, including alpha/beta/rc tags. +release = version_info.version_string_with_vcs() +# The short X.Y version. +version = version_info.canonical_version_string() + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'default' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +html_last_updated_fmt = '%Y-%m-%d %H:%M' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = target_name + '-docs' + + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, target_name + '.tex', + title, author, 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, target_name, + title, [author], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, target_name, + title, author, project, + description, category), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + +# -- Options for Internationalization output ------------------------------ +locale_dirs = ['locale/'] diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst new file mode 100644 index 00000000..71f73576 --- /dev/null +++ b/releasenotes/source/index.rst @@ -0,0 +1,8 @@ +================================ + OpenStack-Ansible Release Notes +================================ + +.. toctree:: + :maxdepth: 1 + + unreleased diff --git a/releasenotes/source/unreleased.rst b/releasenotes/source/unreleased.rst new file mode 100644 index 00000000..cd22aabc --- /dev/null +++ b/releasenotes/source/unreleased.rst @@ -0,0 +1,5 @@ +============================== + Current Series Release Notes +============================== + +.. release-notes:: diff --git a/run_tests.sh b/run_tests.sh new file mode 100755 index 00000000..1c591002 --- /dev/null +++ b/run_tests.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -xeuo pipefail + +FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true} + +if which sudo; then + sudo = "sudo" +else + sudo="" +fi + +# Install pip. +if which pip; then + curl --silent --show-error --retry 5 \ + https://bootstrap.pypa.io/get-pip.py | $sudo python2.7 +fi + +# Install bindep and tox with pip. +$sudo pip install bindep tox + +# CentOS 7 requires two additional packages: +# redhat-lsb-core - for bindep profile support +# epel-release - required to install python-ndg_httpsclient/python2-pyasn1 +if which yum; then + $sudo yum -y install redhat-lsb-core epel-release +fi + +# Get a list of packages to install with bindep. If packages need to be +# installed, bindep exits with an exit code of 1. +BINDEP_PKGS=$(bindep -b -f bindep.txt test || true) +echo "Packages to install: ${BINDEP_PKGS}" + +# Install a list of OS packages provided by bindep. +if which apt-get; then + $sudo apt-get update + DEBIAN_FRONTEND=noninteractive \ + $sudo apt-get -q --option "Dpkg::Options::=--force-confold" \ + --assume-yes install $BINDEP_PKGS +elif which yum; then + # Don't run yum with an empty list of packages. + # It will fail and cause the script to exit with an error. + if [[ ${#BINDEP_PKGS} > 0 ]]; then + $sudo yum install -y $BINDEP_PKGS + fi +fi + +# Loop through each tox environment and run tests. +for tox_env in $(awk -F= '/envlist/ { gsub(",", " "); print $2 }' tox.ini); do + echo "Executing tox environment: ${tox_env}" + if [[ ${tox_env} == ansible-functional ]]; then + if ${FUNCTIONAL_TEST}; then + tox -e ${tox_env} + fi + else + tox -e ${tox_env} + fi +done diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 00000000..6c9b3b56 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,24 @@ +[metadata] +name = openstack-ansible-os_octavia +summary = os_octavia for OpenStack Ansible +description-file = + README.rst +author = OpenStack +author-email = openstack-dev@lists.openstack.org +home-page = http://docs.openstack.org/developer/openstack-ansible-os_octavia/ +classifier = + Intended Audience :: Developers + Intended Audience :: System Administrators + License :: OSI Approved :: Apache Software License + Operating System :: POSIX :: Linux + +[build_sphinx] +all_files = 1 +build-dir = doc/build +source-dir = doc/source + +[pbr] +warnerrors = True + +[wheel] +universal = 1 diff --git a/setup.py b/setup.py new file mode 100644 index 00000000..782bb21f --- /dev/null +++ b/setup.py @@ -0,0 +1,29 @@ +# Copyright (c) 2013 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT +import setuptools + +# In python < 2.7.4, a lazy loading of package `pbr` will break +# setuptools if some other modules registered functions in `atexit`. +# solution from: http://bugs.python.org/issue15881#msg170215 +try: + import multiprocessing # noqa +except ImportError: + pass + +setuptools.setup( + setup_requires=['pbr>=1.8'], + pbr=True) diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 00000000..651bcb5c --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Fail if our required secrets are not present + fail: + msg: "Please set the {{ item }} variable prior to applying this role." + when: (item is undefined) or (item is none) + with_items: "{{ octavia_required_secrets }}" + tags: + - always + +- include: octavia_pre_install.yml + tags: + - octavia-install + +- include: octavia_install.yml + tags: + - octavia-install + +- include: octavia_init_common.yml + tags: + - octavia-install + +- include: octavia_service_add.yml + when: inventory_hostname == groups['octavia_all'][0] + tags: + - octavia-install + +- include: octavia_mgmt_network.yml + when: + - octavia_neutron_management_network_uuid is not defined + - octavia_neutron_management_network_name is defined + tags: + - octavia-install + +- include: octavia_security_group.yml + tags: + - octavia-install + +- include: octavia_flavor_create.yml + when: + - octavia_nova_flavor_uuid is not defined + tags: + - octavia-install + +- include: octavia_post_install.yml + tags: + - octavia-install + - octavia-config + +- include: octavia_db_setup.yml + when: inventory_hostname == groups['octavia_all'][0] + tags: + - octavia-install + + +- name: Flush handlers + meta: flush_handlers diff --git a/tasks/octavia_db_setup.yml b/tasks/octavia_db_setup.yml new file mode 100644 index 00000000..4551926e --- /dev/null +++ b/tasks/octavia_db_setup.yml @@ -0,0 +1,29 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Update is offline +- name: Stop octavia services + service: + name: "{{ item.value.service_name }}" + state: "stopped" + with_dict: "{{ octavia_services }}" + +- name: Perform a octavia DB sync + command: "{{ octavia_bin }}/octavia-db-manage upgrade head" + become: yes + become_user: "{{ octavia_system_user_name }}" + changed_when: false + notify: Start octavia services + diff --git a/tasks/octavia_flavor_create.yml b/tasks/octavia_flavor_create.yml new file mode 100644 index 00000000..24311948 --- /dev/null +++ b/tasks/octavia_flavor_create.yml @@ -0,0 +1,66 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install shade + pip: + name: shade + state: "{{ octavia_pip_package_state }}" + extra_args: "{{ pip_install_options | default('') }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + +- name: Create Octavia Flavor + os_nova_flavor: + auth: + auth_url: "{{ keystone_service_adminurl }}" + username: "{{ octavia_service_user_name }}" + password: "{{ octavia_service_password }}" + project_name: "{{ octavia_service_project_name }}" + user_domain_name: "{{ octavia_service_user_domain_id }}" + project_domain_name: "{{ octavia_service_project_domain_id }}" + endpoint_type: "{{ octavia_ansible_endpoint_type }}" + state: present + name: "{{ octavia_amp_flavor_name}}" + ram: "{{ octavia_amp_ram }}" + vcpus: "{{ octavia_amp_vcpu }}" + disk: "{{ octavia_amp_disk }}" + is_public: False + ignore_errors: yes # that module is buggy? + when: + - octavia_nova_flavor_uuid is not defined + + +- name: Gather Octavia Flavor Id + os_flavor_facts: + auth: + auth_url: "{{ keystone_service_adminurl }}" + username: "{{ octavia_service_user_name }}" + password: "{{ octavia_service_password }}" + project_name: "{{ octavia_service_project_name }}" + user_domain_name: "{{ octavia_service_user_domain_id }}" + project_domain_name: "{{ octavia_service_project_domain_id }}" + endpoint_type: "{{ octavia_ansible_endpoint_type }}" + name: "{{ octavia_amp_flavor_name}}" + ignore_errors: yes + when: + - octavia_nova_flavor_uuid is not defined + +- name: Set Octavia Flavor UUID fact 1 + set_fact: + octavia_nova_flavor_uuid: "{{ openstack_flavors[0].id }}" + when: + - openstack_flavors | length > 0 \ No newline at end of file diff --git a/tasks/octavia_init_common.yml b/tasks/octavia_init_common.yml new file mode 100644 index 00000000..e4dc494d --- /dev/null +++ b/tasks/octavia_init_common.