openstack/openstack-ansible-os_skyline
Code Issues Proposed changes

Update skyline

Browse Source 
This change updates the skyline role to work with the default nginx setup.

Signed-off-by: Kevin Carter <kevin@cloudnull.com>
This commit is contained in:
Kevin Carter 2022-09-08 19:35:30 -05:00
parent 82b1f5a5e6
commit b800433ab5
21 changed files with 198 additions and 429 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
defaults/main.yml
View File

@ -12,6 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
skyline_debug: false
# Set installation method
skyline_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}"
@ -27,6 +29,10 @@ skyline_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_
skyline_git_repo: https://opendev.org/openstack/skyline-apiserver
skyline_git_install_branch: master
skyline_console_git_repo: https://opendev.org/openstack/skyline-console
skyline_console_git_install_branch: master
skyline_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"
skyline_git_constraints: []
# - "--constraint {{ skyline_upper_constraints_url }}"
@ -36,6 +42,7 @@ skyline_pip_install_args: "{{ pip_install_options | default('') }}"
# Name of the virtual env to deploy into
skyline_venv_tag: "{{ venv_tag | default('untagged') }}"
skyline_bin: "/openstack/venvs/skyline-{{ skyline_venv_tag }}/bin"
skyline_lib_static_files: "{{ skyline_lib_dir }}/skyline_console/static"
## Database info
skyline_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
@ -43,7 +50,7 @@ skyline_db_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter |
skyline_galera_address: "{{ galera_address | default('127.0.0.1') }}"
skyline_galera_database: skyline
skyline_galera_user: skyline
skyline_galera_password: skyline #FIXME!
skyline_galera_password: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
skyline_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
skyline_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
skyline_galera_port: "{{ galera_port | default('3306') }}"
@ -61,7 +68,7 @@ skyline_system_user_home: "/var/lib/{{ skyline_system_user_name }}"
## Service user
skyline_service_user_name: skyline
skyline_service_password: skyline #FIXME!
skyline_service_password: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
skyline_service_project_name: service
skyline_service_project_domain_id: default
skyline_service_user_domain_id: default
@ -71,38 +78,20 @@ skyline_role_name: admin
# API
skyline_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
skyline_service_port: 9999
# Apache
skyline_listen_ports:
http: "80"
https: "443"
skyline_static_files_dir: /var/www/html/
skyline_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
skyline_enable_ssl: false
skyline_external_ssl: "{{ (openstack_external_ssl | default(False)) | bool }}"
skyline_server_name: "{{ ansible_facts['fqdn'] | default('horizon') }}"
skyline_log_level: info
# It's combined log format without datetime, since it's already present in journald
skyline_apache_custom_log_format: '"%h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""'
# Set this to the header that your device sets when doing ssl termination
# Note (odyssey4me):
# This variable is actually badly named, as it applies
# settings which have nothing to do with SSL.
skyline_secure_proxy_ssl_header: "X-Forwarded-Proto"
skyline_apache_servertokens: "Prod"
skyline_apache_serversignature: "Off"
skyline_prometheus_basic_auth_password: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
skyline_prometheus_basic_auth_user: 'skyline'
skyline_secret_key: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
skyline_interface: internal
# Common pip packages
skyline_pip_packages:
- "git+{{ skyline_git_repo }}@{{ skyline_git_install_branch }}#egg=skyline"
- gunicorn
- "git+{{ skyline_git_repo }}@{{ skyline_git_install_branch }}#egg=skyline-apiserver"
- "git+{{ skyline_console_git_repo }}@{{ skyline_console_git_install_branch }}#egg=skyline-console"
## Service Name-Group Mapping
skyline_services:
skyline-api:
group: skyline
group: skyline_all
service_name: skyline-apiserver
init_config_overrides: "{{ skyline_apiserver_init_overrides }}"
start_order: 1

29
files/alembic.ini
View File

@ -1,29 +0,0 @@
# A generic, single database configuration.
[alembic]
# path to migration scripts
script_location = skyline_apiserver.db:alembic
# template used to generate migration files
# file_template = %%(rev)s_%%(slug)s
# timezone to use when rendering the date
# within the migration file as well as the filename.
# string value is passed to dateutil.tz.gettz()
# leave blank for localtime
# timezone =
# max length of characters to apply to the
# "slug" field
# truncate_slug_length = 40
# set to 'true' to run the environment during
# the 'revision' command, regardless of autogenerate
# revision_environment = false
# set to 'true' to allow .pyc and .pyo files without
# a source .py file to be detected as revisions in the
# versions/ directory
# sourceless = false
# version location specification; this defaults
# to alembic/versions. When using multiple version
# directories, initial revisions must be specified with --version-path
# version_locations = %(here)s/bar %(here)s/bat alembic/versions
# the output encoding used when revision files
# are written from script.py.mako
# output_encoding = utf-8
sqlalchemy.url =

