213 lines
7.4 KiB
YAML
213 lines
7.4 KiB
YAML
---
|
|
# Copyright 2018, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Gather variables for each operating system
|
|
include_vars: "{{ lookup('first_found', params) }}"
|
|
vars:
|
|
params:
|
|
files:
|
|
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['distribution'] | lower }}.yml"
|
|
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml"
|
|
- "{{ ansible_facts['os_family'] | lower }}.yml"
|
|
paths:
|
|
- "{{ role_path }}/vars"
|
|
tags:
|
|
- always
|
|
|
|
- name: Importing zun_pre_install tasks
|
|
import_tasks: zun_pre_install.yml
|
|
tags:
|
|
- zun-install
|
|
|
|
- name: Create and install SSL certificates
|
|
include_role:
|
|
name: pki
|
|
tasks_from: main_certs.yml
|
|
apply:
|
|
tags:
|
|
- zun-config
|
|
- pki
|
|
vars:
|
|
pki_setup_host: "{{ zun_pki_setup_host }}"
|
|
pki_dir: "{{ zun_pki_dir }}"
|
|
pki_create_certificates: "{{ zun_user_ssl_cert is not defined and zun_user_ssl_key is not defined }}"
|
|
pki_regen_cert: "{{ zun_pki_regen_cert }}"
|
|
pki_certificates: "{{ zun_pki_certificates }}"
|
|
pki_install_certificates: "{{ zun_pki_install_certificates }}"
|
|
when:
|
|
- zun_backend_ssl
|
|
tags:
|
|
- always
|
|
|
|
# NOTE(jrosser)
|
|
# kuryr-lib appears in u-c and the new pip resolver will fail to install
|
|
# if two contradictory constraints are given which will always happen
|
|
# with a source install and wheels built on the repo server. We must
|
|
# filter kuryr-lib out of u-c.
|
|
- name: Retrieve the constraints URL
|
|
uri:
|
|
url: "{{ zun_upper_constraints_url }}"
|
|
return_content: yes
|
|
register: _u_c_contents
|
|
|
|
- name: Install the python venv
|
|
import_role:
|
|
name: "python_venv_build"
|
|
vars:
|
|
venv_python_executable: "{{ zun_venv_python_executable }}"
|
|
venv_build_constraints: "{{ _u_c_contents.content.split('\n') | reject('match', '^kuryr-lib=') | list }}"
|
|
venv_install_destination_path: "{{ zun_bin | dirname }}"
|
|
venv_install_distro_package_list: "{{ zun_distro_packages }}"
|
|
venv_pip_install_args: "{{ zun_pip_install_args }}"
|
|
venv_pip_packages: "{{ zun_pip_packages | union((zun_oslomsg_amqp1_enabled | bool) | ternary(zun_optional_oslomsg_amqp1_pip_packages, [])) }}"
|
|
venv_facts_when_changed:
|
|
- section: "zun"
|
|
option: "venv_tag"
|
|
value: "{{ zun_venv_tag }}"
|
|
tags:
|
|
- zun-install
|
|
|
|
- name: Including osa.mq_setup role
|
|
include_role:
|
|
name: openstack.osa.mq_setup
|
|
apply:
|
|
tags:
|
|
- common-mq
|
|
- zun-config
|
|
when:
|
|
- "zun_services['zun-api']['group'] in group_names"
|
|
- "inventory_hostname == ((groups[zun_services['zun-api']['group']] | intersect(ansible_play_hosts)) | list)[0]"
|
|
vars:
|
|
_oslomsg_rpc_setup_host: "{{ zun_oslomsg_rpc_setup_host }}"
|
|
_oslomsg_rpc_userid: "{{ zun_oslomsg_rpc_userid }}"
|
|
_oslomsg_rpc_password: "{{ zun_oslomsg_rpc_password }}"
|
|
_oslomsg_rpc_vhost: "{{ zun_oslomsg_rpc_vhost }}"
|
|
_oslomsg_rpc_transport: "{{ zun_oslomsg_rpc_transport }}"
|
|
_oslomsg_notify_setup_host: "{{ zun_oslomsg_notify_setup_host }}"
|
|
_oslomsg_notify_userid: "{{ zun_oslomsg_notify_userid }}"
|
|
_oslomsg_notify_password: "{{ zun_oslomsg_notify_password }}"
|
|
_oslomsg_notify_vhost: "{{ zun_oslomsg_notify_vhost }}"
|
|
_oslomsg_notify_transport: "{{ zun_oslomsg_notify_transport }}"
|
|
_oslomsg_configure_notify: "{{ (zun_ceilometer_enabled | bool) or (zun_designate_enabled | bool) }}"
