openstack
/
openstack-ansible-os_zaqar
Code Issues Proposed changes

Initial commit for zaqar ansible role

This commit is contained in:
Lingxian Kong 2016-03-11 15:08:53 +13:00
commit 141383b19e
21 changed files with 1980 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
CONTRIBUTING.rst Normal file
View File

@ -0,0 +1,85 @@
OpenStack Zaqar
################
:tags: openstack, zaqar, cloud, ansible
:category: \*nix
contributor guidelines
^^^^^^^^^^^^^^^^^^^^^^
Filing Bugs
-----------
Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible"
When submitting a bug, or working on a bug, please ensure the following criteria are met:
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* Steps to reproduce the problem if possible.
Submitting Code
---------------
Changes to the project should be submitted for review via the Gerrit tool, following
the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow"
Pull requests submitted through GitHub will be ignored and closed without regard.
Extra
-----
Tags:
If it's a bug that needs fixing in a branch in addition to Master, add a '\<release\>-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete.
Status:
Please leave this alone, it should be New till someone triages the issue.
Importance:
Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures.
Style guide
-----------
When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format.
Example YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name:
thing1: "some-stuff"
thing2: "some-other-stuff"
tags:
- some-tag
- some-other-tag
Example **NOT** in YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name: thing1="some-stuff" thing2="some-other-stuff"
tags:
- some-tag
- some-other-tag
Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module.
Issues
------
When submitting an issue, or working on an issue please ensure the following criteria are met:
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* If the issue is a bug that needs fixing in a branch other than Master, add the backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* If the issue is needed for a hotfix release, add the 'expedite' label.
* Steps to reproduce the problem if possible.

202
LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

15
README.md Normal file
View File

@ -0,0 +1,15 @@
# Ansible Role: OpenStack Ansible Zaqar 0.1
An Ansible Role to deploy OpenStack Zaqar on Ubuntu LTS
This is an unofficial prototype for an independant role for use with the
[OpenStack Ansible](http://governance.openstack.org/reference/projects/openstackansible.html)
project. See also the project page on the
[OpenStack Wiki](https://wiki.openstack.org/wiki/OpenStackAnsible) and the project
[repository on Github](https://github.com/openstack/openstack-ansible).
## License
Apache 2.0

152
defaults/main.yml Normal file
View File

@ -0,0 +1,152 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
verbose: True
## APT Cache options
cache_timeout: 600
# Name of the virtual env to deploy into
zaqar_venv_tag: untagged
zaqar_venv_bin: "/openstack/venvs/zaqar-{{ zaqar_venv_tag }}/bin"
# Set this to enable or disable installing in a venv
zaqar_venv_enabled: true
# The bin path defaults to the venv path however if installation in a
# venv is disabled the bin path will be dynamically set based on the
# system path used when the installing.
zaqar_bin: "{{ zaqar_venv_bin }}"
zaqar_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/zaqar.tgz
zaqar_git_repo: https://github.com/openstack/zaqar
zaqar_git_install_branch: master
zaqar_standalone_mode: false
zaqar_developer_constraints:
- "git+{{ zaqar_git_repo }}@{{ zaqar_git_install_branch }}#egg=zaqar"
## System info
zaqar_system_user_name: zaqar
zaqar_system_group_name: zaqar
zaqar_system_shell: /bin/false
zaqar_system_comment: zaqar system user
zaqar_system_user_home: "/var/lib/{{ zaqar_system_user_name }}"
## Service API info
zaqar_api_bind_address: 0.0.0.0
zaqar_api_bind_port: 8888
zaqar_service_proto: http
zaqar_api_program_name: zaqar-server
zaqar_service_region: RegionOne
zaqar_service_name: zaqar
zaqar_service_type: messaging
zaqar_service_description: "Zaqar messaging service"
zaqar_service_role_name: admin
zaqar_service_user_name: zaqar
zaqar_service_user_password: passw0rd
zaqar_service_tenant_name: service
zaqar_service_project_name: service
zaqar_service_project_domain_id: default
zaqar_service_user_domain_id: default
zaqar_service_registry_proto: "{{ zaqar_service_proto }}"
zaqar_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(zaqar_service_proto) }}"
zaqar_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(zaqar_service_proto) }}"
zaqar_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(zaqar_service_proto) }}"
zaqar_service_publicuri: "{{ zaqar_service_publicuri_proto }}://{{ zaqar_api_bind_address }}:{{ zaqar_api_bind_port }}"
zaqar_service_publicurl: "{{ zaqar_service_publicuri }}"
zaqar_service_internaluri: "{{ zaqar_service_internaluri_proto }}://{{ zaqar_api_bind_address }}:{{ zaqar_api_bind_port }}"
zaqar_service_internalurl: "{{ zaqar_service_internaluri }}"
zaqar_service_adminuri: "{{ zaqar_service_adminuri_proto }}://{{ zaqar_api_bind_address }}:{{ zaqar_api_bind_port }}"
zaqar_service_adminurl: "{{ zaqar_service_adminuri }}"
zaqar_service_cafile_path: /opt/stack/data/ca-bundle.pem
zaqar_keystone_auth_plugin: password
## Apache setup
zaqar_install_apache: false
zaqar_apache_log_level: debug
zaqar_wsgi_threads: 5
zaqar_wsgi_processes: "{{ ansible_processor_vcpus | default (1) * 2 }}"
## Nginx setup
zaqar_install_nginx: false
## Management DB info
zaqar_mgmt_database_user: zaqar
zaqar_mgmt_database_password: password
zaqar_mgmt_database_name: zaqar
zaqar_mgmt_db_type: mysql+pymysql
zaqar_mgmt_db_address: "{{ inventory_hostname }}"
zaqar_mgmt_db_port: 27017
zaqar_mgmt_db_options: "?charset=utf8"
zaqar_mgmt_db_connection_string: "{{ zaqar_mgmt_db_type }}://{{ zaqar_mgmt_database_user }}:{{ zaqar_mgmt_database_password }}@{{ zaqar_mgmt_db_address }}:{{ zaqar_mgmt_db_port }}/{{ zaqar_mgmt_database_name }}{{ zaqar_mgmt_db_options }}"
## Message DB info
zaqar_message_database_user: zaqar
zaqar_message_database_password: password
zaqar_message_db_type: mongodb
zaqar_message_db_address: localhost
zaqar_message_db_port: 27017
zaqar_message_db_connection_string: "{{ zaqar_message_db_type }}://{{ zaqar_message_database_user }}:{{ zaqar_message_database_password }}@{{ zaqar_message_db_address }}:{{ zaqar_message_db_port }}"
## Token Cache
zaqar_memcached_servers: "{{ memcached_servers }}"
zaqar_memcache_security_strategy: ENCRYPT
## Zaqar config
zaqar_enable_pooling: true
zaqar_secret_key: notreallysecret
zaqar_enable_notification: false
zaqar_unreliable: true
# Common apt packages
zaqar_apt_packages:
- gcc
- libxml2-dev
- libxslt1-dev
- python-dev
- zlib1g-dev
- apache2
- nginx
- libapache2-mod-wsgi
# zaqar packages that must be installed before anything else
zaqar_requires_pip_packages:
- virtualenv
- virtualenv-tools
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
# Common pip packages
zaqar_pip_packages:
- zaqar
- python-zaqarclient
- PyMySQL
- python-memcached
- keystonemiddleware
- pymongo
- uwsgi
## Tunable overrides
zaqar_zaqar_conf_overrides: {}
## Hacking Keystone related vars
keystone_service_adminuri_insecure: true
keystone_auth_admin_token: ADMIN
keystone_service_adminurl: http://192.168.33.12:35357/v3
keystone_service_adminuri: http://192.168.33.12:35357
keystone_service_internaluri: http://192.168.33.12:5000