1
files/skyline_env_d.yml
View File

@ -19,4 +19,3 @@ physical_skel:
skyline_hosts:
belongs_to:
- hosts

3
files/skyline_secrets.yml Normal file
View File

@ -0,0 +1,3 @@
skyline_prometheus_basic_auth_password: secrete
skyline_service_password: secrete
skyline_galera_password: secrete

6
handlers/main.yml
View File

@ -20,7 +20,7 @@
enabled: yes
state: "stopped"
daemon_reload: yes
with_items: "{{ filtered_skyline_services }}"
loop: "{{ filtered_skyline_services }}"
register: _stop
until: _stop is success
retries: 5
@ -35,7 +35,7 @@
enabled: yes
state: "started"
daemon_reload: yes
with_items: "{{ filtered_skyline_services }}"
loop: "{{ filtered_skyline_services }}"
register: _start
until: _start is success
retries: 5
@ -44,7 +44,7 @@
- "Restart skyline services"
- "venv changed"
- name: Restart apache2
- name: Restart web server
service:
name: "{{ skyline_system_service_name }}"
enabled: yes

10
tasks/main.yml
View File

@ -89,15 +89,5 @@
tags:
- always
- import_tasks: skyline_apache.yml
tags:
- skyline-config
- skyline-apache
- name: Install skyline console
import_tasks: skyline_console_{{ skyline_console_install_method }}.yml
tags:
- skyline-console
- name: Flush handlers
meta: flush_handlers

82
tasks/skyline_apache.yml
View File

@ -1,82 +0,0 @@
---
# Copyright 2022, BBC R&D
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Enable apache2 modules
apache2_module:
name: "{{ item.name }}"
state: "{{ item.state }}"
identifier: "{{ item.identifier | default(omit) }}"
ignore_configcheck: yes
with_items:
- "{{ skyline_apache_modules }}"
when:
- ansible_facts['pkg_mgr'] == 'apt'
notify: Restart apache2
- name: Drop apache2 configs
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner | default(skyline_system_user_name) }}"
group: "{{ item.group | default(skyline_system_group_name) }}"
with_items: "{{ skyline_apache_configs }}"
notify: Restart apache2
- name: Disable default apache site
file:
path: "{{ item }}"
state: "absent"
with_items: "{{ skyline_apache_default_sites }}"
notify: Restart apache2
- name: Enable Horizon Site
file:
src: "{{ skyline_apache_site_available }}"
dest: "{{ skyline_apache_site_enabled }}"
state: "link"
when:
- skyline_apache_site_available is defined
- skyline_apache_site_enabled is defined
notify: Restart apache2
- name: Ensure Apache ServerName
lineinfile:
dest: "{{ skyline_apache_conf }}"
line: "ServerName {{ skyline_server_name }}"
notify: Restart apache2
- name: Ensure Apache ServerTokens
lineinfile:
dest: "{{ skyline_apache_security_conf }}"
regexp: '^ServerTokens'
line: "ServerTokens {{ skyline_apache_servertokens }}"
notify: Restart apache2
- name: Ensure Apache ServerSignature
lineinfile:
dest: "{{ skyline_apache_security_conf }}"
regexp: '^ServerSignature'
line: "ServerSignature {{ skyline_apache_serversignature }}"
notify: Restart apache2
# Removing the Listen (or listen.conf inclusion) from apache config to prevent
# conflicts with ports.conf on CentOS and openSUSE
- name: Remove Listen from Apache config
lineinfile:
dest: "{{ skyline_apache_security_conf }}"
regexp: '^(Listen.*)'
backrefs: yes
line: '#\1'
notify: Restart apache2

