openstack/openstack-ansible
Code Issues Proposed changes

IRR - Implemented for setup-infrastructure

Browse Source 
The change removes and points our role requirements to use
the independent repos that are now online.

Change-Id: I16f327bcdf35d5386396f9147257b5c8aca0603f
Implements: blueprint independent-role-repositories
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2015-12-07 13:15:41 -06:00
parent 29c9c2c898
commit 6f443d6971
119 changed files with 61 additions and 6537 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
ansible-role-requirements.yml
View File

@ -1,26 +1,68 @@
# Potential method for globally resolving plugins and libs
# - name: plugins
# src: https://github.com/os-cloud/openstack-ansible-plugins
# scm: git
# path: /etc/ansible
# version: master
- src: evrardjp.keepalived
name: keepalived
version: '1.3'
- src: mattwillsher.sshd
name: sshd
- name: apt_package_pinning
src: https://github.com/openstack/openstack-ansible-apt_package_pinning
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
scm: git
version: master
- name: lxc_container_create
src: https://github.com/openstack/openstack-ansible-lxc_container_create
src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
scm: git
version: master
- name: lxc_hosts
src: https://github.com/openstack/openstack-ansible-lxc_hosts
src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
scm: git
version: master
- name: openstack_hosts
src: https://github.com/openstack/openstack-ansible-openstack_hosts
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
scm: git
version: master
- name: pip_install
src: https://github.com/openstack/openstack-ansible-pip_install
src: https://git.openstack.org/openstack/openstack-ansible-pip_install
scm: git
version: master
- name: pip_lock_down
src: https://git.openstack.org/openstack/openstack-ansible-pip_lock_down
scm: git
version: master
- name: py_from_git
src: https://github.com/openstack/openstack-ansible-py_from_git
src: https://git.openstack.org/openstack/openstack-ansible-py_from_git
scm: git
version: master
- name: rsyslog_client
src: https://github.com/openstack/openstack-ansible-rsyslog_client
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client
scm: git
version: master
- name: memcached_server
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
scm: git
version: master
- name: repo_server
src: https://git.openstack.org/openstack/openstack-ansible-repo_server
scm: git
version: master
- name: rabbitmq_server
src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
scm: git
version: master
- name: galera_client
src: https://git.openstack.org/openstack/openstack-ansible-galera_client
scm: git
version: master
- name: galera_server
src: https://git.openstack.org/openstack/openstack-ansible-galera_server
scm: git
version: master
- name: rsyslog_server
src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server
scm: git
version: master

6
playbooks/ansible.cfg
View File

@ -3,7 +3,11 @@
lookup_plugins = plugins/lookups
filter_plugins = plugins/filters
action_plugins = plugins/actions
# Potential method for globally resolving plugins and libs
# lookup_plugins = /etc/ansible/plugins/lookups
# filter_plugins = /etc/ansible/plugins/filters
# action_plugins = /etc/ansible/plugins/actions
# library = /etc/ansible/plugins/library
gathering = smart
# Fact caching

2
playbooks/galera-install.yml
View File

@ -62,6 +62,8 @@
max_fail_percentage: 20
user: root
roles:
- role: "pip_lock_down"
when: "(groups['repo_all'] | length) >= 1"
- { role: "galera_server", tags: [ "galera-server" ] }
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: galera_log_rotate

3
playbooks/inventory/group_vars/hosts.yml
View File

@ -65,6 +65,9 @@ pip_get_pip_options: >
--find-links="{{ openstack_repo_url }}/os-releases/{{ openstack_release }}"
--trusted-host {{ openstack_repo_url | netloc_no_port }}
pip_links:
- { name: "openstack_release", link: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/" }
## Memcached options
memcached_listen: "{{ ansible_ssh_host }}"

2
playbooks/rabbitmq-install.yml
View File

@ -42,6 +42,8 @@
tags:
- ssh-wait
roles:
- role: "pip_lock_down"
when: "(groups['repo_all'] | length) >= 1"
- role: "rabbitmq_server"
tags:
- "rabbitmq-server"

85
playbooks/roles/galera_client/CONTRIBUTING.rst
View File

@ -1,85 +0,0 @@
OpenStack Galera Client
#######################
:tags: openstack, galera, client, cloud, ansible
:category: \*nix
contributor guidelines
^^^^^^^^^^^^^^^^^^^^^^
Filing Bugs
-----------
Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible"
When submitting a bug, or working on a bug, please ensure the following criteria are met:
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* Steps to reproduce the problem if possible.
Submitting Code
---------------
Changes to the project should be submitted for review via the Gerrit tool, following
the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow"
Pull requests submitted through GitHub will be ignored and closed without regard.
Extra
-----
Tags:
If it's a bug that needs fixing in a branch in addition to Master, add a '\<release\>-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete.
Status:
Please leave this alone, it should be New till someone triages the issue.
Importance:
Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures.
Style guide
-----------
When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format.
Example YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name:
thing1: "some-stuff"
thing2: "some-other-stuff"
tags:
- some-tag
- some-other-tag
Example **NOT** in YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name: thing1="some-stuff" thing2="some-other-stuff"
tags:
- some-tag
- some-other-tag
Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module.
Issues
------
When submitting an issue, or working on an issue please ensure the following criteria are met:
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* If the issue is a bug that needs fixing in a branch other than Master, add the backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* If the issue is needed for a hotfix release, add the 'expedite' label.
* Steps to reproduce the problem if possible.

202
playbooks/roles/galera_client/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

20
playbooks/roles/galera_client/README.rst
View File

@ -1,20 +0,0 @@
OpenStack Galera Client
#######################
:tags: openstack, galera, client, cloud, ansible
:category: \*nix
Role for the installation of the mariadb and xtrabackup clients used to interact with and manage a galera cluster.
Example Ansible play
.. code-block:: yaml
- name: Install galera server
hosts: galera_all
user: root
roles:
- { role: "galera_server", tags: [ "galera-server" ] }
vars:
galera_address: "10.0.0.1"
galera_root_password: secrete
galera_root_user: root

62
playbooks/roles/galera_client/defaults/main.yml
View File

@ -1,62 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default galera connection address
galera_address: 127.0.0.1
galera_root_user: root
# Galera GPG Keys
galera_client_gpg_keys:
- key_name: 'mariadb'
keyserver: 'hkp://keyserver.ubuntu.com:80'
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
hash_id: '0xcbcb082a1bb943db'
- key_name: 'percona-xtrabackup'
keyserver: 'hkp://keyserver.ubuntu.com:80'
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
hash_id: '0x1c4cbdcdcd2efd2a'
# Repositories
galera_client_apt_repo_url: "https://mirror.rackspace.com/mariadb/repo/10.0/ubuntu"
galera_client_apt_repo:
repo: "deb {{ galera_client_apt_repo_url }} {{ ansible_distribution_release }} main"
state: "present"
galera_client_apt_percona_xtrabackup_url: "https://repo.percona.com/apt"
galera_client_apt_percona_xtrabackup_repo:
repo: "deb {{ galera_client_apt_percona_xtrabackup_url }} {{ ansible_distribution_release }} main"
state: "present"
galera_client_package_url: "https://www.percona.com/downloads/XtraBackup/Percona-XtraBackup-2.2.13/binary/debian/trusty/x86_64/percona-xtrabackup-22_2.2.13-1.trusty_amd64.deb"
galera_client_package_sha256: "2f58eedefa905583f0650f77bb2b149139c4066c7fb690202124fe5c7ac83e9e"
galera_client_package_path: "/opt/{{ galera_client_package_url | basename }}"
galera_client_apt_packages:
- libaio1
- libc6
- libdbd-mysql-perl
- libgcc1
- libgcrypt11
- libmariadbclient-dev
- libstdc++6
- mariadb-client
galera_client_pip_packages:
- MySQL-python
- python-memcached
- pycrypto
## Tunable overrides
galera_client_my_cnf_overrides: {}

33
playbooks/roles/galera_client/meta/main.yml
View File

@ -1,33 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Installation galera client
company: Rackspace
license: Apache2
min_ansible_version: 1.6.6
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- galera
- mariadb
- development
- openstack
dependencies:
- pip_lock_down

74
playbooks/roles/galera_client/tasks/galera_client_install.yml
View File

@ -1,74 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Update apt sources
apt:
update_cache: yes
cache_valid_time: 600
register: apt_update
until: apt_update|success
retries: 5
delay: 2
tags:
- galera-client-apt-packages
- name: Install galera packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: galera_client_apt_packages
tags:
- galera-client-apt-packages
# TODO(cloudnull) -- Remove this after the Mitaka release
# This task simply removes the system version of
# percona-xtrabackup and xtrabackup if found the
# purpose is to ensure that "if" the system version
# of the binary is installed its first removed in
# favor of the actual upstream package being used in
# the next task.
- name: UnInstall system xtrabackup packages
apt:
pkg: "{{ item }}"
state: absent
with_items:
- percona-xtrabackup
- xtrabackup
tags:
- galera-client-apt-packages
- name: Install galera package
apt:
deb: "{{ galera_client_package_path }}"
force: yes
tags:
- galera-client-apt-packages
- name: Install pip packages
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: galera_client_pip_packages
tags:
- galera-client-pip-packages

32
playbooks/roles/galera_client/tasks/galera_client_post_install.yml
View File

@ -1,32 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Drop local .my.cnf file
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
mode: "0600"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "client.my.cnf.j2"
dest: "/root/.my.cnf"
config_overrides: "{{ galera_client_my_cnf_overrides }}"
config_type: "ini"
when: inventory_hostname in groups['galera_all'] or inventory_hostname in groups['utility_all']
tags:
- galera-client-user-config

78
playbooks/roles/galera_client/tasks/galera_client_pre_install.yml
View File

@ -1,78 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Add galera apt-keys
apt_key:
id: "{{ item.hash_id }}"
keyserver: "{{ item.keyserver }}"
state: "present"
with_items: galera_client_gpg_keys
register: add_keys
until: add_keys|success
retries: 5
delay: 2
tags:
- galera-client-apt-keys
- name: Add galera apt-keys using fallback keyserver
apt_key:
id: "{{ item.hash_id }}"
keyserver: "{{ item.fallback_keyserver }}"
state: "present"
register: add_keys_fallback
until: add_keys_fallback|success
retries: 5
delay: 2
with_items: galera_client_gpg_keys
when: add_keys|failed and item.fallback_keyserver is defined
tags:
- galera-client-apt-keys
- name: Drop galera repo pin
template:
src: "galera_client_pin.pref.j2"
dest: "/etc/apt/preferences.d/galera_client_pin.pref"
owner: "root"
group: "root"
mode: "0644"
tags:
- galera-client-repo-pin
- name: Add galera repo(s)
apt_repository:
repo: "{{ item.repo }}"
state: "{{ item.state }}"
register: add_repos
until: add_repos|success
retries: 5
delay: 2
with_items:
- "{{ galera_client_apt_repo }}"
- "{{ galera_client_apt_percona_xtrabackup_repo }}"
tags:
- galera-client-repos
- name: Download the galera package
get_url:
url: "{{ galera_client_package_url }}"
dest: "{{ galera_client_package_path }}"
mode: "0644"
sha256sum: "{{ galera_client_package_sha256 }}"
register: package_download
retries: 3
delay: 10
until: package_download|success
tags:
- galera-client-apt-packages

18
playbooks/roles/galera_client/tasks/main.yml
View File

@ -1,18 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: galera_client_pre_install.yml
- include: galera_client_install.yml
- include: galera_client_post_install.yml

6
playbooks/roles/galera_client/templates/client.my.cnf.j2
View File

@ -1,6 +0,0 @@
# {{ ansible_managed }}
[client]
host={{ galera_address }}
user={{ galera_root_user }}
password={{ galera_root_password }}

5
playbooks/roles/galera_client/templates/galera_client_pin.pref.j2
View File

@ -1,5 +0,0 @@
# {{ ansible_managed }}
Package: *
Pin: release o=MariaDB
Pin-Priority: 1001

85
playbooks/roles/galera_server/CONTRIBUTING.rst
View File

@ -1,85 +0,0 @@
OpenStack Galera Server
#######################
:tags: openstack, galera, server, cloud, ansible
:category: \*nix
contributor guidelines
^^^^^^^^^^^^^^^^^^^^^^
Filing Bugs
-----------
Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible"
When submitting a bug, or working on a bug, please ensure the following criteria are met:
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* Steps to reproduce the problem if possible.
Submitting Code
---------------
Changes to the project should be submitted for review via the Gerrit tool, following
the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow"
Pull requests submitted through GitHub will be ignored and closed without regard.
Extra
-----
Tags:
If it's a bug that needs fixing in a branch in addition to Master, add a '\<release\>-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete.
Status:
Please leave this alone, it should be New till someone triages the issue.
Importance:
Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures.
Style guide
-----------
When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format.
Example YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name:
thing1: "some-stuff"
thing2: "some-other-stuff"
tags:
- some-tag
- some-other-tag
Example **NOT** in YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name: thing1="some-stuff" thing2="some-other-stuff"
tags:
- some-tag
- some-other-tag
Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module.
Issues
------
When submitting an issue, or working on an issue please ensure the following criteria are met:
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* If the issue is a bug that needs fixing in a branch other than Master, add the backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* If the issue is needed for a hotfix release, add the 'expedite' label.
* Steps to reproduce the problem if possible.

