Include barbican role in integrated release

Add playbook, haproxy service configuration, variable definition, and environment definition files required to deploy barbican as an integrated role of openstack-ansible. Change-Id: If87099958e0b1fc48866a468a47bb60bae622f28
2016-10-27 16:51:04 +02:00 · 2016-10-27 16:51:04 +02:00 · 7eca22359f
parent 1a2f9ac0ac
commit 7eca22359f
11 changed files with 165 additions and 0 deletions
--- a/ansible-role-requirements.yml
+++ b/ansible-role-requirements.yml
@ -58,6 +58,10 @@
  scm: git
  src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
  version: master
+- name: os_barbican
+  scm: git
+  src: https://git.openstack.org/openstack/openstack-ansible-os_barbican
+  version: master
 - name: os_ceilometer
  scm: git
  src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer
--- a/doc/source/install-guide/app-advanced-role-docs.rst
+++ b/doc/source/install-guide/app-advanced-role-docs.rst
@ -33,6 +33,8 @@ OpenStack service roles

 -  `os_aodh <http://docs.openstack.org/developer/openstack-ansible-os_aodh>`_

+-  `os_barbican <http://docs.openstack.org/developer/openstack-ansible-os_barbican>`_
+
 -  `os_ceilometer <http://docs.openstack.org/developer/openstack-ansible-os_ceilometer>`_

 -  `os_cinder <http://docs.openstack.org/developer/openstack-ansible-os_cinder>`_
--- a/etc/openstack_deploy/user_secrets.yml
+++ b/etc/openstack_deploy/user_secrets.yml
@ -144,3 +144,8 @@ trove_rabbitmq_password:
 trove_service_password:
 trove_admin_user_password:
 trove_regular_user_password:
+
+## Barbican Options
+barbican_galera_password:
+barbican_rabbitmq_password:
+barbican_service_password:
--- a/playbooks/defaults/repo_packages/openstack_services.yml
+++ b/playbooks/defaults/repo_packages/openstack_services.yml
@ -42,6 +42,13 @@ aodh_git_dest: "/opt/aodh_{{ aodh_git_install_branch | replace('/', '_') }}"
 aodh_git_project_group: aodh_all