69
tasks/skyline_console_npm.yml
View File

@ -1,69 +0,0 @@
---
# Copyright 2022, BBC R&D.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install nvm
ansible.builtin.shell: >
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash
args:
executable: /bin/bash
chdir: "$HOME"
creates: "$HOME/.nvm/nvm.sh"
- name: Setup .profile
ansible.builtin.lineinfile:
path: ~/.profile
line: source ~/.nvm/nvm.sh # This will make sure Node is on the user's PATH
create: yes
- name: Install node
ansible.builtin.shell: "{{ '/bin/bash -ic ' ~ '\"nvm install --lts=' ~ item ~ '\"' }}"
args:
chdir: "$HOME"
creates: "$HOME/.nvm/versions/node/{{ item }}"
register: _node_install
changed_when: "'already installed' not in _node_install.stderr"
loop:
- "erbium"
- name: Clone skyline git repo
git:
repo: https://opendev.org/openstack/skyline-console.git
dest: /opt/skyline-console
force: yes
- name: Install yarn node.js package.
community.general.npm:
name: yarn
path: "/opt/skyline-console"
- name: Install packges with yarn
ansible.builtin.shell: "{{ '/bin/bash -ic ' ~ '\"node_modules/yarn/bin/yarn install\"' }}"
args:
chdir: "/opt/skyline-console"
- name: Install build application with yarn
ansible.builtin.shell: "{{ '/bin/bash -ic ' ~ '\"node_modules/yarn/bin/yarn run build\"' }}"
args:
chdir: "/opt/skyline-console"
- name: Copy the static content to /var/www
copy:
src: "/opt/skyline-console/skyline_console/static"
dest: "{{ skyline_static_files_dir }}"
remote_src: true
owner: "{{ skyline_system_user_name }}"
group: www-data
mode: 0755

33
tasks/skyline_console_pip.yml
View File

@ -1,33 +0,0 @@
---
# Copyright 2022, BBC R&D.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE(jrosser)
#
# No attempt yet to install skyline-console from source, sykline-apiserver
# currently brings in skyline-console as a dependancy from pypi so none
# of the nodejs/npm/yarn build is done yet with this ansible role
# NOTE(jrosser) Feels pretty bad to point the webroot into the python venv
# to get the content from skyline-console, so copy it
#
#
- name: Copy the static content to /var/www
copy:
src: "/openstack/venvs/skyline-{{ skyline_venv_tag }}/lib/python{{ ansible_python['version']['major'] }}.{{ ansible_python['version']['minor'] }}/site-packages/skyline_console/static"
dest: "{{ skyline_static_files_dir }}"
remote_src: true
owner: "{{ skyline_system_user_name }}"
group: www-data
mode: 0755

4
tasks/skyline_db_sync.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Perform a skyline DB sync
command: "{{ skyline_bin }}/alembic -c /etc/skyline/alembic.ini upgrade head"
become: yes
command: "{{ skyline_bin }}/alembic -c {{ skyline_lib_dir }}/skyline_apiserver/db/alembic/alembic.ini upgrade head"
become: true
become_user: "{{ skyline_system_user_name }}"
changed_when: false

19
tasks/skyline_install.yml
View File

@ -13,11 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Refresh local facts to ensure the skyline section is present
setup:
filter: ansible_local
gather_subset: "!all"
- name: Install distro packages
package:
name: "{{ skyline_package_list }}"
@ -49,18 +44,6 @@
option: "venv_tag"
value: "{{ skyline_venv_tag }}"
- name: Record the need for a service restart
ini_file:
dest: "/etc/ansible/facts.d/openstack_ansible.fact"
section: "skyline"
option: "need_service_restart"
value: true
when: (install_packages is changed) or
('need_service_restart' not in ansible_local['openstack_ansible']['skyline'])
- debug: var=skyline_services
- debug: var=filtered_skyline_services
- name: Run the systemd service role
include_role:
name: systemd_service
@ -81,7 +64,7 @@
execstarts: "{{ service_var.execstarts }}"
execreloads: "{{ service_var.execreloads | default([]) }}"
config_overrides: "{{ service_var.init_config_overrides }}"
with_items: "{{ filtered_skyline_services }}"
loop: "{{ filtered_skyline_services }}"
loop_control:
loop_var: service_var
tags:

49
tasks/skyline_post_install.yml
View File

@ -13,26 +13,29 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Define skyline_lib_dir when it's not set
when: skyline_lib_dir is not defined
block:
- name: Find the venv's python version
command: >-
{{ skyline_bin }}/{{ skyline_venv_python_executable }} -c 'import skyline_apiserver; print(skyline_apiserver.__file__)'
changed_when: false
register: _skyline_python_venv_details
- name: Set python lib dir fact
set_fact:
skyline_lib_dir: "{{ _skyline_python_venv_details.stdout | dirname | dirname }}"
- name: Create gunicorn config
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
src: "gunicorn.py.j2"
dest: "/etc/skyline/gunicorn.py"
owner: "root"
group: "{{ item.group|default(skyline_system_group_name) }}"
mode: "0640"
with_items:
- src: "gunicorn.py.j2"
dest: "/etc/skyline/gunicorn.py"
notify:
- Restart skyline services
- name: Copy alembic config
copy:
src: alembic.ini
dest: /etc/skyline/alembic.ini
group: "{{ skyline_system_group_name }}"
owner: "{{ skyline_system_group_name }}"
- name: Create skyline configs
openstack.config_template.config_template:
src: "{{ item.src }}"
@ -42,10 +45,30 @@
mode: "0640"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
loop:
- src: "skyline.yaml.j2"
dest: "/etc/skyline/skyline.yaml"
config_overrides: "{{ skyline_skyline_yaml_overrides }}"
config_type: "yaml"
notify:
- Restart skyline services
- name: Get OpenStack endpoints
command: >-
openstack --os-cloud default endpoint list --format yaml --interface {{ skyline_interface }}
delegate_to: "{{ skyline_service_setup_host }}"
register: _endpoint_list
- name: Set endpoint fact
set_fact:
openstack_service_endpoints: "{{ _endpoint_list.stdout | from_yaml }}"
- name: Create nginx config
template:
src: "nginx.conf.j2"
dest: "/etc/nginx/sites-enabled/skyline.conf"
owner: "root"
group: "root"
mode: "0644"
notify:
- Restart skyline services

2
tasks/skyline_pre_install.yml
View File

@ -38,7 +38,7 @@
owner: "{{ item.owner|default(skyline_system_user_name) }}"
group: "{{ item.group|default(skyline_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
loop:
- path: "/openstack"
mode: "0755"
owner: "root"

50
templates/gunicorn.py.j2
View File

@ -1,4 +1,19 @@
# Copyright 2022 Cloudnull
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import multiprocessing
bind = "unix:/var/lib/skyline/skyline.sock"
workers = (1 + multiprocessing.cpu_count()) // 2
worker_class = "uvicorn.workers.UvicornWorker"
@ -6,4 +21,37 @@ timeout = 3600
keepalive = 5
reuse_port = True
proc_name = "skyline"
log_level = "debug"
logconfig_dict = {
"version": 1,
"disable_existing_loggers": False,
"root": {"level": "DEBUG", "handlers": ["console"]},
"loggers": {
"gunicorn.error": {
"level": "DEBUG",
"handlers": ["console"],
"propagate": 0,
"qualname": "gunicorn_error",
},
"gunicorn.access": {
"level": "DEBUG",
"handlers": ["console"],
"propagate": 0,
"qualname": "access",
},
},
"handlers": {
"console": {
"class": "logging.StreamHandler",
"level": "DEBUG",
"formatter": "generic",
},
},
"formatters": {
"generic": {
"format": "%(asctime)s.%(msecs)03d %(process)d %(levelname)s [-] %(message)s",
"datefmt": "[%Y-%m-%d %H:%M:%S %z]",
"class": "logging.Formatter",
}
},
}

6
templates/horizon_apache_ports.conf.j2
View File

@ -1,6 +0,0 @@
# {{ ansible_managed }}
# We place a blank file here
# Listen commands happen inside the individual VHost files
# This allows for multiple services VHosts to exist without
# overwriting Listen lines.

52
templates/nginx.conf.j2 Normal file
View File

@ -0,0 +1,52 @@
upstream skyline {
server unix:/var/lib/skyline/skyline.sock fail_timeout=0;
}
server {
listen {{ skyline_bind_address }}:{{ skyline_service_port }};
root {{ skyline_lib_static_files }};
# Add index.php to the list if you are using PHP
index index.html;
server_name _;
error_page 497 http://$http_host$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
expires 1d;
add_header Cache-Control "public";
}
location /api/openstack/skyline/ {
proxy_pass http://skyline/;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% for endpoint in openstack_service_endpoints %}
{% set _region = endpoint["Region"] | lower %}
{% set _type = (endpoint["Service Type"] | lower) %}
{% set _url = endpoint["URL"] | urlsplit %}
{% if _type in skyline_service_mapping %}
{% set _service = skyline_service_mapping[_type] %}
location /api/openstack/{{ _region }}/{{ _service }}/ {
proxy_pass {{ _url.scheme }}://{{ _url.hostname }}:{{ _url.port }}/;
proxy_redirect {{ _url.scheme }}://{{ _url.hostname }}:{{ _url.port }}/ /api/openstack/{{ _region }}/{{ _service }}/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% endfor %}
}

