diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index ae6857673d..0000000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,30 +0,0 @@ -###Contributor guidelines -**Filing Bugs** - -Bugs should be filed on Launchpad, not GitHub: - - https://bugs.launchpad.net/openstack-ansible - -When submitting a bug, or working on a bug, please ensure the following criteria are met: - -* The description clearly states or describes the original problem or root cause of the problem. -* Include historical information on how the problem was identified. -* Any relevant logs are included. -* The provided information should be totally self-contained. External access to web services/sites should not be needed. -* Steps to reproduce the problem if possible. - -**Submitting Code** - -Changes to the project should be submitted for review via the Gerrit tool, following -the workflow documented at: - - http://docs.openstack.org/infra/manual/developers.html#development-workflow - -Pull requests submitted through GitHub will be ignored. - - -**Extra** - -***Tags***: If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ```juno-backport-potential```). There are predefined tags that will autocomplete -***Status***: Please leave this alone, it should be New till someone triages the issue. -***Importance***: Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 0000000000..68fe4a4413 --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,90 @@ +OpenStack Ansible Deployment +############################ +:tags: openstack, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible". + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will auto-complete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example what **NOT** to do: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: some-tag + + .. code-block:: yaml + + - name: The name of the tasks + module_name: > + thing1="some-stuff" + thing2="some-other-stuff" + tags: some-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` or ``command``. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, please note the associated branch within the launchpad issue. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. diff --git a/LICENSE.txt b/LICENSE.txt new file mode 100644 index 0000000000..5c304d1a4a --- /dev/null +++ b/LICENSE.txt @@ -0,0 +1,201 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.rst b/README.rst index a7c93fd193..eab274de1c 100644 --- a/README.rst +++ b/README.rst @@ -1,120 +1,60 @@ -OpenStack Deployment with Ansible -################################# -:date: 2014-09-25 09:00 +OpenStack Ansible Deployment +############################ +:date: 2015-02-02 22:00 :tags: lxc, openstack, cloud, ansible :category: \*nix -Official Documentation ----------------------- -Comprehensive installation guides, including FAQs and release notes, can be found at http://docs.rackspace.com +Playbooks +--------- -Bug tracking and release management can be found in Launchpad_ +There are several playbooks within that will setup hosts for use in OpenStack Cloud. The playbooks will enable LXC on hosts and provides the ability to deploy LXC containers for use within openstack. -.. _launchpad: https://launchpad.net/openstack-ansible +Plays: + * ``setup-hosts.yml`` Performs host setup for use with LXC in the OpenStack hosts. + * ``setup-infrastructure.yml`` Performs all of the setup for all infrastructure components. + * ``setup-openstack.yml`` Performs all of the setup for all of the OpenStack components. -Code reviews will be managed in Gerrit_ +* If you dont want to run plays individually you can simply run ``setup-everything.yml`` which will perform all of the setup and installation for you. -.. _gerrit: https://review.openstack.org/#/q/os-ansible-deployment,n,z +Basic Setup: + 1. If you have any roles that you'd like to have pulled in that are outside the scope and or replace modules within this repository please add them to the ``ansible-role-requirements.yml`` file. In this file you will want to fill in the details for the role you want to pull in using standard ansible galaxy format. -Playbook Support ----------------- + .. code-block:: yaml -OpenStack: - * keystone - * glance-api - * glance-registry - * cinder-api - * cinder-scheduler - * cinder-volume - * nova-api - * nova-api-ec2 - * nova-api-metadata - * nova-api-os-compute - * nova-compute - * nova-conductor - * nova-scheduler - * heat-api - * heat-api-cfn - * heat-api-cloudwatch - * heat-engine - * horizon - * neutron-server - * neutron-dhcp-agent - * neutron-metadata-agent - * neutron-linuxbridge-agent + - name: SuperAwesomeModule + src: https://github.com/super-user/SuperAwesomeModule + version: master + 2. Run the ``./scripts/os-ansible-bootstrap.sh`` script, which will install, pip, ansible 1.8.x, all of the required python packages, and bring in any third part ansible roles that you may want to add to the deployment. + 3. Copy the ``etc/openstack_deploy`` directory to ``/etc/openstack_deploy`` or if you are executing all of this as an unprivileged user you can add the ``openstack_deploy`` bits into your home directory as ``${HOME}/.openstack_deploy``. + 4. Fill in your ``openstack_deploy/openstack_user_config.yml``, ``openstack_deploy/user_secrets.yml`` and ``openstack_deploy/user_variables.yml`` files which you've just copied to your ``/etc/`` directory or your ``${HOME}`` folder. + 5. Generate all of your random passwords executing ``scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml``. + 6. Accomplish all of the host networking that you want to use within the deployment. See the ``etc/network`` directory in this repository for an example network setup. + 7. When ready change to the ``playbooks/`` directory and execute your desired plays. IE: -Infrastructure: - * galera - * rabbitmq - * logstash - * elastic-search - * kibana + .. code-block:: bash -Assumptions ------------ - -This repo assumes that you have setup the host servers that will be running the OpenStack infrastructure with three bridged network devices named: ``br-mgmt``, ``br-vxlan``, ``br-vlan``. These bridges will be used throughout the OpenStack infrastructure. - -The repo also relies on configuration files found in the `/etc` directory of this repo. -If you are running Ansible from an "unprivileged" host, you can place the contents of the /etc/ directory in your home folder; this would be in a directory similar to `/home//openstack_deploy/`. Once you have the file in place, you will have to enter the details of your environment in the `openstack_user_config.yml` file; please see the file for how this should look. After you have a bridged network and the files/directory in place, continue on to _`Base Usage`. - - -Base Usage ----------- - -All commands must be executed from the ``playbooks`` directory. From this directory you will have access to all of the playbooks, roles, and variables. It is recommended that you create an override file to contain any and all variables that you wish to override for the deployment. While the override file is is not required it will make life a bit easier. The default override file for the environment is the ``user_variables.yml`` file. - -All of the variables that you may wish to update are in the ``vars/`` directory, however you should also be aware that services will pull in base group variables as found in ``inventory/group_vars``. - -All playbooks exist in the ``playbooks/`` directory and are grouped in different sub-directories. - -All of the keys, tokens, and passwords are in the ``user_variables.yml`` file. This file contains no -preset passwords. To setup your keys, passwords, and tokens you will need to either edit this file -manually or use the script ``pw-token-gen.py``. Example: - -.. code-block:: - - # Generate the tokens - scripts/pw-token-gen.py --file /etc/openstack_deploy/user_variables.yml - - -Example usage from the `playbooks` directory in the ``os-ansible-deployment`` repository - -.. code-block:: bash - - # Run setup on all hosts: - ansible-playbook -e @vars/user_variables.yml playbooks/host-setup.yml - - # Run infrastructure on all hosts - ansible-playbook -e @vars/user_variables.yml playbooks/infrastructure-setup.yml - - # Setup and configure openstack within your spec'd containers - ansible-playbook -e @vars/user_variables.yml playbooks/openstack-setup.yml - - -About Inventory ---------------- - -All things that Ansible cares about are located in inventory. The whole inventory is dynamically generated using the previously mentioned configuration files. While this is a dynamically generated inventory, it is not 100% generated on every run. The inventory is saved in a file named `openstack_inventory.json` and is located in the directory where you've located your user configuration files. On every run a backup of the inventory json file is created in both the current working directory as well as the location where the user configuration files exist. The inventory json file is a living document and is intended to grow as the environment scales in infrastructure. This means that the inventory file will be appended to as you add more nodes and or change the container affinity from within the `openstack_user_config.yml` file. It is recommended that the base inventory file be backed up to a safe location upon the completion of a deployment operation. While the dynamic inventory processor has guards in it to ensure that the built inventory is not adversely effected by programmatic operations this does not guard against user error and/or catastrophic failure. - - -Scaling -------- - -If you are scaling the environment using the dynamically generated inventory you should know that the inventory was designed to generate new entries in inventory and not remove entries from inventory. These playbooks will build an environment to spec so if container affinity is changed and or a node is added or removed from an environment the user configuration file will need to be modified as well as the inventory json. For this reason it is recommended that should a physical node need replacing it should be renamed the same as the previous one. This will make things easier when rebuilding the environment. Additionally if a container is needing to be replaced it is better to simply remove the misbehaving container and rebuild it using the existing inventory. + openstack-ansible setup-everything.yml Notes ----- -* Library has an experimental `keystone` module which adds ``keystone:`` support to Ansible. -* Library has an experimental `swift` module which adds ``swift:`` support to Ansible. -* Library has an experimental `neutron` module which adds ``keystone:`` support to Ansible. -* Library has an experimental `glance` module which adds ``keystone:`` support to Ansible. -* Library has an experimental `lxc` module which adds ``lxc:`` support to Ansible. -* Library has an experimental `memcached` module which adds ``lxc:`` support to Ansible. -* Library has an experimental `name2int` module which adds ``lxc:`` support to Ansible. +* If you run the ``./scripts/bootstrap-ansible.sh`` script a wrapper script will be added to your system that wraps the ansible-playbook command to simplify the arguments required to run openstack ansible plays. The name of the wrapper script is **openstack-ansible**. +* The lxc network is created within the *lxcbr0* interface. This supports both NAT networks as well as more traditional networking. If NAT is enabled (default) the IPtables rules will be created along with the interface as a post-up processes. If you ever need to recreate the rules and or restart the dnsmask process you can bounce the interface IE: ``ifdown lxcb0; ifup lxcbr0`` or you can use the ``lxc-system-manage`` command. +* The tool ``lxc-system-manage`` is available on all lxc hosts and can assist in recreating parts of the LXC system whenever its needed. +* Our repository uses a custom `LXC` module which adds ``lxc:`` support to Ansible. The module within this repository is presently pending in upstream ansible at "https://github.com/ansible/ansible-modules-extras/pull/123". +* Inventory is generated by executing the ``playbooks/inventory/dynamic_inventory.py`` script. This is configured in the ``playbooks/ansible.cfg`` file. +Bugs and Blueprints +------------------- + +Everything we do is in launchpad and gerrit. If you'd like to raise a bug, feature request, or are looking for ways to contribute please go to "https://launchpad.net/openstack-ansible". + + +Official Documentation +---------------------- + +Comprehensive installation guides, including FAQs and release notes, can be found at "http://docs.rackspace.com/rpc/api/v9/bk-rpc-installation/content/rpc-common-front.html" < Note that these docs may not be up-to-date with the current release of this repository however they are still a good source of documentation. diff --git a/ansible-role-requirements.yml.example b/ansible-role-requirements.yml.example new file mode 100644 index 0000000000..1619e82965 --- /dev/null +++ b/ansible-role-requirements.yml.example @@ -0,0 +1,6 @@ +# Use this file to fill in your third party roles that you'd like to have added to the list of available roles. +# Example: +# - github_api: https://api.github.com/repos/os-cloud/opc_role-galera_client +# name: galera_client +# src: https://github.com/os-cloud/opc_role-galera_client +# version: master diff --git a/dev-requirements.txt b/dev-requirements.txt new file mode 100644 index 0000000000..2618b7bab2 --- /dev/null +++ b/dev-requirements.txt @@ -0,0 +1 @@ +ansible-lint>=2.0.3 diff --git a/development-stack.rst b/development-stack.rst new file mode 100644 index 0000000000..fa35ed5c54 --- /dev/null +++ b/development-stack.rst @@ -0,0 +1,143 @@ +OpenStack Ansible Deployment +############################ +:date: 2015-02-02 22:00 +:tags: lxc, openstack, cloud, ansible +:category: \*nix + + +Building a development stack +---------------------------- + +If you are wanting to build a development stack for testing or otherwise contributing to this repository you can do so using the +``cloudserver-aio.sh`` script in the script directory. To execute the ``cloudserver-aio.sh`` script please do so from the ``os-ansible-deployment`` directory that was created when you cloned the repository. + +Example AIO build process: + +.. code-block:: bash + + # Clone the source code + git clone https://github.com/stackforge/os-ansible-deployment /opt/os-ansible-deployment + + # Change your directory + cd /opt/os-ansible-deployment + + # Checkout your desired branch. + git checkout master + + # Run the script from the root directory of the cloned repository. + ./scripts/run-aio-build.sh + + +To use this script successfully please make sure that you have the following: + * At least **60GB** of available storage on "/" when using local file system containers. Containers are built into ``/var/lib/lxc`` and will consume up-to 40GB on their own. + * If you would like to test building containers using LVM simply create an **lxc** volume group before executing the script. Be aware that each container will be built with a minimum of 5GB of storage. + * 2.4GHZ quad-core processor with that is KVM capable is required. + * You must have at least 4GB of available ram. + +This may seem like you need a lot to run the stack, which is partially true, however consider that this simple "All in One" deployment builds a "35" node infrastructure and mimics our reference architecture. Additionally, components like Rabbitmq, MariaDB with Galera, Repository servers, and Keystone will all be clustered. Lastly the "All in One" deployment uses HAProxy for test purposes only. **At this time we do not recommend running HAProxy in production**. At this time you should **NEVER** use the AIO script on a box that you care about. Cloud servers such as Rackspace Cloud server of the flavor *general1-8* variety work really well as development machines, as does Virtual Box of KVM instances. + +Using Heat: + If you would like to use heat to deploy an All in one node there is a heat script which you can use. Simply get and or source the raw script as found here: "https://raw.githubusercontent.com/stackforge/os-ansible-deployment/master/scripts/osad-aio-heat-template.yml" + + +Rebuilding the stack +^^^^^^^^^^^^^^^^^^^^ + +Once you have completed your testing and or dev work if you'd like to tear down the stack and restart from a new build there is a play that will assist you in doing just that. Simply change to your playbooks directory and execute the ``lxc-containers-destroy.yml`` play. + +Example: + +.. code-block:: bash + + # Move to the playbooks directory. + cd /opt/os-ansible-deployment/playbooks + + # Destroy all of the running containers. + openstack-ansible lxc-containers-destroy.yml + + # On the host stop all of the services that run locally and not within a container. + for i in $(ls /etc/init | grep -e nova -e swift -e neutron | awk -F'.' '{print $1}'); do service $i stop; done + + # Uninstall the core services that were installed. + for i in $(pip freeze | grep -e nova -e neutron -e keystone -e swift); do pip uninstall -y $i; done + + # Remove crusty directories. + rm -rf /openstack /etc/neutron /etc/nova /etc/swift /var/log/neutron /var/log/nova /var/log/swift + + +Using the teardown script: + The ``teardown.sh`` script that will destroy everything known within an environment. You should be aware that this script will destroy whole environments and should be used **WITH CAUTION**. + + +Notice +^^^^^^ + +The system uses a number of variables. You should look a the scripts for a full explanation and description of all of the available variables that you can set. At a minimum you should be aware of the default public interface variable as you may be kicking on a box that does not have an ``eth0`` interface. To set the default public interface run the following. + +.. code-block:: bash + + export PUBLIC_INTERFACE="<>" # This is only required if you dont have eth0 + + +This play will destroy all of your running containers and remove items within the ``/openstack`` directory for the container. After the completion of this play you can rerun the ``cloudserver-aio.sh`` or you can run the plays manually to rebuild the stack. + + +Diagram of stack +^^^^^^^^^^^^^^^^ + +Here is a basic diagram that attempts to illustrate what the AIO installation job is doing. **NOTICE** This diagram is not to scale and is not even 100% accurate, this diagram was built for informational purposes only and should **ONLY** be used as such. + + +Diagram:: + + ====== ASCII Diagram for AIO infrastructure ====== + + ------->[ ETH0 == Public Network ] + | + V [ * ] Socket Connections + [ HOST MACHINE ] [ <>v^ ] Network Connections + * ^ * + | | |----------------------------------------------------- + | | | + | |---------------->[ HAProxy ] | + | ^ | + | | | + | V | + | (BR-Interfaces)<----- | + | ^ * | | + *-[ LXC ]*--*--------------------|-----|------|----| | + | | | | | | | | + | * | | | | | | + | --->[ Logstash ]<-----------|-- | | | | | + | | [ Kibana ]<-------------| | | V * | | + | --->[ Elastic search ]<-----| | | [ Galera x3 ] | + | [ Memcached ]<----------| | | | | + *-------*[ Rsyslog ]<------------|-- | * | + | [ Repos Server x3 ]<----| ---|-->[ RabbitMQ x3 ] | + | [ Horizon ]<------------| | | | + | [ Nova api ec2 ]<-------|--| | | + | [ Nova api os ]<--------|->| | | + | [ Nova spice console ]<-| | | | + | [ Nova Cert ]<----------|->| | | + | [ Cinder api ]<---------|->| | | + | [ Glance api ]<---------|->| | | + | [ Heat apis ]<----------|->| | [ Loop back devices ]*-* + | [ Heat engine ]<--------|->| | \ \ | + | ------>[ Nova api metadata ] | | | { LVM } { XFS x3 } | + | | [ Nova conductor ]<-----| | | * * | + | |----->[ Nova scheduler ]------|->| | | | | + | | [ Keystone x3 ]<--------|->| | | | | + | | |--->[ Neutron agents ]*-----|--|---------------------------* + | | | [ Neutron server ]<-----|->| | | | + | | | |->[ Swift proxy ]<--------- | | | | + *-|-|-|-*[ Cinder volume ]*--------------------* | | + | | | | | | | + | | | --------------------------------------- | | + | | --------------------------------------- | | | + | | -----------------------| | | | | + | | | | | | | + | | V | | * | + ---->[ Compute ]*[ Neutron linuxbridge ]<-| |->[ Swift storage ]- + + + ====== ASCII Diagram for AIO infrastructure ====== diff --git a/etc/network/interfaces.d/aio_interfaces.cfg b/etc/network/interfaces.d/aio_interfaces.cfg index 1895e76568..063c87a427 100644 --- a/etc/network/interfaces.d/aio_interfaces.cfg +++ b/etc/network/interfaces.d/aio_interfaces.cfg @@ -1,4 +1,9 @@ -## Required network bridges; br-vlan, br-vxlan, br-mgmt. +## The default networking requires several bridges. These bridges were named to be informative +## however they can be named what ever you like and is adaptable to any network infrastructure +## environment. This file serves as an example of how to setup basic networking and was ONLY +## built for the purpose of being an example and used expressly in the building of an ALL IN +## ONE development environment. + auto br-mgmt iface br-mgmt inet static bridge_stp off @@ -20,21 +25,10 @@ iface br-vxlan inet static # To ensure ssh checksum is correct up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill - # To ensure dhcp checksum is correct - up /sbin/iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill - down /sbin/iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill # To provide internet connectivity to instances up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE down /sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE -auto br-vlan -iface br-vlan inet manual - bridge_stp off - bridge_waitport 0 - bridge_fd 0 - # Notice this bridge port is an Untagged host interface - bridge_ports none - auto br-storage iface br-storage inet static bridge_stp off @@ -43,3 +37,20 @@ iface br-storage inet static bridge_ports none address 172.29.244.100 netmask 255.255.252.0 + +auto br-vlan +iface br-vlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + address 172.29.248.100 + netmask 255.255.252.0 + # Create veth pair, don't bomb if already exists + pre-up ip link add br-vlan-veth type veth peer name eth12 || true + # Set both ends UP + pre-up ip link set br-vlan-veth up + pre-up ip link set eth12 up + # Delete veth pair on DOWN + post-down ip link del br-vlan-veth || true + bridge_ports br-vlan-veth + diff --git a/etc/network/interfaces.d/openstack_interface.cfg.example b/etc/network/interfaces.d/openstack_interface.cfg.example index b3fa67d75d..5004cfeae2 100644 --- a/etc/network/interfaces.d/openstack_interface.cfg.example +++ b/etc/network/interfaces.d/openstack_interface.cfg.example @@ -1,10 +1,14 @@ -#EXAMPLE INTERFACE FILE -# -#1293 - HOST_NET (Ignore This. It's the native VLAN.) -#2176 - CONTAINER_NET -#1998 - OVERLAY_NET -#2144 - STORAGE_NET -#2146 - GATEWAY_NET (VM Provider Network. Ignore this. OpenStack will tag for us.) +## The default networking requires several bridges. These bridges were named to be informative +## however they can be named what ever you like and is adaptable to any network infrastructure +## environment. This file serves as an example of how to setup basic networking and was ONLY +## built for the purpose of being an example. + +# EXAMPLE INTERFACE FILE +# 1293 - HOST_NET (Ignore This. It's the native VLAN.) +# 2176 - CONTAINER_NET +# 1998 - OVERLAY_NET +# 2144 - STORAGE_NET +# 2146 - GATEWAY_NET (VM Provider Network. Ignore this. OpenStack will tag for us.) ## Physical interface, could be bond. This only needs to be set once for the physical device auto eth0 diff --git a/etc/openstack_deploy/openstack_environment.yml b/etc/openstack_deploy/openstack_environment.yml index 4f93bff5e8..8c500b6224 100644 --- a/etc/openstack_deploy/openstack_environment.yml +++ b/etc/openstack_deploy/openstack_environment.yml @@ -16,322 +16,475 @@ component_skel: cinder_api: belongs_to: - - cinder_all + - cinder_all cinder_scheduler: belongs_to: - - cinder_all + - cinder_all cinder_volume: belongs_to: - - cinder_all + - cinder_all elasticsearch: belongs_to: - - elasticsearch_all + - elasticsearch_all galera: belongs_to: - - galera_all + - galera_all glance_api: belongs_to: - - glance_all + - glance_all glance_registry: belongs_to: - - glance_all + - glance_all heat_api: belongs_to: - - heat_all + - heat_all heat_api_cfn: belongs_to: - - heat_all + - heat_all heat_api_cloudwatch: belongs_to: - - heat_all + - heat_all heat_engine: belongs_to: - - heat_all + - heat_all horizon: belongs_to: - - horizon_all + - horizon_all keystone: belongs_to: - - keystone_all + - keystone_all kibana: belongs_to: - - kibana_all + - kibana_all logstash: belongs_to: - - logstash_all + - logstash_all memcached: belongs_to: - - memcached_all + - memcached_all neutron_agent: belongs_to: - - neutron_all + - neutron_all neutron_dhcp_agent: belongs_to: - - neutron_all + - neutron_all neutron_linuxbridge_agent: belongs_to: - - neutron_all + - neutron_all