+## Barbican service
+barbican_git_repo: https://git.openstack.org/openstack/barbican
+barbican_git_install_branch: b8bbd3264e3e9201b23a081c1d810f1b5da5a580 # HEAD of "master" as of 12.10.2016
+barbican_git_dest: "/opt/barbican_{{ barbican_git_install_branch | replace('/', '_') }}"
+barbican_git_project_group: barbican_all
+
+
 ## Ceilometer service
 ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer
 ceilometer_git_install_branch: a3f4a777336c413a214364af80a3880f27ea5e04 # HEAD of "master" as of 12.10.2016
--- a/playbooks/inventory/env.d/barbican.yml
+++ b/playbooks/inventory/env.d/barbican.yml
@ -0,0 +1,36 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+component_skel:
+  barbican_api:
+    belongs_to:
+      - barbican_all
+
+container_skel:
+  barbican_container:
+    belongs_to:
+      - key-manager_containers
+    contains:
+      - barbican_api
+    properties:
+      service_name: barbican
+
+physical_skel:
+  key-manager_containers:
+    belongs_to:
+      - all_containers
+  key-manager_hosts:
+    belongs_to:
+      - hosts
--- a/playbooks/inventory/group_vars/barbican_all.yml
+++ b/playbooks/inventory/group_vars/barbican_all.yml
@ -0,0 +1,29 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+barbican_service_region: "{{ service_region }}"
+barbican_service_in_ldap: "{{ service_ldap_backend_enabled }}"
+barbican_keystone_auth: yes
+
+barbican_galera_address: "{{ galera_address }}"
+barbican_galera_database: barbican
+barbican_galera_user: barbican
+
+barbican_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
+barbican_rabbitmq_port: "{{ rabbitmq_port }}"
+barbican_rabbitmq_servers: "{{ rabbitmq_servers }}"
+barbican_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
+barbican_rabbitmq_userid: barbican
+barbican_rabbitmq_vhost: /barbican
--- a/playbooks/os-barbican-install.yml
+++ b/playbooks/os-barbican-install.yml
@ -0,0 +1,63 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Installation and setup of barbican
+  hosts: barbican_all
+  gather_facts: "{{ gather_facts | default(True) }}"
+  max_fail_percentage: 20
+  user: root
+  pre_tasks:
+    - include: common-tasks/os-lxc-container-setup.yml
+    - include: common-tasks/rabbitmq-vhost-user.yml
+      static: no
+      vars:
+        user: "{{ barbican_rabbitmq_userid }}"
+        password: "{{ barbican_rabbitmq_password }}"
+        vhost: "{{ barbican_rabbitmq_vhost }}"
+        _rabbitmq_host_group: "{{ barbican_rabbitmq_host_group }}"
+      when:
+        - inventory_hostname == groups['barbican_api'][0]
+        - groups[barbican_rabbitmq_host_group] | length > 0
+    - include: common-tasks/os-log-dir-setup.yml
+      vars:
+        log_dirs:
+          - src: "/openstack/log/{{ inventory_hostname }}-barbican"
+            dest: "/var/log/barbican"
+    - include: common-tasks/mysql-db-user.yml
+      static: no
+      vars:
+        user_name: "{{ barbican_galera_user }}"
+        password: "{{ barbican_galera_password }}"
+        login_host: "{{ barbican_galera_address }}"
+        db_name: "{{ barbican_galera_database }}"
+      when: inventory_hostname == groups['barbican_all'][0]
+    - include: common-tasks/package-cache-proxy.yml
+  roles:
+    - role: "os_barbican"
+      barbican_venv_tag: "{{ openstack_release }}"
+      barbican_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/barbican-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
+    - role: "openstack_openrc"
+      tags:
+        - openrc
+    - role: "rsyslog_client"
+      rsyslog_client_log_rotate_file: barbican_log_rotate
+      rsyslog_client_log_dir: "/var/log/barbican"
+      rsyslog_client_config_name: "99-barbican-rsyslog-client.conf"
+      tags:
+        - rsyslog
+  vars:
+    is_metal: "{{ properties.is_metal|default(false) }}"
+  tags:
+    - barbican
--- a/playbooks/setup-openstack.yml
+++ b/playbooks/setup-openstack.yml
@ -14,6 +14,7 @@
 # limitations under the License.

 - include: os-keystone-install.yml
+- include: os-barbican-install.yml
 - include: os-glance-install.yml
 - include: os-cinder-install.yml
 - include: os-nova-install.yml
--- a/playbooks/vars/configs/haproxy_config.yml
+++ b/playbooks/vars/configs/haproxy_config.yml
@ -260,3 +260,11 @@ haproxy_default_services:
      haproxy_balance_type: http
      haproxy_backend_options:
        - "httpchk HEAD /"
+  - service:
+      haproxy_service_name: barbican
+      haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}"
+      haproxy_ssl: "{{ haproxy_ssl }}"
+      haproxy_port: 9311
+      haproxy_balance_type: tcp
+      haproxy_backend_options:
+        - tcp-check
--- a/releasenotes/notes/barbican-integration-cef0bf5e44d455e6.yaml
+++ b/releasenotes/notes/barbican-integration-cef0bf5e44d455e6.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - Support has been added to allow the deployment of the OpenStack
+    barbican service when hosts are present in the host group
+    ``key-manager_hosts``.
--- a/tests/test_inventory.py
+++ b/tests/test_inventory.py
@ -137,6 +137,9 @@ class TestAnsibleInventoryFormatConstraints(unittest.TestCase):
        'aodh_api',
        'aodh_container',
        'aodh_listener',
+        'barbican_all',
+        'barbican_api',
+        'barbican_container',
        'ceilometer_agent_central',
        'ceilometer_agent_compute',
        'ceilometer_agent_notification',
@ -215,6 +218,8 @@ class TestAnsibleInventoryFormatConstraints(unittest.TestCase):
        'ironic-compute_containers',
        'ironic-compute_all',
        'ironic-compute_hosts',
+        'key-manager_containers',
+        'key-manager_hosts',
        'keystone',
        'keystone_all',
        'keystone_container',