81
templates/openstack_skyline_dashboard.conf.j2
View File

@ -1,81 +0,0 @@
# {{ ansible_managed }}
{% for skyline_listen_port in skyline_listen_ports.values() %}
Listen {{ skyline_bind_address }}:{{ skyline_listen_port }}
{% endfor %}
# If skyline is being served via SSL from this web server,
# then we must redirect HTTP requests to HTTPS.
{% if (skyline_enable_ssl | bool) and not (skyline_external_ssl | bool) %}
<VirtualHost {{ skyline_bind_address }}:{{ skyline_listen_ports.http }}>
ServerName {{ skyline_server_name }}
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
{% endif %}
# If skyline is being served via SSL via a load balancer, we
# need to listen via HTTP on this web server. If SSL is not
# enabled, then the same applies.
<VirtualHost {{ skyline_bind_address }}:{{ ((skyline_enable_ssl | bool) and not (skyline_external_ssl | bool)) | ternary(skyline_listen_ports.https, skyline_listen_ports.http) }}>
ServerName {{ skyline_server_name }}
LogLevel {{ skyline_log_level }}
ErrorLog syslog:daemon
CustomLog "|/usr/bin/env logger -p daemon.info -t {{ skyline_system_service_name }}" {{ skyline_apache_custom_log_format }}
Options +FollowSymLinks
{% if (skyline_enable_ssl | bool) and not (skyline_external_ssl | bool) %}
SSLEngine on
SSLCertificateFile {{ skyline_ssl_cert }}
SSLCertificateKeyFile {{ skyline_ssl_key }}
{% if skyline_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ skyline_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol {{ skyline_ssl_protocol }}
SSLHonorCipherOrder On
{% if skyline_ssl_cipher_suite_tls12 != "" -%}
SSLCipherSuite {{ skyline_ssl_cipher_suite_tls12 }}
{% endif -%}
{% if skyline_ssl_cipher_suite_tls13 != "" -%}
SSLCipherSuite TLSv1.3 {{ skyline_ssl_cipher_suite_tls13 }}
{% endif -%}
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
{% endif %}
{% if (skyline_enable_ssl | bool) and (skyline_external_ssl | bool) %}
RequestHeader set {{ skyline_secure_proxy_ssl_header }} "https"
{% elif not (skyline_enable_ssl | bool) and (skyline_external_ssl | bool) %}
RequestHeader set {{ skyline_secure_proxy_ssl_header }} "http"
{% endif %}
SSLProxyEngine on
SSLProxyCheckPeerName off
DocumentRoot /var/www/html/static
ProxyPass /api/openstack/skyline/ unix:////var/lib/skyline/skyline.sock|http://127.0.1.1/
ProxyPassReverse / unix:///run/gunicorn_site0.sock|http://127.0.1.1/
# OMG! Fixme - feels like this should all be handled at haproxy
#ProxyPass /api/openstack/regionone/neutron/ https://172.29.236.101:9696/
#ProxyPassReverse https://172.29.236.101:9696/ /api/openstack/regionone/neutron/
#ProxyPass /api/openstack/regionone/keystone/ https://172.29.236.101:5000/
#ProxyPassReverse https://172.29.236.101:5000/ /api/openstack/regionone/keystone/
#ProxyPass /api/openstack/regionone/placement/ https://172.29.236.101:8780/
#ProxyPassReverse https://172.29.236.101:8780/ /api/openstack/regionone/placement/
#ProxyPass /api/openstack/regionone/glance/ https://172.29.236.101:9292/
#ProxyPassReverse https://172.29.236.101:9292/ /api/openstack/regionone/glance/
#ProxyPass /api/openstack/regionone/nova/ https://172.29.236.101:8774/
#ProxyPassReverse https://172.29.236.101:8774/ /api/openstack/regionone/nova/
#ProxyPass /api/openstack/regionone/cinder/ https://172.29.236.101:8776/
#ProxyPassReverse https://172.29.236.101:8776/ /api/openstack/regionone/cinder/
#ProxyPass /api/openstack/regionone/heat/ https://172.29.236.101:8776/
#ProxyPassReverse https://172.29.236.101:8776/ /api/openstack/regionone/cinder/
</VirtualHost>