202
playbooks/roles/galera_server/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

22
playbooks/roles/galera_server/README.rst
View File

@ -1,22 +0,0 @@
OpenStack Galera Server
#######################
:tags: openstack, galera, server, cloud, ansible
:category: \*nix
Role for the installation and installation of a Galera Cluster powered by MariaDB
.. code-block:: yaml
- name: Install galera server
hosts: galera_all
user: root
roles:
- { role: "galera_server", tags: [ "galera-server" ] }
vars:
container_address: "{{ ansible_ssh_host }}"
galera_wsrep_address: "10.0.0.1,10.0.0.2,10.0.0.3"
galera_wsrep_node_name: "{{ ansible_hostname }}"
galera_wsrep_cluster_address: "{{ container_address }}"
galera_address: "{{ container_address }}"
galera_root_password: secrete
galera_root_user: root

149
playbooks/roles/galera_server/defaults/main.yml
View File

@ -1,149 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galera_server_bootstrap_node: "{{ groups['galera_all'][0] }}"
galera_ignore_cluster_state: false
galera_lb_address: 127.0.0.1
galera_cluster_name: openstack_galera_cluster
# The galera server-id should be set on all cluster nodes to ensure
# that replication is handled correctly and the error
# "Warning: You should set server-id to a non-0 value if master_host is
# set; we will force server id to 2, but this MySQL server will not act
# as a slave." is no longer present.
# galera_server_id: 0
galera_existing_cluster: true
galera_running_and_bootstrapped: false
galera_monitoring_user: monitoring
galera_monitoring_user_password: ""
galera_root_user: root
# WARNING: This option is deprecated and will be removed in v12.0
galera_gcache_size: 1024M
galera_max_heap_table_size: 32M
galera_tmp_table_size: 32M
galera_file_limits: 65535
galera_wait_timeout: 28800
## innodb options
galera_innodb_buffer_pool_size: 4096M
galera_innodb_additional_mem_pool_size: 24M
galera_innodb_log_file_size: 1024M
galera_innodb_log_buffer_size: 128M
## wsrep configuration
galera_wsrep_address: "127.0.0.1"
galera_wsrep_cluster_address: "{{ galera_wsrep_address }}"
galera_wsrep_node_incoming_address: "{{ galera_wsrep_address }}"
galera_wsrep_slave_threads: "{{ ansible_processor_vcpus }}"
galera_wsrep_retry_autocommit: 3
galera_wsrep_debug: 0
galera_wsrep_sst_method: xtrabackup-v2
galera_wsrep_provider_options:
- { option: "gcache.size", value: "{{ galera_gcache_size }}" }
galera_wsrep_sst_auth_user: "root"
galera_wsrep_sst_auth_password: "{{ galera_root_password }}"
# xtrabackup parallel/compression/sync threads
galera_xtrabackup_threads: 4
# Galera GPG Keys
galera_gpg_keys:
- key_name: 'mariadb'
keyserver: 'hkp://keyserver.ubuntu.com:80'
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
hash_id: '0xcbcb082a1bb943db'
- key_name: 'percona-xtrabackup'
keyserver: 'hkp://keyserver.ubuntu.com:80'
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
hash_id: '0x1c4cbdcdcd2efd2a'
# Repositories
galera_apt_repo_url: "https://mirror.rackspace.com/mariadb/repo/10.0/ubuntu"
galera_apt_repo:
repo: "deb {{ galera_apt_repo_url }} {{ ansible_distribution_release }} main"
state: "present"
galera_apt_percona_xtrabackup_url: "https://repo.percona.com/apt"
galera_apt_percona_xtrabackup_repo:
repo: "deb {{ galera_apt_percona_xtrabackup_url }} {{ ansible_distribution_release }} main"
state: "present"
galera_package_url: "https://www.percona.com/downloads/XtraBackup/Percona-XtraBackup-2.2.13/binary/debian/trusty/x86_64/percona-xtrabackup-22_2.2.13-1.trusty_amd64.deb"
galera_package_sha256: "2f58eedefa905583f0650f77bb2b149139c4066c7fb690202124fe5c7ac83e9e"
galera_package_path: "/opt/{{ galera_package_url | basename }}"
galera_pip_packages:
- MySQL-python
- python-memcached
- pycrypto
galera_pre_apt_packages:
- debconf-utils
- libaio1
- libc6
- libdbd-mysql-perl
- libgcc1
- libgcrypt11
- libstdc++6
- python-software-properties
- software-properties-common
# The package name for mariaDB is set as a variable
# so that it can be used in debconf later in the
# "galera_common" role.
galera_mariadb_server_package: "mariadb-galera-server-10.0"
# NB This is specifically galera_packages as these packages only get installed
# during the galera play - this is because of the preseed task and the service
# startup control used when installing mariadb-galera-server and galera.
galera_apt_packages:
- mariadb-client
- "{{ galera_mariadb_server_package }}"
- galera-3
- qpress
- rsync
- socat
galera_debconf_items:
- question: "mysql-server/root_password"
name: "{{ galera_mariadb_server_package }}"
value: "{{ galera_root_password }}"
vtype: "string"
- question: "mysql-server/root_password_again"
name: "{{ galera_mariadb_server_package }}"
value: "{{ galera_root_password }}"
vtype: "string"
# Galera slow/unindexed query logging
galera_slow_query_logging: 0
galera_unindexed_query_logging: 0
## Tunable overrides
galera_my_cnf_overrides: {}
galera_cluster_cnf_overrides: {}
galera_debian_cnf_overrides: {}
# Set the max connections value for galera. Set this value to override the
# computed value which is (100 x vCPUs). If computed, the lowest value throughout
# the cluster will be used which is something to note if deploying galera on different
# hardware.
# galera_max_connections: 500

3
playbooks/roles/galera_server/files/policy-rc.d
View File

@ -1,3 +0,0 @@
#!/bin/sh
echo "All runlevel operations denied by policy" >&2
exit 101

25
playbooks/roles/galera_server/handlers/main.yml
View File

@ -1,25 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Restart mysql
service:
name: mysql
state: restarted
args: "{{ (not galera_existing_cluster | bool and inventory_hostname == galera_server_bootstrap_node) | ternary('--wsrep-new-cluster', '') }}"
when: not galera_running_and_bootstrapped | bool
register: galera_restart
until: galera_restart|success
retries: 3
delay: 2

66
playbooks/roles/galera_server/library/mysql_status_facts
View File

@ -1,66 +0,0 @@
#!/usr/bin/env python
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
DOCUMENTATION = """
---
module: mysql_status_facts
short_description:
- A module for gathering mysql status facts.
description:
- A module for gathering mysql status facts.
author: Rcbops
"""
EXAMPLES = """
- name: Gather mysql status facts
mysql_status_facts:
"""
import subprocess
class MysqlStatusFacts(object):
def __init__(self, module):
self.state_change = False
self.module = module
def gather_facts(self):
"""Get information about mysql status."""
try:
output = subprocess.check_output(["mysql", "-e", "show status"],
stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
message = 'Mysql fact collection failed: "%s".' % e.output.strip()
self.module.fail_json(msg=message)
else:
lines = output.split('\n')
facts = dict(l.split('\t') for l in lines if l)
self.module.exit_json(
changed=self.state_change,
ansible_facts={'mysql_status': facts})
def main():
module = AnsibleModule(
argument_spec=dict(
),
supports_check_mode=False
)
mysql_facts = MysqlStatusFacts(module)
mysql_facts.gather_facts()
from ansible.module_utils.basic import *
if __name__ == '__main__':
main()

34
playbooks/roles/galera_server/meta/main.yml
View File

@ -1,34 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Installation galera server
company: Rackspace
license: Apache2
min_ansible_version: 1.6.6
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- galera
- mariadb
- development
- openstack
dependencies:
- apt_package_pinning
- galera_client

58
playbooks/roles/galera_server/tasks/galera_bootstrap.yml
View File

@ -1,58 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Check if mysql is running
command: /usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping
ignore_errors: true
changed_when: mysql_running.rc != 0
register: mysql_running
notify: Restart mysql
tags:
- galera-cluster-state-check
- galera-bootstrap
- name: Start cluster with wsrep
service:
name: mysql
state: restarted
args: "--wsrep-new-cluster"
when:
- inventory_hostname == galera_server_bootstrap_node
- mysql_running.rc != 0
tags:
- galera-bootstrap
- name: Wait for operational state
command: mysql --silent --skip-column-names -e 'SHOW STATUS LIKE "wsrep_evs_state"'
register: galera_check_wait
until: galera_check_wait|success
failed_when: not galera_check_wait.stdout | search("OPERATIONAL")
retries: 6
delay: 5
when:
- inventory_hostname == galera_server_bootstrap_node
- mysql_running.rc != 0
tags:
- galera-operational
- galera-bootstrap
- set_fact:
galera_running_and_bootstrapped: true
when:
- inventory_hostname == galera_server_bootstrap_node
- mysql_running.rc != 0
tags:
- galera-operational
- galera-bootstrap

75
playbooks/roles/galera_server/tasks/galera_cluster_state.yml
View File

@ -1,75 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Check if mysql is running
command: /usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping
ignore_errors: true
changed_when: mysql_running.rc != 0
register: mysql_running
notify: Restart mysql
tags:
- galera-cluster-state-check
- name: Check for cluster state failure
fail:
msg: |
The cluster may be broken, mysql is not running but appears to be
installed. Fix it before re-running the playbook or override with
'openstack-ansible -e galera_ignore_cluster_state=true galera-install.yml'.
when:
- not galera_ignore_cluster_state | bool
- mysql_running.rc == 1
- mysql_running.stderr | search("Check that mysqld is running and that the socket")
tags:
- galera-cluster-state-check
- name: Gather mysql facts
mysql_status_facts:
ignore_errors: true
tags:
- galera-cluster-state-check
- name: Check for cluster state failure
fail:
msg: |
The cluster may be broken, mysql is running but unable to gather mysql facts.
Fix it before re-running the playbook or override with
'openstack-ansible -e galera_ignore_cluster_state=true galera-install.yml'.
when:
- not galera_ignore_cluster_state | bool
- mysql_running.rc == 0
- mysql_status is not defined
tags:
- galera-cluster-state-check
- name: Check for cluster state failure
fail:
msg: |
wsrep_incoming_addresses does not match across the cluster. Please fix before
re-running the playbooks or override with
'openstack-ansible -e galera_ignore_cluster_state=true galera-install.yml'.
with_items: play_hosts
when:
- not galera_ignore_cluster_state | bool
- mysql_running.rc == 0
- mysql_status['wsrep_incoming_addresses'] != hostvars[item]['mysql_status']['wsrep_incoming_addresses']
tags:
- galera-cluster-state-check
- set_fact:
galera_existing_cluster: true
when: mysql_running.rc == 0
tags:
- galera-cluster-state-check

85
playbooks/roles/galera_server/tasks/galera_install.yml
View File

@ -1,85 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Preseed galera password(s)
debconf:
name: "{{ item.name }}"
question: "{{ item.question }}"
value: "{{ item.value }}"
vtype: "{{ item.vtype }}"
with_items: galera_debconf_items
tags:
- galera-debconf
- name: Update apt sources
apt:
update_cache: yes
cache_valid_time: 600
register: apt_update
until: apt_update|success
retries: 5
delay: 2
tags:
- galera-apt-packages
- name: Install galera packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: galera_apt_packages
notify: Restart mysql
tags:
- galera-apt-packages
# TODO(cloudnull) -- Remove this after the Mitaka release
# This task simply removes the system version of
# percona-xtrabackup and xtrabackup if found the
# purpose is to ensure that "if" the system version
# of the binary is installed its first removed in
# favor of the actual upstream package being used in
# the next task.
- name: UnInstall system xtrabackup packages
apt:
pkg: "{{ item }}"
state: absent
with_items:
- percona-xtrabackup
- xtrabackup
tags:
- galera-apt-packages
- name: Install galera package
apt:
deb: "{{ galera_package_path }}"
force: yes
tags:
- galera-apt-packages
- name: Install pip packages
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: galera_pip_packages
tags:
- galera-pip-packages

