openstack/openstack-ansible-os_zun
Code Issues Proposed changes
7908f60662
openstack-ansible-os_zun/defaults/main.yml
Jesse Pretorius d4edcbde6d Move MQ vhost/user creation into role 
There is no record for why we implement the MQ vhost/user creation
outside of the role in the playbook, when we could do it inside the
role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement two new variables:
- zun_oslomsg_rpc_setup_host
- zun_oslomsg_notify_setup_host

These are used in the role to allow delegation of the MQ vhost/user
setup for each type to any host, but they default to using the first
member of the applicable oslomsg host group.

We also adjust some of the defaults to automatically inherit existing
vars set in group_vars form the integrated build so that we do not
need to do the wiring in the integrated build's group vars. We still
default them in the role too for independent role usage.

Finally, we remove the test mq setup tasks and clean up any unused
or unnecessary variables configured in tests.

Change-Id: I639a3fa3e138b1ae190325b9794969820267ec23
2018-07-27 12:42:19 +01:00

287 lines
10 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Enable/Disable barbican configurations
zun_barbican_enabled: False
# Enable/Disable designate configurations
zun_designate_enabled: False
# Notification topics for designate.
zun_notifications_designate: notifications_designate
# Enable/Disable ceilometer configurations
zun_ceilometer_enabled: False
## Verbosity Options
debug: False
# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
zun_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
zun_package_state: "latest"
zun_pip_package_state: "latest"
zun_git_repo: https://git.openstack.org/openstack/zun
zun_git_install_branch: master
zun_kuryr_git_repo: https://git.openstack.org/openstack/kuryr-libnetwork
zun_kuryr_git_install_branch: master
zun_developer_mode: false
zun_developer_constraints:
- "git+{{ zun_git_repo }}@{{ zun_git_install_branch }}#egg=zun"
- "git+{{ zun_kuryr_git_repo }}@{{ zun_kuryr_git_install_branch }}#egg=kuryr-libnetwork"
# Name of the virtual env to deploy into
zun_venv_tag: untagged
zun_bin: "/openstack/venvs/zun-{{ zun_venv_tag }}/bin"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
zun_venv_download: "{{ not zun_developer_mode | bool }}"
zun_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/zun.tgz
zun_fatal_deprecations: False
## Zun user information
zun_system_user_name: zun
zun_system_group_name: zun
zun_system_shell: /bin/false
zun_system_comment: zun system user
zun_system_home_folder: "/var/lib/{{ zun_system_user_name }}"
zun_log_dir: "/var/log/zun"
zun_lock_path: "/var/lock/zun"
## Kuryr user information
zun_kuryr_system_user_name: kuryr
zun_kuryr_system_group_name: kuryr
zun_kuryr_system_shell: /bin/false
zun_kuryr_system_comment: kuryr system user
zun_kuryr_system_home_folder: "/var/lib/{{ zun_kuryr_system_user_name }}"
zun_kuryr_log_dir: "/var/log/kuryr"
zun_kuryr_lock_path: "/var/lock/kuryr"
# Set a list of users that are permitted to execute the docker binary.
zun_docker_users:
- "{{ zun_system_user_name }}"
- "{{ zun_kuryr_system_user_name }}"
# Set the docker api version. The default is false, which will result in no
# option being set in config for api servers. On compute hosts the docker api
# version will be used as determined by the client version information.
zun_docker_api_version: false
## Manually specified zun UID/GID
# Deployers can specify a UID for the zun user as well as the GID for the
# zun group if needed. This is commonly used in environments where shared
# storage is used, such as NFS or GlusterFS, and zun UID/GID values must be
# in sync between multiple servers.
#
# WARNING: Changing these values on an existing deployment can lead to
# failures, errors, and instability.
#
# zun_system_user_uid = <UID>
# zun_system_group_gid = <GID>
## Database info
zun_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
zun_galera_address: "{{ galera_address | default('127.0.0.1') }}"
zun_galera_user: zun
zun_galera_database: zun
zun_db_max_overflow: 10
zun_db_max_pool_size: 120
zun_db_pool_timeout: 30
# Toggle whether zun connects via an encrypted connection
zun_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
# The path where to store the database server CA certificate
zun_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
## RabbitMQ info
## Configuration for RPC communications
zun_rpc_thread_pool_size: 64
zun_rpc_conn_pool_size: 30
zun_rpc_response_timeout: 60
## Oslo Messaging info
# RPC
zun_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
zun_oslomsg_rpc_setup_host: "{{ (zun_oslomsg_rpc_host_group in groups) | ternary(groups[zun_oslomsg_rpc_host_group][0], 'localhost') }}"
zun_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
zun_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
zun_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
zun_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
zun_oslomsg_rpc_userid: zun
zun_oslomsg_rpc_vhost: /zun
# Notify
zun_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