49
files/logging.conf Normal file
View File

@ -0,0 +1,49 @@
[loggers]
keys=root,server,combined
[formatters]
keys=normal,normal_with_name,debug
[handlers]
keys=production,file,devel
[logger_root]
level=NOTSET
handlers=devel
[logger_server]
level=DEBUG
handlers=devel
qualname=zaqar-server
[logger_combined]
level=DEBUG
handlers=devel
qualname=zaqar-combined
[handler_production]
class=handlers.SysLogHandler
level=ERROR
formatter=normal_with_name
args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
[handler_file]
class=FileHandler
level=DEBUG
formatter=normal_with_name
args=('zaqar.log', 'w')
[handler_devel]
class=StreamHandler
level=NOTSET
formatter=debug
args=(sys.stdout,)
[formatter_normal]
format=%(asctime)s %(levelname)s %(message)s
[formatter_normal_with_name]
format=(%(name)s): %(asctime)s %(levelname)s %(message)s
[formatter_debug]
format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s

40
handlers/main.yml Normal file
View File

@ -0,0 +1,40 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Restart zaqar api
service:
name: "{{ zaqar_api_program_name }}"
state: "restarted"
pattern: "{{ zaqar_api_program_name }}"
- name: Restart Apache
service:
name: "apache2"
state: "restarted"
pattern: "apache2"
register: apache_restart
until: apache_restart|success
retries: 5
delay: 2
- name: Restart Nginx
service:
name: "nginx"
state: "restarted"
pattern: "nginx"
register: nginx_restart
until: nginx_restart|success
retries: 5
delay: 2

41
meta/main.yml Normal file
View File

@ -0,0 +1,41 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Installation and setup of Zaqar
company: Rackspace
license: Apache2
min_ansible_version: 1.6.6
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- python
- zaqar
- messaging
- development
- openstack
dependencies:
#- openstack_openrc
- role: pip_lock_down
when:
- not zaqar_standalone_mode | bool
- role: pip_install
when:
- zaqar_standalone_mode | bool
- memcached_server

13
os-zaqar-install.yml Normal file
View File

@ -0,0 +1,13 @@
- name: Install zaqar server
hosts: zaqar_all
user: root
roles:
- role: "os_zaqar"
zaqar_standalone_mode: true
zaqar_install_nginx: true
zaqar_api_bind_address: 192.168.33.11
zaqar_mgmt_db_connection_string: 'sqlite:////tmp/zaqar.db'
tags:
- "os-zaqar"
vars:
is_metal: "{{ properties.is_metal|default(true) }}"

33
tasks/main.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: zaqar_pre_install.yml
- include: zaqar_install.yml
- include: zaqar_post_install.yml
- include: zaqar_service_setup.yml
when: >
inventory_hostname == groups['zaqar_all'][0]
#- include: zaqar_upstart_init.yml
- include: zaqar_apache.yml
when: zaqar_install_apache | bool
- include: zaqar_nginx.yml
when: zaqar_install_nginx | bool
- name: Flush handlers
meta: flush_handlers