neutron_metering_agent: belongs_to: - - neutron_all + - neutron_all neutron_l3_agent: belongs_to: - - neutron_all + - neutron_all neutron_metadata_agent: belongs_to: - - neutron_all + - neutron_all neutron_server: belongs_to: - - neutron_all + - neutron_all nova_api_ec2: belongs_to: - - nova_all + - nova_all nova_api_metadata: belongs_to: - - nova_all + - nova_all nova_api_os_compute: belongs_to: - - nova_all + - nova_all nova_cert: belongs_to: - - nova_all + - nova_all nova_compute: belongs_to: - - nova_all + - nova_all nova_conductor: belongs_to: - - nova_all + - nova_all nova_scheduler: belongs_to: - - nova_all + - nova_all nova_spice_console: belongs_to: - - nova_all - rabbit: + - nova_all + pkg_repo: belongs_to: - - rabbit_all + - repo_all + rabbitmq: + belongs_to: + - rabbitmq_all rsyslog: belongs_to: - - rsyslog_all - utility: - belongs_to: - - utility_all + - rsyslog_all swift_proxy: belongs_to: - - swift_all + - swift_all swift_acc: belongs_to: - - swift_all + - swift_all swift_obj: belongs_to: - - swift_all + - swift_all swift_cont: belongs_to: - - swift_all + - swift_all + utility: + belongs_to: + - utility_all + + container_skel: cinder_api_container: belongs_to: - - infra_containers + - infra_containers + - storage-infra_containers contains: - - cinder_api + - cinder_api + properties: + service_name: cinder + container_release: trusty cinder_volumes_container: belongs_to: - - storage_containers + - storage_containers contains: - - cinder_scheduler - - cinder_volume + - cinder_scheduler + - cinder_volume + properties: + service_name: cinder + container_release: trusty elasticsearch_container: belongs_to: - - log_containers + - log_containers contains: - - elasticsearch + - elasticsearch + properties: + service_name: elasticsearch + container_release: trusty galera_container: belongs_to: - - infra_containers + - infra_containers + - shared-infra_containers contains: - - galera + - galera + properties: + service_name: galera + container_release: trusty glance_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - glance_api - - glance_registry + - glance_api + - glance_registry + properties: + service_name: glance + container_release: trusty heat_apis_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - heat_api_cloudwatch - - heat_api_cfn - - heat_api + - heat_api_cloudwatch + - heat_api_cfn + - heat_api + properties: + service_name: heat + container_release: trusty heat_engine_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - heat_engine + - heat_engine + properties: + service_name: heat + container_release: trusty horizon_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - horizon + - horizon + properties: + service_name: horizon + container_release: trusty keystone_container: belongs_to: - - infra_containers + - infra_containers + - identity_containers contains: - - keystone + - keystone + properties: + service_name: keystone + container_release: trusty kibana_container: belongs_to: - - log_containers + - log_containers contains: - - kibana + - kibana + properties: + service_name: kibana + container_release: trusty logstash_container: belongs_to: - - log_containers + - log_containers contains: - - logstash + - logstash + properties: + service_name: logstash + container_release: trusty memcached_container: belongs_to: - - infra_containers + - infra_containers + - shared-infra_containers contains: - - memcached + - memcached + properties: + service_name: memcached + container_release: trusty neutron_agents_container: belongs_to: - - network_containers + - network_containers contains: - - neutron_agent - - neutron_metadata_agent - - neutron_metering_agent - - neutron_linuxbridge_agent - - neutron_l3_agent - - neutron_dhcp_agent + - neutron_agent + - neutron_metadata_agent + - neutron_metering_agent + - neutron_linuxbridge_agent + - neutron_l3_agent + - neutron_dhcp_agent + properties: + service_name: neutron + container_release: trusty neutron_server_container: belongs_to: - - network_containers + - network_containers contains: - - neutron_server + - neutron_server + properties: + service_name: neutron + container_release: trusty nova_api_ec2_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - nova_api_ec2 + - nova_api_ec2 + properties: + service_name: nova + container_release: trusty nova_api_metadata_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - nova_api_metadata + - nova_api_metadata + properties: + service_name: nova + container_release: trusty nova_api_os_compute_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - nova_api_os_compute + - nova_api_os_compute + properties: + service_name: nova + container_release: trusty nova_cert_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - nova_cert + - nova_cert + properties: + service_name: nova + container_release: trusty nova_compute_container: - is_metal: true belongs_to: - - compute_containers + - compute_containers contains: - - neutron_linuxbridge_agent - - nova_compute + - neutron_linuxbridge_agent + - nova_compute + properties: + is_metal: true + service_name: nova + container_release: trusty nova_conductor_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - nova_conductor + - nova_conductor + properties: + service_name: nova + container_release: trusty nova_scheduler_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - nova_scheduler + - nova_scheduler + properties: + service_name: nova + container_release: trusty nova_spice_console_container: belongs_to: - - infra_containers + - infra_containers + - os-infra_containers contains: - - nova_spice_console + - nova_spice_console + properties: + service_name: nova + container_release: trusty rabbit_mq_container: belongs_to: - - infra_containers + - infra_containers + - shared-infra_containers contains: - - rabbit + - rabbitmq + properties: + service_name: rabbitmq + container_release: trusty + repo_container: + belongs_to: + - repo-infra_containers + contains: + - pkg_repo + properties: + service_name: repo + container_release: trusty rsyslog_container: belongs_to: - - infra_containers - - compute_containers - - storage_containers - - log_containers - - network_containers + - infra_containers + - os-infra_containers + - shared-infra_containers + - identity_containers + - compute_containers + - storage_containers + - log_containers + - network_containers + - repo-infra_containers contains: - - rsyslog - utility_container: - belongs_to: - - infra_containers - contains: - - utility + - rsyslog + properties: + service_name: rsyslog + container_release: trusty swift_proxy_container: belongs_to: - - swift-proxy_containers + - swift-proxy_containers contains: - - swift_proxy + - swift_proxy + properties: + service_name: swift + container_release: trusty swift_acc_container: - is_metal: true - belongs_to: - - swift_containers + belongs_to: + - swift_containers contains: - - swift_acc + - swift_acc + properties: + is_metal: true + service_name: swift + container_release: trusty swift_obj_container: - is_metal: true belongs_to: - - swift_containers + - swift_containers contains: - - swift_obj + - swift_obj + properties: + is_metal: true + service_name: swift + container_release: trusty swift_cont_container: - is_metal: true belongs_to: - - swift_containers + - swift_containers contains: - - swift_cont + - swift_cont + properties: + is_metal: true + service_name: swift + container_release: trusty + utility_container: + belongs_to: + - infra_containers + - shared-infra_containers + contains: + - utility + properties: + service_name: utility + container_release: trusty + + physical_skel: - network_containers: - belongs_to: - - all_containers - network_hosts: - belongs_to: - - hosts compute_containers: belongs_to: - - all_containers + - all_containers compute_hosts: belongs_to: - - hosts + - hosts infra_containers: belongs_to: - - all_containers + - all_containers infra_hosts: belongs_to: - - hosts + - hosts + identity_containers: + belongs_to: + - all_containers + identity_hosts: + belongs_to: + - hosts log_containers: belongs_to: - - all_containers + - all_containers log_hosts: belongs_to: - - hosts + - hosts + network_containers: + belongs_to: + - all_containers + network_hosts: + belongs_to: + - hosts + os-infra_containers: + belongs_to: + - all_containers + os-infra_hosts: + belongs_to: + - hosts + repo-infra_hosts: + belongs_to: + - hosts + repo-infra_containers: + belongs_to: + - all_containers + shared-infra_containers: + belongs_to: + - all_containers + shared-infra_hosts: + belongs_to: + - hosts + storage-infra_containers: + belongs_to: + - all_containers + storage-infra_hosts: + belongs_to: + - hosts storage_containers: belongs_to: - - all_containers + - all_containers storage_hosts: belongs_to: - - hosts + - hosts swift_containers: belongs_to: - - all_containers + - all_containers swift_hosts: belongs_to: - - hosts + - hosts swift-proxy_containers: belongs_to: - - all_containers + - all_containers swift-proxy_hosts: belongs_to: - - hosts + - hosts diff --git a/etc/openstack_deploy/openstack_user_config.yml b/etc/openstack_deploy/openstack_user_config.yml index c8198b5526..36e596c55c 100644 --- a/etc/openstack_deploy/openstack_user_config.yml +++ b/etc/openstack_deploy/openstack_user_config.yml @@ -1,13 +1,16 @@ --- -environment_version: 3511a43b8e4cc39af4beaaa852b5f917 +environment_version: 58339ffafde4614abb7021482cc6604b + cidr_networks: container: 172.29.236.0/22 tunnel: 172.29.240.0/22 storage: 172.29.244.0/22 used_ips: - - 172.29.236.1,172.29.236.50 - - 172.29.244.1,172.29.244.50 + - "172.29.236.1,172.29.236.50" + - "172.29.240.1,172.29.240.50" + - "172.29.244.1,172.29.244.50" + - "172.29.248.1,172.29.248.50" global_overrides: internal_lb_vip_address: 172.29.236.100 @@ -17,30 +20,37 @@ global_overrides: provider_networks: - network: container_bridge: "br-mgmt" + container_type: "veth" container_interface: "eth1" - type: "raw" ip_from_q: "container" + type: "raw" group_binds: - all_containers - hosts + is_container_address: true + is_ssh_address: true - network: container_bridge: "br-vxlan" + container_type: "veth" container_interface: "eth10" - type: "vxlan" ip_from_q: "tunnel" + type: "vxlan" range: "1:1000" net_name: "vxlan" group_binds: - neutron_linuxbridge_agent - network: container_bridge: "br-vlan" - container_interface: "eth11" + container_type: "veth" + container_interface: "eth12" + host_bind_override: "eth12" type: "flat" net_name: "flat" group_binds: - neutron_linuxbridge_agent - network: container_bridge: "br-vlan" + container_type: "veth" container_interface: "eth11" type: "vlan" range: "1:1" @@ -49,18 +59,48 @@ global_overrides: - neutron_linuxbridge_agent - network: container_bridge: "br-storage" + container_type: "veth" container_interface: "eth2" - type: "raw" ip_from_q: "storage" + type: "raw" group_binds: - glance_api - cinder_api - cinder_volume - nova_compute - # - swift_proxy + - swift_proxy -infra_hosts: +shared-infra_hosts: aio1: + # Rabbitmq, and galera are set to multiples to test clustering. + affinity: + galera_container: 3 + rabbit_mq_container: 3 + ip: 172.29.236.100 + +os-infra_hosts: + aio1: + # Horizon is set to multiple to test clustering. This test only requires x2. + affinity: + horizon_container: 2 + ip: 172.29.236.100 + +storage-infra_hosts: + aio1: + ip: 172.29.236.100 + +repo-infra_hosts: + aio1: + # Repo is set to multiple to test clustering. This test only requires x2. + affinity: + repo_container: 2 + ip: 172.29.236.100 + +identity_hosts: + aio1: + # Keystone is set to multiple to test clustering. This test only requires x2. + affinity: + keystone_container: 2 ip: 172.29.236.100 compute_hosts: diff --git a/etc/openstack_deploy/openstack_user_config.yml.example b/etc/openstack_deploy/openstack_user_config.yml.example index 6778b18cab..0fc5080890 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.example +++ b/etc/openstack_deploy/openstack_user_config.yml.example @@ -15,14 +15,14 @@ # This is the md5 of the environment file # this will ensure consistency when deploying. -environment_version: 5e7155d022462c5a82384c1b2ed8b946 +environment_version: 35946eced47eb8461f1eea62fa01bcf0 # User defined container networks in CIDR notation. The inventory generator # assigns IP addresses to network interfaces inside containers from these # ranges. cidr_networks: # Management (same range as br-mgmt on the target hosts) - container: 172.29.236.0/22 + management: 172.29.236.0/22 # Service (optional, same range as br-snet on the target hosts) snet: 172.29.248.0/22 # Tunnel endpoints for VXLAN tenant networks @@ -31,22 +31,22 @@ cidr_networks: # Storage (same range as br-storage on the target hosts) storage: 172.29.244.0/22 -# User defined list of consumed IP addresses that may intersect -# with the provided CIDR. +# User defined list of consumed IP addresses that may intersect +# with the provided CIDR. If you want to use a range, split the +# desired range with the lower and upper IP address in the range +# using a comma. IE "10.0.0.1,10.0.0.100". used_ips: - - 172.29.236.1,172.29.236.50 + - 10.240.0.1,10.240.0.50 - 172.29.244.1,172.29.244.50 # As a user you can define anything that you may wish to "globally" -# override from within the openstack_deploy configuration file. Anything +# override from within the openstack_deploy configuration file. Anything # specified here will take precedence over anything else any where. global_overrides: # Internal Management vip address - internal_lb_vip_address: 172.29.236.10 + internal_lb_vip_address: 10.240.0.1 # External DMZ VIP address external_lb_vip_address: 192.168.1.1 - # Name of load balancer - lb_name: lb_name_in_core # Bridged interface to use with tunnel type networks tunnel_bridge: "br-vxlan" # Bridged interface to build containers with @@ -69,17 +69,20 @@ global_overrides: type: "raw" container_bridge: "br-mgmt" container_interface: "eth1" - ip_from_q: "container" + container_type: "veth" + ip_from_q: "management" + is_container_address: true + is_ssh_address: true - network: group_binds: - glance_api - cinder_api - cinder_volume - nova_compute - # If you are using the storage network for swift_proxy add it to the group_binds - # - swift_proxy + # - swift_proxy ## If you are using the storage network for swift_proxy add it to the group_binds type: "raw" container_bridge: "br-storage" + container_type: "veth" container_interface: "eth2" ip_from_q: "storage" - network: @@ -89,12 +92,14 @@ global_overrides: - neutron_linuxbridge_agent type: "raw" container_bridge: "br-snet" + container_type: "veth" container_interface: "eth3" ip_from_q: "snet" - network: group_binds: - neutron_linuxbridge_agent container_bridge: "br-vxlan" + container_type: "veth" container_interface: "eth10" ip_from_q: "tunnel" type: "vxlan" @@ -104,30 +109,50 @@ global_overrides: group_binds: - neutron_linuxbridge_agent container_bridge: "br-vlan" + container_type: "veth" container_interface: "eth11" - type: "flat" + type: "vlan" + range: "1:1" net_name: "vlan" - network: group_binds: - neutron_linuxbridge_agent container_bridge: "br-vlan" - container_interface: "eth11" - type: "vlan" - range: "1:1" - net_name: "vlan" - # Other options you may want - debug: True - ### Cinder default volume type option - # # This can be set to use a specific volume type. This is - # # an optional variable because you may have different volume - # # types on different hosts named different things. For this - # # Reason if you choose to set this variable please set it - # # to the name of one of your setup volume types - # cinder_default_volume_type: lvm - ### Cinder default volume type option + container_type: "veth" + container_interface: "eth12" + host_bind_override: "eth12" + type: "flat" + net_name: "flat" -# User defined Infrastructure Hosts, this should be a required group -infra_hosts: +# Shared infrastructure parts +shared-infra_hosts: + infra1: + ip: 10.240.0.100 + infra2: + ip: 10.240.0.101 + infra3: + ip: 10.240.0.102 + +# OpenStack Compute infrastructure parts +os-infra_hosts: + infra1: + ip: 10.240.0.100 + infra2: + ip: 10.240.0.101 + infra3: + ip: 10.240.0.102 + +# OpenStack Compute infrastructure parts +storage-infra_hosts: + infra1: + ip: 10.240.0.100 + infra2: + ip: 10.240.0.101 + infra3: + ip: 10.240.0.102 + +# Keystone Identity infrastructure parts +identity_hosts: infra1: ip: 10.240.0.100 infra2: @@ -139,32 +164,43 @@ infra_hosts: compute_hosts: compute1: ip: 10.240.0.103 - host_vars: - host_networks: - - { type: raw, device_name: eth0, bond_master: bond0, bond_primary: true } - - { type: raw, device_name: eth4, bond_master: bond0, bond_primary: false } - - { type: vlan_tagged, device_name: bond0, tagged_device_name: bond0.2176 } - - { type: vlan_tagged, device_name: bond0, tagged_device_name: bond1.1998 } - - { type: bonded, device_name: bond0 } - - { type: bridged, device_name: br-mgmt, bridge_ports: ["bond0.2176"], address: "172.29.236.103", netmask: "255.255.255.0", gateway: "172.29.236.1", dns_nameservers: ["69.20.0.164", "69.20.0.196"] } - - { type: bridged, device_name: br-vxlan, bridge_ports: ["bond1.1998"], address: "172.29.240.103", netmask: "255.255.255.0" } - - { type: bridged, device_name: br-vlan, bridge_ports: ["bond1"] } # User defined Storage Hosts, this should be a required group storage_hosts: cinder1: - ip: 172.29.236.104 + ip: 10.240.0.104 + # "container_vars" can be set outside of all other options as + # host specific optional variables. container_vars: + # If you would like to define a cinder availability zone this can + # be done with the name spaced variable. cinder_storage_availability_zone: cinderAZ_1 + # When creating more than ONE availability zone you should define a + # sane default for the system to use when scheduling volume creation. cinder_default_availability_zone: cinderAZ_1 + # In this example we are defining what cinder volumes are + # on a given host. cinder_backends: + # if the "limit_container_types" argument is set, within + # the top level key of the provided option the inventory + # process will perform a string match on the container name with + # the value found within the "limit_container_types" argument. + # If any part of the string found within the container + # name the options are appended as host_vars inside of inventory. limit_container_types: cinder_volume lvm: volume_group: cinder-volumes volume_driver: cinder.volume.drivers.lvm.LVMISCSIDriver volume_backend_name: LVM_iSCSI + # The ``cinder_nfs_client`` values is an optional component available + # when configuring cinder. + cinder_nfs_client: + nfs_shares_config: /etc/cinder/nfs_shares + shares: + - { ip: "{{ ip_nfs_server }}", share: "/vol/cinder" } + cinder2: - ip: 172.29.236.105 + ip: 10.240.0.105 container_vars: cinder_storage_availability_zone: cinderAZ_2 cinder_default_availability_zone: cinderAZ_1 @@ -174,26 +210,6 @@ storage_hosts: volume_group: cinder-volumes volume_driver: cinder.volume.drivers.lvm.LVMISCSIDriver volume_backend_name: LVM_iSCSI_SSD - cinder3: - ip: 10.240.0.106 - container_vars: - cinder_storage_availability_zone: cinderAZ_3 - cinder_default_availability_zone: cinderAZ_1 - cinder_backends: - limit_container_types: cinder_volume - netapp: - netapp_storage_family: ontap_7mode - netapp_storage_protocol: iscsi - netapp_server_hostname: "{{ cinder_netapp_hostname }}" - netapp_server_port: 80 - netapp_login: "{{ cinder_netapp_username }}" - netapp_password: "{{ cinder_netapp_password }}" - volume_driver: cinder.volume.drivers.netapp.common.NetAppDriver - volume_backend_name: NETAPP_iSCSI - nfs_client: - nfs_shares_config: /etc/cinder/nfs_shares - shares: - - { ip: "{{ cinder_netapp_hostname }}", share: "/vol/cinder" } # User defined Logging Hosts, this should be a required group log_hosts: @@ -204,21 +220,13 @@ log_hosts: network_hosts: network1: ip: 10.240.0.108 - host_vars: - host_networks: - - { type: raw, device_name: eth0, bond_master: bond0, bond_primary: true } - - { type: raw, device_name: eth4, bond_master: bond0, bond_primary: false } - - { type: vlan_tagged, device_name: bond0, tagged_device_name: bond0.2176 } - - { type: vlan_tagged, device_name: bond0, tagged_device_name: bond1.1998 } - - { type: bonded, device_name: bond0 } - - { type: bridged, device_name: br-mgmt, bridge_ports: ["bond0.2176"], address: "172.29.236.108", netmask: "255.255.255.0", gateway: "172.29.236.1", dns_nameservers: ["69.20.0.164", "69.20.0.196"] } - - { type: bridged, device_name: br-vxlan, bridge_ports: ["bond1.1998"], address: "172.29.240.108", netmask: "255.255.255.0" } - - { type: bridged, device_name: br-vlan, bridge_ports: ["bond1"] } -# Other hosts can be added whenever needed. Note that containers will not be -# assigned to "other" hosts by default. If you would like to have containers -# assigned to hosts that are outside of the predefined groups, you will need to -# make an edit to the openstack_environment.yml file. -# haproxy_hosts: -# haproxy1: -# ip: 10.0.0.12 +# User defined Repository Hosts, this is an optional group +repo_hosts: + infra1: + ip: 10.240.0.100 + infra2: + ip: 10.240.0.101 + infra3: + ip: 10.240.0.102 + diff --git a/etc/openstack_deploy/user_secrets.yml b/etc/openstack_deploy/user_secrets.yml new file mode 100644 index 0000000000..0cf4fc7f5b --- /dev/null +++ b/etc/openstack_deploy/user_secrets.yml @@ -0,0 +1,82 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## Rabbitmq Options +rabbitmq_password: +rabbitmq_cookie_token: + +## Tokens +memcached_encryption_key: + +## Container default user +container_openstack_password: + +## Galera Options +galera_root_password: + +## Keystone Options +keystone_container_mysql_password: +keystone_auth_admin_token: +keystone_auth_admin_password: +keystone_service_password: + +## Cinder Options +cinder_container_mysql_password: +cinder_service_password: +cinder_v2_service_password: + +## Glance Options +glance_container_mysql_password: +glance_service_password: +### Extra options when configuring swift as a glance back-end. +glance_swift_store_auth_address: "https://some.auth.url.com" +glance_swift_store_user: "OPENSTACK_TENANT_ID:OPENSTACK_USER_NAME" +glance_swift_store_key: "OPENSTACK_USER_PASSWORD" +glance_swift_store_container: "NAME_OF_SWIFT_CONTAINER" +glance_swift_store_region: "NAME_OF_REGION" + +## Heat Options +heat_stack_domain_admin_password: +heat_container_mysql_password: +### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## +heat_auth_encryption_key: +### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## +heat_service_password: +heat_cfn_service_password: + +## Horizon Options +horizon_container_mysql_password: +horizon_secret_key: + +## Neutron Options +neutron_container_mysql_password: +neutron_service_password: + +## Nova Options +nova_container_mysql_password: +nova_metadata_proxy_secret: +nova_ec2_service_password: +nova_service_password: +nova_v3_service_password: +nova_s3_service_password: + +## Kibana Options +kibana_password: + +## Swift Options: +swift_service_password: +swift_container_mysql_password: +swift_dispersion_password: diff --git a/etc/openstack_deploy/user_variables.yml b/etc/openstack_deploy/user_variables.yml index 595f91ae27..557d3dc4ed 100644 --- a/etc/openstack_deploy/user_variables.yml +++ b/etc/openstack_deploy/user_variables.yml @@ -13,110 +13,31 @@ # See the License for the specific language governing permissions and # limitations under the License. -## Rabbit Options -rabbitmq_password: -rabbitmq_cookie_token: - - -## Tokens -memcached_encryption_key: - - -## Container default user -container_openstack_password: - - -## Galera Options -mysql_root_password: - -# Defined in group_vars/galera, but can overriden here. -# galera_wait_timeout: 3600 - - -## Keystone Options -keystone_container_mysql_password: -keystone_auth_admin_token: -keystone_auth_admin_password: -keystone_service_password: - - -## Cinder Options -cinder_container_mysql_password: -cinder_service_password: -cinder_v2_service_password: - - ## Glance Options # Set default_store to "swift" if using Cloud Files or swift backend glance_default_store: file -glance_container_mysql_password: -glance_service_password: -#glance_swift_store_auth_address: -#glance_swift_store_user: -#glance_swift_store_key: -#glance_swift_store_container: SomeContainerName -#glance_swift_store_region: SomeRegion +glance_notification_driver: noop + # `internalURL` will cause glance to speak to swift via ServiceNet, use # `publicURL` to communicate with swift over the public network glance_swift_store_endpoint_type: internalURL -glance_notification_driver: noop -# Set glance cache size in bytes, should be less than container size. Defaults to 10GiB -#glance_image_cache_max_size: 4294967296 - -## Heat Options -heat_stack_domain_admin_password: -heat_container_mysql_password: -### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## -heat_auth_encryption_key: -### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## -heat_service_password: -heat_cfn_service_password: -## Horizon Options -horizon_container_mysql_password: -horizon_secret_key: +## Nova +# Uncomment "nova_console_endpoint" to define a specific nova console URI or +# IP address this will construct the specific proxy endpoint for the console. +# nova_console_endpoint: console.company_domain.name - -## Neutron Options -neutron_container_mysql_password: -neutron_service_password: - - -## Nova Options # This defaults to KVM, if you are deploying on a host that is not KVM capable # change this to your hypervisor type: IE "qemu", "lxc". # nova_virt_type: kvm # nova_cpu_allocation_ratio: 2.0 # nova_ram_allocation_ratio: 1.0 -nova_container_mysql_password: -nova_metadata_proxy_secret: -nova_ec2_service_password: -nova_service_password: -nova_v3_service_password: -nova_s3_service_password: - -# Uncomment "nova_console_endpoint" to define a specific nova console URI or -# IP address this will construct the specific proxy endpoint for the console. -# nova_console_endpoint: console.company_domain.name -## Kibana Options -kibana_password: - -# Swift Options: -swift_service_password: -swift_container_mysql_password: +## Swift # Once the swift cluster has been setup DO NOT change these hash values! swift_hash_path_suffix: swift_hash_path_prefix: # This will allow all users to create containers and upload to swift if set to True swift_allow_all_users: False -# The dispersion user is for swift-dispersion-report -swift_dispersion_user: dispersion -swift_dispersion_password: - -# This variables is used to set haproxy's timeout client and timeout server -# values, they are set in the main config file and are only used by services -# that don't set their own values (default: 90s) -#haproxy_timeout: 90s diff --git a/playbooks/ansible.cfg b/playbooks/ansible.cfg index 3b4c31dc94..ad4675c5e8 100644 --- a/playbooks/ansible.cfg +++ b/playbooks/ansible.cfg @@ -1,13 +1,19 @@ [defaults] +# Additional plugins +lookup_plugins = plugins/lookups + gathering = smart hostfile = inventory host_key_checking = False -# Setting forks should be based on your system. The ansible defaults to 5, -# the ansible-rpc-lxc assumes that you have a system that can support -# openstack, thus it has been conservitivly been set to 15 +# Setting forks should be based on your system. The Ansible defaults to 5, +# the os-lxc-hosts assumes that you have a system that can support +# OpenStack, thus it has been conservatively been set to 15 forks = 15 +# Set color options +nocolor = 0 + # SSH timeout timeout = 120 diff --git a/playbooks/archive-container.yml b/playbooks/archive-container.yml deleted file mode 100644 index 193f48cfe5..0000000000 --- a/playbooks/archive-container.