Initial commit for zaqar ansible role
This commit is contained in:
commit
141383b19e
|
@ -0,0 +1,85 @@
|
|||
OpenStack Zaqar
|
||||
################
|
||||
:tags: openstack, zaqar, cloud, ansible
|
||||
:category: \*nix
|
||||
|
||||
contributor guidelines
|
||||
^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Filing Bugs
|
||||
-----------
|
||||
|
||||
Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible"
|
||||
|
||||
|
||||
When submitting a bug, or working on a bug, please ensure the following criteria are met:
|
||||
* The description clearly states or describes the original problem or root cause of the problem.
|
||||
* Include historical information on how the problem was identified.
|
||||
* Any relevant logs are included.
|
||||
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
|
||||
* Steps to reproduce the problem if possible.
|
||||
|
||||
|
||||
Submitting Code
|
||||
---------------
|
||||
|
||||
Changes to the project should be submitted for review via the Gerrit tool, following
|
||||
the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow"
|
||||
|
||||
Pull requests submitted through GitHub will be ignored and closed without regard.
|
||||
|
||||
|
||||
Extra
|
||||
-----
|
||||
|
||||
Tags:
|
||||
If it's a bug that needs fixing in a branch in addition to Master, add a '\<release\>-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete.
|
||||
|
||||
Status:
|
||||
Please leave this alone, it should be New till someone triages the issue.
|
||||
|
||||
Importance:
|
||||
Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures.
|
||||
|
||||
|
||||
Style guide
|
||||
-----------
|
||||
|
||||
When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format.
|
||||
|
||||
Example YAML dictionary format:
|
||||
.. code-block:: yaml
|
||||
|
||||
- name: The name of the tasks
|
||||
module_name:
|
||||
thing1: "some-stuff"
|
||||
thing2: "some-other-stuff"
|
||||
tags:
|
||||
- some-tag
|
||||
- some-other-tag
|
||||
|
||||
|
||||
Example **NOT** in YAML dictionary format:
|
||||
.. code-block:: yaml
|
||||
|
||||
- name: The name of the tasks
|
||||
module_name: thing1="some-stuff" thing2="some-other-stuff"
|
||||
tags:
|
||||
- some-tag
|
||||
- some-other-tag
|
||||
|
||||
|
||||
Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module.
|
||||
|
||||
|
||||
Issues
|
||||
------
|
||||
|
||||
When submitting an issue, or working on an issue please ensure the following criteria are met:
|
||||
* The description clearly states or describes the original problem or root cause of the problem.
|
||||
* Include historical information on how the problem was identified.
|
||||
* Any relevant logs are included.
|
||||
* If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR).
|
||||
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
|
||||
* If the issue is needed for a hotfix release, add the 'expedite' label.
|
||||
* Steps to reproduce the problem if possible.
|
|
@ -0,0 +1,202 @@
|
|||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "{}"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright {yyyy} {name of copyright owner}
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
|
||||
# Ansible Role: OpenStack Ansible Zaqar 0.1
|
||||
|
||||
|
||||
An Ansible Role to deploy OpenStack Zaqar on Ubuntu LTS
|
||||
|
||||
This is an unofficial prototype for an independant role for use with the
|
||||
[OpenStack Ansible](http://governance.openstack.org/reference/projects/openstackansible.html)
|
||||
project. See also the project page on the
|
||||
[OpenStack Wiki](https://wiki.openstack.org/wiki/OpenStackAnsible) and the project
|
||||
[repository on Github](https://github.com/openstack/openstack-ansible).
|
||||
|
||||
## License
|
||||
|
||||
Apache 2.0
|
|
@ -0,0 +1,152 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
## Verbosity Options
|
||||
debug: False
|
||||
verbose: True
|
||||
|
||||
## APT Cache options
|
||||
cache_timeout: 600
|
||||
|
||||
# Name of the virtual env to deploy into
|
||||
zaqar_venv_tag: untagged
|
||||
zaqar_venv_bin: "/openstack/venvs/zaqar-{{ zaqar_venv_tag }}/bin"
|
||||
|
||||
# Set this to enable or disable installing in a venv
|
||||
zaqar_venv_enabled: true
|
||||
|
||||
# The bin path defaults to the venv path however if installation in a
|
||||
# venv is disabled the bin path will be dynamically set based on the
|
||||
# system path used when the installing.
|
||||
zaqar_bin: "{{ zaqar_venv_bin }}"
|
||||
|
||||
zaqar_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/zaqar.tgz
|
||||
|
||||
zaqar_git_repo: https://github.com/openstack/zaqar
|
||||
zaqar_git_install_branch: master
|
||||
|
||||
zaqar_standalone_mode: false
|
||||
zaqar_developer_constraints:
|
||||
- "git+{{ zaqar_git_repo }}@{{ zaqar_git_install_branch }}#egg=zaqar"
|
||||
|
||||
## System info
|
||||
zaqar_system_user_name: zaqar
|
||||
zaqar_system_group_name: zaqar
|
||||
zaqar_system_shell: /bin/false
|
||||
zaqar_system_comment: zaqar system user
|
||||
zaqar_system_user_home: "/var/lib/{{ zaqar_system_user_name }}"
|
||||
|
||||
## Service API info
|
||||
zaqar_api_bind_address: 0.0.0.0
|
||||
zaqar_api_bind_port: 8888
|
||||
zaqar_service_proto: http
|
||||
zaqar_api_program_name: zaqar-server
|
||||
zaqar_service_region: RegionOne
|
||||
zaqar_service_name: zaqar
|
||||
zaqar_service_type: messaging
|
||||
zaqar_service_description: "Zaqar messaging service"
|
||||
zaqar_service_role_name: admin
|
||||
zaqar_service_user_name: zaqar
|
||||
zaqar_service_user_password: passw0rd
|
||||
zaqar_service_tenant_name: service
|
||||
zaqar_service_project_name: service
|
||||
zaqar_service_project_domain_id: default
|
||||
zaqar_service_user_domain_id: default
|
||||
zaqar_service_registry_proto: "{{ zaqar_service_proto }}"
|
||||
zaqar_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(zaqar_service_proto) }}"
|
||||
zaqar_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(zaqar_service_proto) }}"
|
||||
zaqar_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(zaqar_service_proto) }}"
|
||||
zaqar_service_publicuri: "{{ zaqar_service_publicuri_proto }}://{{ zaqar_api_bind_address }}:{{ zaqar_api_bind_port }}"
|
||||
zaqar_service_publicurl: "{{ zaqar_service_publicuri }}"
|
||||
zaqar_service_internaluri: "{{ zaqar_service_internaluri_proto }}://{{ zaqar_api_bind_address }}:{{ zaqar_api_bind_port }}"
|
||||
zaqar_service_internalurl: "{{ zaqar_service_internaluri }}"
|
||||
zaqar_service_adminuri: "{{ zaqar_service_adminuri_proto }}://{{ zaqar_api_bind_address }}:{{ zaqar_api_bind_port }}"
|
||||
zaqar_service_adminurl: "{{ zaqar_service_adminuri }}"
|
||||