74
playbooks/roles/galera_server/tasks/galera_post_install.yml
View File

@ -1,74 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create the local directories
file:
path: "{{ item.path }}"
state: "directory"
owner: "{{ item.owner|default('root') }}"
group: "{{ item.group|default('root') }}"
mode: "{{ item.mode|default('0755') }}"
recurse: "{{ item.recurse|default('false') }}"
with_items:
- { path: "/var/lib/mysql", owner: "mysql", mode: "2755" }
- { path: "/var/log/mysql", owner: "mysql", mode: "2755" }
- { path: "/var/log/mysql_logs/", owner: "mysql", group: "syslog", mode: "2755" }
- { path: "/etc/mysql/conf.d" }
tags:
- galera-config
- name: Drop mariadb config(s)
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
mode: "0644"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: my.cnf.j2
dest: /etc/mysql/my.cnf
config_overrides: "{{ galera_my_cnf_overrides }}"
config_type: "ini"
- src: cluster.cnf.j2
dest: /etc/mysql/conf.d/cluster.cnf
config_overrides: "{{ galera_cluster_cnf_overrides }}"
config_type: "ini"
- src: debian.cnf.j2
dest: /etc/mysql/debian.cnf
config_overrides: "{{ galera_debian_cnf_overrides }}"
config_type: "ini"
notify: Restart mysql
tags:
- galera-client-user-config
- name: Drop mariadb config(s)
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode|default('0644') }}"
with_items:
- { src: mysql_defaults.j2, dest: /etc/default/mysql }
notify: Restart mysql
tags:
- galera-config
- name: Remove policy-rc
file:
path: "/usr/sbin/policy-rc.d"
state: absent
tags:
- galera-config

119
playbooks/roles/galera_server/tasks/galera_pre_install.yml
View File

@ -1,119 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Update apt sources
apt:
update_cache: yes
cache_valid_time: 600
register: apt_update
until: apt_update|success
retries: 5
delay: 2
tags:
- galera-apt-packages
- name: Install galera pre packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: galera_pre_apt_packages
tags:
- galera-pre-apt-packages
- name: Add galera apt-keys
apt_key:
id: "{{ item.hash_id }}"
keyserver: "{{ item.keyserver }}"
state: "present"
register: add_keys
until: add_keys|success
ignore_errors: True
retries: 5
delay: 2
with_items: galera_gpg_keys
tags:
- galera-apt-keys
- name: Add galera apt-keys using fallback keyserver
apt_key:
id: "{{ item.hash_id }}"
keyserver: "{{ item.fallback_keyserver }}"
state: "present"
register: add_keys_fallback
until: add_keys_fallback|success
retries: 5
delay: 2
with_items: galera_gpg_keys
when: add_keys|failed and item.fallback_keyserver is defined
tags:
- galera-apt-keys
- name: Drop galera repo pin
template:
src: "galera_pin.pref.j2"
dest: "/etc/apt/preferences.d/galera_pin.pref"
owner: "root"
group: "root"
mode: "0644"
tags:
- galera-repo-pin
- name: Add galera repo(s)
apt_repository:
repo: "{{ item.repo }}"
state: "{{ item.state }}"
register: add_repos
until: add_repos|success
retries: 5
delay: 2
with_items:
- "{{ galera_apt_repo }}"
- "{{ galera_apt_percona_xtrabackup_repo }}"
tags:
- galera-repos
- name: Download the galera package
get_url:
url: "{{ galera_package_url }}"
dest: "{{ galera_package_path }}"
mode: "0644"
sha256sum: "{{ galera_package_sha256 }}"
register: package_download
retries: 3
delay: 10
until: package_download|success
tags:
- galera-apt-packages
- name: Prevent galera from starting on install
copy:
src: "policy-rc.d"
dest: "/usr/sbin/policy-rc.d"
mode: "0755"
backup: yes
tags:
- galera-config
- name: Drop limits config
template:
src: "limits.conf.j2"
dest: "/etc/security/limits.conf"
notify: Restart mysql
tags:
- galera-config

45
playbooks/roles/galera_server/tasks/galera_setup.yml
View File

@ -1,45 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create galera users
mysql_user:
name: "{{ item.name }}"
host: "{{ item.host }}"
password: "{{ item.password }}"
priv: "{{ item.priv }}"
state: "{{ item.state }}"
with_items:
- name: "{{ galera_root_user }}"
host: "%"
password: "{{ galera_root_password }}"
priv: "*.*:ALL,GRANT"
state: present
- name: "{{ galera_root_user }}"
host: "localhost"
password: "{{ galera_root_password }}"
priv: "*.*:ALL"
state: absent
- name: "{{ galera_monitoring_user }}"
host: '%'
password: "{{ galera_monitoring_user_password }}"
priv: "*.*:USAGE"
state: present
- name: "{{ galera_monitoring_user }}"
host: 'localhost'
password: "{{ galera_monitoring_user_password }}"
priv: "*.*:USAGE"
state: present
tags:
- galera-user-create

26
playbooks/roles/galera_server/tasks/main.yml
View File

@ -1,26 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: galera_cluster_state.yml
- include: galera_pre_install.yml
- include: galera_install.yml
- include: galera_post_install.yml
- include: galera_bootstrap.yml
- name: Flush handlers
meta: flush_handlers
- include: galera_setup.yml
when: inventory_hostname == galera_server_bootstrap_node

52
playbooks/roles/galera_server/templates/cluster.cnf.j2
View File

@ -1,52 +0,0 @@
# {{ ansible_managed }}
[mysqld]
# Path to Galera library
wsrep_provider = /usr/lib/galera/libgalera_smm.so
{% if galera_wsrep_provider_options is defined %}
wsrep_provider_options = "
{%- for item in galera_wsrep_provider_options -%}
{{ item.option }} = {{ item.value }}{% if not loop.last %}; {% endif -%}
{%- endfor -%}
"
{% endif %}
# Cluster connection URL contains the IPs of node#1, node#2 and node#3
wsrep_cluster_address = gcomm://{{ galera_wsrep_cluster_address }}
# Address for incoming client connections.
wsrep_node_incoming_address = {{ galera_wsrep_address }}
# In order for Galera to work correctly binlog format should be ROW
binlog_format = ROW
# MyISAM storage engine has only experimental support
default_storage_engine = InnoDB
# This changes how InnoDB autoincrement locks are managed and is a requirement for Galera
innodb_autoinc_lock_mode = 2
# This should be the IP and DNS name for the current system on which you're editing the file.
wsrep_node_address = {{ galera_wsrep_address }}
wsrep_node_name = {{ galera_wsrep_node_name }}
# to enable debug level logging, set this to 1
wsrep_debug = {{ galera_wsrep_debug }}
# SST method
wsrep_sst_method = {{ galera_wsrep_sst_method }}
wsrep_sst_auth = {{ galera_wsrep_sst_auth_user }}:{{ galera_wsrep_sst_auth_password }}
wsrep_slave_threads = {{ galera_wsrep_slave_threads }}
# Cluster name
wsrep_cluster_name = "{{ galera_cluster_name }}"
# how many times to retry deadlocked autocommits
wsrep_retry_autocommit = {{ galera_wsrep_retry_autocommit }}
[xtrabackup]
compress
compact
parallel = {{ galera_xtrabackup_threads }}
compress-threads = {{ galera_xtrabackup_threads }}
rebuild-threads = {{ galera_xtrabackup_threads }}

14
playbooks/roles/galera_server/templates/debian.cnf.j2
View File

@ -1,14 +0,0 @@
# {{ ansible_managed }}
[client]
host = localhost
user = root
password = {{ galera_root_password }}
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = root
password = {{ galera_root_password }}
socket = /var/run/mysqld/mysqld.sock
basedir = /usr

5
playbooks/roles/galera_server/templates/galera_pin.pref.j2
View File

@ -1,5 +0,0 @@
# {{ ansible_managed }}
Package: *
Pin: release o=MariaDB
Pin-Priority: 1001

4
playbooks/roles/galera_server/templates/limits.conf.j2
View File

@ -1,4 +0,0 @@
# {{ ansible_managed }}
# OpenFile limits
* - nofile {{ galera_file_limits }}

93
playbooks/roles/galera_server/templates/my.cnf.j2
View File

@ -1,93 +0,0 @@
{%- set all_calculated_max_connections = [] %}
{%- for galera_node in groups['galera_all'] %}
{%- if all_calculated_max_connections.append(hostvars[galera_node]['ansible_processor_vcpus'] * 100) %}
{%- endif %}
{%- endfor %}
{%- set calculated_max_connections = all_calculated_max_connections|sort %}
# {{ ansible_managed }}
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysql]
default-character-set = utf8
[mysqld]
user = mysql
collation-server = utf8_unicode_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
datadir = /var/lib/mysql
{% if galera_server_id is defined %}
server-id = {{ galera_server_id }}
{% endif %}
# LOGGING #
log-queries-not-using-indexes = {{ galera_unindexed_query_logging }}
slow-query-log = {{ galera_slow_query_logging }}
slow-query-log-file = /var/log/mysql_logs/mysql-slow.log
log_error = /var/log/mysql_logs/galera_server_error.log
log-bin = /var/lib/mysql/mariadb-bin
log-bin-index = /var/lib/mysql/mariadb-bin.index
expire-logs-days = 7
log_slave_updates = 1
# SAFETY #
max-allowed-packet = 16M
max-connect-errors = 1000000
# NOTE: The number of max connections is defined by ( host_vcpus * 100 ). This value
# is the lowest integer based on the ansible facts gathered from every galera node.
# Computing the connections value using the lowest denominator maintains cluster integrity
# by not attempting to over commit to a less capable machine.
# These are the computed max_connections based on cluster data {{ calculated_max_connections }}
max_connections = {{ galera_max_connections | default(calculated_max_connections[0]) }}
wait_timeout = {{ galera_wait_timeout }}
# CACHES AND LIMITS #
tmp-table-size = {{ galera_max_heap_table_size }}
max-heap-table-size = {{ galera_tmp_table_size }}
query-cache-type = 0
query-cache-size = 0M
thread-cache-size = 50
open-files-limit = {{ galera_file_limits }}
table-definition-cache = 4096
table-open-cache = 10240
# INNODB #
innodb-flush-method = O_DIRECT
innodb-additional-mem-pool-size = {{ galera_innodb_additional_mem_pool_size }}
innodb-log-file-size = {{ galera_innodb_log_file_size }}
innodb-flush-log-at-trx-commit = 1
innodb-file-per-table = 1
innodb-buffer-pool-size = {{ galera_innodb_buffer_pool_size }}
# Depending on number of cores and disk sub
innodb-read-io-threads = 4
innodb-write-io-threads = 4
innodb-doublewrite = 1
innodb-log-buffer-size = {{ galera_innodb_log_buffer_size }}
innodb-buffer-pool-instances = 8
innodb-log-files-in-group = 2
innodb-thread-concurrency = 64
# avoid statistics update when doing e.g show tables
innodb_stats_on_metadata = 0
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
!includedir /etc/mysql/conf.d/

15
playbooks/roles/galera_server/templates/mysql_defaults.j2
View File

@ -1,15 +0,0 @@
# {{ ansible_managed }}
{%- set all_calculated_max_connections = [] %}
{%- for galera_node in groups['galera_all'] %}
{%- set _ = all_calculated_max_connections.append(hostvars[galera_node]['ansible_processor_vcpus'] * 100) %}
{%- endfor %}
{%- set calculated_min_connections = all_calculated_max_connections | min %}
{%- set calculated_max_connections = galera_max_connections | default(calculated_min_connections) %}
# How long to wait for successfull mysql startup
# Startup can take a while if it requires a galera state transfer.
MYSQLD_STARTUP_TIMEOUT=1800
ulimit -n {{ calculated_max_connections }}
ulimit -Hn {{ calculated_max_connections }}

85
playbooks/roles/memcached_server/CONTRIBUTING.rst
View File

@ -1,85 +0,0 @@
OpenStack memcached servers
###########################
:tags: openstack, memcached, server, cloud, ansible
:category: \*nix
contributor guidelines
^^^^^^^^^^^^^^^^^^^^^^
Filing Bugs
-----------
Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible"
When submitting a bug, or working on a bug, please ensure the following criteria are met:
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* Steps to reproduce the problem if possible.
Submitting Code
---------------
Changes to the project should be submitted for review via the Gerrit tool, following
the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow"
Pull requests submitted through GitHub will be ignored and closed without regard.
Extra
-----
Tags:
If it's a bug that needs fixing in a branch in addition to Master, add a '\<release\>-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete.
Status:
Please leave this alone, it should be New till someone triages the issue.
Importance:
Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures.
Style guide
-----------
When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format.
Example YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name:
thing1: "some-stuff"
thing2: "some-other-stuff"
tags:
- some-tag
- some-other-tag
Example **NOT** in YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name: thing1="some-stuff" thing2="some-other-stuff"
tags:
- some-tag
- some-other-tag
Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module.
Issues
------
When submitting an issue, or working on an issue please ensure the following criteria are met:
* The description clearly states or describes the original problem or root cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* If the issue is a bug that needs fixing in a branch other than Master, add the backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External access to web services/sites should not be needed.
* If the issue is needed for a hotfix release, add the 'expedite' label.
* Steps to reproduce the problem if possible.