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Example usage: -# ansible-playbook -i inventory/dynamic_inventory.py -e "host_group=infra1,container_name=horizon_container" archive-container.yml - -# This will create a new archive of an existing container and then retrieve -# the container storing the archive on the local system. Once the archive -# has been retrieved the archive is removed from the source system. -- hosts: "{{ host_group|default('hosts') }}" - user: root - tasks: - # Set facts on containers - - name: Get info on a given container - lxc: - command: "info" - name: "{{ container_name }}" - - name: Print information on all containers - debug: var=lxc_facts - -- hosts: "{{ host_group|default('hosts') }}" - user: root - roles: - - container_archive - vars: - local_store_path: /tmp - remote_store_path: /tmp diff --git a/playbooks/cinder-api.yml b/playbooks/cinder-api.yml deleted file mode 100644 index ccbc21e6f7..0000000000 --- a/playbooks/cinder-api.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: cinder_api[0] - user: root - roles: - - keystone_add_service - vars_files: - - vars/openstack_service_vars/cinder_api_endpoint.yml - -- hosts: cinder_api[0] - user: root - roles: - - keystone_add_service - vars_files: - - vars/openstack_service_vars/cinder_apiv2_endpoint.yml - -- hosts: cinder_api[0] - user: root - roles: - - cinder_common - - galera_db_setup - - cinder_setup - - init_script - vars_files: - - vars/openstack_service_vars/cinder_api.yml - handlers: - - include: handlers/services.yml - -- hosts: cinder_api!:cinder_api[0] - user: root - roles: - - cinder_common - - init_script - vars_files: - - vars/openstack_service_vars/cinder_api.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/cinder-volume.yml b/playbooks/cinder-volume.yml deleted file mode 100644 index 12118c1cba..0000000000 --- a/playbooks/cinder-volume.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: cinder_volume - user: root - roles: - - container_common - - container_extra_setup - - cinder_common - - cinder_volume - - cinder_device_add - - cinder_backend_types - - nfs_client - - init_script - vars_files: - - vars/config_vars/container_config_cinder_volume.yml - - vars/openstack_service_vars/cinder_volume.yml - - vars/repo_packages/cinder.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/deploy-archived-container.yml b/playbooks/deploy-archived-container.yml deleted file mode 100644 index 1247f6e554..0000000000 --- a/playbooks/deploy-archived-container.yml +++ /dev/null @@ -1,162 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Example usage: -# ansible-playbook -i inventory/hosts -M library/lxc -e "group=infra1-keystone name=keystone address=192.168.18.120 archive_name=keystone.tar.bz2" deploy-archived-container.yml - -# This will create a new container from an archive of an existing container. -- hosts: "{{ host_group|default('hosts') }}" - user: root - tasks: - # Create container directory - - name: Create container directory - file: - path: "{{ lxcpath }}/{{ name }}" - state: "directory" - group: "root" - owner: "root" - recurse: "true" - # If check for the lxc VG - - name: Check for lxc volume group - shell: "(which vgs > /dev/null && vgs | grep -o {{ vg_name }}) || false" - register: vg_result - ignore_errors: True - - # If lxc vg create new lv - - name: Create new LV - lvol: - vg: "{{ vg_name }}" - lv: "{{ name }}" - size: "{{ lv_size }}" - when: vg_result.rc == 0 - - # If lxc vg format new lv - - name: Format the new LV - filesystem: - fstype: "{{ fstype }}" - dev: "/dev/{{ vg_name }}/{{ name }}" - when: vg_result.rc == 0 - - # If lxc vg mount new lv at $container/rootfs - - name: Mount Container LV - mount: - name: "{{ lxcpath }}/{{ name }}/rootfs" - src: "/dev/{{ vg_name }}/{{ name }}" - fstype: "{{ fstype }}" - state: "mounted" - when: vg_result.rc == 0 - - # upload new archive to host - - name: Upload Archive to host - synchronize: - src: "{{ local_store_path }}/{{ archive_name }}" - dest: "{{ remote_store_path }}/{{ archive_name }}" - archive: "yes" - mode: "push" - - # Unarchive container - - name: Unarchive a container - unarchive: - src: "{{ remote_store_path }}/{{ archive_name }}" - dest: "{{ lxcpath }}/{{ name }}" - register: result - - # If lxc vg unmount new lv - - name: Unmount Container LV - mount: - name: "{{ lxcpath }}/{{ name }}/rootfs" - src: "/dev/{{ vg_name }}/{{ name }}" - fstype: "{{ fstype }}" - state: "unmounted" - when: vg_result.rc == 0 - - # Delete archive directory - - name: Cleanup archive - file: - path: "{{ remote_store_path }}/{{ archive_name }}" - state: "absent" - when: result | changed - - # Ensure config is without old cruft - - name: Ensure clean config - lineinfile: - dest: "{{ lxcpath }}/{{ name }}/config" - regexp: "{{ item.regexp }}" - state: "absent" - backup: "yes" - with_items: - - { regexp: "^lxc.network.hwaddr" } - - { regexp: "^lxc.mount.entry" } - - # If not lxc vg set the rootfs - - name: Set rootfs to localfs - lineinfile: - dest: "{{ lxcpath }}/{{ name }}/config" - regexp: "^lxc.rootfs" - line: "lxc.rootfs = {{ lxcpath }}/{{ name }}/rootfs" - state: "present" - when: vg_result.rc != 0 - - # If lxc vg set the rootfs - - name: Set rootfs to lvm - lineinfile: - dest: "{{ lxcpath }}/{{ name }}/config" - regexp: "^lxc.rootfs" - line: "lxc.rootfs = /dev/{{ vg_name }}/{{ name }}" - state: "present" - when: vg_result.rc == 0 - - # Ensure the configuration is complete - - name: Ensure config updated - lineinfile: - dest: "{{ lxcpath }}/{{ name }}/config" - regexp: "^lxc.utsname" - line: "lxc.utsname = {{ name }}" - state: "present" - - # Ensure the mount point is correct - - name: Ensure mount point updated updated - lineinfile: - dest: "{{ lxcpath }}/{{ name }}/config" - regexp: "^lxc.mount" - line: "lxc.mount = /var/lib/lxc/{{ name }}/fstab" - state: "present" - - # Start the new container - - name: Start new Container - lxc: - command: "start" - name: "{{ name }}" - - # If address is set update it in the network script - - name: Update networking - lxc: - command: "attach" - name: "{{ name }}" - container_command: "sed -i 's/address.*/address\ {{ address }}/g' /etc/network/interfaces" - when: address is defined - - # Restart the new container - - name: Restart new container - lxc: - command: "restart" - name: "{{ name }}" - vars: - local_store_path: /tmp - remote_store_path: /tmp - lv_size: 5g - vg_name: lxc - fstype: ext4 - lxcpath: /var/lib/lxc diff --git a/playbooks/destroy-containers.yml b/playbooks/destroy-containers.yml deleted file mode 100644 index 7f8c49dc49..0000000000 --- a/playbooks/destroy-containers.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This playbook destroys all known containers. -- hosts: "{{ host_group|default('all_containers') }}" - user: root - gather_facts: false - roles: - - container_destroy diff --git a/playbooks/es2unix-install.yml b/playbooks/es2unix-install.yml deleted file mode 100644 index 9203437a3f..0000000000 --- a/playbooks/es2unix-install.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Setup supporting services -- hosts: utility_all - user: root - roles: - - logging_common - - utility_logging diff --git a/playbooks/galera-add-node.yml b/playbooks/galera-add-node.yml deleted file mode 100644 index e317df8a9b..0000000000 --- a/playbooks/galera-add-node.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Restart each daemon in turn -- hosts: galera:!galera[0] - user: root - serial: 1 - roles: - - galera_restart diff --git a/playbooks/galera-bootstrap.yml b/playbooks/galera-bootstrap.yml deleted file mode 100644 index 976c7965a2..0000000000 --- a/playbooks/galera-bootstrap.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: galera[0] - user: root - roles: - - galera_bootstrap diff --git a/playbooks/galera-config.yml b/playbooks/galera-config.yml deleted file mode 100644 index f4df6eb8b0..0000000000 --- a/playbooks/galera-config.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: galera - user: root - roles: - - container_extra_setup - - common - - common_sudoers - - container_common - - galera_common - - galera_client_cnf - - galera_config - vars_files: - - vars/repo_packages/galera.yml - - vars/config_vars/container_config_galera.yml diff --git a/playbooks/galera-install.yml b/playbooks/galera-install.yml index 41a725bee0..8dbaee5635 100644 --- a/playbooks/galera-install.yml +++ b/playbooks/galera-install.yml @@ -13,6 +13,39 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: galera-config.yml -- include: galera-startup.yml -- include: galera-post-config.yml +- name: Install galera server + hosts: galera_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Galera extra lxc config + lxc-container: + name: "{{ container_name }}" + container_command: | + [[ ! -d "/var/lib/mysql" ]] && mkdir -p "/var/lib/mysql" + container_config: + - "lxc.mount.entry=/openstack/{{ container_name }} var/lib/mysql none bind 0 0" + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - galera-mysql-dir + - name: Flush net cache + command: /usr/local/bin/lxc-system-manage flush-net-cache + delegate_to: "{{ physical_host }}" + tags: + - flush-net-cache + - name: Wait for container ssh + wait_for: + port: "22" + delay: 5 + host: "{{ ansible_ssh_host }}" + delegate_to: "{{ physical_host }}" + tags: + - galera-ssh-wait + roles: + - { role: "galera_server", tags: [ "galera-server" ] } + vars: + galera_wsrep_node_name: "{{ container_name }}" + ansible_hostname: "{{ container_name }}" + ansible_ssh_host: "{{ container_address }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/galera-remove.yml b/playbooks/galera-remove.yml deleted file mode 100644 index 97b3fcd955..0000000000 --- a/playbooks/galera-remove.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: galera - user: root - roles: - - galera_remove diff --git a/playbooks/galera-startup.yml b/playbooks/galera-startup.yml deleted file mode 100644 index a27ee6f6ff..0000000000 --- a/playbooks/galera-startup.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: galera-bootstrap.yml -- include: galera-add-node.yml diff --git a/playbooks/galera-stop.yml b/playbooks/galera-stop.yml deleted file mode 100644 index 7784d01b1a..0000000000 --- a/playbooks/galera-stop.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: galera - user: root - roles: - - galera_stop diff --git a/playbooks/glance-all.yml b/playbooks/glance-all.yml deleted file mode 100644 index 2cf01e4b93..0000000000 --- a/playbooks/glance-all.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: glance-common.yml -- include: glance-api.yml -- include: glance-registry.yml diff --git a/playbooks/glance-api.yml b/playbooks/glance-api.yml deleted file mode 100644 index 819c39846b..0000000000 --- a/playbooks/glance-api.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: glance_api[0] - user: root - roles: - - keystone_add_service - vars_files: - - vars/openstack_service_vars/glance_api_endpoint.yml - -- hosts: glance_api[0] - user: root - roles: - - glance_common - - galera_db_setup - - glance_setup - - init_script - - glance_cache_crons - vars_files: - - vars/openstack_service_vars/glance_api.yml - handlers: - - include: handlers/services.yml - - -- hosts: glance_api!:glance_api[0] - user: root - roles: - - glance_common - - init_script - - glance_cache_crons - vars_files: - - vars/openstack_service_vars/glance_api.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/glance-common.yml b/playbooks/glance-common.yml deleted file mode 100644 index 8f8889617e..0000000000 --- a/playbooks/glance-common.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: glance_all - user: root - roles: - - common - - common_sudoers - - container_common - - openstack_common - - openstack_openrc - - galera_client_cnf - vars_files: - - vars/repo_packages/glance.yml - - vars/openstack_service_vars/glance_api.yml diff --git a/playbooks/glance-registry.yml b/playbooks/glance-registry.yml deleted file mode 100644 index 226b91f98e..0000000000 --- a/playbooks/glance-registry.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This playbook deploys Glance-Registry. -- hosts: glance_registry - user: root - roles: - - glance_common - - init_script - vars_files: - - vars/openstack_service_vars/glance_registry.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/handlers/services.yml b/playbooks/handlers/services.yml deleted file mode 100644 index ad37f8679f..0000000000 --- a/playbooks/handlers/services.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Restart os service - service: name={{ item }} state=restarted pattern={{ item }} - register: service_restart - failed_when: "'msg' in service_restart and 'FAIL' in service_restart.msg|upper" - with_items: service_names - notify: Ensure os service running - -- name: Ensure os service running - service: name={{ program_name }} state=started pattern={{ program_name }} diff --git a/playbooks/handlers/swift_services.yml b/playbooks/handlers/swift_services.yml deleted file mode 100644 index d55213ff0b..0000000000 --- a/playbooks/handlers/swift_services.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Restart swift service - service: name={{ item }} state=restarted pattern={{ item }} - register: service_restart - with_items: program_names - notify: Fail if swift restart fails - -- name: Fail if swift restart fails - fail: - msg: 'Service {{ item.cmd }} Failed' - when: "'msg' in item and 'FAIL' in item.msg|upper" - with_items: service_restart.results - notify: Ensure swift service running - -- name: Ensure swift service running - service: name={{ item }} state=started pattern={{ item }} - with_items: service_names diff --git a/playbooks/haproxy-install.yml b/playbooks/haproxy-install.yml index 2068b73a91..a8095d7c88 100644 --- a/playbooks/haproxy-install.yml +++ b/playbooks/haproxy-install.yml @@ -13,12 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Setup supporting services -- hosts: haproxy_hosts +- name: Install haproxy + hosts: haproxy_hosts + max_fail_percentage: 20 user: root roles: - - common - - haproxy_common - - haproxy_service + - { role: "haproxy_server", tags: [ "haproxy-server" ] } vars_files: - - vars/config_vars/haproxy_config.yml + - vars/configs/haproxy_config.yml + vars: + is_metal: "{{ properties.is_metal|default(false) }}" \ No newline at end of file diff --git a/playbooks/heat-all.yml b/playbooks/heat-all.yml deleted file mode 100644 index 1be5716814..0000000000 --- a/playbooks/heat-all.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: heat-common.yml -- include: heat-api.yml -- include: heat-api-cfn.yml -- include: heat-api-cloudwatch.yml -- include: heat-engine.yml diff --git a/playbooks/heat-api-cloudwatch.yml b/playbooks/heat-api-cloudwatch.yml deleted file mode 100644 index 4944685db0..0000000000 --- a/playbooks/heat-api-cloudwatch.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: heat_api_cloudwatch - user: root - roles: - - heat_common - - init_script - vars_files: - - vars/openstack_service_vars/heat_api_cloudwatch.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/heat-api.yml b/playbooks/heat-api.yml deleted file mode 100644 index 2fc9273744..0000000000 --- a/playbooks/heat-api.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: heat_api[0] - user: root - roles: - - keystone_add_service - - heat_domain_user - - heat_common - - galera_db_setup - - heat_setup - - init_script - vars_files: - - vars/openstack_service_vars/heat_api.yml - - vars/openstack_service_vars/heat_api_endpoint.yml - handlers: - - include: handlers/services.yml - -- hosts: heat_api!:heat_api[0] - user: root - roles: - - heat_common - - init_script - vars_files: - - vars/openstack_service_vars/heat_api.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/heat-common.yml b/playbooks/heat-common.yml deleted file mode 100644 index 4b41117e06..0000000000 --- a/playbooks/heat-common.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: heat_all - user: root - roles: - - common - - common_sudoers - - container_common - - openstack_common - - openstack_openrc - - galera_client_cnf - vars_files: - - vars/openstack_service_vars/heat_api.yml - - vars/repo_packages/heat.yml diff --git a/playbooks/heat-engine.yml b/playbooks/heat-engine.yml deleted file mode 100644 index 75848c570b..0000000000 --- a/playbooks/heat-engine.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: heat_engine - user: root - roles: - - heat_common - - init_script - vars_files: - - vars/openstack_service_vars/heat_engine.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/horizon-all.yml b/playbooks/horizon-all.yml deleted file mode 100644 index a13aa1bd70..0000000000 --- a/playbooks/horizon-all.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: horizon-common.yml -- include: horizon-ssl.yml -- include: horizon.yml diff --git a/playbooks/horizon-common.yml b/playbooks/horizon-common.yml deleted file mode 100644 index 23ef245188..0000000000 --- a/playbooks/horizon-common.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: horizon_all - user: root - roles: - - common - - container_common - - openstack_common - - openstack_openrc - - galera_client_cnf - vars_files: - - vars/repo_packages/horizon.yml diff --git a/playbooks/horizon-ssl.yml b/playbooks/horizon-ssl.yml deleted file mode 100644 index 0550b2bc91..0000000000 --- a/playbooks/horizon-ssl.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: horizon_all[0] - user: root - roles: - - horizon_ssl - vars_files: - - vars/repo_packages/horizon.yml - -- hosts: horizon_all[0] - user: root - gather_facts: false - tasks: - - name: Distribute apache keys for cluster consumption - memcached: - name: "{{ item.name }}" - file_path: "{{ item.src }}" - state: "present" - server: "{{ hostvars[groups['memcached'][0]]['ansible_ssh_host'] }}:11211" - encrypt_string: "{{ memcached_encryption_key }}" - with_items: - - { src: "/etc/ssl/private/apache.key", name: "apache_key" } - - { src: "/etc/ssl/certs/apache.cert", name: "apache_cert" } - -- hosts: horizon_all:!horizon_all[0] - user: root - gather_facts: false - tasks: - - name: Retrieve apache keys - memcached: - name: "{{ item.name }}" - file_path: "{{ item.src }}" - state: "retrieve" - file_mode: "{{ item.file_mode }}" - dir_mode: "{{ item.dir_mode }}" - server: "{{ hostvars[groups['memcached'][0]]['ansible_ssh_host'] }}:11211" - encrypt_string: "{{ memcached_encryption_key }}" - with_items: - - { src: "/etc/ssl/private/apache.key", name: "apache_key", file_mode: "0640", dir_mode: "0750" } - - { src: "/etc/ssl/certs/apache.cert", name: "apache_cert", file_mode: "0644", dir_mode: "0755" } diff --git a/playbooks/horizon.yml b/playbooks/horizon.yml deleted file mode 100644 index 7850d2b93a..0000000000 --- a/playbooks/horizon.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: horizon_all[0] - user: root - roles: - - horizon_common - - galera_db_setup - - horizon_setup - - horizon_apache - vars_files: - - vars/openstack_service_vars/horizon.yml - - vars/repo_packages/horizon.yml - -- hosts: horizon_all:!horizon_all[0] - user: root - roles: - - horizon_common - - horizon_apache - vars_files: - - vars/openstack_service_vars/horizon.yml - - vars/repo_packages/horizon.yml diff --git a/playbooks/host-setup.yml b/playbooks/host-setup.yml deleted file mode 100644 index f3fbe4540f..0000000000 --- a/playbooks/host-setup.