|
|
tags:
|
|
- always
|
|
|
|
- name: Including osa.db_setup role
|
|
include_role:
|
|
name: openstack.osa.db_setup
|
|
apply:
|
|
tags:
|
|
- common-db
|
|
- zun-config
|
|
vars:
|
|
_oslodb_setup_host: "{{ zun_db_setup_host }}"
|
|
_oslodb_ansible_python_interpreter: "{{ zun_db_setup_python_interpreter }}"
|
|
_oslodb_setup_endpoint: "{{ zun_galera_address }}"
|
|
_oslodb_setup_port: "{{ zun_galera_port }}"
|
|
_oslodb_databases:
|
|
- name: "{{ zun_galera_database }}"
|
|
users:
|
|
- username: "{{ zun_galera_user }}"
|
|
password: "{{ zun_galera_password }}"
|
|
when:
|
|
- "zun_services['zun-api']['group'] in group_names"
|
|
- "inventory_hostname == ((groups['zun_api'] | intersect(ansible_play_hosts)) | list)[0]"
|
|
tags:
|
|
- always
|
|
|
|
- name: Including osa.service_setup role
|
|
include_role:
|
|
name: openstack.osa.service_setup
|
|
apply:
|
|
tags:
|
|
- common-service
|
|
- zun-config
|
|
vars:
|
|
_service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
_service_in_ldap: "{{ zun_service_in_ldap }}"
|
|
_service_setup_host: "{{ zun_service_setup_host }}"
|
|
_service_setup_host_python_interpreter: "{{ zun_service_setup_host_python_interpreter }}"
|
|
_service_project_name: "{{ zun_service_project_name }}"
|
|
_service_region: "{{ zun_service_region }}"
|
|
_service_users:
|
|
- name: "{{ zun_service_user_name }}"
|
|
password: "{{ zun_service_password }}"
|
|
role: "{{ zun_service_role_names }}"
|
|
- name: "{{ zun_kuryr_service_username }}"
|
|
password: "{{ zun_kuryr_service_password }}"
|
|
role: "{{ zun_service_role_names }}"
|
|
_service_endpoints:
|
|
- service: "{{ zun_service_name }}"
|
|
interface: "public"
|
|
url: "{{ zun_service_publicurl }}"
|
|
- service: "{{ zun_service_name }}"
|
|
interface: "internal"
|
|
url: "{{ zun_service_internalurl }}"
|
|
- service: "{{ zun_service_name }}"
|
|
interface: "admin"
|
|
url: "{{ zun_service_adminurl }}"
|
|
_service_catalog:
|
|
- name: "{{ zun_service_name }}"
|
|
type: "{{ zun_service_type }}"
|
|
description: "{{ zun_service_description }}"
|
|
when:
|
|
- "zun_services['zun-api']['group'] in group_names"
|
|
- "inventory_hostname == ((groups['zun_api'] | intersect(ansible_play_hosts)) | list)[0]"
|
|
tags:
|
|
- always
|
|
|
|
- name: Importing zun_post_install tasks
|
|
import_tasks: zun_compute.yml
|
|
when:
|
|
- "zun_services['zun-compute']['group'] in group_names"
|
|
tags:
|
|
- zun-compute
|
|
|
|
- name: Importing zun_post_install tasks
|
|
import_tasks: zun_post_install.yml
|
|
tags:
|
|
- zun-config
|
|
|
|
- name: Import uwsgi role
|
|
import_role:
|
|
name: uwsgi
|
|
vars:
|
|
uwsgi_services: "{{ uwsgi_zun_services }}"
|
|
uwsgi_install_method: "source"
|
|
tags:
|
|
- zun-config
|
|
- uwsgi
|
|
|
|
- name: Run the systemd service role
|
|
import_role:
|
|
name: systemd_service
|
|
vars:
|
|
systemd_user_name: "{{ zun_system_user_name }}"
|
|
systemd_group_name: "{{ zun_system_group_name }}"
|
|
systemd_tempd_prefix: openstack
|
|
systemd_slice_name: "{{ zun_system_slice_name }}"
|
|
systemd_lock_dir: "{{ zun_lock_dir }}"
|
|
systemd_service_cpu_accounting: true
|
|
systemd_service_block_io_accounting: true
|
|
systemd_service_memory_accounting: true
|
|
systemd_service_tasks_accounting: true
|
|
systemd_services: "{{ filtered_zun_services }}"
|
|
tags:
|
|
- zun-config
|
|
- systemd-service
|