91
tasks/zaqar_apache.yml Normal file
View File

@ -0,0 +1,91 @@
---
# Copyright 2016, Catalyst IT Limited
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Add zaqar apache WSGI script
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ zaqar_system_user_name }}"
group: "{{ zaqar_system_group_name }}"
mode: "{{ item.mode|default('0644') }}"
with_items:
- { src: "zaqar-wsgi.py.j2", dest: "/var/www/cgi-bin/zaqar/app", mode: "0755" }
notify:
- Restart Apache
tags:
- zaqar-httpd
- name: Add zaqar apache configuration file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
with_items:
- { src: "zaqar-httpd.conf.j2", dest: "/etc/apache2/sites-available/zaqar-httpd.conf" }
notify:
- Restart Apache
tags:
- zaqar-httpd
- name: Disable default apache site
file:
path: "/etc/apache2/sites-enabled/000-default.conf"
state: "absent"
notify:
- Restart Apache
tags:
- zaqar-httpd
- name: Enabled zaqar vhost
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
with_items:
- { src: "/etc/apache2/sites-available/zaqar-httpd.conf", dest: "/etc/apache2/sites-enabled/zaqar-httpd.conf", state: "link" }
notify:
- Restart Apache
tags:
- zaqar-httpd
- name: Ensure Apache ServerName
lineinfile:
dest: "/etc/apache2/apache2.conf"
line: "ServerName {{ inventory_hostname }}"
notify:
- Restart Apache
tags:
- zaqar-httpd
- name: Ensure Apache ServerTokens
lineinfile:
dest: "/etc/apache2/conf-available/security.conf"
regexp: '^ServerTokens'
line: "ServerTokens Prod"
notify:
- Restart Apache
tags:
- zaqar-httpd
- name: Ensure Apache ServerSignature
lineinfile:
dest: "/etc/apache2/conf-available/security.conf"
regexp: '^ServerSignature'
line: "ServerSignature Off"
notify:
- Restart Apache
tags:
- zaqar-httpd

192
tasks/zaqar_install.yml Normal file
View File

@ -0,0 +1,192 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Check apt last update file
stat:
path: /var/cache/apt
register: apt_cache_stat
tags:
- zaqar-apt-packages
- name: Update apt if needed
apt:
update_cache: yes
when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}"
tags:
- zaqar-apt-packages
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: zaqar_apt_packages
tags:
- zaqar-install
- zaqar-apt-packages
- name: Create developer mode constraint file
copy:
dest: "/opt/developer-pip-constraints.txt"
content: |
{% for item in zaqar_developer_constraints %}
{{ item }}
{% endfor %}
when:
- zaqar_standalone_mode | bool
tags:
- zaqar-install
- zaqar-pip-packages
- name: Set constraint file fact for developer mode
set_fact:
pip_install_options: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt"
when:
- zaqar_standalone_mode | bool
tags:
- zaqar-install
- zaqar-pip-packages
- name: Install requires pip packages
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: zaqar_requires_pip_packages
tags:
- zaqar-install
- zaqar-pip-packages
# TODO: When project moves to ansible 2 we can pass this a sha256sum which will:
# a) allow us to remove force: yes
# b) allow the module to calculate the checksum of dest file which would
# result in file being downloaded only if provided and dest sha256sum
# checksums differ
- name: Attempt venv download
get_url:
url: "{{ zaqar_venv_download_url }}"
dest: "/var/cache/{{ zaqar_venv_download_url | basename }}"
force: yes
ignore_errors: true
register: get_venv
when:
- not zaqar_standalone_mode | bool
- zaqar_venv_enabled | bool
tags:
- zaqar-install
- zaqar-pip-packages
- name: Set zaqar get_venv fact
set_fact:
zaqar_get_venv: "{{ get_venv }}"
when: zaqar_venv_enabled | bool
tags:
- zaqar-install
- zaqar-pip-packages
- name: Remove existing venv
file:
path: "{{ zaqar_venv_bin | dirname }}"
state: absent
when:
- zaqar_venv_enabled | bool
- zaqar_get_venv | changed
tags:
- zaqar-install
- zaqar-pip-packages
- name: Create zaqar venv dir
file:
path: "{{ zaqar_venv_bin | dirname }}"
state: directory
when:
- not zaqar_standalone_mode | bool
- zaqar_venv_enabled | bool
- zaqar_get_venv | changed
tags:
- zaqar-install
- zaqar-pip-packages
- name: Unarchive pre-built venv
unarchive:
src: "/var/cache/{{ zaqar_venv_download_url | basename }}"
dest: "{{ zaqar_venv_bin | dirname }}"
copy: "no"
when:
- not zaqar_standalone_mode | bool
- zaqar_venv_enabled | bool
- zaqar_get_venv | changed
notify:
- Restart zaqar api
tags:
- zaqar-install
- zaqar-pip-packages
- name: Update virtualenv path
command: >
virtualenv-tools --update-path=auto {{ zaqar_venv_bin | dirname }}
when:
- not zaqar_standalone_mode | bool
- zaqar_venv_enabled | bool
- zaqar_get_venv | success
tags:
- zaqar-install
- zaqar-pip-packages
- name: Install pip packages (venv)
pip:
name: "{{ item }}"
state: present
virtualenv: "{{ zaqar_venv_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: zaqar_pip_packages
when:
- zaqar_venv_enabled | bool
- zaqar_get_venv | failed or zaqar_standalone_mode | bool
# notify:
# - Restart zaqar api
tags:
- zaqar-install
- zaqar-pip-packages
- name: Install pip packages (no venv)
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: zaqar_pip_packages
when:
- not zaqar_standalone_mode | bool
- not zaqar_venv_enabled | bool
# notify:
# - Restart zaqar api
tags:
- zaqar-install
- zaqar-pip-packages