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: setup-common.yml -- include: build-containers.yml -- include: restart-containers.yml -- include: containers-common.yml diff --git a/playbooks/inventory/dynamic_inventory.py b/playbooks/inventory/dynamic_inventory.py index ddb90eb035..07c0377b87 100755 --- a/playbooks/inventory/dynamic_inventory.py +++ b/playbooks/inventory/dynamic_inventory.py @@ -39,10 +39,12 @@ INVENTORY_SKEL = { # Any new item added to inventory that will used as a default argument in the # inventory setup should be added to this list. REQUIRED_HOSTVARS = [ - 'is_metal', + 'properties', 'ansible_ssh_host', + 'physical_host_group', 'container_address', 'container_name', + 'container_networks', 'physical_host', 'component' ] @@ -79,6 +81,8 @@ def get_ip_address(name, ip_q): else: append_if(array=USED_IPS, item=ip_addr) return str(ip_addr) + except AttributeError: + return None except Queue.Empty: raise SystemExit( 'Cannot retrieve requested amount of IP addresses. Increase the %s' @@ -117,7 +121,7 @@ def _parse_belongs_to(key, belongs_to, inventory): def _build_container_hosts(container_affinity, container_hosts, type_and_name, inventory, host_type, container_type, container_host_type, physical_host_type, config, - is_metal, assignment): + properties, assignment): """Add in all of the host associations into inventory. This will add in all of the hosts into the inventory based on the given @@ -132,10 +136,14 @@ def _build_container_hosts(container_affinity, container_hosts, type_and_name, :param container_host_type: ``str`` Type of host :param physical_host_type: ``str`` Name of physical host group :param config: ``dict`` User defined information - :param is_metal: ``bol`` If true, a container entry will not be built + :param properties: ``dict`` Container properties :param assignment: ``str`` Name of container component target """ container_list = [] + is_metal = False + if properties: + is_metal = properties.get('is_metal', False) + for make_container in range(container_affinity): for i in container_hosts: if '%s-' % type_and_name in i: @@ -176,11 +184,12 @@ def _build_container_hosts(container_affinity, container_hosts, type_and_name, append_if(array=container_mapping, item=host_type_containers) hostvars_options.update({ - 'is_metal': is_metal, + 'properties': properties, 'ansible_ssh_host': address, 'container_address': address, 'container_name': container_host_name, 'physical_host': host_type, + 'physical_host_group': physical_host_type, 'component': assignment }) @@ -217,6 +226,11 @@ def _append_to_host_groups(inventory, container_type, assignment, host_type, iph = inventory[physical_group_type]['hosts'] iah = inventory[assignment]['hosts'] for hname, hdata in inventory['_meta']['hostvars'].iteritems(): + is_metal = False + properties = hdata.get('properties') + if properties: + is_metal = properties.get('is_metal', False) + if 'container_types' in hdata or 'container_name' in hdata: if 'container_name' not in hdata: container = hdata['container_name'] = hname @@ -230,13 +244,13 @@ def _append_to_host_groups(inventory, container_type, assignment, host_type, if container.startswith('%s-' % type_and_name): append_if(array=iah, item=container) - elif hdata.get('is_metal') is True: + elif is_metal is True: if component == assignment: append_if(array=iah, item=container) if container.startswith('%s-' % type_and_name): append_if(array=iph, item=container) - elif hdata.get('is_metal') is True: + elif is_metal is True: if container.startswith(host_type): append_if(array=iph, item=container) @@ -264,7 +278,7 @@ def _append_to_host_groups(inventory, container_type, assignment, host_type, def _add_container_hosts(assignment, config, container_name, container_type, - inventory, is_metal): + inventory, properties): """Add a given container name and type to the hosts. :param assignment: ``str`` Name of container component target @@ -272,7 +286,7 @@ def _add_container_hosts(assignment, config, container_name, container_type, :param container_name: ``str`` Name fo container :param container_type: ``str`` Type of container :param inventory: ``dict`` Living dictionary of inventory - :param is_metal: ``bol`` If true, a container entry will not be built + :param properties: ``dict`` Dict of container properties """ physical_host_type = '%s_hosts' % container_type.split('_')[0] # If the physical host type is not in config return @@ -302,9 +316,9 @@ def _add_container_hosts(assignment, config, container_name, container_type, ' 52 characters. This combination will result in a container' ' name that is longer than the maximum allowable hostname of' ' 63 characters. Before this process can continue please' - ' adjust the host entries in your "openstack_user_config.yml" to use' - ' a short hostname. The recommended hostname length is < 20' - ' characters long.' % (host_type, container_name) + ' adjust the host entries in your "openstack_user_config.yml"' + ' to use a short hostname. The recommended hostname length is' + ' < 20 characters long.' % (host_type, container_name) ) physical_host = inventory['_meta']['hostvars'][host_type] @@ -325,7 +339,7 @@ def _add_container_hosts(assignment, config, container_name, container_type, container_host_type, physical_host_type, config, - is_metal, + properties, assignment, ) @@ -348,6 +362,7 @@ def user_defined_setup(config, inventory, is_metal): :param inventory: ``dict`` Living dictionary of inventory :param is_metal: ``bol`` If true, a container entry will not be built """ + hvs = inventory['_meta']['hostvars'] for key, value in config.iteritems(): if key.endswith('hosts'): if key not in inventory: @@ -360,15 +375,23 @@ def user_defined_setup(config, inventory, is_metal): if _key not in inventory['_meta']['hostvars']: inventory['_meta']['hostvars'][_key] = {} - inventory['_meta']['hostvars'][_key].update({ + hvs[_key].update({ 'ansible_ssh_host': _value['ip'], 'container_address': _value['ip'], 'is_metal': is_metal, + 'physical_host_group': key }) + # If the entry is missing the properties key add it. + properties = hvs[_key].get('properties') + if not properties or not isinstance(properties, dict): + hvs[_key]['properties'] = dict() + + hvs[_key]['properties'].update({'is_metal': is_metal}) + if 'host_vars' in _value: for _k, _v in _value['host_vars'].items(): - inventory['_meta']['hostvars'][_key][_k] = _v + hvs[_key][_k] = _v append_if(array=USED_IPS, item=_value['ip']) append_if(array=inventory[key]['hosts'], item=_key) @@ -419,41 +442,6 @@ def skel_load(skeleton, inventory): ) -def _add_additional_networks(key, inventory, ip_q, k_name, netmask): - """Process additional ip adds and append then to hosts as needed. - - If the host is found to be "is_metal" it will be marked as "on_metal" - and will not have an additionally assigned IP address. - - :param key: ``str`` Component key name - :param inventory: ``dict`` Living dictionary of inventory - :param ip_q: ``object`` build queue of IP addresses - :param k_name: ``str`` key to use in host vars for storage - """ - base_hosts = inventory['_meta']['hostvars'] - addr_name = '%s_address' % k_name - lookup = inventory.get(key, list()) - - if 'children' in lookup and lookup['children']: - for group in lookup['children']: - _add_additional_networks(group, inventory, ip_q, k_name, netmask) - - if 'hosts' in lookup and lookup['hosts']: - for chost in lookup['hosts']: - container = base_hosts[chost] - if not container.get(addr_name): - if ip_q is None: - container[addr_name] = None - else: - container[addr_name] = get_ip_address( - name=k_name, ip_q=ip_q - ) - - netmask_name = '%s_netmask' % k_name - if netmask_name not in container: - container[netmask_name] = netmask - - def _load_optional_q(config, cidr_name): """Load optional queue with ip addresses. @@ -468,6 +456,167 @@ def _load_optional_q(config, cidr_name): return ip_q +def _add_additional_networks(key, inventory, ip_q, q_name, netmask, interface, + bridge, net_type, user_config, is_ssh_address, + is_container_address): + """Process additional ip adds and append then to hosts as needed. + + If the host is found to be "is_metal" it will be marked as "on_metal" + and will not have an additionally assigned IP address. + + :param key: ``str`` Component key name. + :param inventory: ``dict`` Living dictionary of inventory. + :param ip_q: ``object`` build queue of IP addresses. + :param q_name: ``str`` key to use in host vars for storage. + :param netmask: ``str`` netmask to use. + :param interface: ``str`` interface name to set for the network. + :param user_config: ``dict`` user defined configuration details. + :param is_ssh_address: ``bol`` set this address as ansible_ssh_host. + :param is_container_address: ``bol`` set this address to container_address. + """ + def network_entry(): + """Return a network entry for a container.""" + + # TODO(cloudnull) After a few releases this conditional should be + # simplified. The container address checking that is ssh address + # is only being done to support old inventory. + + if is_metal: + _network = dict() + else: + _network = {'interface': interface} + + if bridge: + _network['bridge'] = bridge + + if net_type: + _network['type'] = net_type + + return _network + + def return_netmask(): + """Return the netmask for a container.""" + # TODO(cloudnull) After a few releases this conditional should be + # simplified. The container address checking that is ssh address + # is only being done to support old inventory. + _old_netmask = container.get(old_netmask) + if _old_netmask: + return container.pop(old_netmask) + elif netmask: + return netmask + + base_hosts = inventory['_meta']['hostvars'] + lookup = inventory.get(key, list()) + + if 'children' in lookup and lookup['children']: + for group in lookup['children']: + _add_additional_networks( + group, + inventory, + ip_q, + q_name, + netmask, + interface, + bridge, + net_type, + user_config, + is_ssh_address, + is_container_address + ) + + # Make sure the lookup object has a value. + if lookup: + hosts = lookup.get('hosts') + if not hosts: + return + else: + return + + # TODO(cloudnull) after a few releases this should be removed. + if q_name: + old_address = '%s_address' % q_name + else: + old_address = '%s_address' % interface + old_netmask = '%s_netmask' % q_name + + for container_host in hosts: + container = base_hosts[container_host] + + # TODO(cloudnull) after a few releases this should be removed. + # This removes the old container network value that now serves purpose. + container.pop('container_network', None) + + if 'container_networks' in container: + networks = container['container_networks'] + else: + networks = container['container_networks'] = dict() + + is_metal = False + properties = container.get('properties') + if properties: + is_metal = properties.get('is_metal', False) + + ## This should convert found addresses based on q_name + "_address" + # and then build the network if its not found. + if not is_metal and old_address not in networks: + network = networks[old_address] = network_entry() + if old_address in container and container[old_address]: + network['address'] = container.pop(old_address) + elif not is_metal: + address = get_ip_address(name=q_name, ip_q=ip_q) + if address: + network['address'] = address + + network['netmask'] = return_netmask() + elif is_metal: + network = networks[old_address] = network_entry() + network['netmask'] = return_netmask() + # TODO(cloudnull) After a few releases this conditional should be + # simplified. The container address checking that is ssh address + # is only being done to support old inventory. + if old_address in container and container[old_address]: + network['address'] = container.pop(old_address) + else: + if is_ssh_address or is_container_address: + # Container physical host group + cphg = container.get('physical_host_group') + + # user_config data from the container physical host group + phg = user_config[cphg][container_host] + network['address'] = phg['ip'] + + if is_ssh_address is True: + container['ansible_ssh_host'] = networks[old_address]['address'] + + if is_container_address is True: + container['container_address'] = networks[old_address]['address'] + + +def _net_address_search(provider_networks, main_netowrk, key): + """Set the key netwokr type to the main network if not specified. + + :param provider_networks: ``list`` Network list of ``dict``s + :param main_netowrk: ``str`` The name of the main network bridge. + :param key: ``str`` The name of the key to set true. + """ + for pn in provider_networks: + # p_net are the provider_network values + p_net = pn.get('network') + if p_net: + # Check for the key + if p_net.get(key): + break + else: + for pn in provider_networks: + p_net = pn.get('network') + if p_net: + if p_net.get('container_bridge') == main_netowrk: + print p_net + p_net[key] = True + + return provider_networks + + def container_skel_load(container_skel, inventory, config): """Build out all containers as defined in the environment file. @@ -484,7 +633,7 @@ def container_skel_load(container_skel, inventory, config): key, container_type, inventory, - value.get('is_metal', False) + value.get('properties') ) else: cidr_networks = config.get('cidr_networks') @@ -499,41 +648,47 @@ def container_skel_load(container_skel, inventory, config): provider_queues['%s_netmask' % net_name] = str(net.netmask) overrides = config['global_overrides'] - mgmt_bridge = overrides['management_bridge'] - mgmt_dict = {} - if cidr_networks: - for pn in overrides['provider_networks']: - network = pn['network'] - if 'ip_from_q' in network and 'group_binds' in network: - q_name = network['ip_from_q'] - for group in network['group_binds']: - _add_additional_networks( - key=group, - inventory=inventory, - ip_q=provider_queues[q_name], - k_name=q_name, - netmask=provider_queues['%s_netmask' % q_name] - ) + # iterate over a list of provider_networks, var=pn + pns = overrides.get('provider_networks', list()) + pns = _net_address_search( + provider_networks=pns, + main_netowrk=config['global_overrides']['management_bridge'], + key='is_ssh_address' + ) - if mgmt_bridge == network['container_bridge']: - nci = network['container_interface'] - ncb = network['container_bridge'] - ncn = network.get('ip_from_q') - mgmt_dict['container_interface'] = nci - mgmt_dict['container_bridge'] = ncb - if ncn: - cidr_net = netaddr.IPNetwork(cidr_networks.get(ncn)) - mgmt_dict['container_netmask'] = str(cidr_net.netmask) + pns = _net_address_search( + provider_networks=pns, + main_netowrk=config['global_overrides']['management_bridge'], + key='is_container_address' + ) - for host, hostvars in inventory['_meta']['hostvars'].iteritems(): - base_hosts = inventory['_meta']['hostvars'][host] - if 'container_network' not in base_hosts: - base_hosts['container_network'] = mgmt_dict + for pn in pns: + # p_net are the provider_network values + p_net = pn.get('network') + if not p_net: + continue - for _key, _value in hostvars.iteritems(): - if _key == 'ansible_ssh_host' and _value is None: - ca = base_hosts['container_address'] - base_hosts['ansible_ssh_host'] = ca + q_name = p_net.get('ip_from_q') + ip_from_q = provider_queues.get(q_name) + if ip_from_q: + netmask = provider_queues['%s_netmask' % q_name] + else: + netmask = None + + for group in p_net.get('group_binds', list()): + _add_additional_networks( + key=group, + inventory=inventory, + ip_q=ip_from_q, + q_name=q_name, + netmask=netmask, + interface=p_net['container_interface'], + bridge=p_net['container_bridge'], + net_type=p_net.get('container_type'), + user_config=config, + is_ssh_address=p_net.get('is_ssh_address'), + is_container_address=p_net.get('is_container_address') + ) def file_find(pass_exception=False, user_file=None): @@ -548,7 +703,6 @@ def file_find(pass_exception=False, user_file=None): :param pass_exception: ``bol`` :param user_file: ``str`` Additional location to look in FIRST for a file """ - file_check = [ os.path.join('/etc', 'openstack_deploy'), os.path.join(os.environ.get('HOME'), 'openstack_deploy') @@ -590,15 +744,14 @@ def _set_used_ips(user_defined_config, inventory): # Find all used IP addresses and ensure that they are not used again for host_entry in inventory['_meta']['hostvars'].values(): - if 'ansible_ssh_host' in host_entry: - append_if(array=USED_IPS, item=host_entry['ansible_ssh_host']) - - for key, value in host_entry.iteritems(): - if key.endswith('address'): - append_if(array=USED_IPS, item=value) + networks = host_entry.get('container_networks', dict()) + for network_entry in networks.values(): + address = network_entry.get('address') + if address: + append_if(array=USED_IPS, item=address) -def _ensure_inventory_uptodate(inventory): +def _ensure_inventory_uptodate(inventory, container_skel): """Update inventory if needed. Inspect the current inventory and ensure that all host items have all of @@ -614,6 +767,15 @@ def _ensure_inventory_uptodate(inventory): if rh not in value: value[rh] = None + for key, value in container_skel.iteritems(): + item = inventory.get(key) + hosts = item.get('hosts') + if hosts: + for host in hosts: + container = inventory['_meta']['hostvars'][host] + if 'properties' in value: + container['properties'] = value['properties'] + def _parse_global_variables(user_cidr, inventory, user_defined_config): """Add any extra variables that may have been set in config. @@ -759,7 +921,9 @@ def main(): ) # Load existing inventory file if found - dynamic_inventory_file = os.path.join(local_path, 'openstack_inventory.json') + dynamic_inventory_file = os.path.join( + local_path, 'openstack_inventory.json' + ) if os.path.isfile(dynamic_inventory_file): with open(dynamic_inventory_file, 'rb') as f: dynamic_inventory = json.loads(f.read()) @@ -780,11 +944,17 @@ def main(): dynamic_inventory = INVENTORY_SKEL # Save the users container cidr as a group variable - if 'container' in user_defined_config.get('cidr_networks', list()): - user_cidr = user_defined_config['cidr_networks']['container'] - else: + cidr_networks = user_defined_config.get('cidr_networks') + if not cidr_networks: raise SystemExit('No container CIDR specified in user config') + if 'container' in cidr_networks: + user_cidr = cidr_networks['container'] + elif 'management' in cidr_networks: + user_cidr = cidr_networks['management'] + else: + raise SystemExit('No container or management network specified') + # Add the container_cidr into the all global ansible group_vars _parse_global_variables(user_cidr, dynamic_inventory, user_defined_config) @@ -797,7 +967,8 @@ def main(): dynamic_inventory ) skel_load( - environment.get('component_skel'), dynamic_inventory + environment.get('component_skel'), + dynamic_inventory ) container_skel_load( environment.get('container_skel'), @@ -806,10 +977,17 @@ def main(): ) # Look at inventory and ensure all entries have all required values. - _ensure_inventory_uptodate(inventory=dynamic_inventory) + _ensure_inventory_uptodate( + inventory=dynamic_inventory, + container_skel=environment.get('container_skel'), + ) # Load the inventory json - dynamic_inventory_json = json.dumps(dynamic_inventory, indent=4) + dynamic_inventory_json = json.dumps( + dynamic_inventory, + indent=4, + sort_keys=True + ) # Generate a list of all hosts and their used IP addresses hostnames_ips = {} @@ -820,7 +998,8 @@ def main(): host_hash[_key] = _value # Save a list of all hosts and their given IP addresses - with open(os.path.join(local_path, 'openstack_hostnames_ips.yml'), 'wb') as f: + hostnames_ip_file = os.path.join(local_path, 'openstack_hostnames_ips.yml') + with open(hostnames_ip_file, 'wb') as f: f.write( json.dumps( hostnames_ips, diff --git a/playbooks/inventory/group_vars/all.yml b/playbooks/inventory/group_vars/all.yml index 52cb16a334..12bcbedd2a 100644 --- a/playbooks/inventory/group_vars/all.yml +++ b/playbooks/inventory/group_vars/all.yml @@ -13,208 +13,128 @@ # See the License for the specific language governing permissions and # limitations under the License. -# The variables file used by the playbooks in the dbservers group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -# Defined required kernel. presently 3.13.0-32-generic -required_kernel: 3.13.0-34-generic - -## Container Template Config -container_template: openstack -container_release: trusty - -# Parameters on what the container will be built with -container_config: /etc/lxc/lxc-openstack.conf +## Verbosity Options +debug: False +verbose: True -## Base Ansible config for all plays -ansible_ssh_port: 22 +## Repo server +repo_service_user_name: nginx +repo_service_home_folder: /var/www +repo_server_port: 8181 +repo_pip_default_index: "http://rpc-repo.rackspace.com/pools" -## Virtual IP address -# Internal Management vip address -internal_vip_address: "{{ internal_lb_vip_address }}" - -# External DMZ VIP address -external_vip_address: "{{ external_lb_vip_address }}" - - -## URL for the frozen repo -openstack_repo_url: "https://mirror.rackspace.com/rackspaceprivatecloud" +## OpenStack Source Code Release openstack_release: master -openstack_code_name: juno +# URL for the frozen internal openstack repo. +openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}" +openstack_upstream_url: "http://rpc-repo.rackspace.com" +# Global minimum kernel requirement +openstack_host_required_kernel: 3.13.0-34-generic -## URLs for package repos -mariadb_repo_url: "http://mirror.rackspace.com/rackspaceprivatecloud/mirror/mariadb/mariadb-5.5.41/repo/ubuntu/" -elasticsearch_repo_url: "http://packages.elasticsearch.org/elasticsearch/1.2/debian" -logstash_repo_url: "http://packages.elasticsearch.org/logstash/1.4/debian" -rsyslog_repo_url: "ppa:adiscon/v8-stable" - - -## GPG Keys -gpg_keys: - - { key_name: 'mariadb', keyserver: 'hkp://keyserver.ubuntu.com:80', hash_id: '0xcbcb082a1bb943db' } - - -## Repositories -apt_common_repos: - - { repo: "deb {{ mariadb_repo_url }} {{ ansible_distribution_release }} main", state: "present" } - - -## URL for pip -get_pip_url: "{{ openstack_repo_url }}/downloads/get-pip.py" - - -## URL for the container image -container_cache_tarball: "{{ openstack_repo_url }}/downloads/rpc-trusty-container.tgz" - - -## Pinned packages -apt_pinned_packages: - - { package: "lxc", version: "1.0.7-0ubuntu0.1" } - - { package: "libvirt-bin", version: "1.2.2-0ubuntu13.1.8" } - - { package: "logstash", version: "1.4.2-1-2c0f5a1" } - - { package: "logstash-contrib", version: "1.4.2-1-efd53ef" } - - { package: "elasticsearch", version: "1.2.4" } - - -## Users that will not be created via container_common -excluded_user_create: - - mysql - - rabbitmq - - -## Kernel modules loaded on all hosts -host_kernel_modules: - - scsi_dh - - dm_multipath - - dm_snapshot - -host_kernel_tuning: - - { key: 'vm.dirty_background_ratio', value: 5 } - - { key: 'vm.dirty_ratio', value: 10 } - - { key: 'vm.swappiness', value: 10 } - - -## Base Packages -apt_common_packages: - - vlan - - python-software-properties - - python-dev - - build-essential - - git-core - - rsyslog - - lvm2 - - dmeventd - - libkmod-dev - - libkmod2 - - libssl-dev - - bridge-utils - - cgroup-lite - - sqlite3 - - iptables - - sshpass - - libffi-dev - - libxml2-dev - - libxslt1-dev - - libsqlite3-dev - - mariadb-client - - libmariadbclient-dev - - -# Util packages that are installed when repos are put in place -common_util_packages: - - curl - - wget - - time - - rsync - - -## MySQL Information -mysql_port: 3306 -mysql_user: root -mysql_password: "{{ mysql_root_password }}" -mysql_address: "{{ internal_vip_address }}" - - -## RPC Backend -rpc_thread_pool_size: 64 -rpc_conn_pool_size: 30 -rpc_response_timeout: 60 -rpc_cast_timeout: 30 -rpc_backend: rabbit +## LXC options +lxc_container_caches: + - url: "{{ openstack_upstream_url }}/container_images/rpc-trusty-container.tgz" + name: "trusty.tgz" ## RabbitMQ -rabbit_port: 5672 -rabbit_hosts: "{% for host in groups['rabbit'] %}{{ hostvars[host]['container_address'] }}:{{ rabbit_port }}{% if not loop.last %},{% endif %}{% endfor %}" -rabbit_use_ssl: false -rabbit_virtual_host: / -rabbit_retry_interval: 1 -rabbit_retry_backoff: 2 -rabbit_max_retries: 0 -rabbit_ha_queues: false -rabbit_userid: openstack -rabbit_password: "{{ rabbitmq_password }}" +rabbitmq_userid: openstack +rabbitmq_cluster_name: openstack +rabbitmq_port: 5672 +rabbitmq_servers: "{% for host in groups['rabbitmq_all'] %}{{ hostvars[host]['container_address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}" -## Auth -auth_admin_username: admin -auth_admin_password: "{{ keystone_auth_admin_password }}" -auth_admin_token: "{{ keystone_auth_admin_token }}" -auth_admin_tenant: admin -auth_identity_uri: "http://{{ internal_vip_address }}:5000/v2.0" -auth_identity_uri_v3: "http://{{ internal_vip_address }}:5000/v3" -auth_admin_uri: "http://{{ internal_vip_address }}:35357/v2.0" -auth_host: "{{ internal_vip_address }}" -auth_port: 35357 -auth_public_port: 5000 -auth_protocol: http +## Galera +galera_wsrep_cluster_address: "{% for host in groups['galera_all'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}" +galera_wsrep_address: "{{ container_address }}" +galera_monitoring_user: haproxy +galera_root_user: root +# Set ``galera_max_connections`` to override the calculated max connections. +# galera_max_connections: 500 +# Repositories -## OpenStack Region -service_region: RegionOne - - -## Container User -container_username: openstack -container_password: "{{ container_openstack_password }}" - - -## Memcached -memcached_memory: 8192 -memcached_port: 11211 -memcached_user: memcache -memcached_secret_key: "{{ memcached_encryption_key }}" - - -## Haproxy Configuration -hap_rise: 3 -hap_fall: 3 -hap_interval: 12000 - -# Default haproxy backup nodes to empty list so this doesn't have to be -# defined for each service. -hap_backup_nodes: [] - - -## Swift credentials for Swift Container image store -swift_archive_store: - creds_file: /root/swiftcreds - section: default - container: poc_lxc_containers - -## Remote logging common configuration -elasticsearch_http_port: 9200 -elasticsearch_tcp_port: 9300 -elasticsearch_mode: transport -elasticsearch_cluster: openstack -elasticsearch_vip: "{{ external_vip_address }}" +## Logstash logstash_port: 5544 -# Directory where serverspec is installed to on utility container -serverspec_install_dir: /opt/serverspec -# How long to wait for a container after a (re)start -container_start_timeout: 180 +## Pip install +# Lock down pip to only a specific version of pip +pip_get_pip_options: "--no-index --find-links={{ openstack_upstream_url }}/os-releases/{{ openstack_release }}" + + +## Memcached options +memcached_listen: "{{ container_address }}" +memcached_port: 11211 +memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}" + + +## Nova +nova_service_port: 8774 +nova_service_proto: http +nova_service_user_name: nova +nova_service_tenant_name: service +nova_service_adminuri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}" +nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s" +nova_service_region: RegionOne +nova_metadata_port: 8775 + + +## Neutron +neutron_service_port: 9696 +neutron_service_proto: http +neutron_service_user_name: neutron +neutron_service_tenant_name: service +neutron_service_adminuri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" +neutron_service_adminurl: "{{ neutron_service_adminuri }}" +neutron_service_region: RegionOne +neutron_service_program_enabled: true +neutron_service_dhcp_program_enabled: true +neutron_service_l3_program_enabled: true +neutron_service_linuxbridge_program_enabled: true +neutron_service_metadata_program_enabled: true +neutron_service_metering_program_enabled: true + + +## Glance +glance_service_port: 9292 +glance_service_proto: http +glance_service_user_name: glance +glance_service_tenant_name: service +glance_service_adminurl: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}" +glance_service_region: RegionOne +glance_api_servers: "{% for host in groups['glance_all'] %}{{ hostvars[host]['container_address'] }}:{{ glance_service_port }}{% if not loop.last %},{% endif %}{% endfor %}" + + +## Keystone +keystone_admin_user_name: admin +keystone_admin_tenant_name: admin +keystone_admin_port: 35357 +keystone_service_port: 5000 +keystone_service_proto: http +keystone_service_user_name: keystone +keystone_service_tenant_name: service +keystone_service_uri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}" +keystone_service_internaluri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}" +keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0" +keystone_service_adminuri: "{{ keystone_service_uri }}:{{ keystone_admin_port }}" +keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0" +keystone_service_internaluri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}" +keystone_service_internalurl_v3: "{{ keystone_service_adminuri_v3 }}/v3" +keystone_service_adminuri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}" +keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3" +keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}" +keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}" +keystone_service_region: RegionOne + + +## Tempest +tempest_swift_enabled: true + + +## OpenStack Openrc +openrc_os_auth_url: "{{ keystone_service_internalurl }}" +openrc_os_password: "{{ keystone_auth_admin_password }}" diff --git a/playbooks/inventory/group_vars/cinder_all.yml b/playbooks/inventory/group_vars/cinder_all.yml deleted file mode 100644 index 269feeec0f..0000000000 --- a/playbooks/inventory/group_vars/cinder_all.