zaqar_service_cafile_path: /opt/stack/data/ca-bundle.pem
|
||||
zaqar_keystone_auth_plugin: password
|
||||
|
||||
## Apache setup
|
||||
zaqar_install_apache: false
|
||||
zaqar_apache_log_level: debug
|
||||
zaqar_wsgi_threads: 5
|
||||
zaqar_wsgi_processes: "{{ ansible_processor_vcpus | default (1) * 2 }}"
|
||||
|
||||
## Nginx setup
|
||||
zaqar_install_nginx: false
|
||||
|
||||
## Management DB info
|
||||
zaqar_mgmt_database_user: zaqar
|
||||
zaqar_mgmt_database_password: password
|
||||
zaqar_mgmt_database_name: zaqar
|
||||
zaqar_mgmt_db_type: mysql+pymysql
|
||||
zaqar_mgmt_db_address: "{{ inventory_hostname }}"
|
||||
zaqar_mgmt_db_port: 27017
|
||||
zaqar_mgmt_db_options: "?charset=utf8"
|
||||
zaqar_mgmt_db_connection_string: "{{ zaqar_mgmt_db_type }}://{{ zaqar_mgmt_database_user }}:{{ zaqar_mgmt_database_password }}@{{ zaqar_mgmt_db_address }}:{{ zaqar_mgmt_db_port }}/{{ zaqar_mgmt_database_name }}{{ zaqar_mgmt_db_options }}"
|
||||
|
||||
## Message DB info
|
||||
zaqar_message_database_user: zaqar
|
||||
zaqar_message_database_password: password
|
||||
zaqar_message_db_type: mongodb
|
||||
zaqar_message_db_address: localhost
|
||||
zaqar_message_db_port: 27017
|
||||
zaqar_message_db_connection_string: "{{ zaqar_message_db_type }}://{{ zaqar_message_database_user }}:{{ zaqar_message_database_password }}@{{ zaqar_message_db_address }}:{{ zaqar_message_db_port }}"
|
||||
|
||||
## Token Cache
|
||||
zaqar_memcached_servers: "{{ memcached_servers }}"
|
||||
zaqar_memcache_security_strategy: ENCRYPT
|
||||
|
||||
## Zaqar config
|
||||
zaqar_enable_pooling: true
|
||||
zaqar_secret_key: notreallysecret
|
||||
zaqar_enable_notification: false
|
||||
zaqar_unreliable: true
|
||||
|
||||
# Common apt packages
|
||||
zaqar_apt_packages:
|
||||
- gcc
|
||||
- libxml2-dev
|
||||
- libxslt1-dev
|
||||
- python-dev
|
||||
- zlib1g-dev
|
||||
- apache2
|
||||
- nginx
|
||||
- libapache2-mod-wsgi
|
||||
|
||||
# zaqar packages that must be installed before anything else
|
||||
zaqar_requires_pip_packages:
|
||||
- virtualenv
|
||||
- virtualenv-tools
|
||||
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
|
||||
|
||||
# Common pip packages
|
||||
zaqar_pip_packages:
|
||||
- zaqar
|
||||
- python-zaqarclient
|
||||
- PyMySQL
|
||||
- python-memcached
|
||||
- keystonemiddleware
|
||||
- pymongo
|
||||
- uwsgi
|
||||
|
||||
## Tunable overrides
|
||||
zaqar_zaqar_conf_overrides: {}
|
||||
|
||||
## Hacking Keystone related vars
|
||||
keystone_service_adminuri_insecure: true
|
||||
keystone_auth_admin_token: ADMIN
|
||||
keystone_service_adminurl: http://192.168.33.12:35357/v3
|
||||
keystone_service_adminuri: http://192.168.33.12:35357
|
||||
keystone_service_internaluri: http://192.168.33.12:5000
|
|
@ -0,0 +1,49 @@
|
|||
[loggers]
|
||||
keys=root,server,combined
|
||||
|
||||
[formatters]
|
||||
keys=normal,normal_with_name,debug
|
||||
|
||||
[handlers]
|
||||
keys=production,file,devel
|
||||
|
||||
[logger_root]
|
||||
level=NOTSET
|
||||
handlers=devel
|
||||
|
||||
[logger_server]
|
||||
level=DEBUG
|
||||
handlers=devel
|
||||
qualname=zaqar-server
|
||||
|
||||
[logger_combined]
|
||||
level=DEBUG
|
||||
handlers=devel
|
||||
qualname=zaqar-combined
|
||||
|
||||
[handler_production]
|
||||
class=handlers.SysLogHandler
|
||||
level=ERROR
|
||||
formatter=normal_with_name
|
||||
args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
|
||||
|
||||
[handler_file]
|
||||
class=FileHandler
|
||||
level=DEBUG
|
||||
formatter=normal_with_name
|
||||
args=('zaqar.log', 'w')
|
||||
|
||||
[handler_devel]
|
||||
class=StreamHandler
|
||||
level=NOTSET
|
||||
formatter=debug
|
||||
args=(sys.stdout,)
|
||||
|
||||
[formatter_normal]
|
||||
format=%(asctime)s %(levelname)s %(message)s
|
||||
|
||||
[formatter_normal_with_name]
|
||||
format=(%(name)s): %(asctime)s %(levelname)s %(message)s
|
||||
|
||||
[formatter_debug]
|
||||
format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Restart zaqar api
|
||||
service:
|
||||
name: "{{ zaqar_api_program_name }}"
|
||||
state: "restarted"
|
||||
pattern: "{{ zaqar_api_program_name }}"
|
||||
|
||||
- name: Restart Apache
|
||||
service:
|
||||
name: "apache2"
|
||||
state: "restarted"
|
||||
pattern: "apache2"
|
||||
register: apache_restart
|
||||
until: apache_restart|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Restart Nginx
|
||||
service:
|
||||
name: "nginx"
|
||||
state: "restarted"
|
||||
pattern: "nginx"
|
||||
register: nginx_restart
|
||||
until: nginx_restart|success
|
||||
retries: 5
|
||||
delay: 2
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
galaxy_info:
|
||||
author: rcbops
|
||||
description: Installation and setup of Zaqar
|
||||
company: Rackspace
|
||||
license: Apache2
|
||||
min_ansible_version: 1.6.6
|
||||
platforms:
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- trusty
|
||||
categories:
|
||||
- cloud
|
||||
- python
|
||||
- zaqar
|
||||
- messaging
|
||||
- development
|
||||
- openstack
|
||||
dependencies:
|
||||
#- openstack_openrc
|
||||
- role: pip_lock_down
|
||||
when:
|
||||
- not zaqar_standalone_mode | bool
|
||||
- role: pip_install
|
||||
when:
|
||||
- zaqar_standalone_mode | bool
|
||||
- memcached_server
|
|
@ -0,0 +1,13 @@
|
|||
- name: Install zaqar server
|
||||
hosts: zaqar_all
|
||||
user: root
|
||||
roles:
|
||||
- role: "os_zaqar"
|
||||
zaqar_standalone_mode: true
|
||||
zaqar_install_nginx: true
|
||||
zaqar_api_bind_address: 192.168.33.11
|
||||
zaqar_mgmt_db_connection_string: 'sqlite:////tmp/zaqar.db'
|
||||
tags:
|
||||
- "os-zaqar"
|
||||
vars:
|
||||
is_metal: "{{ properties.is_metal|default(true) }}"
|
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include: zaqar_pre_install.yml
|
||||
- include: zaqar_install.yml
|
||||
- include: zaqar_post_install.yml
|
||||
|
||||
- include: zaqar_service_setup.yml
|
||||
when: >
|
||||
inventory_hostname == groups['zaqar_all'][0]
|
||||
|
||||
#- include: zaqar_upstart_init.yml
|
||||
|
||||
- include: zaqar_apache.yml
|
||||
when: zaqar_install_apache | bool
|
||||
|
||||
- include: zaqar_nginx.yml
|
||||
when: zaqar_install_nginx | bool
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
|
@ -0,0 +1,91 @@
|
|||
---
|
||||
# Copyright 2016, Catalyst IT Limited
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Add zaqar apache WSGI script
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ zaqar_system_user_name }}"
|
||||
group: "{{ zaqar_system_group_name }}"
|
||||
mode: "{{ item.mode|default('0644') }}"
|
||||
with_items:
|
||||
- { src: "zaqar-wsgi.py.j2", dest: "/var/www/cgi-bin/zaqar/app", mode: "0755" }
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- zaqar-httpd