69
tasks/zaqar_nginx.yml Normal file
View File

@ -0,0 +1,69 @@
---
# Copyright 2016, Catalyst IT Limited
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Add zaqar nginx WSGI script
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ zaqar_system_user_name }}"
group: "{{ zaqar_system_group_name }}"
mode: "{{ item.mode|default('0644') }}"
with_items:
- { src: "zaqar-wsgi.py.j2", dest: "/var/www/cgi-bin/zaqar/app.py", mode: "0755" }
notify:
- Restart Nginx
tags:
- zaqar-nginx
# Actually, we should also add an upstart script to automatically start uWSGI
# at boot time. Here is just for testing purpose.
- name: Run uwsgi service
command: >
/usr/local/bin/uwsgi
--socket /tmp/zaqar.sock
--pythonpath /var/www/cgi-bin/zaqar/
--module app
--daemonize /var/log/zaqar/uwsgi_zaqar.log
--pidfile /tmp/zaqar_pid.pid
--vacuum
notify:
- Restart Nginx
tags:
- zaqar-nginx
- name: Add zaqar nginx configuration file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
with_items:
- { src: "zaqar-nginx.conf.j2", dest: "/etc/nginx/sites-available/zaqar-nginx.conf" }
notify:
- Restart Nginx
tags:
- zaqar-nginx
- name: Enabled zaqar vhost
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
with_items:
- { src: "/etc/nginx/sites-available/zaqar-nginx.conf", dest: "/etc/nginx/sites-enabled/zaqar-nginx.conf", state: "link" }
notify:
- Restart Nginx
tags:
- zaqar-nginx

58
tasks/zaqar_post_install.yml Normal file
View File

@ -0,0 +1,58 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Copy zaqar servie config
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ zaqar_system_user_name }}"
group: "{{ zaqar_system_group_name }}"
mode: "0644"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "zaqar.conf.j2"
dest: "/etc/zaqar/zaqar.conf"
config_overrides: "{{ zaqar_zaqar_conf_overrides }}"
config_type: "ini"
# notify: Restart zaqar api
tags:
- zaqar-config
- zaqar-post-install
- name: Copy zaqar logging config
copy:
src: "logging.conf"
dest: "/etc/zaqar/logging.conf"
# notify: Restart zaqar api
tags:
- zaqar-config
- zaqar-post-install
- name: Get zaqar command path
command: which zaqar
register: zaqar_command_path
when:
- not zaqar_venv_enabled | bool
tags:
- zaqar-command-bin
- name: Set zaqar command path
set_fact:
zaqar_bin: "{{ zaqar_command_path.stdout | dirname }}"
when:
- not zaqar_venv_enabled | bool
tags:
- zaqar-command-bin

92
tasks/zaqar_pre_install.yml Normal file
View File

@ -0,0 +1,92 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create the system group
group:
name: "{{ zaqar_system_group_name }}"
state: "present"
system: "yes"
tags:
- zaqar-group
- name: Create the zaqar system user
user:
name: "{{ zaqar_system_user_name }}"
group: "{{ zaqar_system_group_name }}"
comment: "{{ zaqar_system_comment }}"
shell: "{{ zaqar_system_shell }}"
system: "yes"
createhome: "yes"
home: "{{ zaqar_system_user_home }}"
tags:
- zaqar-user
- name: Create zaqar dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(zaqar_system_user_name) }}"
group: "{{ item.group|default(zaqar_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/openstack", mode: "0755", owner: "root", group: "root" }
- { path: "/etc/zaqar" }
- { path: "{{ zaqar_system_user_home }}" }
- { path: "{{ zaqar_system_user_home }}/.ssh", mode: "0700" }
- { path: "/var/www/cgi-bin", owner: root, group: root }
- { path: "/var/www/cgi-bin/zaqar" }
- { path: "/var/cache/zaqar", mode: "0700" }
tags:
- zaqar-dirs
- name: Create zaqar venv dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/venvs" }
- { path: "{{ zaqar_venv_bin }}" }
when: zaqar_venv_enabled | bool
tags:
- zaqar-dirs
- name: Test for log directory or link
shell: |
if [ -h "/var/log/zaqar" ]; then
chown -h {{ zaqar_system_user_name }}:{{ zaqar_system_group_name }} "/var/log/zaqar"
chown -R {{ zaqar_system_user_name }}:{{ zaqar_system_group_name }} "$(readlink /var/log/zaqar)"
else
exit 1
fi
register: log_dir
failed_when: false
changed_when: log_dir.rc != 0
tags:
- zaqar-dirs
- zaqar-logs
- name: Create zaqar log dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(zaqar_system_user_name) }}"
group: "{{ item.group|default(zaqar_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/var/log/zaqar" }
when: log_dir.rc != 0
tags:
- zaqar-dirs
- zaqar-logs

103
tasks/zaqar_service_setup.yml Normal file
View File

@ -0,0 +1,103 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure zaqar service
keystone:
command: "ensure_service"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
service_name: "{{ zaqar_service_name }}"
service_type: "{{ zaqar_service_type }}"
description: "{{ zaqar_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
tags:
- zaqar-setup
- zaqar-service-add
- name: Ensure service project
keystone:
command: ensure_project
project_name: "{{ zaqar_service_tenant_name }}"
region_name: "{{ zaqar_service_region }}"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
tags:
- zaqar-setup
- zaqar-service-add
- name: Ensure zaqar user
keystone:
command: "ensure_user"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ zaqar_service_user_name }}"
tenant_name: "{{ zaqar_service_tenant_name }}"
password: "{{ zaqar_service_user_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- zaqar-setup
- zaqar-service-add
- name: Ensure zaqar user to admin role
keystone:
command: "ensure_user_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ zaqar_service_user_name }}"
tenant_name: "{{ zaqar_service_project_name }}"
role_name: "{{ zaqar_service_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_admin_role
until: add_admin_role|success
retries: 5
delay: 10
tags:
- zaqar-service-add
- zaqar-setup
# Create an endpoint
- name: Ensure zaqar endpoint
keystone:
command: "ensure_endpoint"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
region_name: "{{ zaqar_service_region }}"
service_name: "{{ zaqar_service_name }}"
service_type: "{{ zaqar_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ zaqar_service_publicurl }}"
interface: "public"
- url: "{{ zaqar_service_adminurl }}"
interface: "admin"
- url: "{{ zaqar_service_internalurl }}"
interface: "internal"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- zaqar-setup
- zaqar-service-add