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: octavia_init_systemd.yml + when: + - ansible_service_mgr == 'systemd' + +- name: Load service + service: + name: "{{ item.value.service_name }}" + enabled: "yes" + with_dict: "{{ octavia_services }}" + notify: + - Restart octavia services diff --git a/tasks/octavia_init_systemd.yml b/tasks/octavia_init_systemd.yml new file mode 100644 index 00000000..ef780b8e --- /dev/null +++ b/tasks/octavia_init_systemd.yml @@ -0,0 +1,61 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create TEMP run dir + file: + path: "/var/run/{{ item.value.service_name }}" + state: directory + owner: "{{ octavia_system_user_name }}" + group: "{{ octavia_system_group_name }}" + mode: "02755" + with_dict: "{{ octavia_services }}" + +- name: Create TEMP lock dir + file: + path: "/var/lock/{{ item.value.service_name }}" + state: directory + owner: "{{ octavia_system_user_name }}" + group: "{{ octavia_system_group_name }}" + mode: "02755" + with_dict: "{{ octavia_services }}" + +# TODO(mgariepy): +# Remove this in Pike as it only needed to handle upgrades +# from Newton->Newton and Newton->Ocata +- name: Cleanup old tmpfiles.d entry + file: + path: "/etc/tmpfiles.d/{{ item.value.service_name }}.conf" + state: absent + with_dict: "{{ octavia_services }}" + +- name: Create tmpfiles.d entry + template: + src: "octavia-systemd-tmpfiles.j2" + dest: "/etc/tmpfiles.d/openstack-{{ item.value.service_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + with_dict: "{{ octavia_services }}" + +- name: Place the systemd init script + template: + src: "octavia-systemd-init.j2" + dest: "/etc/systemd/system/{{ item.value.service_name }}.service" + mode: "0644" + owner: "root" + group: "root" + with_dict: "{{ octavia_services }}" + notify: + - Reload systemd daemon diff --git a/tasks/octavia_install.yml b/tasks/octavia_install.yml new file mode 100644 index 00000000..7b161342 --- /dev/null +++ b/tasks/octavia_install.yml @@ -0,0 +1,109 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: octavia_install_apt.yml + static: no + when: + - ansible_pkg_mgr == 'apt' + +- include: octavia_install_yum.yml + static: no + when: + - ansible_pkg_mgr == 'yum' + +- name: Create developer mode constraint file + copy: + dest: "/opt/developer-pip-constraints.txt" + content: | + {% for item in octavia_developer_constraints %} + {{ item }} + {% endfor %} + when: octavia_developer_mode | bool + +- name: Install required pip packages + pip: + name: "{{ octavia_requires_pip_packages }}" + state: "{{ octavia_pip_package_state }}" + extra_args: >- + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} + {{ pip_install_options | default('') }} + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + +- name: Attempt venv download + get_url: + url: "{{ octavia_venv_download_url }}" + dest: "/var/cache/{{ octavia_venv_download_url | basename }}" + checksum: "sha1:{{ lookup('url', octavia_venv_download_url | replace('tgz', 'checksum')) }}" + register: octavia_get_venv + when: not octavia_developer_mode | bool + +- name: Remove existing venv + file: + path: "{{ octavia_bin | dirname }}" + state: absent + when: octavia_get_venv | changed + +- name: Create octavia venv dir + file: + path: "{{ octavia_bin | dirname }}" + state: directory + mode: "0755" + register: octavia_venv_dir + +- name: Unarchive pre-built venv + unarchive: + src: "/var/cache/{{ octavia_venv_download_url | basename }}" + dest: "{{ octavia_bin | dirname }}" + copy: "no" + when: + - not octavia_developer_mode | bool + - octavia_get_venv | changed or octavia_venv_dir | changed + notify: Restart octavia services + +- name: Install pip packages + pip: + name: "{{ octavia_pip_packages }}" + state: "{{ octavia_pip_package_state }}" + virtualenv: "{{ octavia_bin | dirname }}" + virtualenv_site_packages: "no" + extra_args: >- + {{ octavia_developer_mode | ternary('--constraint /opt/developer-pip-constraints.txt', '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} + {{ pip_install_options | default('') }} + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + when: octavia_developer_mode | bool + notify: Restart octavia services + +- name: CentOS remove python from path first + file: + path: "{{ octavia_bin | dirname }}/bin/python2.7" + state: "absent" + when: + - ansible_pkg_mgr == 'yum' + - not octavia_developer_mode | bool + - octavia_get_venv | changed or octavia_venv_dir | changed + +- name: Update virtualenv path + command: > + virtualenv-tools --update-path=auto --reinitialize {{ octavia_bin | dirname }} + when: + - not octavia_developer_mode | bool + - octavia_get_venv | changed or octavia_venv_dir | changed diff --git a/tasks/octavia_install_apt.yml b/tasks/octavia_install_apt.yml new file mode 100644 index 00000000..469d5a95 --- /dev/null +++ b/tasks/octavia_install_apt.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: "{{ octavia_package_state }}" + update_cache: yes + cache_valid_time: "{{ cache_timeout }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: "{{ octavia_distro_packages }}" diff --git a/tasks/octavia_install_yum.yml b/tasks/octavia_install_yum.yml new file mode 100644 index 00000000..2d86bc88 --- /dev/null +++ b/tasks/octavia_install_yum.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install yum packages + yum: + pkg: "{{ item }}" + state: "{{ octavia_package_state }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: "{{ octavia_distro_packages }}" + diff --git a/tasks/octavia_mgmt_network.yml b/tasks/octavia_mgmt_network.yml new file mode 100644 index 00000000..1b289163 --- /dev/null +++ b/tasks/octavia_mgmt_network.