|
||||
|
||||
- name: Add zaqar apache configuration file
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
with_items:
|
||||
- { src: "zaqar-httpd.conf.j2", dest: "/etc/apache2/sites-available/zaqar-httpd.conf" }
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- zaqar-httpd
|
||||
|
||||
- name: Disable default apache site
|
||||
file:
|
||||
path: "/etc/apache2/sites-enabled/000-default.conf"
|
||||
state: "absent"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- zaqar-httpd
|
||||
|
||||
- name: Enabled zaqar vhost
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
with_items:
|
||||
- { src: "/etc/apache2/sites-available/zaqar-httpd.conf", dest: "/etc/apache2/sites-enabled/zaqar-httpd.conf", state: "link" }
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- zaqar-httpd
|
||||
|
||||
- name: Ensure Apache ServerName
|
||||
lineinfile:
|
||||
dest: "/etc/apache2/apache2.conf"
|
||||
line: "ServerName {{ inventory_hostname }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- zaqar-httpd
|
||||
|
||||
- name: Ensure Apache ServerTokens
|
||||
lineinfile:
|
||||
dest: "/etc/apache2/conf-available/security.conf"
|
||||
regexp: '^ServerTokens'
|
||||
line: "ServerTokens Prod"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- zaqar-httpd
|
||||
|
||||
- name: Ensure Apache ServerSignature
|
||||
lineinfile:
|
||||
dest: "/etc/apache2/conf-available/security.conf"
|
||||
regexp: '^ServerSignature'
|
||||
line: "ServerSignature Off"
|
||||
notify:
|
||||
- Restart Apache
|
||||
tags:
|
||||
- zaqar-httpd
|
|
@ -0,0 +1,192 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
- name: Check apt last update file
|
||||
stat:
|
||||
path: /var/cache/apt
|
||||
register: apt_cache_stat
|
||||
tags:
|
||||
- zaqar-apt-packages
|
||||
|
||||
- name: Update apt if needed
|
||||
apt:
|
||||
update_cache: yes
|
||||
when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}"
|
||||
tags:
|
||||
- zaqar-apt-packages
|
||||
|
||||
- name: Install apt packages
|
||||
apt:
|
||||
pkg: "{{ item }}"
|
||||
state: latest
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: zaqar_apt_packages
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-apt-packages
|
||||
|
||||
- name: Create developer mode constraint file
|
||||
copy:
|
||||
dest: "/opt/developer-pip-constraints.txt"
|
||||
content: |
|
||||
{% for item in zaqar_developer_constraints %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
when:
|
||||
- zaqar_standalone_mode | bool
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
- name: Set constraint file fact for developer mode
|
||||
set_fact:
|
||||
pip_install_options: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt"
|
||||
when:
|
||||
- zaqar_standalone_mode | bool
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
- name: Install requires pip packages
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
extra_args: "{{ pip_install_options|default('') }}"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: zaqar_requires_pip_packages
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
# TODO: When project moves to ansible 2 we can pass this a sha256sum which will:
|
||||
# a) allow us to remove force: yes
|
||||
# b) allow the module to calculate the checksum of dest file which would
|
||||
# result in file being downloaded only if provided and dest sha256sum
|
||||
# checksums differ
|
||||
- name: Attempt venv download
|
||||
get_url:
|
||||
url: "{{ zaqar_venv_download_url }}"
|
||||
dest: "/var/cache/{{ zaqar_venv_download_url | basename }}"
|
||||
force: yes
|
||||
ignore_errors: true
|
||||
register: get_venv
|
||||
when:
|
||||
- not zaqar_standalone_mode | bool
|
||||
- zaqar_venv_enabled | bool
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
- name: Set zaqar get_venv fact
|
||||
set_fact:
|
||||
zaqar_get_venv: "{{ get_venv }}"
|
||||
when: zaqar_venv_enabled | bool
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
- name: Remove existing venv
|
||||
file:
|
||||
path: "{{ zaqar_venv_bin | dirname }}"
|
||||
state: absent
|
||||
when:
|
||||
- zaqar_venv_enabled | bool
|
||||
- zaqar_get_venv | changed
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
- name: Create zaqar venv dir
|
||||
file:
|
||||
path: "{{ zaqar_venv_bin | dirname }}"
|
||||
state: directory
|
||||
when:
|
||||
- not zaqar_standalone_mode | bool
|
||||
- zaqar_venv_enabled | bool
|
||||
- zaqar_get_venv | changed
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
- name: Unarchive pre-built venv
|
||||
unarchive:
|
||||
src: "/var/cache/{{ zaqar_venv_download_url | basename }}"
|
||||
dest: "{{ zaqar_venv_bin | dirname }}"
|
||||
copy: "no"
|
||||
when:
|
||||
- not zaqar_standalone_mode | bool
|
||||
- zaqar_venv_enabled | bool
|
||||
- zaqar_get_venv | changed
|
||||
notify:
|
||||
- Restart zaqar api
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
- name: Update virtualenv path
|
||||
command: >
|
||||
virtualenv-tools --update-path=auto {{ zaqar_venv_bin | dirname }}
|
||||
when:
|
||||
- not zaqar_standalone_mode | bool
|
||||
- zaqar_venv_enabled | bool
|
||||
- zaqar_get_venv | success
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
- name: Install pip packages (venv)
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
virtualenv: "{{ zaqar_venv_bin | dirname }}"
|
||||
virtualenv_site_packages: "no"
|
||||
extra_args: "{{ pip_install_options|default('') }}"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: zaqar_pip_packages
|
||||
when:
|
||||
- zaqar_venv_enabled | bool
|
||||
- zaqar_get_venv | failed or zaqar_standalone_mode | bool
|
||||
# notify:
|
||||
# - Restart zaqar api
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
||||
|
||||
- name: Install pip packages (no venv)
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
extra_args: "{{ pip_install_options|default('') }}"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: zaqar_pip_packages
|
||||
when:
|
||||
- not zaqar_standalone_mode | bool
|
||||
- not zaqar_venv_enabled | bool
|
||||
# notify:
|
||||
# - Restart zaqar api
|
||||
tags:
|
||||
- zaqar-install
|
||||
- zaqar-pip-packages
|
|
@ -0,0 +1,69 @@
|
|||
---
|
||||
# Copyright 2016, Catalyst IT Limited
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Add zaqar nginx WSGI script
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ zaqar_system_user_name }}"
|
||||
group: "{{ zaqar_system_group_name }}"
|
||||
mode: "{{ item.mode|default('0644') }}"
|
||||
with_items:
|
||||
- { src: "zaqar-wsgi.py.j2", dest: "/var/www/cgi-bin/zaqar/app.py", mode: "0755" }
|
||||
notify:
|
||||
- Restart Nginx
|
||||
tags:
|
||||
- zaqar-nginx
|
||||
|
||||
# Actually, we should also add an upstart script to automatically start uWSGI
|
||||
# at boot time. Here is just for testing purpose.
|
||||
- name: Run uwsgi service
|
||||
command: >
|
||||
/usr/local/bin/uwsgi
|
||||
--socket /tmp/zaqar.sock
|
||||
--pythonpath /var/www/cgi-bin/zaqar/
|
||||
--module app
|
||||
--daemonize /var/log/zaqar/uwsgi_zaqar.log
|
||||
--pidfile /tmp/zaqar_pid.pid
|
||||
--vacuum
|
||||
notify:
|
||||
- Restart Nginx
|
||||
tags:
|
||||
- zaqar-nginx
|
||||
|
||||
- name: Add zaqar nginx configuration file
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
with_items:
|
||||
- { src: "zaqar-nginx.conf.j2", dest: "/etc/nginx/sites-available/zaqar-nginx.conf" }
|
||||
notify:
|
||||
- Restart Nginx
|
||||
tags:
|
||||
- zaqar-nginx
|
||||
|
||||
- name: Enabled zaqar vhost
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
with_items:
|
||||
- { src: "/etc/nginx/sites-available/zaqar-nginx.conf", dest: "/etc/nginx/sites-enabled/zaqar-nginx.conf", state: "link" }
|
||||
notify:
|
||||
- Restart Nginx
|
||||
tags:
|
||||
- zaqar-nginx
|
|
@ -0,0 +1,58 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Copy zaqar servie config
|
||||
config_template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ zaqar_system_user_name }}"
|
||||
group: "{{ zaqar_system_group_name }}"
|
||||
mode: "0644"
|
||||
config_overrides: "{{ item.config_overrides }}"
|
||||
config_type: "{{ item.config_type }}"
|
||||
with_items:
|
||||
- src: "zaqar.conf.j2"
|
||||
dest: "/etc/zaqar/zaqar.conf"
|
||||
config_overrides: "{{ zaqar_zaqar_conf_overrides }}"
|
||||
config_type: "ini"
|
||||
# notify: Restart zaqar api
|
||||
tags:
|
||||
- zaqar-config
|
||||
- zaqar-post-install
|
||||
|
||||
- name: Copy zaqar logging config
|
||||
copy:
|
||||
src: "logging.conf"
|
||||
dest: "/etc/zaqar/logging.conf"
|
||||
# notify: Restart zaqar api
|
||||
tags:
|
||||
- zaqar-config
|
||||
- zaqar-post-install
|
||||
|
||||
- name: Get zaqar command path
|
||||
command: which zaqar
|
||||
register: zaqar_command_path
|
||||
when:
|
||||
- not zaqar_venv_enabled | bool
|
||||
tags:
|
||||
- zaqar-command-bin
|
||||
|
||||
- name: Set zaqar command path
|
||||
set_fact:
|
||||
zaqar_bin: "{{ zaqar_command_path.stdout | dirname }}"
|
||||
when:
|
||||
- not zaqar_venv_enabled | bool
|
||||
tags:
|
||||
- zaqar-command-bin
|
|
@ -0,0 +1,92 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Create the system group
|
||||
group:
|
||||
name: "{{ zaqar_system_group_name }}"
|
||||
state: "present"
|
||||
system: "yes"
|
||||
tags:
|
||||
- zaqar-group
|
||||
|
||||
- name: Create the zaqar system user
|
||||
user:
|
||||
name: "{{ zaqar_system_user_name }}"
|
||||
group: "{{ zaqar_system_group_name }}"
|
||||
comment: "{{ zaqar_system_comment }}"
|
||||
shell: "{{ zaqar_system_shell }}"
|
||||
system: "yes"
|
||||
createhome: "yes"
|
||||
home: "{{ zaqar_system_user_home }}"
|
||||
tags:
|
||||
- zaqar-user
|
||||
|
||||
- name: Create zaqar dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
owner: "{{ item.owner|default(zaqar_system_user_name) }}"
|
||||
group: "{{ item.group|default(zaqar_system_group_name) }}"
|
||||
mode: "{{ item.mode|default('0755') }}"
|
||||
with_items:
|
||||
- { path: "/openstack", mode: "0755", owner: "root", group: "root" }
|
||||
- { path: "/etc/zaqar" }
|
||||
- { path: "{{ zaqar_system_user_home }}" }
|
||||
- { path: "{{ zaqar_system_user_home }}/.ssh", mode: "0700" }
|
||||
- { path: "/var/www/cgi-bin", owner: root, group: root }
|
||||
- { path: "/var/www/cgi-bin/zaqar" }
|
||||
- { path: "/var/cache/zaqar", mode: "0700" }
|
||||
tags:
|
||||
- zaqar-dirs
|
||||
|
||||
- name: Create zaqar venv dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/venvs" }
|
||||
- { path: "{{ zaqar_venv_bin }}" }
|
||||
when: zaqar_venv_enabled | bool
|
||||
tags:
|
||||
- zaqar-dirs
|
||||
|
||||
- name: Test for log directory or link
|
||||
shell: |
|
||||
if [ -h "/var/log/zaqar" ]; then
|
||||
chown -h {{ zaqar_system_user_name }}:{{ zaqar_system_group_name }} "/var/log/zaqar"
|
||||
chown -R {{ zaqar_system_user_name }}:{{ zaqar_system_group_name }} "$(readlink /var/log/zaqar)"
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
register: log_dir
|
||||
failed_when: false
|
||||
changed_when: log_dir.rc != 0
|
||||
tags:
|
||||
- zaqar-dirs
|
||||
- zaqar-logs
|
||||
|
||||
- name: Create zaqar log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
owner: "{{ item.owner|default(zaqar_system_user_name) }}"
|
||||
group: "{{ item.group|default(zaqar_system_group_name) }}"
|
||||
mode: "{{ item.mode|default('0755') }}"
|
||||
with_items:
|
||||
- { path: "/var/log/zaqar" }
|
||||
when: log_dir.rc != 0
|
||||
tags:
|
||||
- zaqar-dirs
|
||||
- zaqar-logs
|
|
@ -0,0 +1,103 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Ensure zaqar service
|
||||
keystone:
|
||||
command: "ensure_service"
|
||||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
service_name: "{{ zaqar_service_name }}"
|
||||
service_type: "{{ zaqar_service_type }}"
|
||||
description: "{{ zaqar_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
tags:
|
||||
- zaqar-setup
|
||||
- zaqar-service-add
|
||||
|
||||
- name: Ensure service project
|
||||
keystone:
|
||||
command: ensure_project
|
||||
project_name: "{{ zaqar_service_tenant_name }}"
|
||||
region_name: "{{ zaqar_service_region }}"
|
||||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