46
tasks/zaqar_upstart_init.yml Normal file
View File

@ -0,0 +1,46 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Place the init script
template:
src: "zaqar-upstart-init.j2"
dest: "/etc/init/{{ zaqar_api_program_name }}.conf"
mode: "0644"
owner: "root"
group: "root"
notify:
- Restart zaqar api
tags:
- upstart-init
- zaqar-init
- name: Reload init scripts
shell: |
initctl reload-configuration
notify:
- Restart zaqar api
tags:
- upstart-init
- zaqar-init
- name: Load service
service:
name: "{{ zaqar_api_program_name }}"
enabled: "yes"
notify:
- Restart zaqar api
tags:
- upstart-init
- zaqar-init

19
templates/zaqar-httpd.conf.j2 Normal file
View File

@ -0,0 +1,19 @@
# {{ ansible_managed }}
Listen {{ zaqar_api_bind_port }}
<VirtualHost *:{{ zaqar_api_bind_port }}>
WSGIDaemonProcess zaqar-api user={{ zaqar_system_user_name }} group={{ zaqar_system_group_name }} processes={{ zaqar_wsgi_processes }} threads={{ zaqar_wsgi_threads }} display-name=%{GROUP}
WSGIProcessGroup zaqar-api
WSGIScriptAlias / /var/www/cgi-bin/zaqar/app
WSGIApplicationGroup %{GLOBAL}
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel {{ zaqar_apache_log_level }}
ErrorLog /var/log/zaqar/zaqar-apache-error.log
CustomLog /var/log/zaqar/zaqar-access.log combined
Options +FollowSymLinks
</VirtualHost>

10
templates/zaqar-nginx.conf.j2 Normal file
View File

@ -0,0 +1,10 @@
# {{ ansible_managed }}
server {
listen {{ zaqar_api_bind_port }};
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/zaqar.sock;
}
}

46
templates/zaqar-upstart-init.j2 Normal file
View File

@ -0,0 +1,46 @@
# {{ ansible_managed }}
# vim:set ft=upstart ts=2 et:
description "{{ zaqar_api_program_name }}"
author "Steve Lewis <steve.lewis@rackspace.com>"
start on runlevel [2345]
stop on runlevel [016]
respawn
respawn limit 10 5
# Set the RUNBIN environment variable
env RUNBIN="{{ zaqar_bin }}/{{ zaqar_api_program_name }}"
# Change directory to service users home
chdir "{{ zaqar_system_user_home }}"
# Pre start actions
pre-start script
mkdir -p "/var/run/{{ zaqar_api_program_name }}"
chown {{ zaqar_system_user_name }}:{{ zaqar_system_group_name }} "/var/run/{{ zaqar_api_program_name }}"
mkdir -p "/var/lock/{{ zaqar_api_program_name }}"
chown {{ zaqar_system_user_name }}:{{ zaqar_system_group_name }} "/var/lock/{{ zaqar_api_program_name }}"
{% if zaqar_venv_enabled | bool -%}
. {{ zaqar_venv_bin }}/activate
{%- endif %}
end script
# Post stop actions
post-stop script
rm "/var/run/{{ zaqar_api_program_name }}/{{ zaqar_api_program_name }}.pid"
end script
# Run the start up job
exec start-stop-daemon --start \
--chuid {{ zaqar_system_user_name }} \
--make-pidfile \
--pidfile /var/run/{{ zaqar_api_program_name }}/{{ zaqar_api_program_name }}.pid \
--exec "{{ zaqar_service_override|default('$RUNBIN') }}" \
-- {{ zaqar_service_config_options|default('') }} \
--log-file=/var/log/zaqar/{{ zaqar_api_program_name }}.log

25
templates/zaqar-wsgi.py.j2 Normal file
View File

@ -0,0 +1,25 @@
# Copyright 2015 Catalyst IT Limited
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
{% if zaqar_venv_enabled | bool %}
activate_this = os.path.expanduser("{{ zaqar_venv_bin }}/activate_this.py")
execfile(activate_this, dict(__file__=activate_this))
{% endif %}
from keystonemiddleware import auth_token
from zaqar.transport.wsgi import app
application = auth_token.AuthProtocol(app.app, {})