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install shade + pip: + name: shade + state: "{{ octavia_pip_package_state }}" + extra_args: "{{ pip_install_options | default('') }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + +- name: Get neutron network + os_networks_facts: + auth: + auth_url: "{{ keystone_service_adminurl }}" + username: "{{ octavia_service_user_name }}" + password: "{{ octavia_service_password }}" + project_name: "{{ octavia_service_project_name }}" + user_domain_name: "{{ octavia_service_user_domain_id }}" + project_domain_name: "{{ octavia_service_project_domain_id }}" + endpoint_type: "{{ octavia_ansible_endpoint_type }}" + region_name: "{{ octavia_service_region }}" + validate_certs: "{{ keystone_service_adminuri_insecure }}" + auth_type: "{{ octavia_keystone_auth_plugin }}" + name: "{{ octavia_neutron_management_network_name }}" + +- name: Set provisioning UUID fact + set_fact: + octavia_neutron_management_network_uuid: "{{ openstack_networks[0].id }}" + when: + - octavia_neutron_management_network_uuid is not defined + - octavia_neutron_management_network_name is defined diff --git a/tasks/octavia_post_install.yml b/tasks/octavia_post_install.yml new file mode 100644 index 00000000..68a85972 --- /dev/null +++ b/tasks/octavia_post_install.yml @@ -0,0 +1,64 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create certs directory + file: path=/etc/octavia/certs/ state=directory + +- name: Copy certificates + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ octavia_system_user_name }}" + group: "{{ octavia_system_group_name }}" + mode: "0640" + with_items: + - src: "{{ octavia_client_ca }}" + dest: "/etc/octavia/certs/client_ca.pem" + - src: "{{ octavia_client_cert }}" + dest: "/etc/octavia/certs/client.pem" + - src: "{{ octavia_server_ca }}" + dest: "/etc/octavia/certs/server_ca.pem" + - src: "{{ octavia_ca_certificate }}" + dest: "/etc/octavia/certs/ca.pem" + - src: "{{ octavia_ca_private_key }}" + dest: "/etc/octavia/certs/ca_key.pem" + +- name: Drop octavia Config(s) + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ octavia_system_user_name }}" + group: "{{ octavia_system_group_name }}" + mode: "0640" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "octavia.conf.j2" + dest: "/etc/octavia/octavia.conf" + config_overrides: "{{ octavia_octavia_conf_overrides }}" + config_type: "ini" +# - src: "api-paste.ini.j2" +# dest: "/etc/octavia/api-paste.ini" +# config_overrides: "{{ octavia_api_paste_ini_overrides }}" +# config_type: "ini" +# - src: "policy.json.j2" +# dest: "/etc/octavia/policy.json" +# config_overrides: "{{ octavia_policy_overrides }}" +# config_type: "json" + notify: + - Restart octavia services + + + diff --git a/tasks/octavia_pre_install.yml b/tasks/octavia_pre_install.yml new file mode 100644 index 00000000..89381ea1 --- /dev/null +++ b/tasks/octavia_pre_install.yml @@ -0,0 +1,71 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create the system group + group: + name: "{{ octavia_system_group_name }}" + state: "present" + system: "yes" + +- name: Create the octavia system user + user: + name: "{{ octavia_system_user_name }}" + group: "{{ octavia_system_group_name }}" + comment: "{{ octavia_system_comment }}" + shell: "{{ octavia_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ octavia_system_home_folder }}" + +- name: Create octavia dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(octavia_system_user_name) }}" + group: "{{ item.group|default(octavia_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/openstack", owner: "root", group: "root" } + - { path: "/openstack/venvs", owner: "root", group: "root" } + - { path: "/etc/octavia" } + - { path: "/etc/octavia/environment.d" } + - { path: "/etc/octavia/templates" } + - { path: "/var/cache/octavia", mode: "0700" } + - { path: "{{ octavia_system_home_folder }}" } + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/octavia" ]; then + chown -h {{ octavia_system_user_name }}:{{ octavia_system_group_name }} "/var/log/octavia" + chown -R {{ octavia_system_user_name }}:{{ octavia_system_group_name }} "$(readlink /var/log/octavia)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + +- name: Create octavia log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(octavia_system_user_name) }}" + group: "{{ item.group|default(octavia_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/octavia" } + when: log_dir.rc != 0 + + diff --git a/tasks/octavia_security_group.yml b/tasks/octavia_security_group.yml new file mode 100644 index 00000000..115243c0 --- /dev/null +++ b/tasks/octavia_security_group.yml @@ -0,0 +1,92 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install shade + pip: + name: shade + state: "{{ octavia_pip_package_state }}" + extra_args: "{{ pip_install_options | default('') }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + +- name: Create Octavia security group + os_security_group: + auth: + auth_url: "{{ keystone_service_adminurl }}" + username: "{{ octavia_service_user_name }}" + password: "{{ octavia_service_password }}" + project_name: "{{ octavia_service_project_name }}" + user_domain_name: "{{ octavia_service_user_domain_id }}" + project_domain_name: "{{ octavia_service_project_domain_id }}" + endpoint_type: "{{ octavia_ansible_endpoint_type }}" + state: present + name: "{{ octavia_security_group_name }}" + description: "security group for octavia amphora" + run_once: true + +- name: Create security group rule for agent + os_security_group_rule: + auth: + auth_url: "{{ keystone_service_adminurl }}" + username: "{{ octavia_service_user_name }}" + password: "{{ octavia_service_password }}" + project_name: "{{ octavia_service_project_name }}" + user_domain_name: "{{ octavia_service_user_domain_id }}" + project_domain_name: "{{ octavia_service_project_domain_id }}" + endpoint_type: "{{ octavia_ansible_endpoint_type }}" + protocol: "tcp" + port_range_min: "{{ octavia_agent_port }}" + port_range_max: "{{ octavia_agent_port }}" + remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}" + security_group: "{{ octavia_security_group_name }}" + run_once: true + +- name: Create security group rule for ssh + os_security_group_rule: + auth: + auth_url: "{{ keystone_service_adminurl }}" + username: "{{ octavia_service_user_name }}" + password: "{{ octavia_service_password }}" + project_name: "{{ octavia_service_project_name }}" + user_domain_name: "{{ octavia_service_user_domain_id }}" + project_domain_name: "{{ octavia_service_project_domain_id }}" + endpoint_type: "{{ octavia_ansible_endpoint_type }}" + security_group: "{{ octavia_security_group_name }}" + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}" + run_once: true + when: + - octavia_ssh_enabled|bool == true +- name: Create security group rule for icmp + os_security_group_rule: + auth: + auth_url: "{{ keystone_service_adminurl }}" + username: "{{ octavia_service_user_name }}" + password: "{{ octavia_service_password }}" + project_name: "{{ octavia_service_project_name }}" + user_domain_name: "{{ octavia_service_user_domain_id }}" + project_domain_name: "{{ octavia_service_project_domain_id }}" + endpoint_type: "{{ octavia_ansible_endpoint_type }}" + security_group: "{{ octavia_security_group_name }}" + protocol: icmp + remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}" + run_once: true + when: + - debug|bool == true + diff --git a/tasks/octavia_service_add.yml b/tasks/octavia_service_add.yml new file mode 100644 index 00000000..6eac6924 --- /dev/null +++ b/tasks/octavia_service_add.yml @@ -0,0 +1,92 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create a service +- name: Ensure octavia service + keystone: + command: "ensure_service" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + service_name: "{{ octavia_service_name }}" + service_type: "{{ octavia_service_type }}" + description: "{{ octavia_service_description }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + +# Create an admin user +- name: Ensure octavia user + keystone: + command: "ensure_user" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ octavia_service_user_name }}" + tenant_name: "{{ octavia_service_project_name }}" + password: "{{ octavia_service_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not octavia_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + +# Add a role to the user +- name: Ensure octavia user to admin role + keystone: + command: "ensure_user_role" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ octavia_service_user_name }}" + tenant_name: "{{ octavia_service_project_name }}" + role_name: "{{ octavia_service_role_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not octavia_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + +# Create an endpoint +- name: Ensure octavia endpoint + keystone: + command: "ensure_endpoint" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + region_name: "{{ octavia_service_region }}" + service_name: "{{ octavia_service_name }}" + service_type: "{{ octavia_service_type }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_list: +# Versions pre Pike only have an internal endpoint +# - url: "{{ service_publicurl }}" +# interface: "public" + - url: "{{ octavia_service_internalurl }}" + interface: "internal" +# - url: "{{ service_adminurl }}" +# interface: "admin" + register: add_service + until: add_service|success + retries: 5 + delay: 10 diff --git a/templates/octavia-systemd-init.j2 b/templates/octavia-systemd-init.j2 new file mode 100644 index 00000000..724acaac --- /dev/null +++ b/templates/octavia-systemd-init.