30
templates/skyline.yaml.j2
View File

@ -3,12 +3,16 @@ default:
access_token_renew: 1800
cors_allow_origins: []
database_url: mysql://{{ skyline_galera_user }}:{{ skyline_galera_password }}@{{ skyline_galera_address }}/{{ skyline_galera_database }}
debug: false
debug: {{ skyline_debug }}
log_dir: /var/log/skyline
secret_key: aCtmgbcUqYUy_HNVg5BDXCaeJgJQzHJXwqbXr0Nmb2o
prometheus_basic_auth_password: "{{ skyline_prometheus_basic_auth_password }}"
prometheus_basic_auth_user: "{{ skyline_prometheus_basic_auth_user }}"
prometheus_enable_basic_auth: false
prometheus_endpoint: http://localhost:9091
secret_key: {{ skyline_secret_key }}
session_name: session
developer:
show_raw_sql: false
show_raw_sql: {{ skyline_debug }}
openstack:
base_domains:
- heat_user_domain
@ -59,24 +63,18 @@ openstack:
- octavia_project_reader
default_region: RegionOne
extension_mapping:
floating-ip-port-forwarding: neutron_port_forwarding
fwaas_v2: neutron_firewall
qos: neutron_qos
vpnaas: neutron_vpn
interface_type: public
interface_type: {{ skyline_interface }}
keystone_url: {{ keystone_service_internalurl }}
nginx_prefix: /api/openstack
reclaim_instance_interval: 604800
service_mapping:
baremetal: ironic
compute: nova
database: trove
identity: keystone
image: glance
load-balancer: octavia
network: neutron
object-store: swift
orchestration: heat
placement: placement
volumev3: cinder
service_mapping: {{ skyline_service_mapping }}
sso_enabled: false
sso_protocols:
- openid
system_admin_roles:
- admin
- system_admin

6
templates/skyline_apache_ports.conf.j2
View File

@ -1,6 +0,0 @@
# {{ ansible_managed }}
# We place a blank file here
# Listen commands happen inside the individual VHost files
# This allows for multiple services VHosts to exist without
# overwriting Listen lines.

26
vars/debian.yml
View File

@ -20,28 +20,8 @@ cache_timeout: 600
# Common apt packages
skyline_distro_packages:
- git
- apache2
- nginx
skyline_system_service_name: nginx
skyline_devel_distro_packages: []
skyline_apache_conf: "/etc/apache2/apache2.conf"
skyline_apache_security_conf: "/etc/apache2/conf-available/security.conf"
skyline_apache_site_available: "/etc/apache2/sites-available/openstack-skyline-dashboard.conf"
skyline_apache_site_enabled: "/etc/apache2/sites-enabled/openstack-skyline-dashboard.conf"
skyline_apache_configs:
- { src: "skyline_apache_ports.conf.j2", dest: "/etc/apache2/ports.conf", owner: "root", group: "root" }
- { src: "openstack_skyline_dashboard.conf.j2", dest: "{{ skyline_apache_site_available }}", owner: "root", group: "root" }
skyline_apache_default_sites:
- "/etc/apache2/sites-enabled/000-default.conf"
- "/etc/apache2/conf-enabled/other-vhosts-access-log.conf"
skyline_system_service_name: apache2
skyline_apache_modules:
- name: "proxy"
state: "present"
- name: "proxy_http"
state: "present"

26
vars/main.yml
View File

@ -23,17 +23,27 @@ skyline_package_list: |-
# Compile a list of the services on a host based on whether
# the host is in the host group and the service is enabled.
# The service list is provided in the defined start order.
filtered_skyline_services: |-
{% set services = [] %}
{% for key, value in skyline_services.items() %}
{% if (value['group'] in group_names) and
(('condition' not in value) or
('condition' in value and value['condition'])) and
not ('wsgi_app' in value and value['wsgi_app']) %}
{% set _ = value.update({'service_key': key}) %}
{% set _ = services.append(value) %}
{% endif %}
{% set _ = value.update({'service_key': key}) %}
{% set _ = services.append(value) %}
{% endfor %}
{{ services | sort(attribute='start_order') }}
skyline_service_mapping:
baremetal: ironic
compute: nova
container: zun
container-infra: magnum
database: trove
identity: keystone
image: glance
key-manager: barbican
load-balancer: octavia
network: neutron
object-store: swift
orchestration: heat
placement: placement
sharev2: manilav2
volumev3: cinder