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Cinder-api group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Name -service_name: cinder - -# Verbosity Options -debug: False -verbose: True - -# only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB - -# (StrOpt) Method used to wipe old voumes (valid options are: none, zero, -# shred) -cinder_volume_clear: zero -# (StrOpt) The flag to pass to ionice to alter the i/o priority of the process -# used to zero a volume after deletion, for example "-c3" for idle only -# priority. -# cinder_volume_clear_ionice: -c3 -# (IntOpt) Size in MiB to wipe at start of old volumes. 0 => all -cinder_volume_clear_size: 0 - -## General configuration -## Set this in openstack_user_config.yml UNLESS you want all hosts to use the same -## Cinder backends. See the openstack_user_config example for more on how this is done. -# cinder_backends: -# lvm: -# volume_group: cinder-volumes -# driver: cinder.volume.drivers.lvm.LVMISCSIDriver -# backend_name: LVM_iSCSI - -cinder_service_port: "{{ cinder_port|default('8776') }}" - -## DB -container_mysql_user: cinder -container_mysql_password: "{{ cinder_container_mysql_password }}" -container_database: cinder - -## Cinder Auth -service_admin_tenant_name: "service" -service_admin_username: "cinder" -service_admin_password: "{{ cinder_service_password }}" - -## Cinder User / Group -system_user: cinder -system_group: cinder - -## Service Names -service_names: - - cinder-api - - cinder-scheduler - - cinder-volume - -container_directories: - - { name: /var/log/cinder, mode: 755 } - - { name: /var/lib/cinder } - - { name: /var/lib/cinder/volumes } - - { name: /etc/cinder } - - { name: /etc/cinder/rootwrap.d } - - { name: /var/cache/cinder } - - { name: /var/lock/cinder } - - { name: /var/run/cinder } diff --git a/playbooks/inventory/group_vars/cinder_volume.yml b/playbooks/inventory/group_vars/cinder_volume.yml deleted file mode 100644 index f881995a92..0000000000 --- a/playbooks/inventory/group_vars/cinder_volume.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Cinder-api group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - - -# Note, most cinder settings sare set in cinder_all, -# this file is just to override the lvm size for the volumes container. - -# The volumes container needs a larger FS as it must have tmp space for -# converting glnace imges to volumes. -# https://bugs.launchpad.net/openstack-ansible/+bug/1399427 - -# Default is 5GB (same as other containers). -# Space must be added for cinder image conversion to work. -# For example, to be able to convert 100GB images, set this to 105GB. -cinder_volume_lv_size_gb: 5GB - -# only used when the lxc vg is present on the target -container_lvm_fssize: "{{cinder_volume_lv_size_gb}}" - - diff --git a/playbooks/inventory/group_vars/galera.yml b/playbooks/inventory/group_vars/galera.yml deleted file mode 100644 index 8ba0a5531d..0000000000 --- a/playbooks/inventory/group_vars/galera.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -service_name: mysql - -# Defaults to mysql_address (VIP) when unset. -# Should only be set for the galera group so that they always connect to -# their own instance. -mysql_client_host: 127.0.0.1 - -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB - -# Size of the galera cache -galera_gcache_size: 1G - -# Connection timeout https://mariadb.com/kb/en/mariadb/documentation/optimization-and-tuning/system-variables/server-system-variables/#wait_timeout -galera_wait_timeout: 28800 - -service_pip_dependencies: - - MySQL-python - - python-memcached - - pycrypto - -# Directories to create -container_directories: - - { name: '/var/log/mysql', mode: 755 } diff --git a/playbooks/inventory/group_vars/glance_all.yml b/playbooks/inventory/group_vars/glance_all.yml deleted file mode 100644 index 15794c84c0..0000000000 --- a/playbooks/inventory/group_vars/glance_all.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Glance-api group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Name -service_name: glance - -service_publicurl: "http://{{ external_vip_address }}:9292" -service_adminurl: "http://{{ internal_vip_address }}:9292" -service_internalurl: "http://{{ internal_vip_address }}:9292" - -# Verbosity Options -debug: False -verbose: True - -# only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 12GB - -# General configuration -registry_host: "{{ internal_vip_address }}" - -## DB -container_mysql_user: glance -container_mysql_password: "{{ glance_container_mysql_password }}" -container_database: glance - -## RPC -notification_driver: "{{ glance_notification_driver|default('noop') }}" -rpc_backend: glance.openstack.common.rpc.impl_kombu - -## Backend -default_store: "{{ glance_default_store|default('file') }}" - -## Swift Options -swift_store_auth_address: "{{ glance_swift_store_auth_address | default('NoAuthAddress') }}" -swift_store_user: "{{ glance_swift_store_user | default('NoUser') }}" -swift_store_key: "{{ glance_swift_store_key | default('NoKey') }}" -swift_store_region: "{{ glance_swift_store_region | default('NoRegion') }}" -swift_store_container: "{{ glance_swift_store_container | default('NoContainer')}}" -swift_store_endpoint_type: "{{ glance_swift_store_endpoint_type | default('internalURL') }}" - -## Auth -service_admin_tenant_name: "service" -service_admin_username: "glance" -service_admin_password: "{{ glance_service_password }}" - -## Glance User / Group -system_user: glance -system_group: glance - -## Service Names -service_names: - - glance-api - - glance-registry - -flavor: "keystone+cachemanagement" - -container_directories: - - { name: /var/log/glance, mode: 755 } - - { name: /var/lib/glance } - - { name: /var/lib/glance/cache } - - { name: /var/lib/glance/cache/api } - - { name: /var/lib/glance/cache/registry } - - { name: /var/lib/glance/scrubber } - - { name: /etc/glance } - - { name: /var/cache/glance } - -container_packages: - - rsync diff --git a/playbooks/inventory/group_vars/heat_all.yml b/playbooks/inventory/group_vars/heat_all.yml deleted file mode 100644 index 96226b9008..0000000000 --- a/playbooks/inventory/group_vars/heat_all.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Heat-api group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Name -service_name: heat - -# Verbosity Options -debug: False -verbose: True - -# only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB - -## DB -container_mysql_user: heat -container_mysql_password: "{{ heat_container_mysql_password }}" -container_database: heat - -## RPC -rpc_backend: heat.openstack.common.rpc.impl_kombu - -## Auth -service_admin_tenant_name: "service" -service_admin_username: "heat" -service_admin_password: "{{ heat_service_password }}" - -## Heat User / Group -system_user: heat -system_group: heat - -## Service Names -service_names: - - heat-api - - heat-api-cfn - - heat-api-cloudwatch - - heat-engine - -## Stack -stack_domain_admin_password: "{{ heat_stack_domain_admin_password }}" -stack_domain_admin: stack_domain_admin -stack_user_domain_name: heat -deferred_auth_method: trusts - -auth_encryption_key: "{{ heat_auth_encryption_key }}" - -heat_watch_server_url: "http://{{ external_vip_address }}:8003" -heat_waitcondition_server_url: "http://{{ internal_vip_address }}:8000/v1/waitcondition" -heat_metadata_server_url: "http://{{ internal_vip_address }}:8000" - -container_directories: - - { name: /etc/heat } - - { name: /etc/heat/environment.d } - - { name: /etc/heat/templates } - - { name: /var/cache/heat } - - { name: /var/lib/heat } - - { name: /var/log/heat, mode: 755 } diff --git a/playbooks/inventory/group_vars/horizon.yml b/playbooks/inventory/group_vars/horizon.yml deleted file mode 100644 index 4b7ac51ac4..0000000000 --- a/playbooks/inventory/group_vars/horizon.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Horizon group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -# Enable containerization of services -containerize: true - -## Service Name -service_name: horizon - -# Verbosity Options -debug: False - -# only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB - - -## DB -container_mysql_user: dash -container_mysql_password: "{{ horizon_container_mysql_password }}" -container_database: dash - - -## Horizon User / Group -system_user: www-data -system_group: www-data - - -## Horizon Help URL Path -horizon_help_url: http://docs.rackspace.com/rpc/api/v9/rpc-faq-v9/content/rpc-common-front.html - - -# Installation directories -install_lib_dir: /usr/local/lib/python2.7/dist-packages - -container_directories: - - { name: /var/log/horizon, mode: 755 } - - { name: /etc/horizon } - - { name: /var/lib/horizon } - - { name: /usr/local/lib/python2.7/dist-packages/static } - - { name: /usr/local/lib/python2.7/dist-packages/openstack_dashboard/local } - -horizon_fqdn: "{{ external_vip_address }}" -horizon_server_name: "{{ container_name }}" -horizon_self_signed: true - -## Optional certification options -# horizon_cacert_pem: /path/to/cacert.pem -# horizon_ssl_cert: /etc/ssl/certs/apache.cert -# horizon_ssl_key: /etc/ssl/private/apache.key -# horizon_ssl_cert_path: /etc/ssl/certs diff --git a/playbooks/inventory/group_vars/keystone_all.yml b/playbooks/inventory/group_vars/keystone_all.yml deleted file mode 100644 index e39b5a04ac..0000000000 --- a/playbooks/inventory/group_vars/keystone_all.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Keystone-api group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Name -service_name: keystone - - -## Service ports -service_port: 5000 -admin_port: 35357 - - -## Verbosity Options -debug: False -verbose: True - -# only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB - - -## DB -container_mysql_user: keystone -container_mysql_password: "{{ keystone_container_mysql_password }}" -container_database: keystone - - -## AUTH -auth_methods: "password,token" -token_provider: "keystone.token.providers.uuid.Provider" - -# If the "token_provider" is set to PKI set this to True -keystone_use_pki: False - - -## Keystone User / Group -system_user: keystone -system_group: keystone - - -## Enable SSL -keystone_ssl: false - -## Optional SSL vars -# keystone_ssl_cert: /etc/ssl/certs/apache.cert -# keystone_ssl_key: /etc/ssl/certs/apache.key -# keystone_ssl_cert_path: /etc/ssl/certs - - -container_directories: - - { name: /etc/keystone } - - { name: /etc/keystone/ssl } - - { name: /var/lib/keystone } - - { name: /var/log/keystone, mode: 755 } - - { name: /var/www/cgi-bin/keystone, mode: 755 } diff --git a/playbooks/inventory/group_vars/neutron_all.yml b/playbooks/inventory/group_vars/neutron_all.yml deleted file mode 100644 index 0759b9d91e..0000000000 --- a/playbooks/inventory/group_vars/neutron_all.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Name -service_name: neutron - -# Verbosity Options -debug: False -verbose: True - -## only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB - -## General configuration -core_plugin: neutron.plugins.ml2.plugin.Ml2Plugin -interface_driver: neutron.agent.linux.interface.BridgeInterfaceDriver -metering_driver: neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver - -service_plugins: - - neutron.services.l3_router.l3_router_plugin.L3RouterPlugin - - neutron.services.loadbalancer.plugin.LoadBalancerPlugin - - neutron.services.vpn.plugin.VPNDriverPlugin - - neutron.services.metering.metering_plugin.MeteringPlugin - -dhcp_driver: neutron.agent.linux.dhcp.Dnsmasq -neutron_config: /etc/neutron/neutron.conf -neutron_plugin: /etc/neutron/plugins/ml2/ml2_conf.ini -neutron_revision: head - -## Neutron downtime -neutron_agent_down_time: 120 -neutron_report_interval: "{{ neutron_agent_down_time|int / 2 }}" -neutron_agent_polling_interval: 5 - -## DB -container_mysql_user: neutron -container_mysql_password: "{{ neutron_container_mysql_password }}" -container_database: neutron - -## RPC -rpc_backend: rabbit - -## Nova Auth -service_admin_tenant_name: "service" -service_admin_username: "neutron" -service_admin_password: "{{ neutron_service_password }}" - -## Nova User / Group -system_user: neutron -system_group: neutron - -## Service Names -service_names: - - neutron-agent - - neutron-dhcp-agent - - neutron-linuxbridge-agent - - neutron-metadata-agent - - neutron-metering-agent - - neutron-l3-agent - - neutron-server - -container_directories: - - { name: /etc/neutron } - - { name: /etc/neutron/plugins } - - { name: /etc/neutron/plugins/ml2 } - - { name: /etc/neutron/rootwrap.d } - - { name: /var/cache/neutron } - - { name: /var/lib/neutron, mode: 755 } - - { name: /var/lib/neutron/ha_confs } - - { name: /var/lock/neutron } - - { name: /var/log/neutron, mode: 755 } - - { name: /var/run/neutron } diff --git a/playbooks/inventory/group_vars/nova_all.yml b/playbooks/inventory/group_vars/nova_all.yml deleted file mode 100644 index 44ebbfe0e2..0000000000 --- a/playbooks/inventory/group_vars/nova_all.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Name -service_name: nova - -# Verbosity Options -debug: False -verbose: True - -# only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB - -# General configuration -volume_driver: cinder.volume.drivers.lvm.LVMISCSIDriver - -## DB -container_mysql_user: nova -container_mysql_password: "{{ nova_container_mysql_password }}" -container_database: nova - -## RPC -rpc_backend: nova.openstack.common.rpc.impl_kombu - -## Nova virtualization Type, set to KVM if supported -virt_type: "{{ nova_virt_type|default('kvm') }}" - -## Nova Auth -service_admin_tenant_name: "service" -service_admin_username: "nova" -service_admin_password: "{{ nova_service_password }}" - -## Nova User / Group -system_user: nova -system_group: nova - -## Service Names -service_names: - - nova-api-metadata - - nova-api-os-compute - - nova-api-ec2 - - nova-compute - - nova-conductor - - nova-scheduler - -## Nova global config -nova_cpu_mode: host-model -nova_linuxnet_interface_driver: nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver -nova_libvirt_vif_driver: nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver -nova_firewall_driver: nova.virt.firewall.NoopFirewallDriver -nova_compute_driver: libvirt.LibvirtDriver -nova_max_age: 0 - -# Nova Scheduler -nova_cpu_allocation_ratio: 2.0 -nova_disk_allocation_ratio: 1.0 -nova_max_instances_per_host: 50 -nova_max_io_ops_per_host: 10 -nova_ram_allocation_ratio: 1.0 -nova_ram_weight_multiplier: 5.0 -nova_reserved_host_disk_mb: 2048 -nova_reserved_host_memory_mb: 2048 -nova_scheduler_driver: nova.scheduler.filter_scheduler.FilterScheduler -nova_scheduler_available_filters: nova.scheduler.filters.all_filters -nova_scheduler_default_filters: RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,CoreFilter,DiskFilter -nova_scheduler_driver_task_period: 60 -nova_scheduler_host_manager: nova.scheduler.host_manager.HostManager -nova_scheduler_host_subset_size: 10 -nova_scheduler_manager: nova.scheduler.manager.SchedulerManager -nova_scheduler_max_attempts: 5 -nova_scheduler_weight_classes: nova.scheduler.weights.all_weighers - -container_directories: - - { name: /var/log/nova, mode: 755, skip_group: nova_compute } - - { name: /var/lib/nova, mode: 755 } - - { name: /var/lib/nova/instances, mode: 755 } - - { name: /var/lib/nova/cache } - - { name: /var/lib/nova/cache/api } - - { name: /etc/nova } - - { name: /etc/nova/rootwrap.d } - - { name: /var/cache/nova } - - { name: /var/lock/nova } - - { name: /var/run/nova } diff --git a/playbooks/inventory/group_vars/swift_all.yml b/playbooks/inventory/group_vars/swift_all.yml deleted file mode 100644 index 69500d745f..0000000000 --- a/playbooks/inventory/group_vars/swift_all.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the swift-hosts & swift-proxy groups. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -authtoken_active: True -delay_auth_decision: true - -## Service Name -service_name: swift - -# Verbosity Options -debug: False -verbose: True - -# only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB - -# Swift default ports -swift_proxy_port: "8080" -swift_object_port: "6000" -swift_container_port: "6001" -swift_account_port: "6002" - -# Swift default variables -swift_default_replication_number: 3 -swift_default_min_part_hours: 1 -swift_default_host_zone: 0 -swift_default_host_region: 1 -swift_default_drive_weight: 100 - -## DB -container_mysql_user: swift -container_mysql_password: "{{ swift_container_mysql_password }}" -container_database: swift - -## Swift Auth -service_admin_tenant_name: "service" -service_admin_username: "swift" -service_admin_password: "{{ swift_service_password }}" - -## Swift User / Group -system_user: swift -system_group: swift - -## Service Names -service_names: - - swift-object - - swift-account - - swift-container - - swift-proxy - -container_directories: - - { name: /var/lock/swift } - - { name: /var/cache/swift } - - { name: /etc/swift } - - { name: /etc/swift/rings/ } - - { name: /etc/swift/object-server } - - { name: /etc/swift/container-server } - - { name: /etc/swift/account-server } - - { name: /etc/swift/proxy-server } diff --git a/playbooks/inventory/group_vars/tempest_all.yml b/playbooks/inventory/group_vars/tempest_all.yml deleted file mode 100644 index 6a9c8bfcea..0000000000 --- a/playbooks/inventory/group_vars/tempest_all.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Glance-api group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Name -service_name: tempest - -tempest_swift_enabled: True diff --git a/playbooks/inventory/hosts b/playbooks/inventory/hosts deleted file mode 100644 index 07b5565f16..0000000000 --- a/playbooks/inventory/hosts +++ /dev/null @@ -1,2 +0,0 @@ -[local] -localhost ansible_connection=local diff --git a/playbooks/keystone-add-all-services.yml b/playbooks/keystone-add-all-services.yml deleted file mode 100644 index bb146ec33a..0000000000 --- a/playbooks/keystone-add-all-services.yml +++ /dev/null @@ -1,113 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Keystone -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/keystone_all.yml - - vars/openstack_service_vars/keystone_endpoint.yml - - -## Cinder -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/cinder_all.yml - - vars/openstack_service_vars/cinder_api_endpoint.yml - -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/cinder_all.yml - - vars/openstack_service_vars/cinder_apiv2_endpoint.yml - - -## Glance -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/glance_all.yml - - vars/openstack_service_vars/glance_api_endpoint.yml - - -## Heat -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/heat_all.yml - - vars/openstack_service_vars/heat_api_endpoint.yml - -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/heat_all.yml - - vars/openstack_service_vars/heat_api_cfn_endpoint.yml - - -## Neutron -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/neutron_all.yml - - vars/openstack_service_vars/neutron_server_endpoint.yml - - -## Nova -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_api_os_compute_endpoint.yml - -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_api_os_computev3_endpoint.yml - -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_api_ec2_endpoint.yml - -- hosts: keystone[0] - user: root - roles: - - keystone_add_service - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_api_s3_endpoint.yml diff --git a/playbooks/keystone-add-users.yml b/playbooks/keystone-add-users.yml deleted file mode 100644 index e8598de40e..0000000000 --- a/playbooks/keystone-add-users.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Add additional users to keystone if needed. -- hosts: keystone[0] - user: root - roles: - - keystone_add_user diff --git a/playbooks/keystone-all.yml b/playbooks/keystone-all.yml deleted file mode 100644 index c16fce0ae4..0000000000 --- a/playbooks/keystone-all.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: keystone-common.yml -- include: keystone.yml -- include: keystone-add-all-services.yml diff --git a/playbooks/keystone-common.yml b/playbooks/keystone-common.yml deleted file mode 100644 index 94ad7a397c..0000000000 --- a/playbooks/keystone-common.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: keystone - user: root - roles: - - common - - common_sudoers - - container_common - - keystone_common - - openstack_common - - openstack_openrc - - galera_client_cnf - vars_files: - - vars/repo_packages/keystone.yml - - vars/openstack_service_vars/keystone.yml diff --git a/playbooks/keystone-local-keys.yml b/playbooks/keystone-local-keys.yml deleted file mode 100644 index 2e1138a509..0000000000 --- a/playbooks/keystone-local-keys.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Setup Keystone -- hosts: keystone[0] - user: root - tasks: - - name: Perform a Keystone PKI Setup - command: > - keystone-manage pki_setup --keystone-user "{{ system_user }}" --keystone-group "{{ system_group }}" - creates=/etc/keystone/ssl/private/signing_key.pem - - name: Create Key directory - file: > - path=/tmp/keystone/ssl/ - state=directory - group="{{ ansible_ssh_user }}" - owner="{{ ansible_ssh_user }}" - recurse=true - delegate_to: localhost - - name: Sync keys from keystone - command: "rsync -az root@{{ ansible_ssh_host }}:/etc/keystone/ssl/ /tmp/keystone/ssl/" - delegate_to: localhost - -# Setup all keystone nodes -- hosts: keystone:!keystone[0] - user: root - tasks: - - name: Sync keys to keystone - command: "rsync -az /tmp/keystone/ssl/ root@{{ ansible_ssh_host }}:/etc/keystone/ssl/" - delegate_to: localhost - -# Remove temp Key Directory -- hosts: local - gather_facts: false - user: root - tasks: - - name: Remove Key directory - file: > - path=/tmp/keystone/ - state=absent - delegate_to: localhost diff --git a/playbooks/keystone.yml b/playbooks/keystone.yml deleted file mode 100644 index 3402cfde39..0000000000 --- a/playbooks/keystone.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Setup Keystone -- hosts: keystone[0] - user: root - roles: - - galera_db_setup - - keystone_apache - - keystone_setup - - keystone_add_service - vars: - auth_admin_uri: "{{ auth_protocol }}://{{ container_address }}:{{ auth_port }}/v2.0" - vars_files: - - vars/repo_packages/keystone.yml - - vars/openstack_service_vars/keystone.yml - - vars/openstack_service_vars/keystone_endpoint.yml - -# Setup all keystone nodes -- hosts: keystone:!keystone[0] - user: root - roles: - - keystone_apache - vars_files: - - vars/repo_packages/keystone.yml - - vars/openstack_service_vars/keystone.yml diff --git a/playbooks/kibana-install.yml b/playbooks/kibana-install.yml deleted file mode 100644 index 8cad2f8241..0000000000 --- a/playbooks/kibana-install.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Setup supporting services -- hosts: kibana - user: root - roles: - - common - - container_common - - kibana - vars_files: - - vars/repo_packages/kibana.yml diff --git a/playbooks/library/dist_sort b/playbooks/library/dist_sort new file mode 100644 index 0000000000..71cd48a4e8 --- /dev/null +++ b/playbooks/library/dist_sort @@ -0,0 +1,168 @@ +#!