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +[Unit] +Description=octavia openstack service +After=syslog.target +After=network.target + +[Service] +Type=simple +User={{ octavia_system_user_name }} +Group={{ octavia_system_group_name }} + +{% if program_override is defined %} +ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/octavia/{{ item.value.service_name }}.log +{% else %} +ExecStart={{ octavia_bin }}/{{ item.value.service_name }} {{ program_config_options|default('') }} --log-file=/var/log/octavia/{{ item.value.service_name }}.log +{% endif %} + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 +Restart=on-failure +RestartSec=150 + +[Install] +WantedBy=multi-user.target diff --git a/templates/octavia-systemd-tmpfiles.j2 b/templates/octavia-systemd-tmpfiles.j2 new file mode 100644 index 00000000..5c271a39 --- /dev/null +++ b/templates/octavia-systemd-tmpfiles.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +D /var/lock/{{ item.value.service_name }} 2755 {{ octavia_system_user_name }} {{ octavia_system_group_name }} +D /var/run/{{ item.value.service_name }} 2755 {{ octavia_system_user_name }} {{ octavia_system_group_name }} diff --git a/templates/octavia.conf.j2 b/templates/octavia.conf.j2 new file mode 100644 index 00000000..01a82bca --- /dev/null +++ b/templates/octavia.conf.j2 @@ -0,0 +1,358 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +# verbose = False +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ debug }} +bind_host = 0.0.0.0 +bind_port = {{ octavia_service_port }} +# api_handler = queue_producer +# +# How should authentication be handled (keystone, noauth) +# auth_strategy = noauth +# +# Plugin options are hot_plug_plugin (Hot-pluggable controller plugin) +# +# octavia_plugins = hot_plug_plugin + +# Hostname to be used by the host machine for services running on it. +# The default value is the hostname of the host machine. +# host = + +# AMQP Transport URL +# For Single Host, specify one full transport URL: +# transport_url = rabbit://:@127.0.0.1:5672/ +# For HA, specify queue nodes in cluster, comma delimited: +# transport_url = rabbit://:@server01,:@server02/ + +transport_url = rabbit://{% for host in octavia_rabbitmq_servers.split(',') %}{{ octavia_rabbitmq_userid }}:{{ octavia_rabbitmq_password }}@{{ host }}:{{ octavia_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ octavia_rabbitmq_vhost }}{% endif %}{% endfor %} + +# pre Ocata +[oslo_messaging_rabbit] +rabbit_use_ssl = {{ octavia_rabbitmq_use_ssl }} +rpc_conn_pool_size = {{ octavia_rpc_conn_pool_size }} + +[database] +connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_database }}?charset=utf8 +max_overflow = {{ octavia_db_max_overflow }} +max_pool_size = {{ octavia_db_pool_size }} +pool_timeout = {{ octavia_db_pool_timeout }} + +[health_manager] +bind_ip = 0.0.0.0 +bind_port = {{ octavia_health_manager_port }} +# controller_ip_port_list example: 127.0.0.1:5555, 127.0.0.1:5555 +controller_ip_port_list = {% for host in octavia_hm_hosts.split(',') %}{{ host }}:{{ octavia_health_manager_port }}{% if not loop.last %},{% endif %}{% endfor %} + +# failover_threads = 10 +# status_update_threads = 50 +# heartbeat_interval = 10 +heartbeat_key = {{ octavia_health_hmac_key }} +# heartbeat_timeout = 60 +# health_check_interval = 3 +# sock_rlimit = 0 + +# EventStreamer options are +# queue_event_streamer, +# noop_event_streamer +event_streamer_driver = {% if octavia_event_streamer|bool %}queue_event_streamer{% else %}noop_event_streamer{% endif %} + +[keystone_authtoken] +insecure = {{ keystone_service_internaluri_insecure | bool }} +auth_plugin = {{ octavia_keystone_auth_plugin }} +auth_url = {{ keystone_service_internaluri }}/v3 +auth_uri = {{ keystone_service_internaluri }}/v3 +auth_version = 3 +project_domain_id = {{ octavia_service_project_domain_id }} +user_domain_id = {{ octavia_service_user_domain_id }} +project_name = {{ octavia_service_project_name }} +username = {{ octavia_service_user_name }} +password = {{ octavia_service_password }} +region_name = {{ keystone_service_region }} +auth_type = password +endpoint_type = {{ octavia_clients_endpoint }} +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +[certificates] +# cert_generator = local_cert_generator + +# For local certificate signing (development only): +ca_certificate = /etc/octavia/certs/ca.pem +ca_private_key = /etc/octavia/certs/ca_key.pem +ca_private_key_passphrase = {{ octavia_ca_private_key_passphrase }} +signing_digest = {{ octavia_signing_digest }} +# storage_path = /var/lib/octavia/certificates/ + +# For the TLS management +# Certificate Manager options are local_cert_manager +# barbican_cert_manager +# cert_manager = barbican_cert_manager +# For Barbican authentication (if using any Barbican based cert class) +# barbican_auth = barbican_acl_auth +# +# Region in Identity service catalog to use for communication with the Barbican service. +# region_name = +# +# Endpoint type to use for communication with the Barbican service. +# endpoint_type = publicURL + + +[anchor] +# Use OpenStack anchor to sign the amphora REST API certificates +# url = http://localhost:9999/v1/sign/default +# username = +# password = + +[networking] +# Network to communicate with amphora +lb_network_name = {{ octavia_neutron_management_network_uuid }} +# The maximum attempts to retry an action with the networking service. +# max_retries = 15 +# Seconds to wait before retrying an action with the networking service. +# retry_interval = 1 +# The maximum time to wait, in seconds, for a port to detach from an amphora +# port_detach_timeout = 300 + +[haproxy_amphora] +# base_path = /var/lib/octavia +# base_cert_dir = /var/lib/octavia/certs +# Absolute path to a custom HAProxy template file +# haproxy_template = +# connection_max_retries = 300 +# connection_retry_interval = 5 + +# Maximum number of entries that can fit in the stick table. +# The size supports "k", "m", "g" suffixes. +# haproxy_stick_size = 10k + +# REST Driver specific +# bind_host = 0.0.0.0 +bind_port = {{ octavia_agent_port }} +# +# This setting is only needed with IPv6 link-local addresses (fe80::/64) are +# used for communication between Octavia and its Amphora, if IPv4 or other IPv6 +# addresses are used it can be ignored. +# lb_network_interface = o-hm0 +# +# haproxy_cmd = /usr/sbin/haproxy +# respawn_count = 2 +# respawn_interval = 2 +client_cert = /etc/octavia/certs/client.pem +server_ca = /etc/octavia/certs/server_ca.pem +# +# This setting is deprecated. It is now automatically