Implement neutron venv support
This commit conditionally allows the os_neutron role to install build and deploy within a venv. This is the new default behavior of the role however the functionality can be disabled. In this PR, like all of the other venv related PRs, the `is_metal` flag was removed from the role however unlike some of the other PRs this removal required moving some of the `is_metal` logic out of the role and into the play. This was done for consistency as well as making the role more standalone. The only thing that the role should care about, in terms of installation, is whether or not to install in a venv. Implements: blueprint enable-venv-support-within-the-roles Change-Id: I85aadc43e1c21f296b2fb5932a17eddce57b9ece Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
611958e01e
commit
313627fbe1
@ -85,6 +85,7 @@
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- neutron-logs
|
||||
|
||||
- name: Create the neutron provider networks facts
|
||||
provider_networks:
|
||||
provider_networks: "{{ provider_networks }}"
|
||||
@ -94,15 +95,37 @@
|
||||
tags:
|
||||
- neutron-provider-networks
|
||||
- neutron-config
|
||||
|
||||
- name: Set provider network fact(s)
|
||||
set_fact:
|
||||
neutron_provider_networks: "{{ pndata }}"
|
||||
neutron_overlay_network: "{{ container_networks.tunnel_address|default({}) }}"
|
||||
_provider_networks: "{{ pndata }}"
|
||||
_overlay_network: "{{ container_networks.tunnel_address|default({}) }}"
|
||||
tags:
|
||||
- neutron-provider-networks
|
||||
- neutron-config
|
||||
|
||||
- name: set local_ip fact (is_metal)
|
||||
set_fact:
|
||||
_local_ip: "{{ hostvars[inventory_hostname]['ansible_' + _overlay_network.bridge|replace('-', '_')]['ipv4']['address'] }}"
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- neutron-config
|
||||
|
||||
- name: set local_ip fact (container)
|
||||
set_fact:
|
||||
_local_ip: "{{ _overlay_network.address|default(ansible_ssh_host) }}"
|
||||
when: not is_metal | bool
|
||||
tags:
|
||||
- neutron-config
|
||||
roles:
|
||||
- { role: "os_neutron", tags: [ "os-neutron" ] }
|
||||
- role: "os_neutron"
|
||||
neutron_venv_tag: "{{ openstack_release }}"
|
||||
neutron_galera_address: "{{ galera_address }}"
|
||||
neutron_local_ip: "{{ _local_ip }}"
|
||||
neutron_overlay_network: "{{ _overlay_network }}"
|
||||
neutron_provider_networks: "{{ _provider_networks }}"
|
||||
tags:
|
||||
- "os-neutron"
|
||||
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
|
||||
- role: "rsyslog_client"
|
||||
rsyslog_client_log_rotate_file: neutron_log_rotate
|
||||
@ -119,7 +142,6 @@
|
||||
- "system-crontab-coordination"
|
||||
vars:
|
||||
galera_address: "{{ internal_lb_vip_address }}"
|
||||
neutron_galera_address: "{{ internal_lb_vip_address }}"
|
||||
ansible_hostname: "{{ container_name }}"
|
||||
is_metal: "{{ properties.is_metal|default(false) }}"
|
||||
bind_prefix: "{{ provider_network_bind_prefix|default('') }}"
|
||||
|
@ -19,6 +19,25 @@ is_metal: true
|
||||
## Verbosity Options
|
||||
debug: False
|
||||
verbose: True
|
||||
|
||||
# Name of the virtual env to deploy into
|
||||
neutron_venv_tag: untagged
|
||||
neutron_venv_bin: "/openstack/venvs/neutron-{{ neutron_venv_tag }}/bin"
|
||||
|
||||
# Set this to enable or disable installing in a venv
|
||||
neutron_venv_enabled: true
|
||||
|
||||
# The bin path defaults to the venv path however if installation in a
|
||||
# venv is disabled the bin path will be dynamically set based on the
|
||||
# system path used when the installing.
|
||||
neutron_bin: "{{ neutron_venv_bin }}"