/usr/bin/env python +# (c) 2014, Kevin Carter +# +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +DOCUMENTATION = """ +--- +module: dist_sort +version_added: "1.6.6" +short_description: + - Deterministically sort a list to distribute the elements in the list + evenly. Based on external values such as host or static modifier. Returns + a string as named key ``sorted_list``. +description: + - This module returns a list of servers uniquely sorted based on a index + from a look up value location within a group. The group should be an + existing ansible inventory group. This will module returns the sorted + list as a delimited string. +options: + src_list: + description: + - list in the form of a string separated by a delimiter. + required: True + ref_list: + description: + - list to lookup value_to_lookup against to return index number + This should be a pre-determined ansible group containing the + ``value_to_lookup``. + required: False + value_to_lookup: + description: + - value is looked up against ref_list to get index number. + required: False + sort_modifier: + description: + - add a static int into the sort equation to weight the output. + type: int + default: 0 + delimiter: + description: + - delimiter used to parse ``src_list`` with. + default: ',' +author: + - Kevin Carter + - Sam Yaple +""" + +EXAMPLES = """ +- dist_sort: + value_to_lookup: "Hostname-in-ansible-group_name" + ref_list: "{{ groups['group_name'] }}" + src_list: "Server1,Server2,Server3" + register: test_var + +# With a pre-set delimiter +- dist_sort: + value_to_lookup: "Hostname-in-ansible-group_name" + ref_list: "{{ groups['group_name'] }}" + src_list: "Server1|Server2|Server3" + delimiter: '|' + register: test_var + +# With a set modifier +- dist_sort: + value_to_lookup: "Hostname-in-ansible-group_name" + ref_list: "{{ groups['group_name'] }}" + src_list: "Server1#Server2#Server3" + delimiter: '#' + sort_modifier: 5 + register: test_var +""" + + +class DistSort(object): + def __init__(self, module): + """Deterministically sort a list of servers. + + :param module: The active ansible module. + :type module: ``class`` + """ + self.module = module + self.params = self.module.params + self.return_data = self._runner() + + def _runner(self): + """Return the sorted list of servers. + + Based on the modulo of index of a *value_to_lookup* from an ansible + group this function will return a comma "delimiter" separated list of + items. + + :returns: ``str`` + """ + index = self.params['ref_list'].index(self.params['value_to_lookup']) + index += self.params['sort_modifier'] + src_list = self.params['src_list'].split( + self.params['delimiter'] + ) + + for _ in range(index % len(src_list)): + src_list.append(src_list.pop(0)) + else: + return self.params['delimiter'].join(src_list) + + +def main(): + """Run the main app.""" + module = AnsibleModule( + argument_spec=dict( + value_to_lookup=dict( + required=True, + type='str' + ), + ref_list=dict( + required=True, + type='list' + ), + src_list=dict( + required=True, + type='str' + ), + delimiter=dict( + required=False, + type='str', + default=',' + ), + sort_modifier=dict( + required=False, + type='str', + default='0' + ) + ), + supports_check_mode=False + ) + try: + # This is done so that the failure can be parsed and does not cause + # ansible to fail if a non-int is passed. + module.params['sort_modifier'] = int(module.params['sort_modifier']) + + _ds = DistSort(module=module) + if _ds.return_data == module.params['src_list']: + _changed = False + else: + _changed = True + + module.exit_json(changed=_changed, **{'sorted_list': _ds.return_data}) + except Exception as exp: + resp = {'stderr': str(exp)} + resp.update(module.params) + module.fail_json(msg='Failed Process', **resp) + +# import module snippets +from ansible.module_utils.basic import * +if __name__ == '__main__': + main() diff --git a/playbooks/library/glance b/playbooks/library/glance index 5dc0e11181..1a5b2b3394 100644 --- a/playbooks/library/glance +++ b/playbooks/library/glance @@ -174,4 +174,3 @@ def main(): from ansible.module_utils.basic import * if __name__ == '__main__': main() - diff --git a/playbooks/library/keystone b/playbooks/library/keystone index 6c38c2ae54..541db810cc 100644 --- a/playbooks/library/keystone +++ b/playbooks/library/keystone @@ -1,22 +1,19 @@ #!/usr/bin/python -# -*- coding: utf-8 -*- - # (c) 2014, Kevin Carter # -# This file is part of Ansible +# Copyright 2014, Rackspace US, Inc. # -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# http://www.apache.org/licenses/LICENSE-2.0 # -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # Based on Jimmy Tang's implementation @@ -130,76 +127,76 @@ author: Kevin Carter EXAMPLES = """ # Create an admin tenant -- keystone: > - command=ensure_tenant - tenant_name=admin - description="Admin Tenant" +- keystone: + command: "ensure_tenant" + tenant_name: "admin" + description: "Admin Tenant" # Create a service tenant -- keystone: > - command=ensure_tenant - tenant_name=service - description="Service Tenant" +- keystone: + command: "ensure_tenant" + tenant_name: "service" + description: "Service Tenant" # Create an admin user -- keystone: > - command=ensure_user - user_name=admin - tenant_name=admin - password=secrete - email="admin@some-domain.com" +- keystone: + command: "ensure_user" + user_name: "admin" + tenant_name: "admin" + password: "secrete" + email: "admin@some-domain.com" # Create an admin role -- keystone: > - command=ensure_role - role_name=admin +- keystone: + command: "ensure_role" + role_name: "admin" # Create a user -- keystone: > - command=ensure_user - user_name=glance - tenant_name=service - password=secrete - email="glance@some-domain.com" +- keystone: + command: "ensure_user" + user_name: "glance" + tenant_name: "service" + password: "secrete" + email: "glance@some-domain.com" # Add a role to a user -- keystone: > - command=ensure_user_role - user_name=glance - tenant_name=service - role_name=admin +- keystone: + command: "ensure_user_role" + user_name: "glance" + tenant_name: "service" + role_name: "admin" # Create a service -- keystone: > - command=ensure_service - service_name=glance - service_type=image - description="Glance Image Service" +- keystone: + command: "ensure_service" + service_name: "glance" + service_type: "image" + description: "Glance Image Service" # Create an endpoint -- keystone: > - command=ensure_endpoint - region_name=RegionOne - service_name=glance - service_type=image - publicurl=http://127.0.0.1:9292 - adminurl=http://127.0.0.1:9292 - internalurl=http://127.0.0.1:9292 +- keystone: + command: "ensure_endpoint" + region_name: "RegionOne" + service_name: "glance" + service_type: "image" + publicurl: "http://127.0.0.1:9292" + adminurl: "http://127.0.0.1:9292" + internalurl: "http://127.0.0.1:9292" # Get tenant id -- keystone: > - command=get_tenant - tenant_name=admin +- keystone: + command: "get_tenant" + tenant_name: "admin" # Get user id -- keystone: > - command=get_user - user_name=admin +- keystone: + command: "get_user" + user_name: "admin" # Get role id -- keystone: > - command=get_role - user_name=admin +- keystone: + command: "get_role" + user_name: "admin" """ diff --git a/playbooks/library/lxc b/playbooks/library/lxc deleted file mode 100644 index f1b3a56b79..0000000000 --- a/playbooks/library/lxc +++ /dev/null @@ -1,1604 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# (c) 2014, Kevin Carter -# (c) 2014, Hugh Saunders -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - - -import ast -import os -import shutil -import tempfile -import time - - -DOCUMENTATION = """ ---- -module: lxc -version_added: "1.6.2" -short_description: Manage LXC Containers -description: - - Management of LXC containers -options: - name: - description: - - Name of a container. - required: false - return_code: - description: - - Allow for return Codes other than 0 when executing commands. - This is a comma separated list of acceptable return codes. - default: 0 - backingstore: - description: - - Options 'dir', 'lvm', 'loop', 'btrfs', 'best'. The default is - 'none'. - required: false - template: - description: - - Name of the template to use within an LXC create. - required: false - default: ubuntu - template_options: - description: - - Template options when building the container. - required: false - config: - description: - - Path to the LXC configuration file. - required: false - default: /etc/lxc/default.conf - bdev: - description: - - Backend device for use with an LXC container. - required: false - lvname: - description: - - Backend store for lvm. - required: false - vgname: - description: - - If Backend store is lvm, specify the name of the volume group. - required: false - thinpool: - description: - - Use LVM thin pool called TP (Default lxc). - required: false - fstype: - description: - - Create fstype TYPE (Default ext3). - required: false - fssize: - description: - - Filesystem Size (Default 1G, default unit 1M). - required: false - dir: - description: - - Place rootfs directory under DIR. - required: false - zfsroot: - description: - - Create zfs under given zfsroot (Default tank/lxc). - required: false - container_command: - description: - - Run a command in a container. Only used in the "attach" operation. - required: false - return_facts: - description: - - Return stdout after an attach command. Only used in the "attach" - operation. - required: false - default: false - lxcpath: - description: - - Place container under PATH - required: false - snapshot: - description: - - The new container's rootfs should be a LVM or btrfs snapshot of - the original. Only used in "clone" operation. - required: false - keepname: - description: - - Do not change the hostname of the container (in the root - filesystem). Only used in "clone" operation. - required: false - newpath: - description: - - The lxcpath for the new container. Only used in "clone" operation. - required: false - orig: - description: - - The name of the original container to clone. Only used in "clone" - operation. - required: false - new: - description: - - The name of the new container to create. Only used in "clone" - operation. - required: false - state: - choices: - - running - - stopped - description: - - Start a container right after it's created. - required: false - default: 'running' - options: - description: - - Dictionary of options to use in a containers configuration. Only - used in "config" operation. When dropping additional configuration - options the values are strings IE "key=value", see example section - for more details. - required: false - command: - choices: - - list - - create - - destroy - - info - - attach - - start - - stop - - restart - - config - - createtar - - clone - description: - - Type of command to run, see Examples. - required: true -author: Kevin Carter, Hugh Saunders -requirements: ['lxc >= 1.0'] -""" - -EXAMPLES = """ -# Create a new LXC container. -- lxc: name=test-container - template=ubuntu - config=/etc/lxc/lxc-openstack.conf - command=create - state=running - -# Create tar archive from Container this is a bzip2 compressed archive -- lxc: name="{{ container_name }}" - command=createtar - tarpath="/tmp/{{ container_name }}" - -# Run a command within a built and started container. -- lxc: name=test-container - container_command="git clone https://github.com/cloudnull/lxc_defiant" - command=attach - -# List all containers and return a dict of all found information -- lxc: command=list - -# Get information on a given container. -- lxc: name=test-container - command=info - -# Stop a container. -- lxc: name=test-container - command=stop - -# Start a container. -- lxc: name=test-container - command=start - -# Restart a container. -- lxc: name=test-container - command=restart - -# Update the configuration for a container. -# Uses a list of "key=value" pairs. -container_config_options: - - 'cpuset.cpus="0,3"' - - 'lxc.cgroup.devices.allow="a rmw"' - -- lxc: name=test-container - command=config - options="{{ container_config_options }}" - -# Clone a container. -- lxc: orig=test-container - new=test-container-new - command=clone - state=running - -# Destroy a container. -- lxc: name=test-container - command=destroy -""" - - -COMMAND_MAP = { - 'list': { - 'command': 'container_list', - 'variables': [ - 'lxcpath' - ], - }, - 'create': { - 'command': 'container_create', - 'variables': [ - 'name', - 'config', - 'template', - 'bdev', - 'template', - 'lxcpath', - 'lvname', - 'vgname', - 'thinpool', - 'fstype', - 'fssize', - 'dir', - 'zfsroot', - 'template_options', - 'state' - ] - }, - 'destroy': { - 'command': 'container_destroy', - 'variables': [ - 'name', - 'lxcpath' - ], - }, - 'clone': { - 'command': 'container_clone', - 'variables': [ - 'keepname', - 'snapshot', - 'fssize', - 'lxcpath', - 'newpath', - 'backingstore', - 'orig', - 'new', - 'state' - ] - }, - 'info': { - 'command': 'container_info', - 'variables': [ - 'name', - 'lxcpath' - ], - }, - 'attach': { - 'command': 'container_attach', - 'variables': [ - 'name', - 'lxcpath', - 'container_command', - 'return_facts' - ], - }, - 'start': { - 'command': 'container_start', - 'variables': [ - 'name', - 'lxcpath' - ], - }, - 'stop': { - 'command': 'container_stop', - 'variables': [ - 'name', - 'lxcpath' - ], - }, - 'restart': { - 'command': 'container_restart', - 'variables': [ - 'name', - 'lxcpath' - ], - }, - 'config': { - 'command': 'container_config', - 'variables': [ - 'name', - 'lxcpath', - 'options', - 'state' - ], - }, - 'createtar': { - 'command': 'container_create_tar', - 'variables': [ - 'name', - 'lxcpath', - 'tarpath' - ], - } -} - - -# This is used to attach to a running container and execute commands from -# within the container on the host. This will provide local access to a -# container without using SSH. The template will attempt to work within the -# home directory of the user that was attached to the conatiner and source -# that users environment variables by default. -ATTACH_TEMPLATE = """ -%(command)s < greater than [ %s ] on volume group' - ' [ %s ]' % (snapshot_size_gb, free_space, vg) - ) - self.failure( - error='Not enough space to create snapshot', - rc=2, - msg=message - ) - - # Create LVM Snapshot - build_command = [ - self.module.get_bin_path('lvcreate', True), - "-n", - snapshot_name, - "-s", - os.path.join(vg, source_lv), - "-L%sg" % snapshot_size_gb - ] - rc, stdout, err = self._run_command(build_command) - if rc not in self.rc: - msg = ( - 'Failed to Create LVM snapshot %(vg)s/%(source_lv)s' - ' --> %(snapshot_name)s' - % {'vg': vg, - 'source_lv': source_lv, - 'snapshot_name': snapshot_name} - ) - self.failure(err, rc, msg) - - def _lvm_lv_remove(self, name): - vg = self._get_lxc_vg() - # Create LVM Snapshot - build_command = [ - self.module.get_bin_path('lvremove', True), - "-f", - "%(vg)s/%(name)s" % dict(vg=vg, name=name), - ] - rc, stdout, err = self._run_command(build_command) - if rc not in self.rc: - msg = ("Failed to remove LVM LV %(vg)s/%(name)s " - % {'vg': vg, - 'name': name}) - self.failure(err, rc, msg) - - def _lvm_lv_mount(self, lv_name, mount_point): - # mount an lv - vg = self._get_lxc_vg() - build_command = [ - self.module.get_bin_path('mount', True), - "/dev/%(vg)s/%(lv_name)s" % dict(vg=vg, lv_name=lv_name), - mount_point, - ] - rc, stdout, err = self._run_command(build_command) - if rc not in self.rc: - msg = ("failed to mountlvm lv %(vg)s/%(lv_name)s to %(mp)s" - % {'vg': vg, - 'lv_name': lv_name, - 'mp': mount_point}) - self.failure(err, rc, msg) - - def _unmount(self, mount_point): - # Unmount a file system - build_command = [ - self.module.get_bin_path('umount', True), - mount_point, - ] - rc, stdout, err = self._run_command(build_command) - if rc not in self.rc: - msg = ("failed to unmount %(mp)s" % {'mp': mount_point}) - self.failure(err, rc, msg) - - def _create_tar(self, source_dir, archive_name): - """Create an archive of a given ``source_dir`` to ``output_path``. - - :param source_dir: ``str`` Path to the directory to be archived. - :param archive_name: ``str`` Name of the archive file. - """ - # remove trailing / if present. - output_path = archive_name.rstrip(os.sep) - if not output_path.endswith('tar.bz2'): - output_path = '%s.tar.bz2' % output_path - - source_path = os.path.expanduser(source_dir) - build_command = [ - self.module.get_bin_path('tar', True), - '--directory=%s' % source_path, - '-cjf', - output_path, - '.' - ] - - rc, stdout, err = self._run_command( - build_command=build_command, unsafe_shell=True - ) - - if rc not in self.rc: - msg = "failed to create tar archive [ %s ]" % build_command - self.failure(err, rc, msg) - - return output_path - - @staticmethod - def _roundup(num): - """Return a rounded floating point number. - - :param num: ``float`` Number to round up. - """ - num, part = str(num).split('.') - num = int(num) - if int(part) != 0: - num += 1 - return num - - def _container_create_tar(self, variables): - """Create a tar archive from an LXC container. - - The process is as follows: - * Freeze the container (pause processes) - * Create temporary dir - * Copy container config to tmpdir/ - * Unfreeze the container - * If LVM backed: - * Create LVM snapshot of LV backing the container - * Mount the snapshot to tmpdir/rootfs - * Create tar of tmpdir - * Clean up - - :param variables: ``list`` List of all variables that are available to - use within the LXC Command - """ - required_vars = ['name', 'tarpath'] - variables_dict = self._get_vars(variables, required=required_vars) - name = variables_dict.pop('name') - - lxc_config_path = self._load_lxcpath(variables_dict) - - config_file, options = self._load_config(lxc_config_path, name) - lxc_rootfs = [i for i in options if i.startswith('lxc.rootfs')] - if lxc_rootfs: - root_path = [i.strip() for i in lxc_rootfs[0].split('=')][1] - else: - message = ( - 'Check the config file for container [ %s ] @ [ %s ]' - % (name, config_file) - ) - return self.failure( - error='No rootfs entry found in config.', - rc=2, - msg=message - ) - - # Create a temp dir - temp_dir = tempfile.mkdtemp() - - # Set the name of the working dir, temp + container_name - work_dir = os.path.join(temp_dir, name) - - # Set the path to the container data - container_path = os.path.join(lxc_config_path, name) - - # Get current container info - container_data = self._get_container_info( - name=name, variables_dict=variables_dict - ) - - # set current state - state = container_data.get('state') - - # Ensure the original container is stopped or frozen - if state not in ['stopped', 'frozen']: - # Freeze Container - self._ensure_state( - state='frozen', name=name, variables_dict=variables_dict - ) - - # Prepare tmp dir - build_command = [ - self.module.get_bin_path('rsync', True), - '-aHAX', - container_path, - temp_dir - ] - rc, stdout, err = self._run_command(build_command, unsafe_shell=True) - if rc not in self.rc: - self.failure(err, rc, msg='failed to perform backup') - - mount_point = os.path.join(work_dir, 'rootfs') - if not os.path.exists(mount_point): - os.makedirs(mount_point) - - # Restore original state of container - self._ensure_state( - state=state, name=name, variables_dict=variables_dict - ) - - # Test if the containers rootfs is a block device - block_backed = root_path.startswith(os.path.join(os.sep, 'dev')) - snapshot_name = '%s_ansible_snapshot' % name - - if block_backed: - if snapshot_name not in self._lvm_lv_list(): - # Take snapshot - size, measurement = self._get_lv_size(name=name) - self._lvm_snapshot_create( - source_lv=name, - snapshot_name=snapshot_name, - snapshot_size_gb=self._roundup(num=size) - ) - - # Mount snapshot - self._lvm_lv_mount( - lv_name=snapshot_name, mount_point=mount_point - ) - - try: - # Create Tar - archive_file = self._create_tar( - source_dir=work_dir, archive_name=variables_dict['tarpath'] - ) - except Exception as exp: - self.failure(error=exp, rc=2, msg='Failed to create the archive') - else: - # Set the state as changed and set a new fact - self.state_change = True - archive_fact = { - name: { - 'archive': archive_file - } - } - return self._lxc_facts(facts=archive_fact) - finally: - if block_backed: - # unmount snapshot - self._unmount(mount_point) - - # Remove snapshot - self._lvm_lv_remove(snapshot_name) - - # Remove tmpdir - shutil.rmtree(os.path.dirname(work_dir)) - - -def main(): - """Ansible Main module.""" - module = AnsibleModule( - argument_spec=dict( - name=dict( - type='str' - ), - return_code=dict( - type='str', - default='0' - ), - template=dict( - type='str', - default='ubuntu' - ), - backingstore=dict( - type='str' - ), - template_options=dict( - type='str' - ), - config=dict( - type='str', - default='/etc/lxc/default.conf' - ), - bdev=dict( - type='str' - ), - lvname=dict( - type='str' - ), - vgname=dict( - type='str' - ), - thinpool=dict( - type='str' - ), - fstype=dict( - type='str' - ), - fssize=dict( - type='str' - ), - dir=dict( - type='str' - ), - zfsroot=dict( - type='str' - ), - lxcpath=dict( - type='str' - ), - keepname=dict( - choices=BOOLEANS, - default='false' - ), - snapshot=dict( - choices=BOOLEANS, - default='false' - ), - newpath=dict( - type='str' - ), - orig=dict( - type='str' - ), - new=dict( - type='str' - ), - state=dict( - choices=[ - 'running', - 'stopped' - ], - default='running' - ), - command=dict( - required=True, - choices=COMMAND_MAP.keys() - ), - container_command=dict( - type='str' - ), - options=dict( - type='str' - ), - return_facts=dict( - choices=BOOLEANS, - default=False - ), - tarpath=dict( - type='str' - ) - ), - supports_check_mode=False, - ) - - return_code = module.params.get('return_code', '').split(',') - module.params['return_code'] = return_code - - lm = LxcManagement(module=module) - lm.command_router() - - -# import module bits -from ansible.module_utils.basic import * -main() diff --git a/playbooks/library/lxc-container b/playbooks/library/lxc-container new file mode 100755 index 0000000000..86b3d756b7 --- /dev/null +++ b/playbooks/library/lxc-container @@ -0,0 +1,1481 @@ +#!