discovered. +# use_upstart = True +# +# rest_request_conn_timeout = 10 +# rest_request_read_timeout = 60 + +[controller_worker] +# amp_active_retries = 10 +# amp_active_wait_sec = 10 +# Glance parameters to extract image ID to use for amphora. Only one of +# parameters is needed. Using tags is the recommended way to refer to images. +# amp_image_id = +amp_image_tag = {{ octavia_glance_image_tag }} +# Optional owner ID used to restrict glance images to one owner ID. +# This is a recommended security setting. +amp_image_owner_id = {{ octavia_amp_image_owner_id }} +# octavia parameters to use when booting amphora +amp_flavor_id = {{ octavia_nova_flavor_uuid }} +amp_ssh_key_name = {{ octavia_ssh_key_name }} +amp_ssh_access_allowed = {{ octavia_ssh_enabled }} + + +# Networks to attach to the Amphorae examples: +# - One primary network +# - - amp_boot_network_list = 22222222-3333-4444-5555-666666666666 +# - Multiple networks +# - - amp_boot_network_list = 11111111-2222-33333-4444-555555555555, 22222222-3333-4444-5555-666666666666 +# - All networks defined in the list will be attached to each amphora +amp_boot_network_list = {{ octavia_neutron_management_network_uuid }} + +# Takes a single network id that is attached to amphorae on boot +# Deprecated... +# amp_network = + +amp_secgroup_list = {{ octavia_security_group_name }} +client_ca = /etc/octavia/certs/client_ca.pem + +# Amphora driver options are amphora_noop_driver, +# amphora_haproxy_rest_driver +# +amphora_driver = {{ octavia_amphora_driver }} +# +# Compute driver options are compute_noop_driver +# compute_octavia_driver +# +compute_driver = {{ octavia_compute_driver }} +# +# Network driver options are network_noop_driver +# allowed_address_pairs_driver +# +network_driver = {{ octavia_network_driver }} +# +# Certificate Generator options are local_cert_generator +# barbican_cert_generator +# anchor_cert_generator +# cert_generator = local_cert_generator +# +# Load balancer topology options are SINGLE, ACTIVE_STANDBY +loadbalancer_topology = {{ octavia_loadbalancer_topology }} +# user_data_config_drive = False + +[task_flow] +# engine = serial +max_workers = {{ octavia_task_flow_max_workers }} + +[oslo_messaging] +# Queue Consumer Thread Pool Size +rpc_thread_pool_size = {{ octavia_rpc_thread_pool_size }} + +# Topic (i.e. Queue) Name +topic = octavia_prov + +# Topic for octavia's events sent to a queue +event_stream_topic = neutron_lbaas_event + +[house_keeping] +# Interval in seconds to initiate spare amphora checks +# spare_check_interval = 30 +spare_amphora_pool_size = {{ octavia_spare_amphora_pool_size }} + +# Cleanup interval for Deleted amphora +# cleanup_interval = 30 +# Amphora expiry age in seconds. Default is 1 week +# amphora_expiry_age = 604800 + +# Load balancer expiry age in seconds. Default is 1 week +# load_balancer_expiry_age = 604800 + +[amphora_agent] +# agent_server_ca = /etc/octavia/certs/client_ca.pem +# agent_server_cert = /etc/octavia/certs/server.pem +# agent_server_network_dir = /etc/netns/amphora-haproxy/network/interfaces.d/ +# agent_server_network_file = +# agent_request_read_timeout = 120 + +[keepalived_vrrp] +# Amphora Role/Priority advertisement interval in seconds +# vrrp_advert_int = 1 + +# Service health check interval and success/fail count +# vrrp_check_interval = 5 +# vrpp_fail_count = 2 +# vrrp_success_count = 2 + +# Amphora MASTER gratuitous ARP refresh settings +# vrrp_garp_refresh_interval = 5 +# vrrp_garp_refresh_count = 2 + +[service_auth] +# memcached_servers = +# signing_dir = +# cafile = /opt/stack/data/ca-bundle.pem +# project_domain_name = Default +# project_name = admin +# user_domain_name = Default +# password = password +# username = admin +# auth_type = password +# auth_url = http://localhost:5555/ +insecure = {{ keystone_service_internaluri_insecure | bool }} +auth_plugin = {{ octavia_keystone_auth_plugin }} +auth_url = {{ keystone_service_internaluri }}/v3 +auth_uri = {{ keystone_service_internaluri }}/v3 +auth_version = 3 +project_domain_name = {{ octavia_service_project_domain_id }} +user_domain_name = {{ octavia_service_user_domain_id }} +project_name = {{ octavia_service_project_name }} +username = {{ octavia_service_user_name }} +password = {{ octavia_service_password }} +region_name = {{ keystone_service_region }} +auth_type = password +memcached_servers = {{ memcached_servers }} +endpoint_type = {{ octavia_clients_endpoint }} +token_cache_time = 300 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + + +[octavia] +# The name of the octavia service in the keystone catalog +# service_name = +# Custom octavia endpoint if override is necessary +# endpoint = + +# Region in Identity service catalog to use for communication with the +# OpenStack services. +region_name = {{ keystone_service_region }} + +# Endpoint type in Identity service catalog to use for communication with +# the OpenStack services. +endpoint_type = {{ octavia_clients_endpoint }} + +# CA certificates file to verify neutron connections when TLS is enabled +# insecure = False +# ca_certificates_file = + +[nova] +# The name of the nova service in the keystone catalog +# service_name = +# Custom nova endpoint if override is necessary +# endpoint = + +# Region in Identity service catalog to use for communication with the +# OpenStack services. +region_name = {{ keystone_service_region }} + +# Endpoint type in Identity service catalog to use for communication with +# the OpenStack services. +endpoint_type = {{ octavia_clients_endpoint }} + +# CA certificates file to verify neutron connections when TLS is enabled +# insecure = False +# ca_certificates_file = + +[glance] +# The name of the glance service in the keystone catalog +# service_name = +# Custom glance endpoint if override is necessary +# endpoint = + +# Region in Identity service catalog to use for communication with the +# OpenStack services. +region_name = {{ keystone_service_region }} + +# Endpoint type in Identity service catalog to use for communication with +# the OpenStack services. +endpoint_type = {{ octavia_clients_endpoint }} + +# CA certificates file to verify neutron connections when TLS is enabled +# insecure = False +# ca_certificates_file = + +[neutron] +# The name of the neutron service in the keystone catalog +# service_name = +# Custom neutron endpoint if override is necessary +# endpoint = + +# Region in Identity service catalog to use for communication with the +# OpenStack services. +region_name = {{ keystone_service_region }} + +# Endpoint type in Identity service catalog to use for communication with +# the OpenStack services. +endpoint_type = {{ octavia_clients_endpoint }} + +# CA certificates file to verify neutron connections when TLS is enabled +# insecure = False +# ca_certificates_file = diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 00000000..13104624 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,17 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +bashate>=0.2 # Apache-2.0 +flake8<2.6.0,>=2.5.4 # MIT +pyasn1 # BSD +pyOpenSSL>=0.14 # Apache-2.0 +requests!=2.12.2,!=2.13.0,>=2.10.0 # Apache-2.0 +ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD + +# this is required for the docs build jobs +sphinx>=1.5.