|
||||
|
||||
# Set the lib dir path to that of the local python path where neutron is installed.
|
||||
# This is used for role access to the db migrations.
|
||||
# Example:
|
||||
# neutron_lib_dir: "/usr/local/lib/python2.7/dist-packages/neutron"
|
||||
neutron_lib_dir: "{{ neutron_bin | dirname }}/lib/python2.7/site-packages/neutron"
|
||||
|
||||
neutron_fatal_deprecations: False
|
||||
|
||||
## neutron User / Group
|
||||
@ -250,6 +269,8 @@ neutron_vxlan_group: ""
|
||||
# network_vlan_ranges: "vlan:1:1,vlan:1024:1025"
|
||||
# network_vxlan_ranges: "1:1000"
|
||||
|
||||
neutron_vxlan_enabled: true
|
||||
|
||||
neutron_dhcp_domain: openstacklocal
|
||||
neutron_dhcp_delete_namespaces: True
|
||||
# Comma-separated list of DNS servers which will be used by dnsmasq as forwarders.
|
||||
@ -273,6 +294,9 @@ neutron_rpc_response_timeout: 60
|
||||
# "create_subnet": "rule:admin_or_network_owner"
|
||||
# "get_subnet": "rule:admin_or_owner or rule:shared"
|
||||
|
||||
# neutron_local_ip is used for the VXLAN local tunnel endpoint
|
||||
neutron_local_ip: 127.0.0.1
|
||||
|
||||
neutron_apt_packages:
|
||||
- conntrack
|
||||
- dnsmasq-base
|
||||
@ -286,6 +310,11 @@ neutron_apt_packages:
|
||||
neutron_apt_remove_packages:
|
||||
- conntrackd
|
||||
|
||||
# neutron packages that must be installed before anything else
|
||||
neutron_requires_pip_packages:
|
||||
- virtualenv
|
||||
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
|
||||
|
||||
neutron_pip_packages:
|
||||
- configobj
|
||||
- cliff
|
||||
|
@ -18,6 +18,7 @@ import re
|
||||
import subprocess
|
||||
from ansible.module_utils.basic import *
|
||||
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: neutron_migrations_facts
|
||||
@ -38,45 +39,89 @@ options:
|
||||
- This is the OpenStack release you're running, used when
|
||||
searching for migration revisions in the neutron code.
|
||||
default: liberty
|
||||
library_path:
|
||||
description:
|
||||
- Local path to the location where the neutron python package
|
||||
is installed.
|
||||
default: /usr/local/lib/python2.7/dist-packages/neutron
|
||||
bin_path:
|
||||
description:
|
||||
- Local path to the where the neutron binaries are.
|
||||
default: /usr/local/bin
|
||||
author: Rcbops
|
||||
"""
|
||||
|
||||
|
||||
EXAMPLES = """
|
||||
- name: Gather neutron migration facts
|
||||
neutron_migrations_facts:
|
||||
release: mitaka
|
||||
"""
|
||||
|
||||
MIGRATIONS = {'expand': {'revision': None, 'head': None},
|
||||
'contract': {'revision': None, 'head': None}}
|
||||
|
||||
MIGRATIONS = {
|
||||
'expand': {
|
||||
'revision': None,
|
||||
'head': None
|
||||
},
|
||||
'contract': {
|
||||
'revision': None,
|
||||
'head': None
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
def get_branch(release, revision):
|
||||
migrations_dir = '/usr/local/lib/python2.7/dist-packages/neutron/db/' \
|
||||
'migration/alembic_migrations/versions/%s/' % release
|
||||
def get_branch(release, revision, library_path):
|
||||
migrations_dir = (
|
||||
'%s/db/migration/alembic_migrations/versions/%s/' % (
|
||||
library_path,
|
||||
release,
|
||||
)
|
||||
)
|
||||
for branch in MIGRATIONS.keys():
|
||||
for file in os.listdir('%s/%s' % (migrations_dir, branch)):
|
||||
migration_dir = os.path.join(get_abs_path(migrations_dir), branch)
|
||||
for file in os.listdir(migration_dir):
|
||||
if file.endswith('.py') and file.split('_')[0] == revision:
|
||||
return branch
|
||||
|
||||
|
||||
def get_abs_path(path):
|
||||
return os.path.abspath(
|
||||
os.path.expanduser(
|
||||
path
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
release=dict(
|
||||
type='str',
|
||||
default='liberty'
|
||||
),
|
||||
library_path=dict(
|
||||
type='str',
|
||||
default='/usr/local/lib/python2.7/dist-packages/neutron'