tags:
|
||||
- zaqar-setup
|
||||
- zaqar-service-add
|
||||
|
||||
- name: Ensure zaqar user
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
user_name: "{{ zaqar_service_user_name }}"
|
||||
tenant_name: "{{ zaqar_service_tenant_name }}"
|
||||
password: "{{ zaqar_service_user_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
tags:
|
||||
- zaqar-setup
|
||||
- zaqar-service-add
|
||||
|
||||
- name: Ensure zaqar user to admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
user_name: "{{ zaqar_service_user_name }}"
|
||||
tenant_name: "{{ zaqar_service_project_name }}"
|
||||
role_name: "{{ zaqar_service_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_admin_role
|
||||
until: add_admin_role|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
tags:
|
||||
- zaqar-service-add
|
||||
- zaqar-setup
|
||||
|
||||
|
||||
# Create an endpoint
|
||||
- name: Ensure zaqar endpoint
|
||||
keystone:
|
||||
command: "ensure_endpoint"
|
||||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
region_name: "{{ zaqar_service_region }}"
|
||||
service_name: "{{ zaqar_service_name }}"
|
||||
service_type: "{{ zaqar_service_type }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
endpoint_list:
|
||||
- url: "{{ zaqar_service_publicurl }}"
|
||||
interface: "public"
|
||||
- url: "{{ zaqar_service_adminurl }}"
|
||||
interface: "admin"
|
||||
- url: "{{ zaqar_service_internalurl }}"
|
||||
interface: "internal"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
tags:
|
||||
- zaqar-setup
|
||||
- zaqar-service-add
|
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Place the init script
|
||||
template:
|
||||
src: "zaqar-upstart-init.j2"
|
||||
dest: "/etc/init/{{ zaqar_api_program_name }}.conf"
|
||||
mode: "0644"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
notify:
|
||||
- Restart zaqar api
|
||||
tags:
|
||||
- upstart-init
|
||||
- zaqar-init
|
||||
|
||||
- name: Reload init scripts
|
||||
shell: |
|
||||
initctl reload-configuration
|
||||
notify:
|
||||
- Restart zaqar api
|
||||
tags:
|
||||
- upstart-init
|
||||
- zaqar-init
|
||||
|
||||
- name: Load service
|
||||
service:
|
||||
name: "{{ zaqar_api_program_name }}"
|
||||
enabled: "yes"
|
||||
notify:
|
||||
- Restart zaqar api
|
||||
tags:
|
||||
- upstart-init
|
||||
- zaqar-init
|
|
@ -0,0 +1,19 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Listen {{ zaqar_api_bind_port }}
|
||||
|
||||
<VirtualHost *:{{ zaqar_api_bind_port }}>
|
||||
WSGIDaemonProcess zaqar-api user={{ zaqar_system_user_name }} group={{ zaqar_system_group_name }} processes={{ zaqar_wsgi_processes }} threads={{ zaqar_wsgi_threads }} display-name=%{GROUP}
|
||||
WSGIProcessGroup zaqar-api
|
||||
WSGIScriptAlias / /var/www/cgi-bin/zaqar/app
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
|
||||
LogLevel {{ zaqar_apache_log_level }}
|
||||
ErrorLog /var/log/zaqar/zaqar-apache-error.log
|
||||
CustomLog /var/log/zaqar/zaqar-access.log combined
|
||||
Options +FollowSymLinks
|
||||
</VirtualHost>
|
|
@ -0,0 +1,10 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
server {
|
||||
listen {{ zaqar_api_bind_port }};
|
||||
|
||||
location / {
|
||||
include uwsgi_params;
|
||||
uwsgi_pass unix:/tmp/zaqar.sock;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
# vim:set ft=upstart ts=2 et:
|
||||
|
||||
description "{{ zaqar_api_program_name }}"
|
||||
author "Steve Lewis <steve.lewis@rackspace.com>"
|
||||
|
||||
start on runlevel [2345]
|
||||
stop on runlevel [016]
|
||||
|
||||
respawn
|
||||
respawn limit 10 5
|
||||
|
||||
# Set the RUNBIN environment variable
|
||||
env RUNBIN="{{ zaqar_bin }}/{{ zaqar_api_program_name }}"
|
||||
|
||||
# Change directory to service users home
|
||||
chdir "{{ zaqar_system_user_home }}"
|
||||
|
||||
# Pre start actions
|
||||
pre-start script
|
||||
mkdir -p "/var/run/{{ zaqar_api_program_name }}"
|
||||
chown {{ zaqar_system_user_name }}:{{ zaqar_system_group_name }} "/var/run/{{ zaqar_api_program_name }}"
|
||||
|
||||
mkdir -p "/var/lock/{{ zaqar_api_program_name }}"
|
||||
chown {{ zaqar_system_user_name }}:{{ zaqar_system_group_name }} "/var/lock/{{ zaqar_api_program_name }}"
|
||||
|
||||
{% if zaqar_venv_enabled | bool -%}
|
||||
. {{ zaqar_venv_bin }}/activate
|
||||
{%- endif %}
|
||||
|
||||
end script
|
||||
|
||||
# Post stop actions
|
||||
post-stop script
|
||||
rm "/var/run/{{ zaqar_api_program_name }}/{{ zaqar_api_program_name }}.pid"
|
||||
end script
|
||||
|
||||
# Run the start up job
|
||||
exec start-stop-daemon --start \
|
||||
--chuid {{ zaqar_system_user_name }} \
|
||||
--make-pidfile \
|
||||
--pidfile /var/run/{{ zaqar_api_program_name }}/{{ zaqar_api_program_name }}.pid \
|
||||
--exec "{{ zaqar_service_override|default('$RUNBIN') }}" \
|
||||
-- {{ zaqar_service_config_options|default('') }} \
|
||||
--log-file=/var/log/zaqar/{{ zaqar_api_program_name }}.log
|
|
@ -0,0 +1,25 @@
|
|||
# Copyright 2015 Catalyst IT Limited
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import os
|
||||
|
||||
{% if zaqar_venv_enabled | bool %}
|
||||
activate_this = os.path.expanduser("{{ zaqar_venv_bin }}/activate_this.py")
|
||||
execfile(activate_this, dict(__file__=activate_this))
|
||||
{% endif %}
|
||||
|
||||
from keystonemiddleware import auth_token
|
||||
from zaqar.transport.wsgi import app
|
||||
|
||||
application = auth_token.AuthProtocol(app.app, {})
|
|
@ -0,0 +1,599 @@
|
|||
#{{ ansible_managed}}
|
||||
|
||||
[DEFAULT]