599
templates/zaqar.conf.j2 Normal file
View File

@ -0,0 +1,599 @@
#{{ ansible_managed}}
[DEFAULT]
debug = true
#
# From zaqar.common.configs
#
# Activate privileged endpoints. (boolean value)
admin_mode = true
# Enable pooling across multiple storage backends. If pooling is
# enabled, the storage driver configuration is used to determine where
# the catalogue/control plane data is kept. (boolean value)
# Deprecated group/name - [DEFAULT]/sharding
pooling = {{ zaqar_enable_pooling }}
# Disable all reliability constraints. (boolean value)
unreliable = {{ zaqar_unreliable }}
#
# From zaqar.transport.base
#
# Backend to use for authentication. For no auth, keep it empty.
# Existing strategies: keystone. See also the keystone_authtoken
# section below (string value)
auth_strategy = keystone
[drivers]
#
# From zaqar.common.configs
#
# Transport driver to use. (string value)
#transport = wsgi
# Storage driver to use as the messaging store. (string value)
# Deprecated group/name - [DEFAULT]/storage
#message_store = mongodb
# Storage driver to use as the management store. (string value)
management_store = sqlalchemy
[drivers:management_store:mongodb]
#
# From zaqar.storage.mongodb
#
# The private keyfile used to identify the local connection against
# mongod. If included with the ``certifle`` then only the
# ``ssl_certfile`` is needed. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/ssl_keyfile
#ssl_keyfile = <None>
# The certificate file used to identify the local connection against
# mongod. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/ssl_certfile
#ssl_certfile = <None>
# Specifies whether a certificate is required from the other side of
# the connection, and whether it will be validated if provided. It
# must be one of the three values ``CERT_NONE``(certificates ignored),
# ``CERT_OPTIONAL``(not required, but validated if provided), or
# ``CERT_REQUIRED``(required and validated). If the value of this
# parameter is not ``CERT_NONE``, then the ``ssl_ca_cert`` parameter
# must point to a file of CA certificates. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/ssl_cert_reqs
#ssl_cert_reqs = CERT_REQUIRED
# The ca_certs file contains a set of concatenated "certification
# authority" certificates, which are used to validate certificates
# passed from the other end of the connection. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/ssl_ca_certs
#ssl_ca_certs = <None>
# Mongodb Connection URI. If ssl connection enabled, then
# ``ssl_keyfile``, ``ssl_certfile``, ``ssl_cert_reqs``,
# ``ssl_ca_certs`` need to be set accordingly. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/uri
#uri = <None>
# Database name. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/database
#database = zaqar
# Maximum number of times to retry a failed operation. Currently only
# used for retrying a message post. (integer value)
# Deprecated group/name - [drivers:storage:mongodb]/max_attempts
#max_attempts = 1000
# Maximum sleep interval between retries (actual sleep time increases
# linearly according to number of attempts performed). (floating point
# value)
# Deprecated group/name - [drivers:storage:mongodb]/max_retry_sleep
#max_retry_sleep = 0.1
# Maximum jitter interval, to be added to the sleep interval, in order
# to decrease probability that parallel requests will retry at the
# same instant. (floating point value)
# Deprecated group/name - [drivers:storage:mongodb]/max_retry_jitter
#max_retry_jitter = 0.005
# Maximum number of times to retry an operation that failed due to a
# primary node failover. (integer value)
# Deprecated group/name - [drivers:storage:mongodb]/max_reconnect_attempts
#max_reconnect_attempts = 10
# Base sleep interval between attempts to reconnect after a primary
# node failover. The actual sleep time increases exponentially (power
# of 2) each time the operation is retried. (floating point value)
# Deprecated group/name - [drivers:storage:mongodb]/reconnect_sleep
#reconnect_sleep = 0.02
[drivers:management_store:redis]
#
# From zaqar.storage.redis
#
# Redis connection URI, taking one of three forms. For a direct
# connection to a Redis server, use the form
# "redis://host[:port][?options]", where port defaults to 6379 if not
# specified. For an HA master-slave Redis cluster using Redis
# Sentinel, use the form
# "redis://host1[:port1][,host2[:port2],...,hostN[:portN]][?options]",
# where each host specified corresponds to an instance of redis-
# sentinel. In this form, the name of the Redis master used in the
# Sentinel configuration must be included in the query string as
# "master=<name>". Finally, to connect to a local instance of Redis
# over a unix socket, you may use the form
# "redis:/path/to/redis.sock[?options]". In all forms, the
# "socket_timeout" option may be specified in the query string. Its
# value is given in seconds. If not provided, "socket_timeout"
# defaults to 0.1 seconds. (string value)
# Deprecated group/name - [drivers:storage:redis]/uri
#uri = redis://127.0.0.1:6379
# Maximum number of times to retry an operation that failed due to a
# redis node failover. (integer value)
# Deprecated group/name - [drivers:storage:redis]/max_reconnect_attempts
#max_reconnect_attempts = 10
# Base sleep interval between attempts to reconnect after a redis node
# failover. (floating point value)
# Deprecated group/name - [drivers:storage:redis]/reconnect_sleep
#reconnect_sleep = 1.0
[drivers:management_store:sqlalchemy]
#
# From zaqar.storage.sqlalchemy
#
# An sqlalchemy URL (string value)
# Deprecated group/name - [drivers:storage:sqlalchemy]/uri
uri = {{ zaqar_mgmt_db_connection_string }}
[drivers:message_store:mongodb]
#
# From zaqar.storage.mongodb
#
# The private keyfile used to identify the local connection against
# mongod. If included with the ``certifle`` then only the
# ``ssl_certfile`` is needed. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/ssl_keyfile
#ssl_keyfile = <None>
# The certificate file used to identify the local connection against
# mongod. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/ssl_certfile
#ssl_certfile = <None>
# Specifies whether a certificate is required from the other side of
# the connection, and whether it will be validated if provided. It
# must be one of the three values ``CERT_NONE``(certificates ignored),
# ``CERT_OPTIONAL``(not required, but validated if provided), or
# ``CERT_REQUIRED``(required and validated). If the value of this
# parameter is not ``CERT_NONE``, then the ``ssl_ca_cert`` parameter
# must point to a file of CA certificates. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/ssl_cert_reqs
#ssl_cert_reqs = CERT_REQUIRED
# The ca_certs file contains a set of concatenated "certification
# authority" certificates, which are used to validate certificates
# passed from the other end of the connection. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/ssl_ca_certs
#ssl_ca_certs = <None>