/usr/bin/python +# (c) 2014, Kevin Carter +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + + +# This module has been PR'd against upstream ansible. Please review the module +# here: https://github.com/ansible/ansible-modules-extras/pull/123 + + +DOCUMENTATION = """ +--- +module: lxc-container +short_description: Manage LXC Containers +version_added: 1.8.0 +description: + - Management of LXC containers +author: Kevin Carter +options: + name: + description: + - Name of a container. + required: true + backing_store: + choices: + - dir + - lvm + - loop + - btrfs + description: + - Backend storage type for the container. + required: false + default: dir + template: + description: + - Name of the template to use within an LXC create. + required: false + default: ubuntu + template_options: + description: + - Template options when building the container. + required: false + config: + description: + - Path to the LXC configuration file. + required: false + default: /etc/lxc/default.conf + lv_name: + description: + - Name of the logical volume, defaults to the container name. + default: $CONTAINER_NAME + required: false + vg_name: + description: + - If Backend store is lvm, specify the name of the volume group. + default: lxc + required: false + thinpool: + description: + - Use LVM thin pool called TP. + required: false + fs_type: + description: + - Create fstype TYPE. + default: ext4 + required: false + fs_size: + description: + - File system Size. + default: 5G + required: false + directory: + description: + - Place rootfs directory under DIR. + required: false + zfs_root: + description: + - Create zfs under given zfsroot. + required: false + container_command: + description: + - Run a command within a container. + required: false + lxc_path: + description: + - Place container under PATH + required: false + container_log: + choices: + - true + - false + description: + - Enable a container log for host actions to the container. + default: false + container_log_level: + choices: + - INFO + - ERROR + - DEBUG + description: + - Set the log level for a container where *container_log* was set. + required: false + default: INFO + archive: + choices: + - true + - false + description: + - Create an archive of a container. This will create a tarball of the + running container. + default: false + archive_path: + description: + - Path the save the archived container. If the path does not exist + the archive method will attempt to create it. + default: /tmp + archive_compression: + choices: + - gzip + - bzip2 + - none + description: + - Type of compression to use when creating an archive of a running + container. + default: gzip + state: + choices: + - started + - stopped + - restarted + - absent + - frozen + description: + - Start a container right after it's created. + required: false + default: started + container_config: + description: + - list of 'key=value' options to use when configuring a container. + required: false +requirements: ['lxc >= 1.0', 'python2-lxc >= 0.1'] +notes: + - Containers must have a unique name. If you attempt to create a container + with a name that already exists in the users namespace the module will + simply return as "unchanged". + - The "container_command" can be used with any state except "absent". If + used with state "stopped" the container will be "started", the command + executed, and then the container "stopped" again. Likewise if the state + is "stopped" and the container does not exist it will be first created, + "started", the command executed, and then "stopped". If you use a "|" + in the variable you can use common script formatting within the variable + iteself The "container_command" option will always execute as BASH. + When using "container_command" a log file is created in the /tmp/ directory + which contains both stdout and stderr of any command executed. + - If "archive" is **true** the system will attempt to create a compressed + tarball of the running container. The "archive" option supports LVM backed + containers and will create a snapshot of the running container when + creating the archive. + - If your distro does not have a package for "python2-lxc", which is a + requirement for this module, it can be installed from source at + "https://github.com/lxc/python2-lxc" +""" + +EXAMPLES = """ +- name: Create a started container + lxc-container: + name: test-container-started + container_log: true + template: ubuntu + state: started + template_options: --release trusty + +- name: Create a stopped container + lxc-container: + name: test-container-stopped + container_log: true + template: ubuntu + state: stopped + template_options: --release trusty + +- name: Create a frozen container + lxc-container: + name: test-container-frozen + container_log: true + template: ubuntu + state: frozen + template_options: --release trusty + container_command: | + echo 'hello world.' | tee /opt/started-frozen + +# Create filesystem container, configure it, and archive it, and start it. +- name: Create filesystem container + lxc-container: + name: test-container-config + container_log: true + template: ubuntu + state: started + archive: true + archive_compression: none + container_config: + - "lxc.aa_profile=unconfined" + - "lxc.cgroup.devices.allow=a *:* rmw" + template_options: --release trusty + +# Create an lvm container, run a complex command in it, add additional +# configuration to it, create an archive of it, and finally leave the container +# in a frozen state. The container archive will be compressed using bzip2 +- name: Create an lvm container + lxc-container: + name: test-container-lvm + container_log: true + template: ubuntu + state: frozen + backing_store: lvm + template_options: --release trusty + container_command: | + apt-get update + apt-get install -y vim lxc-dev + echo 'hello world.' | tee /opt/started + if [[ -f "/opt/started" ]]; then + echo 'hello world.' | tee /opt/found-started + fi + container_config: + - "lxc.aa_profile=unconfined" + - "lxc.cgroup.devices.allow=a *:* rmw" + archive: true + archive_compression: bzip2 + register: lvm_container_info + +- name: Debug info on container "test-container-lvm" + debug: var=lvm_container_info + +- name: Get information on a given container. + lxc-container: + name: test-container-config + register: config_container_info + +- name: debug info on container "test-container" + debug: var=config_container_info + +- name: Run a command in a container and ensure its in a "stopped" state. + lxc-container: + name: test-container-started + state: stopped + container_command: | + echo 'hello world.' | tee /opt/stopped + +- name: Run a command in a container and ensure its it in a "frozen" state. + lxc-container: + name: test-container-stopped + state: frozen + container_command: | + echo 'hello world.' | tee /opt/frozen + +- name: Start a container. + lxc-container: + name: test-container-stopped + state: started + +- name: Run a command in a container and then restart it. + lxc-container: + name: test-container-started + state: restarted + container_command: | + echo 'hello world.' | tee /opt/restarted + +- name: Run a complex command within a "running" container. + lxc-container: + name: test-container-started + container_command: | + apt-get update + apt-get install -y curl wget vim apache2 + echo 'hello world.' | tee /opt/started + if [[ -f "/opt/started" ]]; then + echo 'hello world.' | tee /opt/found-started + fi + +# Create an archive of an existing container, save the archive to a defined +# path and then destroy it. +- name: Archive container + lxc-container: + name: test-container-started + state: absent + archive: true + archive_path: /opt/archives + +- name: Destroy a container. + lxc-container: + name: "{{ item }}" + state: absent + with_items: + - test-container-stopped + - test-container-started + - test-container-frozen + - test-container-lvm + - test-container-config +""" + + +try: + import lxc +except ImportError: + msg = 'The lxc module is not importable. Check the requirements.' + print("failed=True msg='%s'" % msg) + raise SystemExit(msg) + + +# LXC_COMPRESSION_MAP is a map of available compression types when creating +# an archive of a container. +LXC_COMPRESSION_MAP = { + 'gzip': { + 'extension': 'tar.tgz', + 'argument': '-czf' + }, + 'bzip2': { + 'extension': 'tar.bz2', + 'argument': '-cjf' + }, + 'none': { + 'extension': 'tar', + 'argument': '-cf' + } +} + + +# LXC_COMMAND_MAP is a map of variables that are available to a method based +# on the state the container is in. +LXC_COMMAND_MAP = { + 'create': { + 'variables': { + 'config': '--config', + 'template': '--template', + 'backing_store': '--bdev', + 'lxc_path': '--lxcpath', + 'lv_name': '--lvname', + 'vg_name': '--vgname', + 'thinpool': '--thinpool', + 'fs_type': '--fstype', + 'fs_size': '--fssize', + 'directory': '--dir', + 'zfs_root': '--zfsroot' + } + } +} + + +# LXC_BACKING_STORE is a map of available storage backends and options that +# are incompatible with the given storage backend. +LXC_BACKING_STORE = { + 'dir': [ + 'lv_name', 'vg_name', 'fs_type', 'fs_size', 'thinpool' + ], + 'lvm': [ + 'zfs_root' + ], + 'btrfs': [ + 'lv_name', 'vg_name', 'thinpool', 'zfs_root' + ], + 'loop': [ + 'lv_name', 'vg_name', 'thinpool', 'zfs_root' + ] +} + + +# LXC_LOGGING_LEVELS is a map of available log levels +LXC_LOGGING_LEVELS = { + 'INFO': ['info', 'INFO', 'Info'], + 'ERROR': ['error', 'ERROR', 'Error'], + 'DEBUG': ['debug', 'DEBUG', 'Debug'] +} + + +# LXC_ANSIBLE_STATES is a map of states that contain values of methods used +# when a particular state is evoked. +LXC_ANSIBLE_STATES = { + 'started': '_started', + 'stopped': '_stopped', + 'restarted': '_restarted', + 'absent': '_destroyed', + 'frozen': '_frozen' +} + + +# This is used to attach to a running container and execute commands from +# within the container on the host. This will provide local access to a +# container without using SSH. The template will attempt to work within the +# home directory of the user that was attached to the container and source +# that users environment variables by default. +ATTACH_TEMPLATE = """#!/usr/bin/env bash +pushd "$(grep $(whoami) /etc/passwd | awk -F':' '{print $6}')" + if [[ -f ".bashrc" ]];then + source .bashrc + fi +popd + +# User defined command +%(container_command)s +""" + + +def create_script(command): + """Write out a script onto a target. + + This method should be backward compatible with Python 2.4+ when executing + from within the container. + + :param command: command to run, this can be a script and can use spacing + with newlines as separation. + :type command: ``str`` + """ + + import os + import os.path as path + import subprocess + import tempfile + + # Ensure that the directory /opt exists. + if not path.isdir('/opt'): + os.mkdir('/opt') + + # Create the script. + script_file = path.join('/opt', '.lxc-attach-script') + f = open(script_file, 'wb') + try: + f.write(ATTACH_TEMPLATE % {'container_command': command}) + f.flush() + finally: + f.close() + + # Ensure the script is executable. + os.chmod(script_file, 0755) + + # Get temporary directory. + tempdir = tempfile.gettempdir() + + # Output log file. + stdout = path.join(tempdir, 'lxc-attach-script.log') + stdout_file = open(stdout, 'ab') + + # Error log file. + stderr = path.join(tempdir, 'lxc-attach-script.err') + stderr_file = open(stderr, 'ab') + + # Execute the script command. + try: + subprocess.Popen( + [script_file], + stdout=stdout_file, + stderr=stderr_file + ).communicate() + finally: + # Close the log files. + stderr_file.close() + stdout_file.close() + + # Remove the script file upon completion of execution. + os.remove(script_file) + + +class LxcContainerManagement(object): + def __init__(self, module): + """Management of LXC containers via Ansible. + + :param module: Processed Ansible Module. + :type module: ``object`` + """ + self.module = module + self.state = self.module.params.get('state', None) + self.state_change = False + self.lxc_vg = None + self.container_name = self.module.params['name'] + self.container = self.get_container_bind() + self.archive_info = None + + def get_container_bind(self): + return lxc.Container(name=self.container_name) + + @staticmethod + def _roundup(num): + """Return a rounded floating point number. + + :param num: Number to round up. + :type: ``float`` + :returns: Rounded up number. + :rtype: ``int`` + """ + num, part = str(num).split('.') + num = int(num) + if int(part) != 0: + num += 1 + return num + + @staticmethod + def _container_exists(name): + """Check if a container exists. + + :param name: Name of the container. + :type: ``str`` + :returns: True or False if the container is found. + :rtype: ``bol`` + """ + if [i for i in lxc.list_containers() if i == name]: + return True + else: + return False + + @staticmethod + def _add_variables(variables_dict, build_command): + """Return a command list with all found options. + + :param variables_dict: Pre-parsed optional variables used from a + seed command. + :type variables_dict: ``dict`` + :param build_command: Command to run. + :type build_command: ``list`` + :returns: list of command options. + :rtype: ``list`` + """ + + for key, value in variables_dict.items(): + build_command.append( + '%s %s' % (key, value) + ) + else: + return build_command + + def _get_vars(self, variables): + """Return a dict of all variables as found within the module. + + :param variables: Hash of all variables to find. + :type variables: ``dict`` + """ + + # Remove incompatible storage backend options. + for v in LXC_BACKING_STORE[self.module.params['backing_store']]: + variables.pop(v, None) + + return_dict = dict() + for k, v in variables.items(): + _var = self.module.params.get(k) + if not [i for i in [None, ''] + BOOLEANS_FALSE if i == _var]: + return_dict[v] = _var + else: + return return_dict + + def _run_command(self, build_command, unsafe_shell=False, timeout=600): + """Return information from running an Ansible Command. + + This will squash the build command list into a string and then + execute the command via Ansible. The output is returned to the method. + This output is returned as `return_code`, `stdout`, `stderr`. + + Prior to running the command the method will look to see if the LXC + lockfile is present. If the lockfile "/var/lock/subsys/lxc" the method + will wait upto 10 minutes for it to be gone; polling every 5 seconds. + + :param build_command: Used for the command and all options. + :type build_command: ``list`` + :param unsafe_shell: Enable or Disable unsafe sell commands. + :type unsafe_shell: ``bol`` + :param timeout: Time before the container create process quites. + :type timeout: ``int`` + """ + + lockfile = '/var/lock/subsys/lxc' + + for _ in xrange(timeout): + if os.path.exists(lockfile): + time.sleep(1) + else: + return self.module.run_command( + ' '.join(build_command), + use_unsafe_shell=unsafe_shell + ) + else: + message = ( + 'The LXC subsystem is locked and after 5 minutes it never' + ' became unlocked. Lockfile [ %s ]' % lockfile + ) + self.failure( + error='LXC subsystem locked', + rc=0, + msg=message + ) + + def _config(self): + """Configure an LXC container. + + Write new configuration values to the lxc config file. This will + stop the container if it's running write the new options and then + restart the container upon completion. + """ + + _container_config = self.module.params.get('container_config') + if not _container_config: + return False + + container_config_file = self.container.config_file_name + with open(container_config_file, 'rb') as f: + container_config = f.readlines() + + # Note used ast literal_eval because AnsibleModule does not provide for + # adequate dictionary parsing. + # Issue: https://github.com/ansible/ansible/issues/7679 + # TODO(cloudnull) adjust import when issue has been resolved. + import ast + options_dict = ast.literal_eval(_container_config) + parsed_options = [i.split('=') for i in options_dict] + + config_change = False + for key, value in parsed_options: + new_entry = '%s = %s\n' % (key, value) + for option_line in container_config: + # Look for key in config + if option_line.startswith(key): + _, _value = option_line.split('=') + config_value = ' '.join(_value.split()) + line_index = container_config.index(option_line) + # If the sanitized values don't match replace them + if value != config_value: + line_index += 1 + if new_entry not in container_config: + config_change = True + container_config.insert(line_index, new_entry) + # Break the flow as values are written or not at this point + break + else: + config_change = True + container_config.append(new_entry) + + # If the config changed restart the container. + if config_change: + container_state = self._get_state() + if container_state != 'stopped': + self.container.stop() + + with open(container_config_file, 'wb') as f: + f.writelines(container_config) + + self.state_change = True + if container_state == 'running': + self._container_startup() + elif container_state == 'frozen': + self._container_startup() + self.container.freeze() + + def _create(self): + """Create a new LXC container. + + This method will build and execute a shell command to build the + container. It would have been nice to simply use the lxc python library + however at the time this was written the python library, in both py2 + and py3 didn't support some of the more advanced container create + processes. These missing processes mainly revolve around backing + LXC containers with block devices. + """ + + build_command = [ + self.module.get_bin_path('lxc-create', True), + '--name %s' % self.container_name, + '--quiet' + ] + + build_command = self._add_variables( + variables_dict=self._get_vars( + variables=LXC_COMMAND_MAP['create']['variables'] + ), + build_command=build_command + ) + + # Load logging for the instance when creating it. + if self.module.params.get('container_log') in BOOLEANS_TRUE: + # Set the logging path to the /var/log/lxc if uid is root. else + # set it to the home folder of the user executing. + try: + if os.getuid() != 0: + log_path = os.getenv('HOME') + else: + if not os.path.isdir('/var/log/lxc/'): + os.makedirs('/var/log/lxc/') + log_path = '/var/log/lxc/' + except OSError: + log_path = os.getenv('HOME') + + build_command.extend([ + '--logfile %s' % os.path.join( + log_path, 'lxc-%s.log' % self.container_name + ), + '--logpriority %s' % self.module.params.get( + 'container_log_level' + ).upper() + ]) + + # Add the template commands to the end of the command if there are any + template_options = self.module.params.get('template_options', None) + if template_options: + build_command.append('-- %s' % template_options) + + rc, return_data, err = self._run_command(build_command) + if rc != 0: + msg = "Failed executing lxc-create." + self.failure( + err=err, rc=rc, msg=msg, command=' '.join(build_command) + ) + else: + self.state_change = True + + def _container_data(self): + """Returns a dict of container information. + + :returns: container data + :rtype: ``dict`` + """ + + return { + 'interfaces': self.container.get_interfaces(), + 'ips': self.container.get_ips(), + 'state': self._get_state(), + 'init_pid': int(self.container.init_pid) + } + + def _unfreeze(self): + """Unfreeze a container. + + :returns: True or False based on if the container was unfrozen. + :rtype: ``bol`` + """ + + unfreeze = self.container.unfreeze() + if unfreeze: + self.state_change = True + return unfreeze + + def _get_state(self): + """Return the state of a container. + + If the container is not found the state returned is "absent" + + :returns: state of a container as a lower case string. + :rtype: ``str`` + """ + + if self._container_exists(name=self.container_name): + return str(self.container.state).lower() + else: + return str('absent') + + def _execute_command(self): + """Execute a shell command.""" + + container_command = self.module.params.get('container_command') + if container_command: + container_state = self._get_state() + if container_state == 'frozen': + self._unfreeze() + elif container_state == 'stopped': + self._container_startup() + + self.container.attach_wait(create_script, container_command) + self.state_change = True + + def _container_startup(self, timeout=60): + """Ensure a container is started. + + :param timeout: Time before the destroy operation is abandoned. + :type timeout: ``int`` + """ + + self.container = self.get_container_bind() + for _ in xrange(timeout): + if self._get_state() != 'running': + self.container.start() + self.state_change = True + # post startup sleep for 1 second. + time.sleep(1) + else: + return True + else: + self.failure( + lxc_container=self._container_data(), + error='Failed to start container' + ' [ %s ]' % self.container_name, + rc=1, + msg='The container [ %s ] failed to start. Check to lxc is' + ' available and that the container is in a functional' + ' state.' + ) + + def _check_archive(self): + """Create a compressed archive of a container. + + This will store archive_info in as self.archive_info + """ + + if self.module.params.get('archive') in BOOLEANS_TRUE: + self.archive_info = { + 'archive': self._container_create_tar() + } + + def _destroyed(self, timeout=60): + """Ensure a container is destroyed. + + :param timeout: Time before the destroy operation is abandoned. + :type timeout: ``int`` + """ + + for _ in xrange(timeout): + if not self._container_exists(name=self.container_name): + break + + # Check if the container needs to have an archive created. + self._check_archive() + + if self._get_state() != 'stopped': + self.state_change = True + self.container.stop() + + if self.container.destroy(): + self.state_change = True + + # post destroy attempt sleep for 1 second. + time.sleep(1) + else: + self.failure( + lxc_container=self._container_data(), + error='Failed to destroy container' + ' [ %s ]' % self.container_name, + rc=1, + msg='The container [ %s ] failed to be destroyed. Check' + ' that lxc is available and that the container is in a' + ' functional state.' % self.container_name + ) + + def _frozen(self, count=0): + """Ensure a container is frozen. + + If the container does not exist the container will be created. + + :param count: number of times this command has been called by itself. + :type count: ``int`` + """ + + self.check_count(count=count, method='frozen') + if self._container_exists(name=self.container_name): + self._execute_command() + + # Perform any configuration updates + self._config() + + container_state = self._get_state() + if container_state == 'frozen': + pass + elif container_state == 'running': + self.container.freeze() + self.state_change = True + else: + self._container_startup() + self.container.freeze() + self.state_change = True + + # Check if the container needs to have an archive created. + self._check_archive() + else: + self._create() + count += 1 + self._frozen(count) + + def _restarted(self, count=0): + """Ensure a container is restarted. + + If the container does not exist the container will be created. + + :param count: number of times this command has been called by itself. + :type count: ``int`` + """ + + self.check_count(count=count, method='restart') + if self._container_exists(name=self.container_name): + self._execute_command() + + # Perform any configuration updates + self._config() + + if self._get_state() != 'stopped': + self.container.stop() + self.state_change = True + + # Check if the container needs to have an archive created. + self._check_archive() + else: + self._create() + count += 1 + self._restarted(count) + + def _stopped(self, count=0): + """Ensure a container is stopped. + + If the container does not exist the container will be created. + + :param count: number of times this command has been called by itself. + :type count: ``int`` + """ + + self.check_count(count=count, method='stop') + if self._container_exists(name=self.container_name): + self._execute_command() + + # Perform any configuration updates + self._config() + + if self._get_state() != 'stopped': + self.container.stop() + self.state_change = True + + # Check if the container needs to have an archive created. + self._check_archive() + else: + self._create() + count += 1 + self._stopped(count) + + def _started(self, count=0): + """Ensure a container is started. + + If the container does not exist the container will be created. + + :param count: number of times this command has been called by itself. + :type count: ``int`` + """ + + self.check_count(count=count, method='start') + if self._container_exists(name=self.container_name): + container_state = self._get_state() + if container_state == 'running': + pass + elif container_state == 'frozen': + self._unfreeze() + elif not self._container_startup(): + self.failure( + lxc_container=self._container_data(), + error='Failed to start container' + ' [ %s ]' % self.container_name, + rc=1, + msg='The container [ %s ] failed to start. Check to lxc is' + ' available and that the container is in a functional' + ' state.' % self.container_name + ) + + # Return data + self._execute_command() + + # Perform any configuration updates + self._config() + + # Check if the container needs to have an archive created. + self._check_archive() + else: + self._create() + count += 1 + self._started(count) + + def _get_lxc_vg(self): + """Return the name of the Volume Group used in LXC.""" + + build_command = [ + self.module.get_bin_path('lxc-config', True), + "lxc.bdev.lvm.vg" + ] + rc, vg, err = self._run_command(build_command) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='Failed to read LVM VG from LXC config', + command=' '.join(build_command) + ) + else: + return str(vg.strip()) + + def _lvm_lv_list(self): + """Return a list of all lv in a current vg.""" + + vg = self._get_lxc_vg() + build_command = [ + self.module.get_bin_path('lvs', True) + ] + rc, stdout, err = self._run_command(build_command) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='Failed to get list of LVs', + command=' '.join(build_command) + ) + + all_lvms = [i.split() for i in stdout.splitlines()][1:] + return [lv_entry[0] for lv_entry in all_lvms if lv_entry[1] == vg] + + def _get_vg_free_pe(self, name): + """Return the available size of a given VG. + + :param name: Name of volume. + :type name: ``str`` + :returns: size and measurement of an LV + :type: ``tuple`` + """ + + build_command = [ + 'vgdisplay', + name, + '--units', + 'g' + ] + rc, stdout, err = self._run_command(build_command) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='failed to read vg %s' % name, + command=' '.join(build_command) + ) + + vg_info = [i.strip() for i in stdout.splitlines()][1:] + free_pe = [i for i in vg_info if i.startswith('Free')] + _free_pe = free_pe[0].split() + return float(_free_pe[-2]), _free_pe[-1] + + def _get_lv_size(self, name): + """Return the available size of a given LV. + + :param name: Name of volume. + :type name: ``str`` + :returns: size and measurement of an LV + :type: ``tuple`` + """ + + vg = self._get_lxc_vg() + lv = os.path.join(vg, name) + build_command = [ + 'lvdisplay', + lv, + '--units', + 'g' + ] + rc, stdout, err = self._run_command(build_command) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='failed to read lv %s' % lv, + command=' '.join(build_command) + ) + + lv_info = [i.strip() for i in stdout.splitlines()][1:] + _free_pe = [i for i in lv_info if i.startswith('LV Size')] + free_pe = _free_pe[0].split() + return self._roundup(float(free_pe[-2])), free_pe[-1] + + def _lvm_snapshot_create(self, source_lv, snapshot_name, + snapshot_size_gb=5): + """Create an LVM snapshot. + + :param source_lv: Name of lv to snapshot + :type source_lv: ``str`` + :param snapshot_name: Name of lv snapshot + :type snapshot_name: ``str`` + :param snapshot_size_gb: Size of snapshot to create + :type snapshot_size_gb: ``int`` + """ + + vg = self._get_lxc_vg() + free_space, messurement = self._get_vg_free_pe(name=vg) + + if free_space < float(snapshot_size_gb): + message = ( + 'Snapshot size [ %s ] is > greater than [ %s ] on volume group' + ' [ %s ]' % (snapshot_size_gb, free_space, vg) + ) + self.failure( + error='Not enough space to create snapshot', + rc=2, + msg=message + ) + + # Create LVM Snapshot + build_command = [ + self.module.get_bin_path('lvcreate', True), + "-n", + snapshot_name, + "-s", + os.path.join(vg, source_lv), + "-L%sg" % snapshot_size_gb + ] + rc, stdout, err = self._run_command(build_command) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='Failed to Create LVM snapshot %s/%s --> %s' + % (vg, source_lv, snapshot_name) + ) + + def _lvm_lv_mount(self, lv_name, mount_point): + """mount an lv. + + :param lv_name: name of the logical volume to mount + :type lv_name: ``str`` + :param mount_point: path on the file system that is mounted. + :type mount_point: ``str`` + """ + + vg = self._get_lxc_vg() + + build_command = [ + self.module.get_bin_path('mount', True), + "/dev/%s/%s" % (vg, lv_name), + mount_point, + ] + rc, stdout, err = self._run_command(build_command) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='failed to mountlvm lv %s/%s to %s' + % (vg, lv_name, mount_point) + ) + + def _create_tar(self, source_dir): + """Create an archive of a given ``source_dir`` to ``output_path``. + + :param source_dir: Path to the directory to be archived. + :type source_dir: ``str`` + """ + + archive_path = self.module.params.get('archive_path') + if not os.path.isdir(archive_path): + os.makedirs(archive_path) + + archive_compression = self.module.params.get('archive_compression') + compression_type = LXC_COMPRESSION_MAP[archive_compression] + + # remove trailing / if present. + archive_name = '%s.