|
||||
),
|
||||
bin_path=dict(
|
||||
type='str',
|
||||
default='/usr/local/bin'
|
||||
)
|
||||
),
|
||||
supports_check_mode=False
|
||||
)
|
||||
state_change = False
|
||||
|
||||
command = [
|
||||
'%s/neutron-db-manage' % get_abs_path(module.params['bin_path']),
|
||||
'current'
|
||||
]
|
||||
|
||||
try:
|
||||
current = subprocess.check_output(['neutron-db-manage', 'current'])
|
||||
current = subprocess.check_output(command)
|
||||
except subprocess.CalledProcessError as e:
|
||||
message = 'neutron fact collection failed: "%s".' % e
|
||||
module.fail_json(msg=message)
|
||||
module.fail_json(msg='neutron fact collection failed: "%s".' % e)
|
||||
|
||||
for line in current.splitlines():
|
||||
head = False
|
||||
@ -85,17 +130,25 @@ def main():
|
||||
revision = match.group(1)
|
||||
if match.group(2):
|
||||
head = True
|
||||
branch = get_branch(module.params['release'], revision)
|
||||
|
||||
branch = get_branch(
|
||||
release=module.params['release'],
|
||||
revision=revision,
|
||||
library_path=get_abs_path(module.params['library_path'])
|
||||
)
|
||||
if branch is None:
|
||||
message = 'neutron fact collection failed: unable to find ' \
|
||||
'migration with revision %s' % revision
|
||||
module.fail_json(msg=message)
|
||||
module.fail_json(
|
||||
msg='neutron fact collection failed: unable to find'
|
||||
' migration with revision %s' % revision
|
||||
)
|
||||
|
||||
MIGRATIONS[branch]['revision'] = revision
|
||||
MIGRATIONS[branch]['head'] = head
|
||||
|
||||
module.exit_json(changed=state_change,
|
||||
ansible_facts={'neutron_migrations': MIGRATIONS})
|
||||
module.exit_json(
|
||||
changed=state_change,
|
||||
ansible_facts={'neutron_migrations': MIGRATIONS}
|
||||
)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
@ -42,6 +42,8 @@
|
||||
- name: Get neutron migrations facts
|
||||
neutron_migrations_facts:
|
||||
release: liberty
|
||||
library_path: "{{ neutron_lib_dir }}"
|
||||
bin_path: "{{ neutron_bin }}"
|
||||
tags:
|
||||
- neutron-db-setup
|
||||
- neutron-upgrade
|
||||
@ -54,7 +56,8 @@
|
||||
|
||||
- name: Perform a Neutron DB online upgrade (expand)
|
||||
command: |
|
||||
neutron-db-manage --config-file {{ neutron_db_config }}
|
||||
{{ neutron_bin }}/neutron-db-manage
|
||||
--config-file {{ neutron_db_config }}
|
||||
--config-file {{ neutron_db_plugin }}
|
||||
upgrade --expand
|
||||
sudo: yes
|
||||
@ -78,7 +81,8 @@
|
||||
|
||||
- name: Perform a Neutron DB offline upgrade (contract)
|
||||
command: |
|
||||
neutron-db-manage --config-file {{ neutron_db_config }}
|
||||
{{ neutron_bin }}/neutron-db-manage
|
||||
--config-file {{ neutron_db_config }}
|
||||
--config-file {{ neutron_db_plugin }}
|
||||
upgrade --contract
|
||||
sudo: yes
|
||||
|
@ -34,6 +34,7 @@
|
||||
delay: 2
|
||||
with_items: neutron_apt_packages
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-apt-packages
|
||||
|
||||
- name: remove specific apt packages
|
||||
@ -46,9 +47,43 @@
|
||||
delay: 2
|
||||
with_items: neutron_apt_remove_packages
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-apt-packages
|
||||
|
||||
- name: Install pip packages
|
||||
- name: Install requires pip packages
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
extra_args: "{{ pip_install_options|default('') }}"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items:
|
||||
- "{{ neutron_requires_pip_packages }}"
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-pip-packages
|
||||
|
||||
- name: Install pip packages (venv)
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
virtualenv: "{{ neutron_venv_bin | dirname }}"
|
||||
virtualenv_site_packages: "no"
|
||||
extra_args: "{{ pip_install_options|default('') }}"
|
||||
register: install_packages