# Mongodb Connection URI. If ssl connection enabled, then
# ``ssl_keyfile``, ``ssl_certfile``, ``ssl_cert_reqs``,
# ``ssl_ca_certs`` need to be set accordingly. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/uri
#uri = <None>
# Database name. (string value)
# Deprecated group/name - [drivers:storage:mongodb]/database
#database = zaqar
# Maximum number of times to retry a failed operation. Currently only
# used for retrying a message post. (integer value)
# Deprecated group/name - [drivers:storage:mongodb]/max_attempts
#max_attempts = 1000
# Maximum sleep interval between retries (actual sleep time increases
# linearly according to number of attempts performed). (floating point
# value)
# Deprecated group/name - [drivers:storage:mongodb]/max_retry_sleep
#max_retry_sleep = 0.1
# Maximum jitter interval, to be added to the sleep interval, in order
# to decrease probability that parallel requests will retry at the
# same instant. (floating point value)
# Deprecated group/name - [drivers:storage:mongodb]/max_retry_jitter
#max_retry_jitter = 0.005
# Maximum number of times to retry an operation that failed due to a
# primary node failover. (integer value)
# Deprecated group/name - [drivers:storage:mongodb]/max_reconnect_attempts
#max_reconnect_attempts = 10
# Base sleep interval between attempts to reconnect after a primary
# node failover. The actual sleep time increases exponentially (power
# of 2) each time the operation is retried. (floating point value)
# Deprecated group/name - [drivers:storage:mongodb]/reconnect_sleep
#reconnect_sleep = 0.02
# Number of databases across which to partition message data, in order
# to reduce writer lock %. DO NOT change this setting after initial
# deployment. It MUST remain static. Also, you should not need a large
# number of partitions to improve performance, esp. if deploying
# MongoDB on SSD storage. (integer value)
# Deprecated group/name - [drivers:storage:mongodb]/partitions
#partitions = 2
[drivers:message_store:redis]
#
# From zaqar.storage.redis
#
# Redis connection URI, taking one of three forms. For a direct
# connection to a Redis server, use the form
# "redis://host[:port][?options]", where port defaults to 6379 if not
# specified. For an HA master-slave Redis cluster using Redis
# Sentinel, use the form
# "redis://host1[:port1][,host2[:port2],...,hostN[:portN]][?options]",
# where each host specified corresponds to an instance of redis-
# sentinel. In this form, the name of the Redis master used in the
# Sentinel configuration must be included in the query string as
# "master=<name>". Finally, to connect to a local instance of Redis
# over a unix socket, you may use the form
# "redis:/path/to/redis.sock[?options]". In all forms, the
# "socket_timeout" option may be specified in the query string. Its
# value is given in seconds. If not provided, "socket_timeout"
# defaults to 0.1 seconds. (string value)
# Deprecated group/name - [drivers:storage:redis]/uri
#uri = redis://127.0.0.1:6379
# Maximum number of times to retry an operation that failed due to a
# redis node failover. (integer value)
# Deprecated group/name - [drivers:storage:redis]/max_reconnect_attempts
#max_reconnect_attempts = 10
# Base sleep interval between attempts to reconnect after a redis node
# failover. (floating point value)
# Deprecated group/name - [drivers:storage:redis]/reconnect_sleep
#reconnect_sleep = 1.0
[drivers:transport:wsgi]
#
# From zaqar.transport.wsgi
#
# Address on which the self-hosting server will listen. (ip address
# value)
bind = 0.0.0.0
# Port on which the self-hosting server will listen. (port value)
# Minimum value: 1
# Maximum value: 65535
#port = 8888
[keystone_authtoken]
#signing_dir = /var/cache/zaqar
auth_plugin = {{ zaqar_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = default
user_domain_id = default
project_name = {{ zaqar_service_project_name }}
username = {{ zaqar_service_user_name }}
password = {{ zaqar_service_user_password }}
#cafile = {{ zaqar_service_cafile_path }}
#
# From keystonemiddleware.auth_token
#
# Complete public Identity API endpoint. (string value)
#auth_uri = <None>
# API version of the admin Identity API endpoint. (string value)
#auth_version = <None>
# Do not handle authorization requests within the middleware, but
# delegate the authorization decision to downstream WSGI components.
# (boolean value)
#delay_auth_decision = false
# Request timeout value for communicating with Identity API server.
# (integer value)
#http_connect_timeout = <None>
# How many times are we trying to reconnect when communicating with
# Identity API Server. (integer value)
#http_request_max_retries = 3
# Env key for the swift cache. (string value)
#cache = <None>
# Required if identity server requires client certificate (string
# value)
#certfile = <None>
# Required if identity server requires client certificate (string
# value)
#keyfile = <None>
# A PEM encoded Certificate Authority to use when verifying HTTPs
# connections. Defaults to system CAs. (string value)
#cafile = <None>
# Verify HTTPS connections. (boolean value)
#insecure = false
# The region in which the identity server can be found. (string value)
#region_name = <None>
# Directory used to cache files related to PKI tokens. (string value)
#signing_dir = <None>
# Optionally specify a list of memcached server(s) to use for caching.
# If left undefined, tokens will instead be cached in-process. (list
# value)
# Deprecated group/name - [DEFAULT]/memcache_servers
#memcached_servers = <None>
# In order to prevent excessive effort spent validating tokens, the
# middleware caches previously-seen tokens for a configurable duration
# (in seconds). Set to -1 to disable caching completely. (integer
# value)
#token_cache_time = 300
# Determines the frequency at which the list of revoked tokens is
# retrieved from the Identity service (in seconds). A high number of
# revocation events combined with a low cache duration may
# significantly reduce performance. (integer value)
#revocation_cache_time = 10
# (Optional) If defined, indicate whether token data should be
# authenticated or authenticated and encrypted. Acceptable values are
# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in
# the cache. If ENCRYPT, token data is encrypted and authenticated in
# the cache. If the value is not one of these options or empty,
# auth_token will raise an exception on initialization. (string value)
#memcache_security_strategy = <None>
# (Optional, mandatory if memcache_security_strategy is defined) This
# string is used for key derivation. (string value)
#memcache_secret_key = <None>
# (Optional) Number of seconds memcached server is considered dead
# before it is tried again. (integer value)
#memcache_pool_dead_retry = 300