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0 +openstackdocstheme>=1.5.0 # Apache-2.0 +doc8 # Apache-2.0 +reno>=1.8.0 # Apache-2.0 +sphinxmark>=0.1.14 # Apache-2.0 \ No newline at end of file diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml new file mode 100644 index 00000000..383b9161 --- /dev/null +++ b/tests/ansible-role-requirements.yml @@ -0,0 +1,68 @@ +- name: apt_package_pinning + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + scm: git + version: master +- name: pip_install + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + scm: git + version: master +- name: memcached_server + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + scm: git + version: master +- name: lxc_hosts + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + scm: git + version: master +- name: lxc_container_create + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + scm: git + version: master +- name: galera_client + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + scm: git + version: master +- name: galera_server + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + scm: git + version: master +- name: rabbitmq_server + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + scm: git + version: master +- name: os_keystone + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + scm: git + version: master +- name: openstack_openrc + src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc + scm: git + version: master +- name: openstack_hosts + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + scm: git + version: master +- name: os_swift + src: https://git.openstack.org/openstack/openstack-ansible-os_swift + scm: git + version: master +- name: os_neutron + src: https://git.openstack.org/openstack/openstack-ansible-os_neutron + scm: git + version: master +- name: os_glance + src: https://git.openstack.org/openstack/openstack-ansible-os_glance + scm: git + version: master +- name: os_nova + src: https://git.openstack.org/openstack/openstack-ansible-os_nova + scm: git + version: master +- name: etcd # dependency of os_neutron role + scm: git + src: https://github.com/logan2211/ansible-etcd + version: master +- name: rsyslog_client + src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client + scm: git + version: master \ No newline at end of file diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml new file mode 100644 index 00000000..08c4f7ff --- /dev/null +++ b/tests/group_vars/all_containers.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +container_name: "{{ inventory_hostname }}" +physical_host: localhost +properties: + service_name: "{{ inventory_hostname }}" \ No newline at end of file diff --git a/tests/host_vars/infra1.yml b/tests/host_vars/infra1.yml new file mode 100644 index 00000000..05c9e791 --- /dev/null +++ b/tests/host_vars/infra1.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.101 +ansible_become: True +ansible_user: root +container_networks: + management_address: + address: "{{ ansible_host }}" + bridge: "br-mgmt" + interface: "eth1" + netmask: "255.255.255.0" + type: "veth" diff --git a/tests/host_vars/localhost.yml b/tests/host_vars/localhost.yml new file mode 100644 index 00000000..15c1fca9 --- /dev/null +++ b/tests/host_vars/localhost.yml @@ -0,0 +1,29 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_become: True +neutron_local_ip: 10.1.2.1 +ansible_python_interpreter: "/usr/bin/python2" +bridges: + - name: "br-mgmt" + ip_addr: "10.1.1.1" + veth_peer: "eth14" + - name: "br-vxlan" + ip_addr: "10.1.2.1" + - name: "br-vlan" + ip_addr: "10.1.3.1" + veth_peer: "eth12" + - name: "br-storage" + ip_addr: "10.1.5.1" diff --git a/tests/host_vars/octavia1.yml b/tests/host_vars/octavia1.yml new file mode 100644 index 00000000..4392f62e --- /dev/null +++ b/tests/host_vars/octavia1.yml @@ -0,0 +1,27 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.104 +ansible_become: True +ansible_user: root +ipmi_address: 10.1.4.104 +container_name: "{{ inventory_hostname }}" +container_networks: + management_address: + address: "{{ ansible_host }}" + bridge: "br-mgmt" + interface: "eth1" + netmask: "255.255.255.0" + type: "veth" diff --git a/tests/host_vars/openstack1.yml b/tests/host_vars/openstack1.yml new file mode 100644 index 00000000..b8e0ae19 --- /dev/null +++ b/tests/host_vars/openstack1.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.102 +ansible_become: True +ansible_user: root +tunnel_address: 10.1.2.102 +neutron_local_ip: 10.1.2.102 +storage_address: 10.1.5.102 +container_name: "{{ inventory_hostname }}" +container_networks: + management_address: + address: "{{ ansible_host }}" + bridge: "br-mgmt" + interface: "eth1" + netmask: "255.255.255.0" + type: "veth" + tunnel_address: + address: "{{ tunnel_address }}" + bridge: "br-vxlan" + interface: "eth2" + netmask: "255.255.255.0" + type: "veth" + storage_address: + address: "{{ storage_address }}" + bridge: "br-storage" + interface: "eth3" + netmask: "255.255.255.0" + type: "veth" + flat_address: + bridge: "br-vlan" + interface: "eth12" + netmask: null + type: veth diff --git a/tests/host_vars/swift-storage1.yml b/tests/host_vars/swift-storage1.yml new file mode 100644 index 00000000..65a2cc9c --- /dev/null +++ b/tests/host_vars/swift-storage1.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.103 +storage_address: 10.1.5.103 +ansible_user: root +ansible_become: True +container_networks: + management_address: + address: "{{ ansible_host }}" + bridge: "br-mgmt" + interface: "eth1" + netmask: "255.255.255.0" + type: "veth" + storage_address: + address: "{{ storage_address }}" + bridge: "br-storage" + interface: "eth3" + netmask: "255.255.255.0" + type: "veth" diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 00000000..cdd10ea5 --- /dev/null +++ b/tests/inventory @@ -0,0 +1,151 @@ +[all] +localhost +infra1 +openstack1 +swift-storage1 +octavia1 + +[all_containers] +infra1 +openstack1 +swift-storage1 +octavia1 + +[rabbitmq_all] +infra1 + +[galera_all] +infra1 + +[memcached_all] +infra1 + +[service_all:children] +rabbitmq_all +galera_all +memcached_all + +[octavia_all:children] +octavia-api +octavia-worker +octavia-housekeeping +octavia-health-manager + +[octavia-api] +octavia1 + +[octavia-worker] +octavia1 + +[octavia-housekeeping] +octavia1 + +[octavia-health-manager] +octavia1 + +[keystone_all] +openstack1 + +[glance_api] +openstack1 + +[glance_registry] +openstack1 + +[glance_all:children] +glance_api +glance_registry + +[neutron_agent] +openstack1 + +[neutron_dhcp_agent] +openstack1 + +[neutron_linuxbridge_agent] +openstack1 +localhost + +[neutron_openvswitch_agent] + +[neutron_metering_agent] +openstack1 + +[neutron_l3_agent] +openstack1 + +[neutron_metadata_agent] +openstack1 + +[neutron_server] +openstack1 + +[neutron_all:children] +neutron_agent +neutron_dhcp_agent +neutron_linuxbridge_agent +neutron_openvswitch_agent +neutron_metering_agent +neutron_l3_agent +neutron_metadata_agent +neutron_server + +[nova_api_metadata] +openstack1 + +[nova_api_os_compute] +openstack1 + +[nova_api_placement] +openstack1 + +[nova_cert] +openstack1 + +[nova_compute] +localhost + +[nova_conductor] +openstack1 + +[nova_console] +openstack1 + +[nova_scheduler] +openstack1 + +[nova_all:children] +nova_api_metadata +nova_api_os_compute +nova_api_placement +nova_cert +nova_compute +nova_conductor +nova_console +nova_scheduler + +[swift_hosts] +swift-storage1 + +[swift_proxy] +openstack1 + +[swift_acc] +swift-storage1 + +[swift_cont] +swift-storage1 + +[swift_obj] +swift-storage1 + +[swift_all:children] +swift_acc +swift_proxy +swift_cont +swift_obj + +[swift_remote_all] + +[utility_all] +infra1 \ No newline at end of file diff --git a/tests/os_octavia-overrides.yml b/tests/os_octavia-overrides.yml new file mode 100644 index 00000000..52492566 --- /dev/null +++ b/tests/os_octavia-overrides.yml @@ -0,0 +1,129 @@ +--- +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## Octavia rewuires currently nested virtualization (VT-X) which only one jenkins +## gate cloud provides reliabley. To cut down on gate errors this will +## disbale the tests which spin up an amphora +test_octavia_amphora: False + +test_octavia_api_group: "{{ ((groups['octavia_api'] is defined) and (groups['octavia_api'] | length > 0)) | ternary('octavia_api', 'all_containers') }}" +test_octavia_api_host: "{{ hostvars[groups[test_octavia_api_group][0]]['ansible_host'] }}" + +## octavia User / Group +octavia_system_user_name: octavia +octavia_system_group_name: octavia +octavia_system_shell: /bin/false +octavia_system_comment: octavia system user +octavia_system_home_folder: "/var/lib/{{ octavia_system_user_name }}" + +# Octavia specific settings +octavia_venv_tag: "testing" +octavia_developer_mode: True +octavia_git_install_branch: master +octavia_service_internaluri: "http://{{ test_octavia_api_host }}:9876" +octavia_service_internalurl: "{{ octavia_service_internaluri }}" +octavia_service_password: "secrete" +octavia_service_name: octavia +octavia_service_project_name: "service" +octavia_galera_address: "{{ test_galera_host }}" +octavia_galera_database: octavia +octavia_galera_user: octavia +octavia_container_mysql_password: "secrete" +octavia_rabbitmq_password: "{{ rabbitmq_password }}" +octavia_rabbitmq_userid: octavia +octavia_rabbitmq_vhost: /octavia +octavia_rabbitmq_servers: "{{ rabbitmq_servers }}" +octavia_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +octavia_rabbitmq_port: "{{ rabbitmq_port }}" +octavia_standalone: False +octavia_swift_temp_url_secret_key: secrete +octavia_keystone_auth_plugin: password +octavia_service_project_domain_id: default +octavia_service_user_domain_id: default +octavia_service_user_name: "octavia" +octavia_ansible_endpoint_type: "internal" + + +octavia_health_hmac_key: secrete + +test_swift_storage_network: "eth3" +test_swift_repl_network: "eth3" +glance_file_store: swift +test_swift_repl_number: 2 +nova_console_type: novnc + +neutron_provider_networks: + network_types: "vxlan,flat" + network_vxlan_ranges: "1:1000" + network_flat_networks: "flat,mgmt" + network_mappings: "flat:eth12,mgmt:eth14" + +# Must be set to a normal MTU +neutron_network_device_mtu: 1500 +neutron_l2_population: True +neutron_dhcp_config: + dhcp-option-force: "26,1500" + log-facility: "/var/log/neutron/neutron-dnsmasq.log" +neutron_l3: True +neutron_metadata: True + +octavia_pip_package_state: latest +octavia_package_state: latest +octavia_neutron_management_network_name: mgmt + +octavia_git_install_branch: stable/ocata + +octavia_ssh_enabled: True + +octavia_amphora_driver: "{% if test_octavia_amphora | bool %}amphora_haproxy_rest_driver{% else %}amphora_noop_driver{% endif %}" +octavia_compute_driver: "{% if test_octavia_amphora | bool %}compute_nova_driver{% else %}compute_noop_driver{% endif %}" +octavia_network_driver: "{% if test_octavia_amphora | bool %}allowed_address_pairs_driver{% else %}network_noop_driver{% endif %}" + +#Neutron mappings +neutron_plugin_base: + - router + - metering + - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 + +neutron_lbaasv2_service_provider: LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default + +neutron_rpc_conn_pool_size: | + 30 + [octavia] + base_url= http://{{ hostvars['octavia1']['ansible_host'] }}:9876 + request_poll_timeout = 500 + + # if we have Barbican + [certificates] + + # Certificate Manager plugin. Defaults to barbican. (string value) + cert_manager_type = barbican + + # Name of the Barbican authentication method to use (string value) + #barbican_auth = barbican_acl_auth + + [service_auth] + insecure = {{ keystone_service_internaluri_insecure | bool }} + auth_plugin = password + # this needs to have a v3 added manually :-( + auth_url = "http://{{ test_keystone_host }}:5000/v3" + admin_project_domain = default + admin_user_domain = default + admin_tenant_name = service + admin_user = neutron + admin_password = secrete + region = RegionOne + endpoint_type = internalURL + service_name = neutron + auth_version = 3 diff --git a/tests/test-configure-octavia.yml b/tests/test-configure-octavia.yml new file mode 100644 index 00000000..371840e5 --- /dev/null +++ b/tests/test-configure-octavia.yml @@ -0,0 +1,102 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Setup localhost requirements + hosts: localhost + become: True + gather_facts: True + tasks: + - name: Install apt packages + apt: + pkg: "{{ item }}" + state: "{{ octavia_package_state }}" + update_cache: yes + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - qemu + - uuid-runtime + - curl + - kpartx + - git + - name: Install pip requirements + pip: + name: "{{ item }}" + state: "{{ octavia_pip_package_state }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - argparse + - "Babel>=1.3" + - dib-utils + - PyYAML + - name: Clone Octavia + git: + repo: "https://git.openstack.org/openstack/octavia" + dest: "{{ octavia_system_home_folder }}/octavia" + version: "{{ octavia_git_install_branch }}" + - name: Clone Diskimage-Builder + git: + repo: "https://git.openstack.org/openstack/diskimage-builder" + dest: "{{ octavia_system_home_folder }}/diskimage-builder" + - name: Create amphora image + shell: "./diskimage-create.sh -o {{ octavia_system_home_folder }}/amphora-x64-haproxy.qcow2" + args: + chdir: "{{ octavia_system_home_folder }}/octavia/diskimage-create" + creates: "{{ octavia_system_home_folder }}/amphora-x64-haproxy.qcow2" + when: test_octavia_amphora | bool + - name: Change permission + file: + path: "{{ octavia_system_home_folder }}/octavia/bin/create_certificates.sh" + mode: 0755 + - name: Generate certs + shell: "{{ octavia_system_home_folder }}/octavia/bin/create_certificates.sh {{ octavia_system_home_folder }}/certs {{ octavia_system_home_folder }}/octavia/etc/certificates/openssl.cnf" + args: + creates: "{{ octavia_system_home_folder }}/certs/ca_01.pem" + - name: Fix certs/private directory access + file: + path: "{{ octavia_system_home_folder }}/certs/private" + mode: 0755 + - name: Install pip requirements + pip: + name: "python-neutronclient" + state: "{{ octavia_pip_package_state }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + - name: Create mgmt network + neutron: + command: create_network + openrc_path: /root/openrc + net_name: "{{ octavia_neutron_management_network_name }}" + provider_network_type: flat + provider_physical_network: mgmt + insecure: "{{ keystone_service_internaluri_insecure }}" + - name: Ensure mgmt subnet exists + neutron: + command: create_subnet + openrc_path: /root/openrc + net_name: "{{ octavia_neutron_management_network_name }}" + subnet_name: "mgmt-subnet" + cidr: "10.1.1.0/24" + insecure: "{{ keystone_service_internaluri_insecure }}" + + vars_files: + - common/test-vars.yml diff --git a/tests/test-install-octavia.yml b/tests/test-install-octavia.yml new file mode 100644 index 00000000..81c03b93 --- /dev/null +++ b/tests/test-install-octavia.yml @@ -0,0 +1,29 @@ +--- +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for installing Octavia + hosts: octavia_all + remote_user: root + gather_facts: true + pre_tasks: + - include: common/ensure-rabbitmq.yml + vhost_name: "{{ octavia_rabbitmq_vhost }}" + user_name: "{{ octavia_rabbitmq_userid }}" + user_password: "{{ octavia_rabbitmq_password }}" + - include: common/create-grant-db.yml + db_name: "{{ octavia_galera_database }}" + db_password: "{{ octavia_container_mysql_password }}" + roles: + - role: "{{ octavia_rolename | default('os_octavia') }}" + vars_files: + - common/test-vars.yml diff --git a/tests/test-octavia.yml b/tests/test-octavia.yml new file mode 100644 index 00000000..a356131a --- /dev/null +++ b/tests/test-octavia.yml @@ -0,0 +1,121 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Test Octavia + hosts: localhost + user: root + gather_facts: false + vars: + env: + OS_ENDPOINT_TYPE: internalURL + OS_INTERFACE: internalURL + OS_USERNAME: admin + OS_PASSWORD: "{{ keystone_auth_admin_password }}" + OS_PROJECT_NAME: admin + OS_TENANT_NAME: admin + OS_AUTH_URL: "http://{{ test_keystone_host }}:5000/v3" + OS_NO_CACHE: 1 + OS_USER_DOMAIN_NAME: Default + OS_PROJECT_DOMAIN_NAME: Default + OS_REGION_NAME: RegionOne + tasks: + - name: Install pip requirements + pip: + name: "{{ item }}" + state: "{{ octavia_pip_package_state }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "python-neutronclient" + - "python-glanceclient" + - "shade" + + - name: Ensure public network exists + neutron: + command: create_network + openrc_path: /root/openrc + net_name: "public" + provider_network_type: "flat" + provider_physical_network: "flat" + router_external: True + insecure: "{{ keystone_service_internaluri_insecure }}" + - name: Ensure public subnet exists + neutron: + command: create_subnet + openrc_path: /root/openrc + net_name: "public" + subnet_name: "public-subnet" + cidr: "10.1.3.0/24" + insecure: "{{ keystone_service_internaluri_insecure }}" + - name: Upload image to glance + shell: >- + glance image-create --name amphora-x64-haproxy --visibility private --disk-format qcow2 \ + --container-format bare --tags octavia-amphora-image <{{ octavia_system_home_folder }}/amphora-x64-haproxy.qcow2 \ + && touch {{ octavia_system_home_folder }}/image + args: + creates: "{{ octavia_system_home_folder }}/image" + environment: env + when: test_octavia_amphora | bool + - name: Create ssh-key + shell: > + cat /dev/zero | ssh-keygen -q -N "" + args: + creates: /root/.ssh/id_rsa.pub + - name: Upload key to nova + os_keypair: + auth: + auth_url: "{{ keystone_service_adminurl }}" + username: "{{ octavia_service_user_name }}" + password: "{{ octavia_service_password }}" + project_name: "{{ octavia_service_project_name }}" + user_domain_name: "{{ octavia_service_user_domain_id }}" + project_domain_name: "{{ octavia_service_project_domain_id }}" + endpoint_type: "{{ octavia_ansible_endpoint_type }}" + state: present + name: "octavia_key" + public_key_file: "/root/.ssh/id_rsa.pub" + run_once: true + + - name: Create a loadbalancer + shell: > + neutron lbaas-loadbalancer-create --name test-lb public-subnet + environment: env + - name: Wait until LB is up + shell: > + neutron lbaas-loadbalancer-show test-lb | grep ONLINE + environment: env + register: lb_up + until: lb_up|success + retries: 100 + delay: 5 + - name: Create a listener + shell: > + neutron lbaas-listener-create --loadbalancer test-lb --protocol HTTP --protocol-port 80 --name listener + environment: env + - name: Curl the Listener + shell: > + curl -s -o /dev/null -w "%{http_code}" http://`neutron lbaas-loadbalancer-show test-lb | awk '/ vip_address / {print $4}'` + environment: env + register: http_status_code + when: test_octavia_amphora | bool + - name: Check that we got 503 + assert: + that: + - "'503' in http_status_code.stdout" + when: test_octavia_amphora | bool + vars_files: + - common/test-vars.yml diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 00000000..6e60689e --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Setup the host +- include: common/test-setup-host.yml + +# Install RabbitMQ/MariaDB +- include: common/test-install-infra.yml + +# Install Keystone +- include: common/test-install-keystone.yml + +# Install Swift +- include: common/test-install-swift.yml + +# Install Glance +- include: common/test-install-glance.yml + +# Install Neutron +- include: common/test-install-neutron.yml + +# Install Nova +- include: common/test-install-nova.yml + +# Install Octavia +- include: test-configure-octavia.yml +- include: test-install-octavia.yml + +# Test +- include: test-octavia.yml + diff --git a/tox.ini b/tox.ini new file mode 100644 index 00000000..f1a11f58 --- /dev/null +++ b/tox.ini @@ -0,0 +1,120 @@ +[tox] +minversion = 2.0 +skipsdist = True +envlist = docs,linters,functional + + +[testenv] +usedevelop = True +install_command = + pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages} +deps = + -r{toxinidir}/test-requirements.txt +commands = + /usr/bin/find . -type f -name "*.pyc" -delete +passenv = + HOME + http_proxy + HTTP_PROXY + https_proxy + HTTPS_PROXY + no_proxy + NO_PROXY +whitelist_externals = + bash +setenv = + PYTHONUNBUFFERED=1 + ROLE_NAME=os_octavia + TEST_IDEMPOTENCE=false + VIRTUAL_ENV={envdir} + WORKING_DIR={toxinidir} + + +[testenv:docs] +commands= + bash -c "rm -rf doc/build" + doc8 doc + python setup.py build_sphinx + + +[doc8] +# Settings for doc8: +extensions = .rst + + +[testenv:releasenotes] +commands = + sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html + + +# environment used by the -infra templated docs job +[testenv:venv] +commands = + {posargs} + + +[testenv:tests_clone] +commands = + bash -c "if [ ! -d "{toxinidir}/tests/common" ]; then \ + git clone https://git.openstack.org/openstack/openstack-ansible-tests {toxinidir}/tests/common; \ + fi" + + +[testenv:pep8] +commands = + {[testenv:tests_clone]commands} + bash -c "{toxinidir}/tests/common/test-pep8.sh" + + +[flake8] +# Ignores the following rules due to how ansible modules work in general +# F403 'from ansible.module_utils.basic import *' used; +# unable to detect undefined names +ignore=F403 + + +[testenv:bashate] +commands = + {[testenv:tests_clone]commands} + bash -c "{toxinidir}/tests/common/test-bashate.sh" + + +[testenv:ansible] +deps = + {[testenv]deps} + -rhttp://git.openstack.org/cgit/openstack/openstack-ansible-tests/plain/test-ansible-deps.txt + + +[testenv:ansible-syntax] +deps = + {[testenv:ansible]deps} +commands = + {[testenv:tests_clone]commands} + bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh" + + +[testenv:ansible-lint] +deps = + {[testenv:ansible]deps} +commands = + {[testenv:tests_clone]commands} + bash -c "{toxinidir}/tests/common/test-ansible-lint.sh" + + +[testenv:functional] +deps = + {[testenv:ansible]deps} +commands = + {[testenv:tests_clone]commands} + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" + + +[testenv:linters] +deps = + {[testenv:ansible]deps} +commands = + {[testenv:pep8]commands} + {[testenv:bashate]commands} + {[testenv:ansible-lint]commands} + {[testenv:ansible-syntax]commands} + {[testenv:docs]commands} diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 00000000..34b06547 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,12 @@ +--- +# vars file for openstack-ansible-os_octavia + +octavia_services: + octavia_api: + service_name: octavia-api + octavia_worker: + service_name: octavia-worker + octavia_health_manager: + service_name: octavia-health-manager + octavia_housekeeping: + service_name: octavia-housekeeping \ No newline at end of file diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml new file mode 100644 index 00000000..3722f355 --- /dev/null +++ b/vars/redhat-7.yml @@ -0,0 +1,18 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +octavia_distro_packages: + - haproxy + diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml new file mode 100644 index 00000000..75f6a628 --- /dev/null +++ b/vars/ubuntu-16.04.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +octavia_distro_packages: + - haproxy