|
||||
until: install_packages|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items:
|
||||
- "{{ neutron_pip_packages }}"
|
||||
when: neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-pip-packages
|
||||
|
||||
- name: Install pip packages (no venv)
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
@ -59,5 +94,7 @@
|
||||
delay: 2
|
||||
with_items:
|
||||
- "{{ neutron_pip_packages }}"
|
||||
when: not neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-pip-packages
|
||||
- neutron-install
|
||||
- neutron-pip-packages
|
@ -17,8 +17,8 @@
|
||||
# kilo_revision: true
|
||||
|
||||
- name: "Drop AT&T neutron ha tool"
|
||||
copy:
|
||||
src: "neutron-ha-tool.py"
|
||||
template:
|
||||
src: "neutron-ha-tool.py.j2"
|
||||
dest: "/opt/neutron-ha-tool.py"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
|
@ -13,19 +13,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Ensure service tenant
|
||||
shell: |
|
||||
. {{ ansible_env.HOME }}/openrc && keystone tenant-list | awk '/service/ {print $2}'
|
||||
register: service_id
|
||||
tags:
|
||||
- neutron-config
|
||||
|
||||
- name: Set service tenant id
|
||||
set_fact:
|
||||
nova_admin_tenant_id: "{{ service_id.stdout }}"
|
||||
tags:
|
||||
- neutron-config
|
||||
|
||||
- name: Copy neutron config
|
||||
config_template:
|
||||
src: "{{ item.src }}"
|
||||
@ -97,29 +84,29 @@
|
||||
- neutron-config
|
||||
|
||||
- name: Drop neutron Configs
|
||||
copy:
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ neutron_system_user_name }}"
|
||||
group: "{{ neutron_system_group_name }}"
|
||||
with_items:
|
||||
- { src: "rootwrap.d/debug.filters", dest: "/etc/neutron/rootwrap.d/debug.filters" }
|
||||
- { src: "rootwrap.d/ipset-firewall.filters", dest: "/etc/neutron/rootwrap.d/ipset-firewall.filters" }
|
||||
- { src: "rootwrap.d/iptables-firewall.filters", dest: "/etc/neutron/rootwrap.d/iptables-firewall.filters" }
|
||||
- { src: "rootwrap.d/nec-plugin.filters", dest: "/etc/neutron/rootwrap.d/nec-plugin.filters" }
|
||||
- { src: "rootwrap.d/openvswitch-plugin.filters", dest: "/etc/neutron/rootwrap.d/openvswitch-plugin.filters" }
|
||||
- { src: "rootwrap.d/ryu-plugin.filters", dest: "/etc/neutron/rootwrap.d/ryu-plugin.filters" }
|
||||
- { src: "rootwrap.d/lbaas-haproxy.filters", dest: "/etc/neutron/rootwrap.d/lbaas-haproxy.filters" }
|
||||
- { src: "rootwrap.d/vpnaas.filters", dest: "/etc/neutron/rootwrap.d/vpnaas.filters" }
|
||||
- { src: "rootwrap.d/ebtables.filters", dest: "/etc/neutron/rootwrap.d/ebtables.filters" }
|
||||
- { src: "rootwrap.d/debug.filters.j2", dest: "/etc/neutron/rootwrap.d/debug.filters" }
|
||||
- { src: "rootwrap.d/ipset-firewall.filters.j2", dest: "/etc/neutron/rootwrap.d/ipset-firewall.filters" }
|
||||
- { src: "rootwrap.d/iptables-firewall.filters.j2", dest: "/etc/neutron/rootwrap.d/iptables-firewall.filters" }
|
||||
- { src: "rootwrap.d/nec-plugin.filters.j2", dest: "/etc/neutron/rootwrap.d/nec-plugin.filters" }
|
||||
- { src: "rootwrap.d/openvswitch-plugin.filters.j2", dest: "/etc/neutron/rootwrap.d/openvswitch-plugin.filters" }
|
||||
- { src: "rootwrap.d/ryu-plugin.filters.j2", dest: "/etc/neutron/rootwrap.d/ryu-plugin.filters" }
|
||||
- { src: "rootwrap.d/lbaas-haproxy.filters.j2", dest: "/etc/neutron/rootwrap.d/lbaas-haproxy.filters" }
|
||||
- { src: "rootwrap.d/vpnaas.filters.j2", dest: "/etc/neutron/rootwrap.d/vpnaas.filters" }
|
||||
- { src: "rootwrap.d/ebtables.filters.j2", dest: "/etc/neutron/rootwrap.d/ebtables.filters" }
|
||||
notify:
|
||||
- Restart neutron services
|
||||
tags:
|
||||
- neutron-config
|
||||
|
||||
- name: Drop neutron agent filters
|
||||
copy:
|
||||
src: "{{ item.value.service_rootwrap }}"
|
||||
template:
|
||||
src: "{{ item.value.service_rootwrap }}.j2"