zun_oslomsg_notify_setup_host: "{{ (zun_oslomsg_notify_host_group in groups) | ternary(groups[zun_oslomsg_notify_host_group][0], 'localhost') }}"
zun_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
zun_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
zun_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
zun_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
zun_oslomsg_notify_userid: "{{ zun_oslomsg_rpc_userid }}"
zun_oslomsg_notify_password: "{{ zun_oslomsg_rpc_password }}"
zun_oslomsg_notify_vhost: "{{ zun_oslomsg_rpc_vhost }}"
# If this is not set, then the playbook will try to guess it.
#zun_virt_type: kvm
## Zun Auth
zun_service_region: RegionOne
zun_service_project_name: "service"
zun_service_project_domain_id: default
zun_service_user_domain_id: default
zun_service_user_name: "zun"
zun_service_role_name: "admin"
## Zun Auth for kuryr
zun_kuryr_service_username: kuryr
## Keystone authentication middleware
zun_keystone_auth_plugin: password
## Zun v1
zun_service_name: zun
zun_service_type: container
zun_service_proto: http
zun_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(zun_service_proto) }}"
zun_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(zun_service_proto) }}"
zun_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(zun_service_proto) }}"
zun_service_port: 9517
zun_service_description: "Zun Compute Service"
zun_service_publicuri: "{{ zun_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ zun_service_port }}"
zun_service_publicurl: "{{ zun_service_publicuri }}"
zun_service_adminuri: "{{ zun_service_adminuri_proto }}//{{ internal_lb_vip_address }}:{{ zun_service_port }}"
zun_service_adminurl: "{{ zun_service_adminuri }}"
zun_service_internaluri: "{{ zun_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ zun_service_port }}"
zun_service_internalurl: "{{ zun_service_internaluri }}"
zun_service_endpoint_type: internalURL
# If you want to regenerate the zun users SSH keys, on each run, set this var to True
# Otherwise keys will be generated on the first run and not regenerated each run.
zun_recreate_keys: False
## General Zun configuration
# If ``zun_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# zun_osapi_compute_workers: 16
# If ``zun_conductor_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# zun_conductor_workers: 16
# If ``zun_metadata_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# zun_metadata_workers: 16
## Cap the maximun number of threads / workers when a user value is unspecified.
zun_api_threads_max: 16
zun_api_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, zun_api_threads_max] | min }}"
zun_service_in_ldap: false
zun_scheduler_default_filters: >-
AvailabilityZoneFilter,
CPUFilter,
RamFilter,
ComputeFilter,
DiskFilter
zun_scheduler_available_filters: zun.scheduler.filters.all_filters
zun_scheduler_driver: filter_scheduler
## Service Name-Group Mapping
zun_services:
kuryr-libnetwork:
group: zun_compute
service_name: kuryr-libnetwork
condition: "{{ inventory_hostname in groups['zun_compute'] }}"
init_config_overrides: "{{ zun_kuryr_init_overrides }}"
start_order: 3
execstarts: "{{ zun_bin }}/kuryr-server --config-dir /etc/kuryr"
zun-api:
group: zun_api
service_name: zun-api
init_config_overrides: "{{ zun_api_init_overrides }}"
start_order: 1
execstarts: "{{ zun_bin }}/zun-api --config-dir /etc/zun"
zun-compute:
group: zun_compute
service_name: zun-compute
init_config_overrides: "{{ zun_compute_init_overrides }}"
start_order: 4
execstarts: "{{ zun_bin }}/zun-compute --config-dir /etc/zun"
zun-wsproxy:
group: zun_api
service_name: zun-wsproxy
init_config_overrides: "{{ zun_wsproxy_init_overrides }}"
start_order: 2
execstarts: "{{ zun_bin }}/zun-wsproxy --config-dir /etc/zun"
# Common pip packages
zun_pip_packages:
- kuryr-libnetwork
- oslo_rootwrap
- osprofiler
- python-memcached
- python-zunclient
- pymysql
- zun
## (Qdrouterd) integration
# TODO(ansmith): Change structure when more backends will be supported
zun_oslomsg_amqp1_enabled: "{{ zun_oslomsg_rpc_transport == 'amqp' }}"
zun_optional_oslomsg_amqp1_pip_packages:
- oslo.messaging[amqp1]
## Default service options used within all systemd unit files.
zun_service_defaults: {}
## Tunable overrides for services
zun_zun_conf_overrides: {}
zun_rootwrap_conf_overrides: {}
zun_kuryr_conf_overrides: {}
zun_docker_config_overrides: {}
zun_kuryr_config_overrides: {}
## Tubnable overrides for service unit files.
zun_api_paste_ini_overrides: {}
zun_api_init_overrides: {}
zun_wsproxy_init_overrides: {}
zun_compute_init_overrides: {}
## Default zun+kuryr options used within the system unit file.
# NOTE(cloudnull): These options are used to ensure that kuryr is always
# started after docker and has the proper capabilities.
zun_kuryr_init_overrides:
Unit:
After:
? network-online.target
? docker.service
PartOf: docker.service
Wants: network-online.target
Service:
CapabilityBoundingSet: CAP_NET_ADMIN
Group: "{{ zun_kuryr_system_group_name }}"
User: "{{ zun_kuryr_system_user_name }}"
View Git Blame Copy Permalink