202
playbooks/roles/memcached_server/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

16
playbooks/roles/memcached_server/README.rst
View File

@ -1,16 +0,0 @@
OpenStack memcached servers
###########################
:tags: openstack, memcached, server, cloud, ansible
:category: \*nix
Role for the deployoment and installation of Memcached
.. code-block:: yaml
- name: Install memcached
hosts: memcached
user: root
roles:
- { role: "memcached_server", tags: [ "memcached-server" ] }
vars:
memcached_listen: "10.0.0.1"

33
playbooks/roles/memcached_server/defaults/main.yml
View File

@ -1,33 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Defines that the role will be deployed on a host machine
is_metal: true
# The default memcache memory setting is to use .25 of the available system ram
# as long as that value is < 8192. However you can set the `memcached_memory`
# value to whatever you like as an override.
base_memcached_memory: "{{ ansible_memtotal_mb | default(4096) }}"
memcached_memory: "{{ base_memcached_memory | int // 4 if base_memcached_memory | int // 4 < 8192 else 8192 }}"
memcached_port: 11211
memcached_user: memcache
memcached_listen: "127.0.0.1"
memcached_log: /var/log/memcached.log
memcached_connections: 1024
memcached_threads: 4
memcached_apt_packages:
- memcached

20
playbooks/roles/memcached_server/handlers/main.yml
View File

@ -1,20 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Restart memcached
service:
name: "memcached"
state: "restarted"
pattern: "memcached"

32
playbooks/roles/memcached_server/meta/main.yml
View File

@ -1,32 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Installation and setup of memcached
company: Rackspace
license: Apache2
min_ansible_version: 1.6.6
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- memcached
- development
- openstack
dependencies:
- apt_package_pinning

21
playbooks/roles/memcached_server/tasks/main.yml
View File

@ -1,21 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: memcached_pre_install.yml
- include: memcached_install.yml
- include: memcached_config.yml
- name: Flush handlers
meta: flush_handlers

38
playbooks/roles/memcached_server/tasks/memcached_config.yml
View File

@ -1,38 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Apply memcached config
template:
src: "memcached.conf"
dest: "/etc/memcached.conf"
owner: "root"
group: "root"
mode: "0644"
notify: Restart memcached
tags:
- memcached-config
- name: Apply resource limits
template:
src: "memcached.j2"
dest: "/etc/default/memcached"
owner: "root"
group: "root"
mode: "0644"
when: >
memcached_connections > 1024
notify: Restart memcached
tags:
- memcached-config

37
playbooks/roles/memcached_server/tasks/memcached_install.yml
View File

@ -1,37 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Update apt sources
apt:
update_cache: yes
cache_valid_time: 600
register: apt_update
until: apt_update|success
retries: 5
delay: 2
tags:
- memcached-apt-packages
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: present
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: memcached_apt_packages
tags:
- memcached-apt-packages

24
playbooks/roles/memcached_server/tasks/memcached_pre_install.yml
View File

@ -1,24 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure the memcache user exists
user:
name: "{{ memcached_user }}"
comment: "memcached user"
system: "yes"
shell: "/bin/false"
createhome: "no"
tags:
- memcached-user

10
playbooks/roles/memcached_server/templates/memcached.conf
View File

@ -1,10 +0,0 @@
# {{ ansible_managed }}
-d
logfile {{ memcached_log }}
-m {{ memcached_memory }}
-p {{ memcached_port }}
-u {{ memcached_user }}
-l {{ memcached_listen }}
-c {{ memcached_connections }}
-t {{ memcached_threads }}

6
playbooks/roles/memcached_server/templates/memcached.j2
View File

@ -1,6 +0,0 @@
# {{ ansible_managed }}
# Any other value will disable memcached.
ENABLE_MEMCACHED=yes
ulimit -Hn {{ memcached_connections }}
ulimit -n {{ memcached_connections }}

103
playbooks/roles/pip_lock_down/CONTRIBUTING.rst
View File

@ -1,103 +0,0 @@
OpenStack pip lockdown
######################
:tags: openstack, pip, lockdown, cloud, ansible
:category: \*nix
contributor guidelines
^^^^^^^^^^^^^^^^^^^^^^
Filing Bugs
-----------
Bugs should be filed on Launchpad, not GitHub:
"https://bugs.launchpad.net/openstack-ansible"
When submitting a bug, or working on a bug, please ensure the following
criteria are met:
* The description clearly states or describes the original problem or root
cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* The provided information should be totally self-contained. External access to
web services/sites should not be needed.
* Steps to reproduce the problem if possible.
Submitting Code
---------------
Changes to the project should be submitted for review via the Gerrit tool,
following the workflow documented at:
"http://docs.openstack.org/infra/manual/developers.html#development-workflow"
Pull requests submitted through GitHub will be ignored and closed without
regard.
Extra
-----
Tags:
If it's a bug that needs fixing in a branch in addition to Master, add a
'\<release\>-backport-potential' tag (eg ``juno-backport-potential``).
There are predefined tags that will autocomplete.
Status:
Please leave this alone, it should be New till someone triages the issue.
Importance:
Should only be touched if it is a Blocker/Gating issue. If it is, please
set to High, and only use Critical if you have found a bug that can take
down whole infrastructures.
Style guide
-----------
When creating tasks and other roles for use in Ansible please create then using
the YAML dictionary format.
Example YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name:
thing1: "some-stuff"
thing2: "some-other-stuff"
tags:
- some-tag
- some-other-tag
Example **NOT** in YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name: thing1="some-stuff" thing2="some-other-stuff"
tags:
- some-tag
- some-other-tag
Usage of the ">" and "|" operators should be limited to Ansible conditionals
and command modules such as the ansible ``shell`` module.
Issues
------
When submitting an issue, or working on an issue please ensure the following
criteria are met:
* The description clearly states or describes the original problem or root
cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* If the issue is a bug that needs fixing in a branch other than Master, add
the backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External access to
web services/sites should not be needed.
* If the issue is needed for a hotfix release, add the 'expedite' label.
* Steps to reproduce the problem if possible.

202
playbooks/roles/pip_lock_down/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

23
playbooks/roles/pip_lock_down/README.rst
View File

@ -1,23 +0,0 @@
OpenStack pip lockdown
######################
:tags: openstack, pip, lockdown, cloud, ansible
:category: \*nix
Role to lock pip down to a particular links repo. This will create a
``.pip.conf`` which will ensure that the only python packages installed when
using pip are from a known repository of packages.
.. code-block:: yaml
- name: Basic lxc host setup
hosts: host_group
user: root
roles:
- { role: "pip_lock_down", tags: [ "pip-lock-down" ] }
vars:
pip_links:
name: openstack-release
link: https://openstack-hostname.something/python_packages/master
This was intended for use with a repository built from the repo role.

32
playbooks/roles/pip_lock_down/defaults/main.yml
View File

@ -1,32 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Options for pip global
pip_no_index: true
pip_enable_pre_releases: true
pip_timeout: 120
# Options for pip install
pip_upgrade: true
pip_allow_all_external: true
# Drop link files to lock down pip
pip_links:
- { name: "openstack_release", link: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/" }
## Tunable overrides
pip_global_conf_overrides: {}

185
playbooks/roles/pip_lock_down/files/pip-link-build.py
View File

@ -1,185 +0,0 @@
#!/usr/bin/env python
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2014, Kevin Carter <kevin.carter@rackspace.com>
"""
This script will build a pip.conf file dynamically based on a simple
configuration layout. The purpose of this script is to allow automation to
deploy parts of the main `pip.conf` file incrementally creating links and
sections as needed.
Structure:
$HOME/.pip/
$HOME/.pip/base
$HOME/.pip/links.d
creates:
$HOME/.pip/pip.conf
* The script reads all configuration files from the base directory and then
applies the sections to the main config file at "$HOME/.pip/pip.conf"
* Within the [install] section will be generated with the value `find-links`
built from the link files found in "$HOME/.pip/links.d".
"""
import ConfigParser
import os
import urlparse
def config_files(config_dir_path, extension='.link'):
"""Discover all link files.
:param config_dir_path: ``str`` Path to link directory
:param extension: ``str`` Extension for files
:return: ``list``
"""
link_files = list()
for root_path, _, pip_files in os.walk(config_dir_path):
for f in pip_files:
if f.endswith(extension):
link_files.append(os.path.join(root_path, f))
else:
return link_files
def pip_links(links_files):
"""Read all link files.
:param links_files: ``list`` List of files to read containing links
:return: `list``
"""
links = list()
for link in links_files:
with open(link, 'rb') as f:
links.extend(f.readlines())
else:
return links
def load_config(config_file):
"""Load config from a file.
:param config_file: ``str`` path to config file
:return: ``object``
"""
config = ConfigParser.ConfigParser()
if config_file is None:
return config
try:
with open(config_file) as f:
config.readfp(f)
except IOError:
return config
else:
return config
def set_links(links):
"""Set all links and ensure there are no blank lines.
:param links: ``list`` List of all raw links
:return: ``str``
"""
pip_find_links = list()
for link in links:
if link != '\n' or not link:
pip_find_links.append(link.rstrip('\n'))
links = [i for i in list(set(pip_find_links))]
return '\n%s' % '\n'.join(links)
def build_main_config(add_conf, main_config):
"""Build configuration from all found conf files.
:param add_conf: ``object`` ConfigParser object
:param main_config: ``object`` ConfigParser object
"""
for section in add_conf.sections():
try:
main_config.add_section(section)
except ConfigParser.DuplicateSectionError:
pass
for k, v in add_conf.items(section):
main_config.set(section, k, v)
def build_install_section(main_dir_path, main_config):
"""Build the install section with links.
:param main_dir_path: ``str`` Directory path
:param main_config: ``object`` ConfigParser object
"""
links = list()
trusted_host = list()
links_dir = os.path.join(main_dir_path, 'links.d')
if os.path.isdir(links_dir):
_link = config_files(config_dir_path=links_dir, extension='.link')
_links = pip_links(_link)
links.extend(_links)
for _link in _links:
# Make sure that just the hostname/ip is used.
trusted_host.append(urlparse.urlparse(_link).netloc.split(':')[0])
else:
main_config.set('global', 'trusted-host', set_links(trusted_host))
# Add install section if not already found
try:
main_config.add_section('install')
except ConfigParser.DuplicateSectionError:
pass
# Get all items from the install section
try:
install_items = main_config.items('install')
except ConfigParser.NoSectionError:
install_items = None
link_strings = set_links(links)
if install_items:
for item in install_items:
if item[0] != 'find-links':
main_config.set('install', *item)
main_config.set('install', 'find-links', link_strings)
def main():
"""Run the main application."""
main_file_path = os.path.expanduser('~/.pip/pip.conf')
main_config = load_config(config_file=None)
main_dir_path = os.path.dirname(main_file_path)
base_dir_path = os.path.join(main_dir_path, 'base')
if os.path.isdir(base_dir_path):
_confs = config_files(base_dir_path, extension='.conf')
for _conf in _confs:
_config = load_config(config_file=_conf)
build_main_config(_config, main_config)
build_install_section(main_dir_path, main_config)
# Write out the config file
with open(main_file_path, 'wb') as f:
main_config.write(f)
if __name__ == '__main__':
main()

32
playbooks/roles/pip_lock_down/meta/main.yml
View File

@ -1,32 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Lock pip down
company: Rackspace
license: Apache2
min_ansible_version: 1.6.6
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- python
- development
- openstack
dependencies:
- pip_install

75
playbooks/roles/pip_lock_down/tasks/main.yml
View File

@ -1,75 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create pip config directory
file:
path: "{{ item }}"
state: "directory"
group: "{{ ansible_user_id }}"
owner: "{{ ansible_user_id }}"
with_items:
- "{{ ansible_env.HOME }}/.pip"
- "{{ ansible_env.HOME }}/.pip/base"
- "{{ ansible_env.HOME }}/.pip/links.d"
- "{{ ansible_env.HOME }}/.cache"
- "{{ ansible_env.HOME }}/.cache/pip"
tags:
- lock-directories-pip
- name: Drop pip lockdown file(s)
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}"
mode: "{{ item.mode|default('0644') }}"
with_items:
- { src: "pip-link-build.py", dest: "{{ ansible_env.HOME }}/.pip/pip-link-build.py", mode: "0755" }
tags:
- lock-pip-files
- name: Drop pip global config(s)
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}"
mode: "0644"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "global.conf.j2"
dest: "{{ ansible_env.HOME }}/.pip/base/global.conf"
config_overrides: "{{ pip_global_conf_overrides }}"
config_type: "ini"
tags:
- lock-pip-files
- name: Drop pip link file(s)
template:
src: "link_file.j2"
dest: "{{ ansible_env.HOME }}/.pip/links.d/{{ item.name }}.link"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}"
mode: "{{ item.mode|default('0644') }}"
with_items: pip_links
tags:
- lock-pip-files
- name: Execute pip config builder
command: "{{ ansible_env.HOME }}/.pip/pip-link-build.py"
changed_when: false
tags:
- lock-down-pip-conf