|
||||
debug = true
|
||||
|
||||
#
|
||||
# From zaqar.common.configs
|
||||
#
|
||||
|
||||
# Activate privileged endpoints. (boolean value)
|
||||
admin_mode = true
|
||||
|
||||
# Enable pooling across multiple storage backends. If pooling is
|
||||
# enabled, the storage driver configuration is used to determine where
|
||||
# the catalogue/control plane data is kept. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/sharding
|
||||
pooling = {{ zaqar_enable_pooling }}
|
||||
|
||||
# Disable all reliability constraints. (boolean value)
|
||||
unreliable = {{ zaqar_unreliable }}
|
||||
|
||||
#
|
||||
# From zaqar.transport.base
|
||||
#
|
||||
|
||||
# Backend to use for authentication. For no auth, keep it empty.
|
||||
# Existing strategies: keystone. See also the keystone_authtoken
|
||||
# section below (string value)
|
||||
auth_strategy = keystone
|
||||
|
||||
|
||||
[drivers]
|
||||
|
||||
#
|
||||
# From zaqar.common.configs
|
||||
#
|
||||
|
||||
# Transport driver to use. (string value)
|
||||
#transport = wsgi
|
||||
|
||||
# Storage driver to use as the messaging store. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/storage
|
||||
#message_store = mongodb
|
||||
|
||||
# Storage driver to use as the management store. (string value)
|
||||
management_store = sqlalchemy
|
||||
|
||||
|
||||
[drivers:management_store:mongodb]
|
||||
|
||||
#
|
||||
# From zaqar.storage.mongodb
|
||||
#
|
||||
|
||||
# The private keyfile used to identify the local connection against
|
||||
# mongod. If included with the ``certifle`` then only the
|
||||
# ``ssl_certfile`` is needed. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/ssl_keyfile
|
||||
#ssl_keyfile = <None>
|
||||
|
||||
# The certificate file used to identify the local connection against
|
||||
# mongod. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/ssl_certfile
|
||||
#ssl_certfile = <None>
|
||||
|
||||
# Specifies whether a certificate is required from the other side of
|
||||
# the connection, and whether it will be validated if provided. It
|
||||
# must be one of the three values ``CERT_NONE``(certificates ignored),
|
||||
# ``CERT_OPTIONAL``(not required, but validated if provided), or
|
||||
# ``CERT_REQUIRED``(required and validated). If the value of this
|
||||
# parameter is not ``CERT_NONE``, then the ``ssl_ca_cert`` parameter
|
||||
# must point to a file of CA certificates. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/ssl_cert_reqs
|
||||
#ssl_cert_reqs = CERT_REQUIRED
|
||||
|
||||
# The ca_certs file contains a set of concatenated "certification
|
||||
# authority" certificates, which are used to validate certificates
|
||||
# passed from the other end of the connection. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/ssl_ca_certs
|
||||
#ssl_ca_certs = <None>
|
||||
|
||||
# Mongodb Connection URI. If ssl connection enabled, then
|
||||
# ``ssl_keyfile``, ``ssl_certfile``, ``ssl_cert_reqs``,
|
||||
# ``ssl_ca_certs`` need to be set accordingly. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/uri
|
||||
#uri = <None>
|
||||
|
||||
# Database name. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/database
|
||||
#database = zaqar
|
||||
|
||||
# Maximum number of times to retry a failed operation. Currently only
|
||||
# used for retrying a message post. (integer value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/max_attempts
|
||||
#max_attempts = 1000
|
||||
|
||||
# Maximum sleep interval between retries (actual sleep time increases
|
||||
# linearly according to number of attempts performed). (floating point
|
||||
# value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/max_retry_sleep
|
||||
#max_retry_sleep = 0.1
|
||||
|
||||
# Maximum jitter interval, to be added to the sleep interval, in order
|
||||
# to decrease probability that parallel requests will retry at the
|
||||
# same instant. (floating point value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/max_retry_jitter
|
||||
#max_retry_jitter = 0.005
|
||||
|
||||
# Maximum number of times to retry an operation that failed due to a
|
||||
# primary node failover. (integer value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/max_reconnect_attempts
|
||||
#max_reconnect_attempts = 10
|
||||
|
||||
# Base sleep interval between attempts to reconnect after a primary
|
||||
# node failover. The actual sleep time increases exponentially (power
|
||||
# of 2) each time the operation is retried. (floating point value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/reconnect_sleep
|
||||
#reconnect_sleep = 0.02
|
||||
|
||||
|
||||
[drivers:management_store:redis]
|
||||
|
||||
#
|
||||
# From zaqar.storage.redis
|
||||
#
|
||||
|
||||
# Redis connection URI, taking one of three forms. For a direct
|
||||
# connection to a Redis server, use the form
|
||||
# "redis://host[:port][?options]", where port defaults to 6379 if not
|
||||
# specified. For an HA master-slave Redis cluster using Redis
|
||||
# Sentinel, use the form
|
||||
# "redis://host1[:port1][,host2[:port2],...,hostN[:portN]][?options]",
|
||||
# where each host specified corresponds to an instance of redis-
|
||||
# sentinel. In this form, the name of the Redis master used in the
|
||||
# Sentinel configuration must be included in the query string as
|
||||
# "master=<name>". Finally, to connect to a local instance of Redis
|
||||
# over a unix socket, you may use the form
|
||||
# "redis:/path/to/redis.sock[?options]". In all forms, the
|
||||
# "socket_timeout" option may be specified in the query string. Its
|
||||
# value is given in seconds. If not provided, "socket_timeout"
|
||||
# defaults to 0.1 seconds. (string value)
|
||||
# Deprecated group/name - [drivers:storage:redis]/uri
|
||||
#uri = redis://127.0.0.1:6379
|
||||
|
||||
# Maximum number of times to retry an operation that failed due to a
|
||||
# redis node failover. (integer value)
|
||||
# Deprecated group/name - [drivers:storage:redis]/max_reconnect_attempts
|
||||
#max_reconnect_attempts = 10
|
||||
|
||||
# Base sleep interval between attempts to reconnect after a redis node
|
||||
# failover. (floating point value)
|
||||
# Deprecated group/name - [drivers:storage:redis]/reconnect_sleep
|
||||
#reconnect_sleep = 1.0
|
||||
|
||||
|
||||
[drivers:management_store:sqlalchemy]
|