|
||||
dest: "/etc/neutron/{{ item.value.service_rootwrap }}"
|
||||
owner: "{{ neutron_system_user_name }}"
|
||||
group: "{{ neutron_system_group_name }}"
|
||||
@ -156,3 +143,19 @@
|
||||
- name: Setup PLUMgrid config
|
||||
include: plumgrid_config.yml
|
||||
when: neutron_plugin_type == 'plumgrid'
|
||||
|
||||
- name: Get neutron command path
|
||||
command: which neutron
|
||||
register: neutron_command_path
|
||||
when:
|
||||
- not neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-command-bin
|
||||
|
||||
- name: Set neutron command path
|
||||
set_fact:
|
||||
neutron_bin: "{{ neutron_command_path.stdout | dirname }}"
|
||||
when:
|
||||
- not neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-command-bin
|
||||
|
@ -40,6 +40,7 @@
|
||||
owner: "{{ item.owner|default(neutron_system_user_name) }}"
|
||||
group: "{{ item.group|default(neutron_system_group_name) }}"
|
||||
with_items:
|
||||
- { path: "/openstack", owner: "root", group: "root" }
|
||||
- { path: "/etc/neutron" }
|
||||
- { path: "/etc/neutron/plugins" }
|
||||
- { path: "/etc/neutron/plugins/{{ neutron_plugin_type }}" }
|
||||
@ -53,6 +54,19 @@
|
||||
tags:
|
||||
- neutron-dirs
|
||||
|
||||
- name: Create neutron venv dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
owner: "{{ item.owner|default(neutron_system_user_name) }}"
|
||||
group: "{{ item.group|default(neutron_system_group_name) }}"
|
||||
with_items:
|
||||
- { path: "/openstack/venvs", mode: "0755", owner: "root", group: "root" }
|
||||
- { path: "{{ neutron_venv_bin }}" }
|
||||
when: neutron_venv_enabled | bool
|
||||
tags:
|
||||
- neutron-dirs
|
||||
|
||||
- name: Test for log directory or link
|
||||
shell: |
|
||||
if [ -h "/var/log/neutron" ]; then
|
||||
|
@ -33,4 +33,7 @@
|
||||
retries: 5
|
||||
delay: 2
|
||||
when:
|
||||
inventory_hostname in groups['neutron_server']
|
||||
- inventory_hostname in groups['neutron_server']
|
||||
tags:
|
||||
- neutron-install
|
||||
- neutron-pip-packages
|
||||
|
@ -21,6 +21,14 @@ from collections import OrderedDict
|
||||
import logging
|
||||
from logging.handlers import SysLogHandler
|
||||
import os
|
||||
|
||||
{% if neutron_venv_enabled | bool %}
|
||||
|
||||
activate_this = os.path.expanduser("{{ neutron_venv_bin }}/activate_this.py")
|
||||
execfile(activate_this, dict(__file__=activate_this))
|
||||
|
||||
{% endif %}
|
||||
|
||||
import random
|
||||
import sys
|
||||
import time
|
@ -12,7 +12,7 @@ respawn
|
||||
respawn limit 10 5
|
||||
|
||||
# Set the RUNBIN environment variable
|
||||
env RUNBIN="/usr/local/bin/{{ program_name }}"
|
||||
env RUNBIN="{{ neutron_bin }}/{{ program_name }}"
|
||||
|
||||
# Change directory to service users home
|
||||
chdir "{{ service_home }}"
|
||||
@ -24,6 +24,11 @@ pre-start script
|
||||
|
||||
mkdir -p "/var/lock/{{ program_name }}"
|
||||
chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}"
|
||||
|
||||
{% if neutron_venv_enabled | bool -%}
|
||||
. {{ neutron_venv_bin }}/activate
|
||||
{%- endif %}
|
||||
|
||||
end script
|
||||
|
||||
# Post stop actions
|
||||
|
@ -146,7 +146,7 @@ service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsec
|
||||
[agent]
|
||||
polling_interval = {{ neutron_agent_polling_interval|default(5) }}
|
||||
report_interval = {{ neutron_report_interval|int }}
|
||||
root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
|
||||
root_helper = sudo {{ neutron_bin }}/neutron-rootwrap /etc/neutron/rootwrap.conf
|
||||
|
||||
# Messaging service
|
||||
[oslo_messaging_rabbit]
|
||||
|
@ -30,7 +30,7 @@ network_vlan_ranges = {{ neutron_provider_networks.network_vlan_ranges }}
|
||||
|
||||
# ML2 VXLAN networks
|
||||
[ml2_type_vxlan]
|
||||
vxlan_group = {{ neutron_vxlan_group|default('') }}
|
||||