10
playbooks/roles/pip_lock_down/templates/global.conf.j2
View File

@ -1,10 +0,0 @@
# {{ ansible_managed }}
[global]
no-index = {{ pip_no_index }}
pre = {{ pip_enable_pre_releases }}
timeout = {{ pip_timeout }}
[install]
upgrade = {{ pip_upgrade }}
allow_all_external = {{ pip_allow_all_external }}

1
playbooks/roles/pip_lock_down/templates/link_file.j2
View File

@ -1 +0,0 @@
{{ item.link }}

103
playbooks/roles/rabbitmq_server/CONTRIBUTING.rst
View File

@ -1,103 +0,0 @@
OpenStack rabbitmq server
#########################
:tags: openstack, rabbitmq, server, cloud, ansible
:category: \*nix
contributor guidelines
^^^^^^^^^^^^^^^^^^^^^^
Filing Bugs
-----------
Bugs should be filed on Launchpad, not GitHub:
"https://bugs.launchpad.net/openstack-ansible"
When submitting a bug, or working on a bug, please ensure the following
criteria are met:
* The description clearly states or describes the original problem or root
cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* The provided information should be totally self-contained. External access to
web services/sites should not be needed.
* Steps to reproduce the problem if possible.
Submitting Code
---------------
Changes to the project should be submitted for review via the Gerrit tool,
following the workflow documented at:
"http://docs.openstack.org/infra/manual/developers.html#development-workflow"
Pull requests submitted through GitHub will be ignored and closed without
regard.
Extra
-----
Tags:
If it's a bug that needs fixing in a branch in addition to Master, add a
'\<release\>-backport-potential' tag (eg ``juno-backport-potential``).
There are predefined tags that will autocomplete.
Status:
Please leave this alone, it should be New till someone triages the issue.
Importance:
Should only be touched if it is a Blocker/Gating issue. If it is, please
set to High, and only use Critical if you have found a bug that can take
down whole infrastructures.
Style guide
-----------
When creating tasks and other roles for use in Ansible please create then using
the YAML dictionary format.
Example YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name:
thing1: "some-stuff"
thing2: "some-other-stuff"
tags:
- some-tag
- some-other-tag
Example **NOT** in YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name: thing1="some-stuff" thing2="some-other-stuff"
tags:
- some-tag
- some-other-tag
Usage of the ">" and "|" operators should be limited to Ansible conditionals
and command modules such as the ansible ``shell`` module.
Issues
------
When submitting an issue, or working on an issue please ensure the following
criteria are met:
* The description clearly states or describes the original problem or root
cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* If the issue is a bug that needs fixing in a branch other than Master, add
the backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External access to
web services/sites should not be needed.
* If the issue is needed for a hotfix release, add the 'expedite' label.
* Steps to reproduce the problem if possible.

202
playbooks/roles/rabbitmq_server/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

18
playbooks/roles/rabbitmq_server/README.rst
View File

@ -1,18 +0,0 @@
OpenStack rabbitmq server
#########################
:tags: openstack, rabbitmq, server, cloud, ansible
:category: \*nix
Role to deploy rabbitmq and cluster it when there are more than one nodes.
.. code-block:: yaml
- name: Install rabbitmq server
hosts: rabbitmq_all
max_fail_percentage: 20
user: root
roles:
- { role: "rabbitmq_server", tags: [ "rabbitmq-server" ] }
vars:
rabbitmq_cookie_token: secrete
container_address: "{{ ansible_ssh_host }}"

70
playbooks/roles/rabbitmq_server/defaults/main.yml
View File

@ -1,70 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Defines that the role will be deployed on a host machine
is_metal: true
rabbitmq_primary_cluster_node: "{{ groups['rabbitmq_all'][0] }}"
# Upgrading the RabbitMQ package requires shutting down the cluster. This variable makes upgrading
# the version an explicit action.
rabbitmq_upgrade: false
# If the user does not want to upgrade but needs to rerun the playbooks for any reason the
# upgrade/version state can be ignored by setting `rabbitmq_ignore_version_state=true`
rabbitmq_ignore_version_state: false
rabbitmq_package_url: "https://www.rabbitmq.com/releases/rabbitmq-server/v3.5.6/rabbitmq-server_3.5.6-1_all.deb"
rabbitmq_package_version: "{{ rabbitmq_package_url.split('/')[-1].split('_')[1] }}"
rabbitmq_package_sha256: "e3c377e585c123e06c88422248915f32216641d6f7dfab50d124535c8e93010d"
rabbitmq_package_path: "/opt/rabbitmq-server.deb"
rabbitmq_apt_packages:
- erlang-nox
rabbitmq_pip_packages:
- python-memcached
- pycrypto
# Name of the rabbitmq cluster
rabbitmq_cluster_name: rabbitmq_cluster1
# Specify a partition recovery strategy (autoheal | pause_minority | ignore)
rabbitmq_cluster_partition_handling: pause_minority
# Rabbitmq open file limits
rabbitmq_ulimit: 4096
# Enable the management plugin in rabbitmq
rabbitmq_plugins:
- names: rabbitmq_management
state: enabled
# RabbitMQ SSL support
rabbitmq_ssl_cert: /etc/rabbitmq/rabbitmq.pem
rabbitmq_ssl_key: /etc/rabbitmq/rabbitmq.key
rabbitmq_ssl_ca_cert: /etc/rabbitmq/rabbitmq-ca.pem
# Set rabbitmq_ssl_self_signed_regen to true if you want to generate a new
# SSL certificate for RabbitMQ when this playbook runs. You can also change
# the subject of the self-signed certificate here if you prefer.
rabbitmq_ssl_self_signed_regen: false
rabbitmq_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ container_name }}"
# Define user-provided SSL certificates in:
# /etc/openstack_deploy/user_variables.yml
#rabbitmq_user_ssl_cert: <path to cert on ansible deployment host>
#rabbitmq_user_ssl_key: <path to cert on ansible deployment host>
#rabbitmq_user_ssl_ca_cert: <path to cert on ansible deployment host>

3
playbooks/roles/rabbitmq_server/files/policy-rc.d
View File

@ -1,3 +0,0 @@
#!/bin/sh
echo "All runlevel operations denied by policy" >&2
exit 101

33
playbooks/roles/rabbitmq_server/meta/main.yml
View File

@ -1,33 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Install rabbitmq server
company: Rackspace
license: Apache2
min_ansible_version: 1.6.6
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- rabbitmq
- development
- openstack
dependencies:
- apt_package_pinning
- pip_lock_down

44
playbooks/roles/rabbitmq_server/tasks/main.yml
View File

@ -1,44 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: rabbitmq_pre_install.yml
# The install process will be skipped if `rabbitmq_ignore_version_state=true`
- include: rabbitmq_install.yml
when: not rabbitmq_ignore_version_state | bool
# RabbitMQ SSL/TLS listener configuration
#
# If the user has not specified a certificate, key and CA certificate, we will
# generate a self-signed SSL certificate and distribute it to each RabbitMQ
# container.
#
# User-provided certificates must be specified within:
#
# playbooks/roles/rabbitmq_server/defaults/main.yml
#
- include: rabbitmq_ssl_self_signed.yml
when: >
rabbitmq_user_ssl_cert is not defined or
rabbitmq_user_ssl_key is not defined
- include: rabbitmq_ssl_user_provided.yml
- include: rabbitmq_set_cookie.yml
- include: rabbitmq_post_install.yml
- include: rabbitmq_cluster.yml
- name: Flush handlers
meta: flush_handlers

22
playbooks/roles/rabbitmq_server/tasks/rabbitmq_cluster.yml
View File

@ -1,22 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: rabbitmq_cluster_create.yml
when: >
inventory_hostname == rabbitmq_primary_cluster_node
- include: rabbitmq_cluster_join.yml
when: >
inventory_hostname != rabbitmq_primary_cluster_node

30
playbooks/roles/rabbitmq_server/tasks/rabbitmq_cluster_create.yml
View File

@ -1,30 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Get rabbitmq cluster name
shell: |
rabbitmqctl cluster_status | grep -w '<<"{{ rabbitmq_cluster_name }}">>'
register: rabbitmq_cluster_status
failed_when: false
changed_when: rabbitmq_cluster_status.rc != 0
tags:
- rabbitmq-cluster
- name: Create rabbitmq cluster
shell: |
rabbitmqctl set_cluster_name {{ rabbitmq_cluster_name }}
when: rabbitmq_cluster_status.rc != 0
tags:
- rabbitmq-cluster

54
playbooks/roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml
View File

@ -1,54 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# If cluster name is our own hostname, we assume we're not properly clustered
# TODO(someone): implement a more robust way of checking
# if node is clustered or not
- name: Check cluster status
shell: |
rabbitmqctl -q cluster_status | grep '{cluster_name,<<"{{ rabbitmq_cluster_name }}">>}'
changed_when: result.rc != 0
failed_when: false
register: result
tags:
- rabbitmq-cluster
- name: Stop rabbitmq app
shell: |
rabbitmqctl stop_app; sleep 5
failed_when: false
when: result.rc != 0
tags:
- rabbitmq-stop-app
- rabbitmq-cluster
- name: Join rabbitmq cluster
shell: |
rabbitmqctl join_cluster "rabbit@{{ rabbitmq_primary_cluster_node.split('.')[0] }}"
when: result.rc != 0
register: rabbit_join_cluster
until: rabbit_join_cluster|success
retries: 5
delay: 2
tags:
- rabbitmq-cluster
- name: Start rabbitmq app
shell: |
rabbitmqctl start_app
when: result.rc != 0
tags:
- rabbitmq-start-app
- rabbitmq-cluster

69
playbooks/roles/rabbitmq_server/tasks/rabbitmq_install.yml
View File

@ -1,69 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: rabbitmq_upgrade_check.yml
- name: Update apt sources
apt:
update_cache: yes
cache_valid_time: 600
register: apt_update
until: apt_update|success
retries: 5
delay: 2
tags:
- rabbitmq-apt-packages
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: rabbitmq_apt_packages
tags:
- rabbitmq-apt-packages
- name: Install the RabbitMQ package
apt:
deb: "{{ rabbitmq_package_path }}"
tags:
- rabbitmq-package-deb
- rabbitmq-apt-packages
- name: Install pip packages
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: rabbitmq_pip_packages
tags:
- rabbitmq-pip-packages
- name: Ensure there are no policy-rc files
file:
path: "/usr/sbin/policy-rc.d"
state: absent
tags:
- rabbitmq-upgrade
- rabbitmq-policy-file
- include: rabbitmq_started.yml

68
playbooks/roles/rabbitmq_server/tasks/rabbitmq_post_install.yml
View File

@ -1,68 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Enable management plugin
rabbitmq_plugin:
names: rabbitmq_management
state: enabled
with_items: rabbitmq_plugins
register: rabbitmq_plugin
tags:
- rabbitmq-config
- name: Enable queue mirroring
rabbitmq_policy:
name: "HA"
pattern: '^(?!amq\.).*'
tags: "ha-mode=all"
register: rabbitmq_queue_mirror
tags:
- rabbitmq-config
- rabbitmq-cluster
- name: Create rabbitmq config
register: rabbit_config_changed
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "rabbitmq.config.j2", dest: "/etc/rabbitmq/rabbitmq.config" }
- { src: "rabbitmq-server.j2", dest: "/etc/default/rabbitmq-server" }
tags:
- rabbitmq-config
- include: rabbitmq_restart.yml
when: rabbit_config_changed|changed or rabbitmq_plugin|changed or rabbitmq_queue_mirror|changed
# This is being done because the rabbitctl command used by the module
# is not very effective at returning proper status codes for failure
# and the module does not error detection. until we can go upstream
# to fix this issue this task being being done in two parts to ensure
# that the "guest" user is eradicated.
- name: Ensure default rabbitmq guest user is removed
rabbitmq_user:
user: guest
state: absent
when: inventory_hostname == groups['rabbitmq_all'][0]
tags:
- rabbitmq-user
- name: Ensure default rabbitmq guest user is removed
rabbitmq_user:
user: guest
state: absent
when: inventory_hostname != groups['rabbitmq_all'][0]
tags:
- rabbitmq-user