||||
|
||||
#
|
||||
# From zaqar.storage.sqlalchemy
|
||||
#
|
||||
|
||||
# An sqlalchemy URL (string value)
|
||||
# Deprecated group/name - [drivers:storage:sqlalchemy]/uri
|
||||
uri = {{ zaqar_mgmt_db_connection_string }}
|
||||
|
||||
|
||||
[drivers:message_store:mongodb]
|
||||
|
||||
#
|
||||
# From zaqar.storage.mongodb
|
||||
#
|
||||
|
||||
# The private keyfile used to identify the local connection against
|
||||
# mongod. If included with the ``certifle`` then only the
|
||||
# ``ssl_certfile`` is needed. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/ssl_keyfile
|
||||
#ssl_keyfile = <None>
|
||||
|
||||
# The certificate file used to identify the local connection against
|
||||
# mongod. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/ssl_certfile
|
||||
#ssl_certfile = <None>
|
||||
|
||||
# Specifies whether a certificate is required from the other side of
|
||||
# the connection, and whether it will be validated if provided. It
|
||||
# must be one of the three values ``CERT_NONE``(certificates ignored),
|
||||
# ``CERT_OPTIONAL``(not required, but validated if provided), or
|
||||
# ``CERT_REQUIRED``(required and validated). If the value of this
|
||||
# parameter is not ``CERT_NONE``, then the ``ssl_ca_cert`` parameter
|
||||
# must point to a file of CA certificates. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/ssl_cert_reqs
|
||||
#ssl_cert_reqs = CERT_REQUIRED
|
||||
|
||||
# The ca_certs file contains a set of concatenated "certification
|
||||
# authority" certificates, which are used to validate certificates
|
||||
# passed from the other end of the connection. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/ssl_ca_certs
|
||||
#ssl_ca_certs = <None>
|
||||
# Mongodb Connection URI. If ssl connection enabled, then
|
||||
# ``ssl_keyfile``, ``ssl_certfile``, ``ssl_cert_reqs``,
|
||||
# ``ssl_ca_certs`` need to be set accordingly. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/uri
|
||||
#uri = <None>
|
||||
|
||||
# Database name. (string value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/database
|
||||
#database = zaqar
|
||||
|
||||
# Maximum number of times to retry a failed operation. Currently only
|
||||
# used for retrying a message post. (integer value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/max_attempts
|
||||
#max_attempts = 1000
|
||||
|
||||
# Maximum sleep interval between retries (actual sleep time increases
|
||||
# linearly according to number of attempts performed). (floating point
|
||||
# value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/max_retry_sleep
|
||||
#max_retry_sleep = 0.1
|
||||
|
||||
# Maximum jitter interval, to be added to the sleep interval, in order
|
||||
# to decrease probability that parallel requests will retry at the
|
||||
# same instant. (floating point value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/max_retry_jitter
|
||||
#max_retry_jitter = 0.005
|
||||
|
||||
# Maximum number of times to retry an operation that failed due to a
|
||||
# primary node failover. (integer value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/max_reconnect_attempts
|
||||
#max_reconnect_attempts = 10
|
||||
|
||||
# Base sleep interval between attempts to reconnect after a primary
|
||||
# node failover. The actual sleep time increases exponentially (power
|
||||
# of 2) each time the operation is retried. (floating point value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/reconnect_sleep
|
||||
#reconnect_sleep = 0.02
|
||||
|
||||
# Number of databases across which to partition message data, in order
|
||||
# to reduce writer lock %. DO NOT change this setting after initial
|
||||
# deployment. It MUST remain static. Also, you should not need a large
|
||||
# number of partitions to improve performance, esp. if deploying
|
||||
# MongoDB on SSD storage. (integer value)
|
||||
# Deprecated group/name - [drivers:storage:mongodb]/partitions
|
||||
#partitions = 2
|
||||
|
||||
|
||||
[drivers:message_store:redis]
|
||||
|
||||
#
|
||||
# From zaqar.storage.redis
|
||||
#
|
||||
|
||||
# Redis connection URI, taking one of three forms. For a direct
|
||||
# connection to a Redis server, use the form
|
||||
# "redis://host[:port][?options]", where port defaults to 6379 if not
|
||||
# specified. For an HA master-slave Redis cluster using Redis
|
||||
# Sentinel, use the form
|
||||
# "redis://host1[:port1][,host2[:port2],...,hostN[:portN]][?options]",
|
||||
# where each host specified corresponds to an instance of redis-
|
||||
# sentinel. In this form, the name of the Redis master used in the
|
||||
# Sentinel configuration must be included in the query string as
|
||||
# "master=<name>". Finally, to connect to a local instance of Redis
|
||||
# over a unix socket, you may use the form
|
||||
# "redis:/path/to/redis.sock[?options]". In all forms, the
|
||||
# "socket_timeout" option may be specified in the query string. Its
|
||||
# value is given in seconds. If not provided, "socket_timeout"
|
||||
# defaults to 0.1 seconds. (string value)
|
||||
# Deprecated group/name - [drivers:storage:redis]/uri
|
||||
#uri = redis://127.0.0.1:6379
|
||||
|
||||
# Maximum number of times to retry an operation that failed due to a
|
||||
# redis node failover. (integer value)
|
||||
# Deprecated group/name - [drivers:storage:redis]/max_reconnect_attempts
|
||||
#max_reconnect_attempts = 10
|
||||
|
||||
# Base sleep interval between attempts to reconnect after a redis node
|
||||
# failover. (floating point value)
|
||||
# Deprecated group/name - [drivers:storage:redis]/reconnect_sleep
|
||||
#reconnect_sleep = 1.0
|
||||
|
||||
|
||||
[drivers:transport:wsgi]
|
||||
|
||||
#
|
||||
# From zaqar.transport.wsgi
|
||||
#
|
||||
|
||||
# Address on which the self-hosting server will listen. (ip address
|
||||
# value)
|
||||
bind = 0.0.0.0
|
||||
|
||||
# Port on which the self-hosting server will listen. (port value)
|
||||
# Minimum value: 1
|
||||
# Maximum value: 65535
|
||||
#port = 8888
|
||||
|
||||
[keystone_authtoken]
|
||||
#signing_dir = /var/cache/zaqar
|
||||
auth_plugin = {{ zaqar_keystone_auth_plugin }}
|
||||
auth_url = {{ keystone_service_adminuri }}
|
||||
auth_uri = {{ keystone_service_internaluri }}
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = {{ zaqar_service_project_name }}