# (Optional) Maximum total number of open connections to every
# memcached server. (integer value)
#memcache_pool_maxsize = 10
# (Optional) Socket timeout in seconds for communicating with a
# memcached server. (integer value)
#memcache_pool_socket_timeout = 3
# (Optional) Number of seconds a connection to memcached is held
# unused in the pool before it is closed. (integer value)
#memcache_pool_unused_timeout = 60
# (Optional) Number of seconds that an operation will wait to get a
# memcached client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10
# (Optional) Use the advanced (eventlet safe) memcached client pool.
# The advanced pool will only work under python 2.x. (boolean value)
#memcache_use_advanced_pool = false
# (Optional) Indicate whether to set the X-Service-Catalog header. If
# False, middleware will not ask for service catalog on token
# validation and will not set the X-Service-Catalog header. (boolean
# value)
#include_service_catalog = true
# Used to control the use and type of token binding. Can be set to:
# "disabled" to not check token binding. "permissive" (default) to
# validate binding information if the bind type is of a form known to
# the server and ignore it if not. "strict" like "permissive" but if
# the bind type is unknown the token will be rejected. "required" any
# form of token binding is needed to be allowed. Finally the name of a
# binding method that must be present in tokens. (string value)
#enforce_token_bind = permissive
# If true, the revocation list will be checked for cached tokens. This
# requires that PKI tokens are configured on the identity server.
# (boolean value)
#check_revocations_for_cached = false
# Hash algorithms to use for hashing PKI tokens. This may be a single
# algorithm or multiple. The algorithms are those supported by Python
# standard hashlib.new(). The hashes will be tried in the order given,
# so put the preferred one first for performance. The result of the
# first hash will be stored in the cache. This will typically be set
# to multiple values only while migrating from a less secure algorithm
# to a more secure one. Once all the old tokens are expired this
# option should be set to a single value for better performance. (list
# value)
#hash_algorithms = md5
# Prefix to prepend at the beginning of the path. Deprecated, use
# identity_uri. (string value)
#auth_admin_prefix =
# Host providing the admin Identity API endpoint. Deprecated, use
# identity_uri. (string value)
#auth_host = 127.0.0.1
# Port of the admin Identity API endpoint. Deprecated, use
# identity_uri. (integer value)
#auth_port = 35357
# Protocol of the admin Identity API endpoint (http or https).
# Deprecated, use identity_uri. (string value)
#auth_protocol = https
# Complete admin Identity API endpoint. This should specify the
# unversioned root endpoint e.g. https://localhost:35357/ (string
# value)
#identity_uri = <None>
# This option is deprecated and may be removed in a future release.
# Single shared secret with the Keystone configuration used for
# bootstrapping a Keystone installation, or otherwise bypassing the
# normal authentication process. This option should not be used, use
# `admin_user` and `admin_password` instead. (string value)
#admin_token = <None>
# Service username. (string value)
#admin_user = <None>
# Service user password. (string value)
#admin_password = <None>
# Service tenant name. (string value)
#admin_tenant_name = admin
[notification]
#
# From zaqar.common.configs
#
# The command of smtp to send email. The format is "command_name arg1
# arg2". (string value)
#smtp_command = /usr/sbin/sendmail -t -oi
[pooling:catalog]
#
# From zaqar.storage.pooling
#
# If enabled, the message_store will be used as the storage for the
# virtual pool. (boolean value)
enable_virtual_pool = true
[signed_url]
#
# From zaqar.common.configs
#
# Secret key used to encrypt pre-signed URLs. (string value)
secret_key = {{ zaqar_secret_key }}
[storage]
#
# From zaqar.storage.pipeline
#
# Pipeline to use for processing queue operations. This pipeline will
# be consumed before calling the storage driver's controller methods.
# (list value)
#queue_pipeline =
# Pipeline to use for processing message operations. This pipeline
# will be consumed before calling the storage driver's controller
# methods. (list value)
{% if zaqar_enable_notification %}
message_pipeline = zaqar.notification.notifier
{% endif %}
#message_pipeline =
# Pipeline to use for processing claim operations. This pipeline will
# be consumed before calling the storage driver's controller methods.
# (list value)
#claim_pipeline =
# Pipeline to use for processing subscription operations. This
# pipeline will be consumed before calling the storage driver's
# controller methods. (list value)
#subscription_pipeline =
[transport]
#
# From zaqar.transport.base
#
# Defines how long a message will be accessible. (integer value)
#default_message_ttl = 3600
# Defines how long a message will be in claimed state. (integer value)
#default_claim_ttl = 300
# Defines the message grace period in seconds. (integer value)
#default_claim_grace = 60
#
# From zaqar.transport.validation
#
# Defines the maximum number of queues per page. (integer value)
# Deprecated group/name - [limits:transport]/queue_paging_uplimit
#max_queues_per_page = 20
# Defines the maximum number of messages per page. (integer value)
# Deprecated group/name - [limits:transport]/message_paging_uplimit
#max_messages_per_page = 20
# Defines the maximum number of subscriptions per page. (integer
# value)
# Deprecated group/name - [limits:transport]/subscription_paging_uplimit
#max_subscriptions_per_page = 20
# The maximum number of messages that can be claimed (OR) popped in a
# single request (integer value)
# Deprecated group/name - [DEFAULT]/max_messages_per_claim
#max_messages_per_claim_or_pop = 20
# Defines the maximum amount of metadata in a queue. (integer value)
# Deprecated group/name - [limits:transport]/metadata_size_uplimit
#max_queue_metadata = 65536
# Defines the maximum size of message posts. (integer value)
# Deprecated group/name - [DEFAULT]/max_message_size
# Deprecated group/name - [limits:transport]/message_size_uplimit
#max_messages_post_size = 262144
# Maximum amount of time a message will be available. (integer value)
# Deprecated group/name - [limits:transport]/message_ttl_max
#max_message_ttl = 1209600
# Maximum length of a message in claimed state. (integer value)
# Deprecated group/name - [limits:transport]/claim_ttl_max
#max_claim_ttl = 43200
# Defines the maximum message grace period in seconds. (integer value)
# Deprecated group/name - [limits:transport]/claim_grace_max
#max_claim_grace = 43200
# Defines supported subscriber types. (list value)
#subscriber_types = http,https,mailto