59
playbooks/roles/rabbitmq_server/tasks/rabbitmq_pre_install.yml
View File

@ -1,59 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Remove package rabbit if found for upgrade
file:
path: "{{ rabbitmq_package_path }}"
state: absent
tags:
- rabbitmq-upgrade
- rabbitmq-package-deb
- rabbitmq-package-deb-get
- name: Download the RabbitMQ package
get_url:
url: "{{ rabbitmq_package_url }}"
dest: "{{ rabbitmq_package_path }}"
mode: "0644"
sha256sum: "{{ rabbitmq_package_sha256 }}"
register: package_download
retries: 3
delay: 10
until: package_download|success
tags:
- rabbitmq-package-deb
- rabbitmq-package-deb-get
- name: Fix /etc/hosts
lineinfile:
dest: /etc/hosts
state: present
line: "{{ hostvars[item]['ansible_ssh_host'] }} {{ hostvars[item]['ansible_hostname'] }} {{ hostvars[item]['ansible_hostname'].split('.')[0] }}"
with_items: groups['rabbitmq_all']
tags:
- rabbitmq-config
- name: Create the local directories
file:
path: "{{ item.path }}"
state: "directory"
group: "{{ item.owner|default('root') }}"
owner: "{{ item.group|default('root') }}"
mode: "{{ item.mode|default('0755') }}"
recurse: "{{ item.recurse|default('false') }}"
with_items:
- { path: "/etc/rabbitmq/" }
tags:
- rabbitmq-config

17
playbooks/roles/rabbitmq_server/tasks/rabbitmq_restart.yml
View File

@ -1,17 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: rabbitmq_stopped.yml
- include: rabbitmq_started.yml

44
playbooks/roles/rabbitmq_server/tasks/rabbitmq_set_cookie.yml
View File

@ -1,44 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Read rabbit cookie
shell: "cat /var/lib/rabbitmq/.erlang.cookie"
register: tmp_rabbit_cookie
changed_when: tmp_rabbit_cookie.rc != 0
failed_when: false
tags:
- rabbitmq-config
- include: rabbitmq_stopped.yml
when: tmp_rabbit_cookie.stdout != rabbitmq_cookie_token
tags:
- rabbitmq-config
- name: Set rabbit cookie
copy:
content: "{{ rabbitmq_cookie_token }}"
dest: /var/lib/rabbitmq/.erlang.cookie
mode: "0400"
owner: rabbitmq
group: rabbitmq
when: tmp_rabbit_cookie.stdout != rabbitmq_cookie_token
register: cookie_set
tags:
- rabbitmq-config
- include: rabbitmq_started.yml
when: tmp_rabbit_cookie.stdout != rabbitmq_cookie_token
tags:
- rabbitmq-config

48
playbooks/roles/rabbitmq_server/tasks/rabbitmq_ssl_key_create.yml
View File

@ -1,48 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Remove self signed cert for regen
file:
dest: "{{ rabbitmq_ssl_cert }}"
state: "absent"
when: rabbitmq_ssl_self_signed_regen | bool
tags:
- rabbitmq-ssl
# See playbooks/roles/rabbitmq_server/defaults/main.yml to provide custom
# subject material for certificates or specify a user-provided certificate and
# key pair.
- name: Create self-signed ssl cert
command: >
openssl req -new -nodes -sha256 -x509 -subj
"{{ rabbitmq_ssl_self_signed_subject }}"
-days 3650
-keyout {{ rabbitmq_ssl_key }}
-out {{ rabbitmq_ssl_cert }}
-extensions v3_ca
creates={{ rabbitmq_ssl_cert }}
tags:
- rabbitmq-ssl
- name: Ensure rabbitmq user owns the self-signed key and certificate
file:
path: "{{ item }}"
owner: rabbitmq
group: rabbitmq
with_items:
- "{{ rabbitmq_ssl_key }}"
- "{{ rabbitmq_ssl_cert }}"
tags:
- rabbitmq-ssl

56
playbooks/roles/rabbitmq_server/tasks/rabbitmq_ssl_key_distribute.yml
View File

@ -1,56 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Distribute self signed ssl
memcached:
name: "{{ item.name }}"
file_path: "{{ item.src }}"
state: "retrieve"
file_mode: "{{ item.file_mode }}"
server: "{{ memcached_servers }}"
encrypt_string: "{{ memcached_encryption_key }}"
with_items:
- { src: "{{ rabbitmq_ssl_cert }}", name: "rabbitmq_ssl_cert", file_mode: "0640" }
- { src: "{{ rabbitmq_ssl_key }}", name: "rabbitmq_ssl_key", file_mode: "0640" }
register: memcache_keys
until: memcache_keys|success
retries: 5
delay: 2
tags:
- rabbitmq-ssl
- name: Ensure rabbitmq user owns the self-signed key and certificate
file:
path: "{{ item }}"
owner: rabbitmq
group: rabbitmq
with_items:
- "{{ rabbitmq_ssl_key }}"
- "{{ rabbitmq_ssl_cert }}"
tags:
- rabbitmq-ssl
# This is here because there was a different way of configuring SSL/TLS
# for RabbitMQ that used a mode of 0750 for the RabbitMQ directory. That has
# since been updated but we need to ensure that old environments get this
# critical update during upgrades.
#
# See bug 1513668 in Launchpad for more details.
- name: Ensure /etc/rabbitmq is set to the default mode of 0755
file:
path: /etc/rabbitmq
mode: 0755
tags:
- rabbitmq-ssl

31
playbooks/roles/rabbitmq_server/tasks/rabbitmq_ssl_key_store.yml
View File

@ -1,31 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Store self signed ssl
memcached:
name: "{{ item.name }}"
file_path: "{{ item.src }}"
state: "present"
server: "{{ memcached_servers }}"
encrypt_string: "{{ memcached_encryption_key }}"
with_items:
- { src: "{{ rabbitmq_ssl_cert }}", name: "rabbitmq_ssl_cert" }
- { src: "{{ rabbitmq_ssl_key }}", name: "rabbitmq_ssl_key" }
register: memcache_keys
until: memcache_keys|success
retries: 5
delay: 2
tags:
- rabbitmq-ssl

31
playbooks/roles/rabbitmq_server/tasks/rabbitmq_ssl_self_signed.yml
View File

@ -1,31 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# We create the self-signed SSL certificate and key only on the first
# RabbitMQ container.
- include: rabbitmq_ssl_key_create.yml
when: >
inventory_hostname == groups['rabbitmq_all'][0]
# The certificate and key are stored in memcached for easy distribution.
- include: rabbitmq_ssl_key_store.yml
when: >
inventory_hostname == groups['rabbitmq_all'][0]
# The additional RabbitMQ nodes will retrieve their SSL certificates and keys
# from memcached.
- include: rabbitmq_ssl_key_distribute.yml
when: >
inventory_hostname != groups['rabbitmq_all'][0]

46
playbooks/roles/rabbitmq_server/tasks/rabbitmq_ssl_user_provided.yml
View File

@ -1,46 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# If we have a user-provided SSL certificate from
# /etc/openstack_deploy/user_variables.yml, we should deploy that certificate
# and key to each RabbitMQ container.
- name: Deploy user provided ssl cert and key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "rabbitmq"
group: "rabbitmq"
mode: "{{ item.mode }}"
with_items:
- { src: "{{ rabbitmq_user_ssl_cert }}", dest: "{{ rabbitmq_ssl_cert }}", mode: "0644" }
- { src: "{{ rabbitmq_user_ssl_key }}", dest: "{{ rabbitmq_ssl_key }}", mode: "0600" }
when: rabbitmq_user_ssl_cert is defined and rabbitmq_user_ssl_key is defined
tags:
- rabbitmq-configs
- rabbitmq-ssl
# Deploy the user provided CA certificate as well (if the user defined it
# within /etc/openstack_deploy/user_variables.yml).
- name: Deploy user provided ssl CA cert
copy:
src: "{{ rabbitmq_user_ssl_ca_cert }}"
dest: "{{ rabbitmq_ssl_ca_cert }}"
owner: "rabbitmq"
group: "rabbitmq"
mode: "0644"
when: rabbitmq_user_ssl_ca_cert is defined
tags:
- keystone-configs
- keystone-ssl

38
playbooks/roles/rabbitmq_server/tasks/rabbitmq_started.yml
View File

@ -1,38 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: "Ensure RabbitMQ node [0] is started"
service:
name: rabbitmq-server
state: started
failed_when: false
when: >
inventory_hostname == rabbitmq_primary_cluster_node
tags:
- rabbitmq-server-started
- rabbitmq-upgrade
- rabbitmq-start
- name: "Ensure RabbitMQ nodes [1:] are started"
service:
name: rabbitmq-server
state: started
failed_when: false
when: >
inventory_hostname != rabbitmq_primary_cluster_node
tags:
- rabbitmq-server-started
- rabbitmq-upgrade
- rabbitmq-start

38
playbooks/roles/rabbitmq_server/tasks/rabbitmq_stopped.yml
View File

@ -1,38 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: "Ensure RabbitMQ nodes [1:] are stopped"
service:
name: rabbitmq-server
state: stopped
failed_when: false
when: >
inventory_hostname != rabbitmq_primary_cluster_node
tags:
- rabbitmq-server-stopped
- rabbitmq-upgrade
- rabbitmq-stop
- name: "Ensure RabbitMQ node [0] is stopped"
service:
name: rabbitmq-server
state: stopped
failed_when: false
when: >
inventory_hostname == rabbitmq_primary_cluster_node
tags:
- rabbitmq-server-stopped
- rabbitmq-upgrade
- rabbitmq-stop

39
playbooks/roles/rabbitmq_server/tasks/rabbitmq_upgrade_check.yml
View File

@ -1,39 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Get version of installed RabbitMQ package
shell: |
dpkg -l | grep rabbitmq-server
failed_when: false
register: installed_rabbitmq
when:
- not rabbitmq_upgrade | bool
tags:
- rabbitmq-package-deb
- rabbitmq-apt-packages
- name: Compare installed version of RabbitMQ with new version variable
fail:
msg: "To install a new major/minor version of RabbitMQ set '-e rabbitmq_upgrade=true'."
when: >
not rabbitmq_upgrade | bool and
installed_rabbitmq.rc == 0 and
installed_rabbitmq.stdout.split()[2] != rabbitmq_package_version
tags:
- rabbitmq-package-deb
- rabbitmq-apt-packages
- include: rabbitmq_upgrade_prep.yml
when: rabbitmq_upgrade | bool

33
playbooks/roles/rabbitmq_server/tasks/rabbitmq_upgrade_prep.yml
View File

@ -1,33 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Prevent RabbitMQ from starting on install
copy:
src: "policy-rc.d"
dest: "/usr/sbin/policy-rc.d"
mode: "0755"
backup: yes
tags:
- rabbitmq-policy-file
- rabbitmq-upgrade
- include: rabbitmq_stopped.yml
- name: Ensure erlang epmd is stopped
shell: |
pkill $(pgrep -lf "erlang" | awk '{print $2}')
ignore_errors: true
tags:
- rabbitmq-upgrade

4
playbooks/roles/rabbitmq_server/templates/rabbitmq-server.j2
View File

@ -1,4 +0,0 @@
# {{ ansible_managed }}
# Sets open file limit for RabbitMQ
ulimit -n {{ rabbitmq_ulimit }}

18
playbooks/roles/rabbitmq_server/templates/rabbitmq.config.j2
View File

@ -1,18 +0,0 @@
[
{rabbit, [
{loopback_users, []},
{ssl_listeners, [5671]},
{ssl_options, [{certfile,"{{ rabbitmq_ssl_cert }}"},
{keyfile,"{{ rabbitmq_ssl_key }}"},
{% if rabbitmq_user_ssl_ca_cert is defined -%}
{cacertfile,"{{ rabbitmq_ssl_ca_cert }}"},
{% endif -%}
{versions, ['tlsv1.2', 'tlsv1.1']},
{verify,verify_none},
{fail_if_no_peer_cert,false}]},
{% if rabbitmq_cluster_partition_handling != 'ignore' %}{cluster_partition_handling, {{ rabbitmq_cluster_partition_handling }}},{% endif %}
{cluster_nodes, {
[ {% for host in groups['rabbitmq_all'] %}'rabbit@{{ hostvars[host]['ansible_ssh_host'] }}'{% if not loop.last %}, {% endif %}{% endfor %}], disc}
}
]}
].