vxlan_group = {{ neutron_vxlan_group }}
|
||||
vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}
|
||||
|
||||
{% endif %}
|
||||
@ -41,23 +41,13 @@ vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}
|
||||
# Linux bridge agent VXLAN networks
|
||||
[vxlan]
|
||||
|
||||
{% if neutron_overlay_network %}
|
||||
{% if neutron_vxlan_enabled | bool %}
|
||||
|
||||
enable_vxlan = True
|
||||
vxlan_group = {{ neutron_vxlan_group|default('') }}
|
||||
vxlan_group = {{ neutron_vxlan_group }}
|
||||
|
||||
{% if (is_metal == true or is_metal == "True") and neutron_overlay_network.bridge is defined %}
|
||||
{% set on_metal_tunnel_bridge = 'ansible_' + neutron_overlay_network.bridge|replace('-', '_') %}
|
||||
|
||||
# VXLAN local tunnel endpoint (bare metal)
|
||||
local_ip = {{ hostvars[inventory_hostname][on_metal_tunnel_bridge]['ipv4']['address'] }}
|
||||
|
||||
{% else %}
|
||||
|
||||
# VXLAN local tunnel endpoint (container)
|
||||
local_ip = {{ neutron_overlay_network.address }}
|
||||
|
||||
{% endif %}
|
||||
# VXLAN local tunnel endpoint
|
||||
local_ip = {{ neutron_local_ip }}
|
||||
|
||||
l2_population = {{ neutron_l2_population }}
|
||||
|
||||
|
@ -40,7 +40,7 @@ metadata_mode = local
|
||||
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
|
||||
# root filter facility.
|
||||
# Change to "sudo" to skip the filtering and just run the comand directly
|
||||
root_helper_name = /usr/bin/neutron-rootwrap
|
||||
root_helper_name = {{ neutron_bin }}/neutron-rootwrap
|
||||
|
||||
[keystone_authtoken]
|
||||
admin_user = {{ neutron_service_user_name }}
|
||||
|
@ -10,7 +10,7 @@ filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap
|
||||
# explicitely specify a full path (separated by ',')
|
||||
# If not specified, defaults to system PATH environment variable.
|
||||
# These directories MUST all be only writeable by root !
|
||||
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
|
||||
exec_dirs={{ neutron_bin }},/sbin,/usr/sbin,/bin,/usr/bin
|
||||
|
||||
# Enable logging to syslog
|
||||
# Default value is False
|
||||
|
@ -25,7 +25,8 @@ dhcp_release: CommandFilter, dhcp_release, root
|
||||
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
|
||||
# If installed from source (say, by devstack), the prefix will be
|
||||
# /usr/local instead of /usr/bin.
|
||||
metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root
|
||||
|
||||
metadata_proxy_local: CommandFilter, {{ neutron_bin }}/neutron-ns-metadata-proxy, root
|
||||
# RHEL invocation of the metadata proxy will report /usr/bin/python
|
||||
kill_metadata: KillFilter, root, python, -9
|
||||
kill_metadata7: KillFilter, root, python2.7, -9
|
@ -20,7 +20,8 @@ radvd: CommandFilter, radvd, root
|
||||
metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
|
||||
# If installed from source (say, by devstack), the prefix will be
|
||||
# /usr/local instead of /usr/bin.
|
||||
metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root
|
||||
|
||||
metadata_proxy_local: CommandFilter, {{ neutron_bin }}/neutron-ns-metadata-proxy, root
|
||||
# RHEL invocation of the metadata proxy will report /usr/bin/python
|
||||
kill_metadata: KillFilter, root, python, -9
|
||||
kill_metadata7: KillFilter, root, python2.7, -9
|
@ -1,4 +1,6 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
# Defaults:{{ neutron_system_user_name }}!requiretty
|
||||
{{ neutron_system_user_name }} ALL = (root) NOPASSWD: /usr/local/bin/{{ neutron_service_name }}-rootwrap
|
||||
Defaults:{{ neutron_system_user_name }} !requiretty
|
||||
Defaults:{{ neutron_system_user_name }} secure_path="{{ neutron_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
|
||||
{{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap
|
||||
|
Loading…
x
Reference in New Issue
Block a user