|
||||
username = {{ zaqar_service_user_name }}
|
||||
password = {{ zaqar_service_user_password }}
|
||||
#cafile = {{ zaqar_service_cafile_path }}
|
||||
|
||||
#
|
||||
# From keystonemiddleware.auth_token
|
||||
#
|
||||
|
||||
# Complete public Identity API endpoint. (string value)
|
||||
#auth_uri = <None>
|
||||
|
||||
# API version of the admin Identity API endpoint. (string value)
|
||||
#auth_version = <None>
|
||||
|
||||
# Do not handle authorization requests within the middleware, but
|
||||
# delegate the authorization decision to downstream WSGI components.
|
||||
# (boolean value)
|
||||
#delay_auth_decision = false
|
||||
|
||||
# Request timeout value for communicating with Identity API server.
|
||||
# (integer value)
|
||||
#http_connect_timeout = <None>
|
||||
|
||||
# How many times are we trying to reconnect when communicating with
|
||||
# Identity API Server. (integer value)
|
||||
#http_request_max_retries = 3
|
||||
|
||||
# Env key for the swift cache. (string value)
|
||||
#cache = <None>
|
||||
|
||||
# Required if identity server requires client certificate (string
|
||||
# value)
|
||||
#certfile = <None>
|
||||
|
||||
# Required if identity server requires client certificate (string
|
||||
# value)
|
||||
#keyfile = <None>
|
||||
|
||||
# A PEM encoded Certificate Authority to use when verifying HTTPs
|
||||
# connections. Defaults to system CAs. (string value)
|
||||
#cafile = <None>
|
||||
|
||||
# Verify HTTPS connections. (boolean value)
|
||||
#insecure = false
|
||||
|
||||
# The region in which the identity server can be found. (string value)
|
||||
#region_name = <None>
|
||||
|
||||
# Directory used to cache files related to PKI tokens. (string value)
|
||||
#signing_dir = <None>
|
||||
|
||||
# Optionally specify a list of memcached server(s) to use for caching.
|
||||
# If left undefined, tokens will instead be cached in-process. (list
|
||||
# value)
|
||||
# Deprecated group/name - [DEFAULT]/memcache_servers
|
||||
#memcached_servers = <None>
|
||||
|
||||
# In order to prevent excessive effort spent validating tokens, the
|
||||
# middleware caches previously-seen tokens for a configurable duration
|
||||
# (in seconds). Set to -1 to disable caching completely. (integer
|
||||
# value)
|
||||
#token_cache_time = 300
|
||||
|
||||
# Determines the frequency at which the list of revoked tokens is
|
||||
# retrieved from the Identity service (in seconds). A high number of
|
||||
# revocation events combined with a low cache duration may
|
||||
# significantly reduce performance. (integer value)
|
||||
#revocation_cache_time = 10
|
||||
|
||||
# (Optional) If defined, indicate whether token data should be
|
||||
# authenticated or authenticated and encrypted. Acceptable values are
|
||||
# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in
|
||||
# the cache. If ENCRYPT, token data is encrypted and authenticated in
|
||||
# the cache. If the value is not one of these options or empty,
|
||||
# auth_token will raise an exception on initialization. (string value)
|
||||
#memcache_security_strategy = <None>
|
||||
|
||||
# (Optional, mandatory if memcache_security_strategy is defined) This
|
||||
# string is used for key derivation. (string value)
|
||||
#memcache_secret_key = <None>
|
||||
|
||||
# (Optional) Number of seconds memcached server is considered dead
|
||||
# before it is tried again. (integer value)
|
||||
#memcache_pool_dead_retry = 300
|
||||
|
||||
# (Optional) Maximum total number of open connections to every
|
||||
# memcached server. (integer value)
|
||||
#memcache_pool_maxsize = 10
|
||||
|
||||
# (Optional) Socket timeout in seconds for communicating with a
|
||||
# memcached server. (integer value)
|
||||
#memcache_pool_socket_timeout = 3
|
||||
|
||||
# (Optional) Number of seconds a connection to memcached is held
|
||||
# unused in the pool before it is closed. (integer value)
|
||||
#memcache_pool_unused_timeout = 60
|
||||
|
||||
# (Optional) Number of seconds that an operation will wait to get a
|
||||
# memcached client connection from the pool. (integer value)
|
||||
#memcache_pool_conn_get_timeout = 10
|
||||
|
||||
# (Optional) Use the advanced (eventlet safe) memcached client pool.
|
||||
# The advanced pool will only work under python 2.x. (boolean value)
|
||||
#memcache_use_advanced_pool = false
|
||||
|
||||
# (Optional) Indicate whether to set the X-Service-Catalog header. If
|
||||
# False, middleware will not ask for service catalog on token
|
||||
# validation and will not set the X-Service-Catalog header. (boolean
|
||||
# value)
|
||||
#include_service_catalog = true
|
||||
|
||||
# Used to control the use and type of token binding. Can be set to:
|
||||
# "disabled" to not check token binding. "permissive" (default) to
|
||||
# validate binding information if the bind type is of a form known to
|
||||
# the server and ignore it if not. "strict" like "permissive" but if
|
||||
# the bind type is unknown the token will be rejected. "required" any
|
||||
# form of token binding is needed to be allowed. Finally the name of a
|
||||
# binding method that must be present in tokens. (string value)
|
||||
#enforce_token_bind = permissive
|
||||
|
||||
# If true, the revocation list will be checked for cached tokens. This
|
||||
# requires that PKI tokens are configured on the identity server.
|
||||
# (boolean value)
|
||||
#check_revocations_for_cached = false
|
||||
|
||||
# Hash algorithms to use for hashing PKI tokens. This may be a single
|
||||
# algorithm or multiple. The algorithms are those supported by Python
|
||||
# standard hashlib.new(). The hashes will be tried in the order given,
|
||||
# so put the preferred one first for performance. The result of the
|
||||
# first hash will be stored in the cache. This will typically be set
|
||||
# to multiple values only while migrating from a less secure algorithm
|
||||
# to a more secure one. Once all the old tokens are expired this
|
||||
# option should be set to a single value for better performance. (list
|
||||
# value)
|
||||
#hash_algorithms = md5
|
||||
|
||||
# Prefix to prepend at the beginning of the path. Deprecated, use
|
||||
# identity_uri. (string value)
|
||||
#auth_admin_prefix =
|
||||
|
||||
# Host providing the admin Identity API endpoint. Deprecated, use
|
||||
# identity_uri. (string value)
|
||||
#auth_host = 127.0.0.1
|
||||
|
||||
# Port of the admin Identity API endpoint. Deprecated, use
|
||||
# identity_uri. (integer value)
|
||||
#auth_port = 35357
|
||||
|
||||
# Protocol of the admin Identity API endpoint (http or https).
|
||||
# Deprecated, use identity_uri. (string value)
|
||||
#auth_protocol = https
|
||||
|
||||
# Complete admin Identity API endpoint. This should specify the
|
||||
# unversioned root endpoint e.g. https://localhost:35357/ (string
|
||||
# value)
|
||||
#identity_uri = <None>
|
||||
|
||||
# This option is deprecated and may be removed in a future release.
|
||||
# Single shared secret with the Keystone configuration used for
|
||||
# bootstrapping a Keystone installation, or otherwise bypassing the
|
||||
# normal authentication process. This option should not be used, use
|
||||
# `admin_user` and `admin_password` instead. (string value)
|
||||
#admin_token = <None>
|
||||
|
||||
# Service username. (string value)
|
||||
#admin_user = <None>
|
||||
|
||||
# Service user password. (string value)
|
||||
#admin_password = <None>
|
||||
|
||||
# Service tenant name. (string value)
|
||||
#admin_tenant_name = admin
|
||||
|
||||
|
||||
[notification]
|
||||
|
||||
#
|
||||
# From zaqar.common.configs
|
||||
#
|
||||
|
||||
# The command of smtp to send email. The format is "command_name arg1
|
||||
# arg2". (string value)
|
||||
#smtp_command = /usr/sbin/sendmail -t -oi
|
||||
|
||||
|
||||
[pooling:catalog]
|
||||
|
||||
#
|
||||
# From zaqar.storage.pooling
|
||||
#
|
||||
|
||||
# If enabled, the message_store will be used as the storage for the
|
||||
# virtual pool. (boolean value)
|
||||
enable_virtual_pool = true
|
||||
|
||||
|
||||
[signed_url]
|
||||
|
||||
#
|
||||
# From zaqar.common.configs
|
||||
#
|
||||
|
||||
# Secret key used to encrypt pre-signed URLs. (string value)
|
||||
secret_key = {{ zaqar_secret_key }}
|
||||
|
||||
|
||||
[storage]
|
||||
|
||||
#
|
||||
# From zaqar.storage.pipeline
|
||||
#
|
||||
|
||||
# Pipeline to use for processing queue operations. This pipeline will
|
||||
# be consumed before calling the storage driver's controller methods.
|
||||
# (list value)
|
||||
#queue_pipeline =
|
||||
|
||||
# Pipeline to use for processing message operations. This pipeline
|
||||
# will be consumed before calling the storage driver's controller
|
||||
# methods. (list value)
|
||||
{% if zaqar_enable_notification %}
|
||||
message_pipeline = zaqar.notification.notifier
|
||||
{% endif %}
|
||||
#message_pipeline =
|
||||
|
||||
# Pipeline to use for processing claim operations. This pipeline will
|
||||
# be consumed before calling the storage driver's controller methods.
|
||||
# (list value)
|
||||
#claim_pipeline =
|
||||
|
||||
# Pipeline to use for processing subscription operations. This
|
||||
# pipeline will be consumed before calling the storage driver's
|
||||
# controller methods. (list value)
|
||||
#subscription_pipeline =
|
||||
|
||||
|
||||
[transport]
|
||||
|
||||
#
|
||||
# From zaqar.transport.base
|
||||
#
|
||||
|
||||
# Defines how long a message will be accessible. (integer value)
|
||||
#default_message_ttl = 3600
|
||||
|
||||
# Defines how long a message will be in claimed state. (integer value)
|
||||
#default_claim_ttl = 300
|
||||
|
||||
# Defines the message grace period in seconds. (integer value)
|
||||
#default_claim_grace = 60
|
||||
|
||||
#
|
||||
# From zaqar.transport.validation
|
||||
#
|
||||
|
||||
# Defines the maximum number of queues per page. (integer value)
|
||||
# Deprecated group/name - [limits:transport]/queue_paging_uplimit
|
||||
#max_queues_per_page = 20
|
||||
|
||||
# Defines the maximum number of messages per page. (integer value)
|
||||
# Deprecated group/name - [limits:transport]/message_paging_uplimit
|
||||
#max_messages_per_page = 20
|
||||
|
||||
# Defines the maximum number of subscriptions per page. (integer
|
||||
# value)
|
||||
# Deprecated group/name - [limits:transport]/subscription_paging_uplimit
|
||||
#max_subscriptions_per_page = 20
|
||||
|
||||
# The maximum number of messages that can be claimed (OR) popped in a
|
||||
# single request (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/max_messages_per_claim
|
||||
#max_messages_per_claim_or_pop = 20
|
||||
|
||||
# Defines the maximum amount of metadata in a queue. (integer value)
|
||||
# Deprecated group/name - [limits:transport]/metadata_size_uplimit
|
||||
#max_queue_metadata = 65536
|
||||
|
||||
# Defines the maximum size of message posts. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/max_message_size
|
||||
# Deprecated group/name - [limits:transport]/message_size_uplimit
|
||||
#max_messages_post_size = 262144
|
||||
|
||||
# Maximum amount of time a message will be available. (integer value)
|
||||
# Deprecated group/name - [limits:transport]/message_ttl_max
|
||||
#max_message_ttl = 1209600
|
||||
|
||||
# Maximum length of a message in claimed state. (integer value)
|
||||
# Deprecated group/name - [limits:transport]/claim_ttl_max
|
||||
#max_claim_ttl = 43200
|
||||
|
||||
# Defines the maximum message grace period in seconds. (integer value)
|
||||
# Deprecated group/name - [limits:transport]/claim_grace_max
|
||||
#max_claim_grace = 43200
|
||||
|
||||
# Defines supported subscriber types. (list value)
|
||||
#subscriber_types = http,https,mailto
|
Loading…
Reference in New Issue