102
playbooks/roles/repo_server/CONTRIBUTING.rst
View File

@ -1,102 +0,0 @@
OpenStack repo server
#####################
:tags: openstack, repo, server, cloud, ansible
:category: \*nix
contributor guidelines
^^^^^^^^^^^^^^^^^^^^^^
Filing Bugs
-----------
Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible"
When submitting a bug, or working on a bug, please ensure the following
criteria are met:
* The description clearly states or describes the original problem or root
cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* The provided information should be totally self-contained. External access to
web services/sites should not be needed.
* Steps to reproduce the problem if possible.
Submitting Code
---------------
Changes to the project should be submitted for review via the Gerrit tool,
following the workflow documented at:
"http://docs.openstack.org/infra/manual/developers.html#development-workflow"
Pull requests submitted through GitHub will be ignored and closed without
regard.
Extra
-----
Tags:
If it's a bug that needs fixing in a branch in addition to Master, add a
'\<release\>-backport-potential' tag (eg ``juno-backport-potential``).
There are predefined tags that will autocomplete.
Status:
Please leave this alone, it should be New till someone triages the issue.
Importance:
Should only be touched if it is a Blocker/Gating issue. If it is, please
set to High, and only use Critical if you have found a bug that can take
down whole infrastructures.
Style guide
-----------
When creating tasks and other roles for use in Ansible please create then using
the YAML dictionary format.
Example YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name:
thing1: "some-stuff"
thing2: "some-other-stuff"
tags:
- some-tag
- some-other-tag
Example **NOT** in YAML dictionary format:
.. code-block:: yaml
- name: The name of the tasks
module_name: thing1="some-stuff" thing2="some-other-stuff"
tags:
- some-tag
- some-other-tag
Usage of the ">" and "|" operators should be limited to Ansible conditionals
and command modules such as the ansible ``shell`` module.
Issues
------
When submitting an issue, or working on an issue please ensure the following
criteria are met:
* The description clearly states or describes the original problem or root
cause of the problem.
* Include historical information on how the problem was identified.
* Any relevant logs are included.
* If the issue is a bug that needs fixing in a branch other than Master, add
the backport potential tag TO THE ISSUE (not the PR).
* The provided information should be totally self-contained. External access to
web services/sites should not be needed.
* If the issue is needed for a hotfix release, add the 'expedite' label.
* Steps to reproduce the problem if possible.

202
playbooks/roles/repo_server/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

17
playbooks/roles/repo_server/README.rst
View File

@ -1,17 +0,0 @@
OpenStack repo server
#####################
:tags: openstack, repo, server, cloud, ansible
:category: \*nix
Role to deploy a repository server for both python packages and git sources.
.. code-block:: yaml
- name: Setup repo servers
hosts: repo_all
user: root
roles:
- { role: "repo_server", tags: [ "repo-server" ] }
vars:
memcached_servers: 127.0.0.1:11211
memcached_encryption_key: secrete

92
playbooks/roles/repo_server/defaults/main.yml
View File

@ -1,92 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# If ``repo_nginx_threads`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# repo_nginx_threads: 16
# Defines that the role will be deployed on a host machine
is_metal: true
repo_worker_connections: 1024
repo_server_name: openstack-slushee
repo_service_home_folder: /var/www
repo_service_user_name: nginx
repo_service_group_name: www-data
repo_auto_rebuild: false
repo_memcached_servers: "{% for host in groups['repo_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
# If you want to regenerate the repo users SSH keys, on each run, set this var to True
# Otherwise keys will be generated on the first run and not regenerated each run.
repo_recreate_keys: False
repo_apt_packages:
- aptitude
- bridge-utils
- build-essential
- cgroup-lite
- cmake
- dmeventd
- fcgiwrap
- git-core
- iptables
- lsyncd
- lynx
- nginx-extras
- rsync
- sshpass
- tmux
- liberasurecode1
- liberasurecode-dev
- libldap2-dev
- libsasl2-dev
- libssl-dev
- libxslt1.1
- libpq-dev
- libffi-dev
- libsqlite3-dev
- libxml2-dev
- libxslt1-dev
- libkmod-dev
- libkrb5-dev
- libkmod2
- libvirt-dev
- libmariadbclient-dev
- lxc-dev
- lvm2
- python-dev
- python-software-properties
- sqlite3
- swig
- vlan
- uuid-dev
repo_pip_packages:
- cloudlib
- PyCrypto
- python-memcached
- PyYAML
- requests
- turbolift
- wheel
- yaprt
- virtualenv
- virtualenv-tools
# Main web server port
repo_server_port: 8181

408
playbooks/roles/repo_server/files/openstack-wheel-builder.py
View File

@ -1,408 +0,0 @@
#!/usr/bin/env python
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2015, Kevin Carter <kevin.carter@rackspace.com>
import os
import traceback
import yaml
from cloudlib import arguments
from cloudlib import shell
REQUIREMENTS_FILE_TYPES = [
'requirements.txt',
'global-requirements.txt',
'test-requirements.txt',
'dev-requirements.txt'
]
# List of variable names that could be used within the yaml files that
# represent lists of python packages.
BUILT_IN_PIP_PACKAGE_VARS = [
'service_pip_dependencies',
'pip_common_packages',
'pip_container_packages',
'pip_packages'
]
class DependencyFileProcessor(object):
def __init__(self, local_path):
"""Find and process dependent files from a local_path.
:type local_path: ``str``
:return:
"""
self.pip = dict()
self.pip['git_package'] = list()
self.pip['py_package'] = list()
self.git_pip_install = 'git+%s@%s'
self.file_names = self._get_files(path=local_path)
# Process everything simply by calling the method
self._process_files(ext=('yaml', 'yml'))
def _filter_files(self, file_names, ext):
"""Filter the files and return a sorted list.
:type file_names:
:type ext: ``str`` or ``tuple``
:returns: ``list``
"""
_file_names = list()
for file_name in file_names:
if file_name.endswith(ext):
if '/defaults/' in file_name or '/vars/' in file_name:
_file_names.append(file_name)
else:
continue
elif os.path.basename(file_name) in REQUIREMENTS_FILE_TYPES:
with open(file_name, 'rb') as f:
packages = [
i.split()[0] for i in f.read().splitlines()
if i
if not i.startswith('#')
]
self.pip['py_package'].extend(packages)
else:
return sorted(_file_names, reverse=True)
@staticmethod
def _get_files(path):
"""Return a list of all files in the defaults/repo_packages directory.
:type path: ``str``
:returns: ``list``
"""
paths = os.walk(os.path.abspath(path))
files = list()
for fpath, _, afiles in paths:
for afile in afiles:
files.append(os.path.join(fpath, afile))
else:
return files
def _check_plugins(self, git_repo_plugins, git_data):
"""Check if the git url is a plugin type.
:type git_repo_plugins: ``dict``
:type git_data: ``dict``
"""
for repo_plugin in git_repo_plugins:
plugin = '%s/%s' % (
repo_plugin['path'].strip('/'),
repo_plugin['package'].lstrip('/')
)
package = self.git_pip_install % (
git_data['repo'],
'%s#egg=%s&subdirectory=%s' % (
git_data['branch'],
repo_plugin['package'].strip('/'),
plugin
)
)
self.pip['git_package'].append(package)
def _process_git(self, loaded_yaml, git_item):
"""Process git repos.
:type loaded_yaml: ``dict``
:type git_item: ``str``
"""
git_data = dict()
if git_item.split('_')[0] == 'git':
var_name = 'git'
else:
var_name = git_item.split('_')[0]
git_data['repo'] = loaded_yaml.get(git_item)
git_data['branch'] = loaded_yaml.get(
'%s_git_install_branch' % var_name.replace('.', '_')
)
if not git_data['branch']:
git_data['branch'] = loaded_yaml.get(
'git_install_branch',
'master'
)
package = self.git_pip_install % (
git_data['repo'], git_data['branch']
)
self.pip['git_package'].append(package)
git_repo_plugins = loaded_yaml.get('%s_repo_plugins' % var_name)
if git_repo_plugins:
self._check_plugins(
git_repo_plugins=git_repo_plugins,
git_data=git_data
)
def _process_files(self, ext):
"""Process files.
:type ext: ``tuple``
"""
file_names = self._filter_files(
file_names=self.file_names,
ext=ext
)
for file_name in file_names:
with open(file_name, 'rb') as f:
loaded_config = yaml.safe_load(f.read())
for key, values in loaded_config.items():
if key.endswith('git_repo'):
self._process_git(
loaded_yaml=loaded_config,
git_item=key
)
if [i for i in BUILT_IN_PIP_PACKAGE_VARS if i in key]:
self.pip['py_package'].extend(values)
def _arguments():
"""Return CLI arguments."""
arguments_dict = {
'optional_args': {
'local_path': {
'commands': [
'--local-path'
],
'help': 'Local path to cloned code.',
'metavar': '[PATH]',
'required': True
},
'report_file': {
'commands': [
'--report-file'
],
'help': 'Full path to write the package report to',
'metavar': '[FILE_PATH]',
'required': True
},
'storage_pool': {
'commands': [
'--storage-pool'
],
'help': 'Full path to the directory where you want to store'
' built wheels.',
'metavar': '[PATH]',
'required': True
},
'release_directory': {
'commands': [
'--release-directory'
],
'help': 'Full path to the directory where the releaesed links'
' will be stored.',
'metavar': '[PATH]',
'required': True
},
'add_on_repos': {
'commands': [
'--add-on-repos'
],
'help': 'Full repo path to require as an additional add on'
' repo. Example:'
' "git+https://github.com/rcbops/other-repo@master"',
'metavar': '[REPO_NAME]',
'nargs': '+'
},
'link_pool': {
'commands': [
'--link-pool'
],
'help': 'Full path to the directory links are stored.',
'metavar': '[PATH]',
'required': True
}
}
}
return arguments.ArgumentParserator(
arguments_dict=arguments_dict,
epilog='Licensed Apache2',
title='Discover all of the requirements within the'
' openstack-ansible project.',
detail='Requirement lookup',
description='Discover all of the requirements within the'
' openstack-ansible project.',
env_name='OS_ANSIBLE'
).arg_parser()
def _abs_path(path):
return os.path.abspath(
os.path.expanduser(
path
)
)
def _run_command(command):
print('Running "%s"' % command[2])
run_command = shell.ShellCommands(debug=True)
info, success = run_command.run_command(' '.join(command))
if not success:
raise SystemExit(info)
else:
print(info)
def main():
"""Run the main application."""
user_vars = _arguments()
return_list = list()
try:
dfp = DependencyFileProcessor(
local_path=_abs_path(user_vars['local_path'])
)
return_list.extend(dfp.pip['py_package'])
return_list.extend(dfp.pip['git_package'])
except Exception as exp:
raise SystemExit(
'Execution failure. Path: "%s", Error: "%s", Trace:\n%s' % (
user_vars['local_path'],
str(exp),
traceback.format_exc()
)
)
else:
return_data = {
'packages': list(),
'remote_packages': list()
}
for file_name in sorted(set(return_list)):
is_url = file_name.startswith(('http:', 'https:', 'git+'))
if is_url:
if '@' not in file_name:
return_data['packages'].append(file_name)
else:
return_data['remote_packages'].append(file_name)
else:
return_data['packages'].append(file_name)
else:
return_data['packages'] = ' '.join(
['"%s"' % i for i in set(return_data['packages'])]
)
if user_vars['add_on_repos']:
return_data['remote_packages'].extend(
[i.strip() for i in user_vars['add_on_repos']]
)
return_data['remote_packages'] = ' '.join(
['"%s"' % i for i in set(return_data['remote_packages'])]
)
# Build report
report_command = [
'yaprt',
'--debug',
'create-report',
'--report-file',
_abs_path(user_vars['report_file']),
'--git-install-repos',
return_data['remote_packages'],
'--packages',
return_data['packages']
]
_run_command(report_command)
# Build requirements wheels
requirements_command = [
'yaprt',
'--debug',
'build-wheels',
'--report-file',
_abs_path(user_vars['report_file']),
'--storage-pool',
_abs_path(user_vars['storage_pool']),
'--link-dir',
_abs_path(user_vars['release_directory']),
'--pip-extra-link-dirs',
_abs_path(user_vars['link_pool']),
'--pip-index',
'https://rpc-repo.rackspace.com/pools',
'--pip-extra-index',
'https://pypi.python.org/simple',
'--pip-bulk-operation',
'--build-output',
'/tmp/openstack-wheel-output',
'--build-dir',
'/tmp/openstack-builder',
'--build-requirements',
'--force-clean'
]
_run_command(requirements_command)
# Build wheels from git-repos
requirements_command = [
'yaprt',
'--debug',
'build-wheels',
'--report-file',
_abs_path(user_vars['report_file']),
'--storage-pool',
_abs_path(user_vars['storage_pool']),
'--link-dir',
_abs_path(user_vars['release_directory']),
'--pip-extra-link-dirs',
_abs_path(user_vars['link_pool']),
'--pip-no-deps',
'--pip-no-index',
'--build-output',
'/tmp/openstack-wheel-output',
'--build-dir',
'/tmp/openstack-builder',
'--build-branches',
'--build-releases',
'--force-clean'
]
_run_command(requirements_command)
# Create HTML index for all files in the release directory
index_command = [
'yaprt',
'--debug',
'create-html-indexes',
'--repo-dir',
_abs_path(user_vars['release_directory'])
]
_run_command(index_command)
# Store the git repositories
index_command = [
'yaprt',
'store-repos',
'--report-file',
_abs_path(user_vars['report_file']),
'--git-repo-path',
'/var/www/repo/openstackgit'
]
_run_command(index_command)
if __name__ == '__main__':
main()

169
playbooks/roles/repo_server/files/openstack-wheel-builder.sh
View File

@ -1,169 +0,0 @@
#!/usr/bin/env bash
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Notes:
# To use this script you MUST move it to some path that will be called.
# I recommend that the script be stored and executed from
# "/opt/openstack-wheel-builder.sh". This script is a wrapper script that relies
# on the "openstack-wheel-builder.py" and is execute from
# "/opt/openstack-wheel-builder.py".
# Overrides:
# This script has several things that can be overriden via environment
# variables.
# Git repository that the rcbops ansible lxc source code will be cloned from.
# This repo should be a repo that is available via HTTP.
# GIT_REPO=""
# The URI for the github api. This is ONLY used when the $RELEASES variable
# is an empty string. Which causes the script to go discover the available
# releases.
# GITHUB_API_ENDPOINT=""
# Local directory to store the source code while interacting with it.
# WORK_DIR=""
# Local directory to store the built wheels.
# OUTPUT_WHEEL_PATH=""
# Space seperated list of all releases to build for. If unset the releases
# will be discovered.
# RELEASES=""
# Space seperated list of all releases to exclude from building. This is
# ONLY used when the $RELEASES variable is an empty string.
# EXCLUDE_RELEASES=""
set -e -o -v
# Trap any errors that might happen in executing the script
trap my_trap_handler ERR
# Ensure there is a base path loaded
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Defined variables.
GIT_REPO="${GIT_REPO:-https://github.com/openstack/openstack-ansible}"
GITHUB_API_ENDPOINT="${GITHUB_API_ENDPOINT:-https://api.github.com/repos/openstack/openstack-ansible}"
# Predefined working directory.
WORK_DIR="${WORK_DIR:-/tmp/openstack-ansible-deployment}"
# Output directories.
OUTPUT_WHEEL_PATH="${OUTPUT_WHEEL_PATH:-/var/www/repo/os-releases}"
LINK_PATH="${LINK_PATH:-/var/www/repo/links}"
REPORT_DIR="${REPORT_DIR:-/var/www/repo/reports}"
STORAGE_POOL="${STORAGE_POOL:-/var/www/repo/pools}"
# Additional space separated list of repos to always include in a build.
ADDON_REPOS="git+https://github.com/rcbops/horizon-extensions.git@master "
# Set the force build option to false
FORCE_BUILD="${FORCE_BUILD:-false}"
# Default is an empty string which causes the script to go discover the available
# branches from the github API.
RELEASES=${RELEASES:-""}
# Define branches that you no longer want new wheels built for or checked against.
EXCLUDE_RELEASES="${EXCLUDE_RELEASES:-v9.0.0 gh-pages revert}"
# Name of the lock file.
LOCKFILE="/tmp/wheel_builder.lock"
function my_trap_handler {
kill_job
}
function lock_file_remove {
if [ -f "${LOCKFILE}" ]; then
rm "${LOCKFILE}"
fi
}
function kill_job {
set +e
# If the job needs killing kill the pid and unlock the file.
if [ -f "${LOCKFILE}" ]; then
PID=$(cat ${LOCKFILE})
lock_file_remove
kill -9 "${PID}"
fi
}
function cleanup {
# Ensure workspaces are cleaned up
rm -rf /tmp/openstack_wheels*
rm -rf /tmp/pip*
rm -rf "${WORK_DIR}"
}
# Check for releases
if [ -z "${RELEASES}" ];then
echo "No releases specified. Provide a space separated list branches to build for."
exit 1
fi
# Check for system lock file.
if [ ! -f "${LOCKFILE}" ]; then
echo $$ | tee "${LOCKFILE}"
else
if [ "$(find ${LOCKFILE} -mmin +240)" ]; then
logger "Stale pid found for ${LOCKFILE}."
logger "Killing any left over processes and unlocking"
kill_job
else
NOTICE="Active job already in progress. Check pid \"$(cat ${LOCKFILE})\" for status. Lock file: ${LOCKFILE}"
echo $NOTICE
logger ${NOTICE}
exit 1
fi
fi
# Iterate through the list of releases and build everything that's needed
logger "Building Python Wheels for ${RELEASES}"
for release in ${RELEASES}; do
if [ ! -d "${OUTPUT_WHEEL_PATH}/${release}" ] || [[ "${FORCE_BUILD}" == "true" ]]; then
# Perform cleanup
cleanup
# Git clone repo
git clone "${GIT_REPO}" "${WORK_DIR}"
# checkout release
pushd "${WORK_DIR}"
git checkout "${release}"
popd
# Build wheels
OVERRIDE_WHEEL_OUTPUT_PATH="${OVERRIDE_WHEEL_OUTPUT_PATH:-${OUTPUT_WHEEL_PATH}/${release}}"
mkdir -p "${OVERRIDE_WHEEL_OUTPUT_PATH}"
/opt/openstack-wheel-builder.py --report-file "${REPORT_DIR}/${release}.json" \
--link-pool "${LINK_PATH}" \
--local-path "${WORK_DIR}" \
--storage-pool ${STORAGE_POOL} \
--release-directory "${OVERRIDE_WHEEL_OUTPUT_PATH}" \
--add-on-repos ${ADDON_REPOS}
fi
echo "Complete [ ${release} ]"
done
# Perform cleanup
cleanup
# Remove lock file on job completion
lock_file_remove

3
playbooks/roles/repo_server/files/rsync.defaults
View File

@ -1,3 +0,0 @@
RSYNC_ENABLE=true
RSYNC_CONFIG_FILE=/etc/rsyncd.conf
RSYNC_OPTS=''

15
playbooks/roles/repo_server/files/rsyncd.conf
View File

@ -1,15 +0,0 @@
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
max connections = 15
timeout = 600
transfer logging = true
[openstack_mirror]
path = {{ repo_service_home_folder }}/repo
comment = OpenStack Private Cloud Mirror Server
use chroot = yes
read only = yes
uid = nobody
gid = nogroup

43
playbooks/roles/repo_server/files/sshd_config
View File

@ -1,43 +0,0 @@
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
UseDNS no

44
playbooks/roles/repo_server/handlers/main.yml
View File

@ -1,44 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: reload nginx
service:
name: "nginx"
state: restarted
pattern: "nginx"
- name: reload rsyncd
service:
name: "rsync"
state: restarted
pattern: "rsync"
- name: reload fcgiwrap
service:
name: "fcgiwrap"
state: restarted
pattern: "fcgiwrap"
- name: reload ssh
service:
name: "ssh"
state: restarted
pattern: "ssh"
- name: reload lsyncd
service:
name: "lsyncd"
state: restarted
pattern: "lsyncd"

34
playbooks/roles/repo_server/meta/main.yml
View File

@ -1,34 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Install package repo server
company: Rackspace
license: Apache2
min_ansible_version: 1.6.6
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- python
- development
- openstack
dependencies:
- apt_package_pinning
- pip_install
- memcached_server

31
playbooks/roles/repo_server/tasks/main.yml
View File

@ -1,31 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: repo_pre_install.yml
- include: repo_install.yml
- include: repo_post_install.yml
- include: repo_key_populate.yml
- include: repo_key_distribute.yml
when: >
groups.repo_all|length > 1
- include: repo_sync_manager.yml
when: >
inventory_hostname == groups['pkg_repo'][0]
- name: Flush handlers
meta: flush_handlers

50
playbooks/roles/repo_server/tasks/repo_install.yml
View File

@ -1,50 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Update apt sources
apt:
update_cache: yes
cache_valid_time: 600
register: apt_update
until: apt_update|success
retries: 5
delay: 2
tags:
- repo-apt-packages
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 5
with_items: repo_apt_packages
tags:
- repo-apt-packages
- name: Install pip packages
pip:
name: "{{ item }}"
state: present
extra_args: "{{ pip_install_options|default('') }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 5
with_items: repo_pip_packages
tags:
- repo-pip-packages

23
playbooks/roles/repo_server/tasks/repo_key_distribute.yml
View File

@ -1,23 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create authorized keys file from host vars
authorized_key:
user: "{{ repo_service_user_name }}"
key: "{{ hostvars[item]['repo_pubkey'] }}"
with_items: groups['pkg_repo']
tags:
- repo-key
- repo-key-store

30
playbooks/roles/repo_server/tasks/repo_key_populate.yml
View File

@ -1,30 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Get public key contents and store as var
command: |
cat {{ repo_service_home_folder }}/.ssh/id_rsa.pub
register: repo_pub
changed_when: false
tags:
- repo-key
- repo-key-create
- name: Register a fact for the repo user pub key
set_fact:
repo_pubkey: "{{ repo_pub.stdout }}"
tags:
- repo-key
- repo-key-create

115
playbooks/roles/repo_server/tasks/repo_post_install.yml
View File

@ -1,115 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: create the system group
group:
name: "{{ repo_service_group_name }}"
state: "present"
system: "yes"
tags:
- pkg-repo-group
- name: Remove old key file(s) if found
file:
path: "{{ item }}"
state: "absent"
with_items:
- "{{ repo_service_home_folder }}/.ssh/authorized_keys"
- "{{ repo_service_home_folder }}/.ssh/id_rsa"
- "{{ repo_service_home_folder }}/.ssh/id_rsa.pub"
when: repo_recreate_keys | bool
tags:
- repo-key
- repo-key-create
- name: Create the nginx system user
user:
name: "{{ repo_service_user_name }}"
group: "{{ repo_service_group_name }}"
comment: "Nginx repo user"
shell: "/bin/bash"
system: "yes"
createhome: "yes"
home: "{{ repo_service_home_folder }}"
generate_ssh_key: "yes"
tags:
- pkg-repo-user
- repo-key
- repo-key-create
- name: File and directory setup
file:
path: "{{ item.path }}"
state: "{{ item.state }}"
owner: "{{ item.owner|default('root') }}"
group: "{{ item.group|default('root') }}"
mode: "{{ item.mode }}"
with_items:
- { path: "{{ repo_service_home_folder }}", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "{{ repo_service_home_folder }}/.ssh", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2700" }
- { path: "{{ repo_service_home_folder }}/repo", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "{{ repo_service_home_folder }}/repo/links", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "{{ repo_service_home_folder }}/repo/os-releases", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "{{ repo_service_home_folder }}/repo/os-releases/{{ openstack_release }}", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "{{ repo_service_home_folder }}/repo/openstackgit", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "{{ repo_service_home_folder }}/repo/python_packages", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "{{ repo_service_home_folder }}/repo/python_packages/pools", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "{{ repo_service_home_folder }}/repo/pools", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "{{ repo_service_home_folder }}/repo/reports", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" }
- { path: "/etc/lsyncd", state: "directory", mode: "0755" }
- { path: "/var/log/lsyncd", state: "directory", mode: "0755" }
- { path: "/etc/nginx/sites-enabled/default", state: "absent", mode: "0644" }
tags:
- pkg-repo-dirs
- name: Drop NGINX configuration files
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "nginx.conf.j2", dest: "/etc/nginx/nginx.conf" }
- { src: "rsyncd.conf.j2", dest: "/etc/rsyncd.conf" }
- { src: "openstack-slushee.vhost.j2", dest: "/etc/nginx/sites-available/openstack-slushee.vhost" }
notify:
- reload nginx
tags:
- pkg-repo-nginx
- pkg-repo-config
- name: Change fcgiwrap GID/UID
lineinfile:
dest: "/etc/init.d/fcgiwrap"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: "^FCGI_SOCKET_OWNER=", line: 'FCGI_SOCKET_OWNER="{{ repo_service_user_name }}"' }
- { regexp: "^FCGI_SOCKET_GROUP=", line: 'FCGI_SOCKET_GROUP="{{ repo_service_group_name }}"' }
notify:
- reload nginx
- reload fcgiwrap
tags:
- pkg-repo-nginx
- pkg-repo-config
- name: Enable openstack-slushee site
file:
src: "/etc/nginx/sites-available/openstack-slushee.vhost"
dest: "/etc/nginx/sites-enabled/openstack-slushee.vhost"
state: "link"
notify:
- reload nginx
tags:
- pkg-repo-nginx
- pkg-repo-config

Some files were not shown because too many files have changed in this diff Show More