%s' % ( + os.path.join( + archive_path, + self.container_name + ), + compression_type['extension'] + ) + + build_command = [ + self.module.get_bin_path('tar', True), + '--directory=%s' % os.path.realpath( + os.path.expanduser(source_dir) + ), + compression_type['argument'], + archive_name, + '.' + ] + + rc, stdout, err = self._run_command( + build_command=build_command, + unsafe_shell=True + ) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='failed to create tar archive', + command=' '.join(build_command) + ) + + return archive_name + + def _lvm_lv_remove(self, name): + """Remove an LV. + + :param name: The name of the logical volume + :type name: ``str`` + """ + + vg = self._get_lxc_vg() + build_command = [ + self.module.get_bin_path('lvremove', True), + "-f", + "%s/%s" % (vg, name), + ] + rc, stdout, err = self._run_command(build_command) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='Failed to remove LVM LV %s/%s' % (vg, name), + command=' '.join(build_command) + ) + + def _rsync_data(self, container_path, temp_dir): + """Sync the container directory to the temp directory. + + :param container_path: path to the container container + :type container_path: ``str`` + :param temp_dir: path to the temporary local working directory + :type temp_dir: ``str`` + """ + + build_command = [ + self.module.get_bin_path('rsync', True), + '-aHAX', + container_path, + temp_dir + ] + rc, stdout, err = self._run_command(build_command, unsafe_shell=True) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='failed to perform archive', + command=' '.join(build_command) + ) + + def _unmount(self, mount_point): + """Unmount a file system. + + :param mount_point: path on the file system that is mounted. + :type mount_point: ``str`` + """ + + build_command = [ + self.module.get_bin_path('umount', True), + mount_point, + ] + rc, stdout, err = self._run_command(build_command) + if rc != 0: + self.failure( + err=err, + rc=rc, + msg='failed to unmount [ %s ]' % mount_point, + command=' '.join(build_command) + ) + + def _container_create_tar(self): + """Create a tar archive from an LXC container. + + The process is as follows: + * Stop or Freeze the container + * Create temporary dir + * Copy container and config to temporary directory + * If LVM backed: + * Create LVM snapshot of LV backing the container + * Mount the snapshot to tmpdir/rootfs + * Restore the state of the container + * Create tar of tmpdir + * Clean up + """ + + # Create a temp dir + temp_dir = tempfile.mkdtemp() + + # Set the name of the working dir, temp + container_name + work_dir = os.path.join(temp_dir, self.container_name) + + # LXC container rootfs + lxc_rootfs = self.container.get_config_item('lxc.rootfs') + + # Test if the containers rootfs is a block device + block_backed = lxc_rootfs.startswith(os.path.join(os.sep, 'dev')) + mount_point = os.path.join(work_dir, 'rootfs') + + # Set the snapshot name if needed + snapshot_name = '%s_lxc_snapshot' % self.container_name + + # Set the path to the container data + container_path = os.path.dirname(lxc_rootfs) + container_state = self._get_state() + try: + # Ensure the original container is stopped or frozen + if container_state not in ['stopped', 'frozen']: + if container_state == 'running': + self.container.freeze() + else: + self.container.stop() + + # Sync the container data from the container_path to work_dir + self._rsync_data(container_path, temp_dir) + + if block_backed: + if snapshot_name not in self._lvm_lv_list(): + if not os.path.exists(mount_point): + os.makedirs(mount_point) + + # Take snapshot + size, measurement = self._get_lv_size( + name=self.container_name + ) + self._lvm_snapshot_create( + source_lv=self.container_name, + snapshot_name=snapshot_name, + snapshot_size_gb=size + ) + + # Mount snapshot + self._lvm_lv_mount( + lv_name=snapshot_name, + mount_point=mount_point + ) + else: + self.failure( + err='snapshot [ %s ] already exists' % snapshot_name, + rc=1, + msg='The snapshot [ %s ] already exists. Please clean' + ' up old snapshot of containers before continuing.' + % snapshot_name + ) + + # Restore original state of container + if container_state == 'running': + if self._get_state() == 'frozen': + self.container.unfreeze() + else: + self.container.start() + + # Set the state as changed and set a new fact + self.state_change = True + return self._create_tar(source_dir=work_dir) + finally: + if block_backed: + # unmount snapshot + self._unmount(mount_point) + + # Remove snapshot + self._lvm_lv_remove(snapshot_name) + + # Remove tmpdir + shutil.rmtree(temp_dir) + + def check_count(self, count, method): + if count > 1: + self.failure( + error='Failed to %s container' % method, + rc=1, + msg='The container [ %s ] failed to %s. Check to lxc is' + ' available and that the container is in a functional' + ' state.' % (self.container_name, method) + ) + + def failure(self, **kwargs): + """Return a Failure when running an Ansible command. + + :param error: ``str`` Error that occurred. + :param rc: ``int`` Return code while executing an Ansible command. + :param msg: ``str`` Message to report. + """ + + self.module.fail_json(**kwargs) + + def run(self): + """Run the main method.""" + + action = getattr(self, LXC_ANSIBLE_STATES[self.state]) + action() + + outcome = self._container_data() + if self.archive_info: + outcome.update(self.archive_info) + + self.module.exit_json( + changed=self.state_change, + lxc_container=outcome + ) + + +def main(): + """Ansible Main module.""" + + module = AnsibleModule( + argument_spec=dict( + name=dict( + type='str', + required=True + ), + template=dict( + type='str', + default='ubuntu' + ), + backing_store=dict( + type='str', + choices=LXC_BACKING_STORE.keys(), + default='dir' + ), + template_options=dict( + type='str' + ), + config=dict( + type='str', + default='/etc/lxc/default.conf' + ), + vg_name=dict( + type='str', + default='lxc' + ), + thinpool=dict( + type='str' + ), + fs_type=dict( + type='str', + default='ext4' + ), + fs_size=dict( + type='str', + default='5G' + ), + directory=dict( + type='str' + ), + zfs_root=dict( + type='str' + ), + lv_name=dict( + type='str' + ), + lxc_path=dict( + type='str' + ), + state=dict( + choices=LXC_ANSIBLE_STATES.keys(), + default='started' + ), + container_command=dict( + type='str' + ), + container_config=dict( + type='str' + ), + container_log=dict( + choices=BOOLEANS, + default='false' + ), + container_log_level=dict( + choices=[n for i in LXC_LOGGING_LEVELS.values() for n in i], + default='INFO' + ), + archive=dict( + choices=BOOLEANS, + default='false' + ), + archive_path=dict( + type='str', + default='/tmp' + ), + archive_compression=dict( + choices=LXC_COMPRESSION_MAP.keys(), + default='gzip' + ) + ), + supports_check_mode=False, + ) + + lv_name = module.params.get('lv_name') + if not lv_name: + module.params['lv_name'] = module.params.get('name') + + lxc_manage = LxcContainerManagement(module=module) + lxc_manage.run() + + +# import module bits +from ansible.module_utils.basic import * +main() diff --git a/playbooks/library/memcached b/playbooks/library/memcached index d85c91044a..680202e4bd 100644 --- a/playbooks/library/memcached +++ b/playbooks/library/memcached @@ -1,22 +1,19 @@ #!/usr/bin/python -# -*- coding: utf-8 -*- - # (c) 2014, Kevin Carter # -# This file is part of Ansible +# Copyright 2014, Rackspace US, Inc. # -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# http://www.apache.org/licenses/LICENSE-2.0 # -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import os import base64 @@ -63,7 +60,7 @@ options: required: true server: description: - - server IP address and port. This can be a comma seperated list of + - server IP address and port. This can be a comma separated list of servers to connect to. required: true encrypt_string: @@ -537,7 +534,9 @@ class Memcached(object): msg='The content you attempted to place within memcached' ' was not created. If you are load balancing' ' memcached, attempt to connect to a single node.' - ' Returned a value of unstored keys [ %s ].' % value + ' Returned a value of unstored keys [ %s ] - Original' + ' Connection [ %s ]' + % (value, [i.__dict__ for i in self.mc.servers]) ) diff --git a/playbooks/library/name2int b/playbooks/library/name2int index 845472c77c..52cce3e596 100644 --- a/playbooks/library/name2int +++ b/playbooks/library/name2int @@ -1,22 +1,19 @@ #!/usr/bin/python -# -*- coding: utf-8 -*- - # (c) 2014, Kevin Carter # -# This file is part of Ansible +# Copyright 2014, Rackspace US, Inc. # -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# http://www.apache.org/licenses/LICENSE-2.0 # -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. DOCUMENTATION = """ --- diff --git a/playbooks/library/swift b/playbooks/library/swift deleted file mode 100644 index 11f360b7af..0000000000 --- a/playbooks/library/swift +++ /dev/null @@ -1,633 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# (c) 2014, Kevin Carter -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -DOCUMENTATION = """ ---- -module: swift -version_added: "1.6.2" -short_description: - - Manage objects stored in swift -description: - - Manage objects stored in swift -options: - login_user: - description: - - login username - required: true - login_password: - description: - - Password of login user - required: true - login_tenant_name: - description: - - The tenant login_user belongs to - required: false - default: None - login_url: - description: - - Authentication URL - required: true - region: - description: - - The password to be assigned to the user - required: false - container: - description: - - Name of container - required: true - src: - description: - - path to object. Only used for in 'upload' & 'download' command - required: false - object: - description: - - Name of object - required: false - config_file: - description: - - Path to credential file - required: false - section: - description: - - Section within ``config_file`` to load - required: false - default: default - auth_version: - description: - - Swift authentication version - default: 2.0 - required: false - snet: - description: - - Enable service Net. This may not be supported by all providers - set true or false - default: false - marker: - description: - - Set beginning marker. Only used in 'list' command. - default: false - end_marker: - description: - - Set ending marker. Only used in 'list' command. - default: false - limit: - description: - - Set limit. Only used in 'list' command. - default: false - prefix: - description: - - Set prefix filter. Only used in 'list' command. - default: false - command: - description: - - Indicate desired state of the resource - choices: ['upload', 'download', 'delete', 'create', 'list'] - required: true -notes: - - Environment variables can be set for all auth credentials which allows - for seemless access. The available environment variables are, - OS_USERNAME, OS_PASSWORD, OS_TENANT_ID, OS_AUTH_URL - - A configuration file can be used to load credentials, use ``config_file`` - to source the file. If you have multiple sections within the - configuration file use the ``section`` argument to define the section, - however the default is set to "default". -requirements: [ python-swiftclient ] -author: Kevin Carter -""" - -EXAMPLES = """ -# Create a new container -- swift: > - login_user="SomeUser" - login_password="SomePassword" - login_url="https://identity.somedomain.com/v2.0/" - command=create - container=MyNewContainer - -# Upload a new object -- swift: > - login_user="SomeUser" - login_password="SomePassword" - login_url="https://identity.somedomain.com/v2.0/" - command=upload - container=MyNewContainer - src=/path/to/file - object=MyNewObjectName - -# Download an object -- swift: > - login_user="SomeUser" - login_password="SomePassword" - login_url="https://identity.somedomain.com/v2.0/" - command=download - container=MyNewContainer - src=/path/to/file - object=MyOldObjectName - -# list up-to 10K objects -- swift: > - login_user="SomeUser" - login_password="SomePassword" - login_url="https://identity.somedomain.com/v2.0/" - command=list - container=MyNewContainer - -# Delete an Object -- swift: > - login_user="SomeUser" - login_password="SomePassword" - login_url="https://identity.somedomain.com/v2.0/" - command=delete - container=MyNewContainer - object=MyOldObjectName - -# Delete a container -- swift: > - login_user="SomeUser" - login_password="SomePassword" - login_url="https://identity.somedomain.com/v2.0/" - command=delete - container=MyNewContainer -""" - -COMMAND_MAP = { - 'upload': { - 'variables': [ - 'login_user', - 'login_password', - 'login_tenant_name', - 'login_url', - 'region', - 'container', - 'src', - 'object', - 'auth_version' - ] - }, - 'download': { - 'variables': [ - 'login_user', - 'login_password', - 'login_tenant_name', - 'login_url', - 'region', - 'container', - 'src', - 'object', - 'auth_version' - ] - }, - 'delete': { - 'variables': [ - 'login_user', - 'login_password', - 'login_tenant_name', - 'login_url', - 'region', - 'container', - 'object', - 'auth_version' - ] - }, - 'create': { - 'variables': [ - 'login_user', - 'login_password', - 'login_tenant_name', - 'login_url', - 'region', - 'container', - 'auth_version' - ] - }, - 'list': { - 'variables': [ - 'login_user', - 'login_password', - 'login_tenant_name', - 'login_url', - 'region', - 'container', - 'auth_version', - 'marker', - 'limit', - 'prefix', - 'end_marker' - ] - } -} - - -import ConfigParser - -try: - from swiftclient import client -except ImportError: - swiftclient_found = False -else: - swiftclient_found = True - - -class ManageSwift(object): - def __init__(self, module): - """Manage Swift via Ansible.""" - self.state_change = False - self.swift = None - - # Load AnsibleModule - self.module = module - - def command_router(self): - """Run the command as its provided to the module.""" - command_name = self.module.params['command'] - if command_name not in COMMAND_MAP: - self.failure( - error='No Command Found', - rc=2, - msg='Command [ %s ] was not found.' % command_name - ) - - action_command = COMMAND_MAP[command_name] - if hasattr(self, '_%s' % command_name): - action = getattr(self, '_%s' % command_name) - self._authenticate() - facts = action(variables=action_command['variables']) - if facts is None: - self.module.exit_json(changed=self.state_change) - else: - self.module.exit_json( - changed=self.state_change, - ansible_facts=facts - ) - else: - self.failure( - error='Command not in ManageSwift class', - rc=2, - msg='Method [ %s ] was not found.' % command_name - ) - - @staticmethod - def _facts(facts): - """Return a dict for our Ansible facts. - - :param facts: ``dict`` Dict with data to return - """ - return {'swift_facts': facts} - - def _get_vars(self, variables, required=None): - """Return a dict of all variables as found within the module. - - :param variables: ``list`` List of all variables that are available to - use within the Swift Command. - :param required: ``list`` Name of variables that are required. - """ - return_dict = {} - for variable in variables: - return_dict[variable] = self.module.params.get(variable) - else: - if isinstance(required, list): - for var_name in required: - check = return_dict.get(var_name) - if check is None: - self.failure( - error='Missing [ %s ] from Task or found a None' - ' value' % var_name, - rc=000, - msg='variables %s - available params [ %s ]' - % (variables, self.module.params) - ) - return return_dict - - def failure(self, error, rc, msg): - """Return a Failure when running an Ansible command. - - :param error: ``str`` Error that occurred. - :param rc: ``int`` Return code while executing an Ansible command. - :param msg: ``str`` Message to report. - """ - self.module.fail_json(msg=msg, rc=rc, err=error) - - def _env_vars(self, cred_file=None, section='default'): - """Load environment or sourced credentials. - - If the credentials are specified in either environment variables - or in a credential file the sourced variables will be loaded IF the - not set within the ``module.params``. - - :param cred_file: ``str`` Path to credentials file. - :param section: ``str`` Section within creds file to load. - """ - if cred_file: - parser = ConfigParser.SafeConfigParser() - parser.optionxform = str - parser.read(os.path.expanduser(cred_file)) - for name, value in parser.items(section): - if name == 'OS_AUTH_URL': - if not self.module.params.get('login_url'): - self.module.params['login_url'] = value - if name == 'OS_USERNAME': - if not self.module.params.get('login_user'): - self.module.params['login_user'] = value - if name == 'OS_PASSWORD': - if not self.module.params.get('login_password'): - self.module.params['login_password'] = value - if name == 'OS_TENANT_ID': - if not self.module.params.get('login_tenant_name'): - self.module.params['login_tenant_name'] = value - else: - if not self.module.params.get('login_url'): - authurl = os.getenv('OS_AUTH_URL') - self.module.params['login_url'] = authurl - - if not self.module.params.get('login_user'): - username = os.getenv('OS_USERNAME') - self.module.params['login_user'] = username - - if not self.module.params.get('login_password'): - password = os.getenv('OS_PASSWORD') - self.module.params['login_password'] = password - - if not self.module.params.get('login_tenant_name'): - tenant = os.getenv('OS_TENANT_ID') - self.module.params['login_tenant_name'] = tenant - - def _authenticate(self): - """Return a swift client object.""" - cred_file = self.module.params.pop('config_file', None) - section = self.module.params.pop('section') - self._env_vars(cred_file=cred_file, section=section) - - required_vars = ['login_url', 'login_user', 'login_password'] - variables = [ - 'login_url', - 'login_user', - 'login_password', - 'login_tenant_name', - 'region', - 'auth_version', - 'snet' - ] - variables_dict = self._get_vars(variables, required=required_vars) - - login_url = variables_dict.pop('login_url') - login_user = variables_dict.pop( - 'login_user', os.getenv('OS_AUTH_URL') - ) - login_password = variables_dict.pop( - 'login_password', os.getenv('OS_AUTH_URL') - ) - login_tenant_name = variables_dict.pop( - 'login_tenant_name', os.getenv('OS_TENANT_ID') - ) - region = variables_dict.pop('region', None) - - auth_version = variables_dict.pop('auth_version') - snet = variables_dict.pop('snet', None) - - if snet in BOOLEANS_TRUE: - snet = True - else: - snet = None - - if login_password is None: - self.failure( - error='Missing Password', - rc=2, - msg='A Password is required for authentication. Try adding' - ' [ login_password ] to the task' - ) - - if login_tenant_name is None: - login_tenant_name = ' ' - - creds_dict = { - 'user': login_user, - 'key': login_password, - 'authurl': login_url, - 'tenant_name': login_tenant_name, - 'os_options': { - 'region': region - }, - 'snet': snet, - 'auth_version': auth_version - } - - self.swift = client.Connection(**creds_dict) - - def _upload(self, variables): - """Upload an object to a swift object store. - - :param variables: ``list`` List of all variables that are available to - use within the Keystone Command. - """ - required_vars = ['container', 'src', 'object'] - variables_dict = self._get_vars(variables, required=required_vars) - - container_name = variables_dict.pop('container') - object_name = variables_dict.pop('object') - src_path = variables_dict.pop('src') - - self._create_container(container_name=container_name) - with open(src_path, 'rb') as f: - self.swift.put_object(container_name, object_name, contents=f) - - object_data = self.swift.head_object(container_name, object_name) - self.state_change = True - return self._facts(facts=[object_data]) - - def _download(self, variables): - """Upload an object to a swift object store. - - :param variables: ``list`` List of all variables that are available to - use within the Keystone Command. - """ - required_vars = ['container', 'src', 'object'] - variables_dict = self._get_vars(variables, required=required_vars) - - container_name = variables_dict.pop('container') - object_name = variables_dict.pop('object') - src_path = variables_dict.pop('src') - - with open(src_path, 'wb') as f: - f.write( - self.swift.get_object( - container_name, object_name, resp_chunk_size=204800 - ) - ) - - self.state_change = True - - def _delete(self, variables): - """Upload an object to a swift object store. - - If the ``object`` variable is not used the container will be deleted. - This assumes that the container is empty. - - :param variables: ``list`` List of all variables that are available to - use within the Keystone Command. - """ - required_vars = ['container'] - variables_dict = self._get_vars(variables, required=required_vars) - - container_name = variables_dict.pop('container') - object_name = variables_dict.pop('object', None) - - if object_name: - self.swift.delete_object(container_name, object_name) - else: - self.swift.delete_container(container_name) - - self.state_change = True - - def _create_container(self, container_name): - """Ensure a container exists. If it does not, it will be created. - - :param container_name: ``str`` Name of the container. - """ - try: - container = self.swift.head_container(container_name) - except client.ClientException: - self.swift.put_container(container_name) - else: - return container - - def _create(self, variables): - """Create a new container in swift. - - :param variables: ``list`` List of all variables that are available to - use within the Keystone Command. - """ - required_vars = ['container'] - variables_dict = self._get_vars(variables, required=required_vars) - - container_name = variables_dict.pop('container') - container_data = self._create_container(container_name=container_name) - - if not container_data: - container_data = self.swift.head_container(container_name) - - return self._facts(facts=[container_data]) - - def _list(self, variables): - """Return a list of objects or containers. - - If the ``container`` variable is not used this will return a list of - containers in the region. - - :param variables: ``list`` List of all variables that are available to - use within the Keystone Command. - """ - variables_dict = self._get_vars(variables) - - container_name = variables_dict.pop('container', None) - - filters = { - 'marker': variables_dict.pop('marker', None), - 'limit': variables_dict.pop('limit', None), - 'prefix': variables_dict.pop('prefix', None), - 'end_marker': variables_dict.pop('end_marker', None) - } - - if container_name: - list_data = self.swift.get_container(container_name, **filters)[1] - else: - list_data = self.swift.get_account(**filters)[1] - - return self._facts(facts=list_data) - - -def main(): - module = AnsibleModule( - argument_spec=dict( - login_user=dict( - required=False - ), - login_password=dict( - required=False - ), - login_tenant_name=dict( - required=False - ), - login_url=dict( - required=False - ), - config_file=dict( - required=False - ), - section=dict( - required=False, - default='default' - ), - command=dict( - required=True, - choices=COMMAND_MAP.keys() - ), - region=dict( - required=False - ), - container=dict( - required=False - ), - src=dict( - required=False - ), - object=dict( - required=False - ), - marker=dict( - required=False - ), - limit=dict( - required=False - ), - prefix=dict( - required=False - ), - end_marker=dict( - required=False - ), - auth_version=dict( - required=False, - default='2.0' - ), - snet=dict( - required=False, - default='false', - choices=BOOLEANS - ) - ), - supports_check_mode=False, - ) - - sm = ManageSwift(module=module) - if not swiftclient_found: - sm.failure( - error='python-swiftclient is missing', - rc=2, - msg='Swift client was not importable, is it installed?' - ) - - sm.command_router() - - -# import module snippets -from ansible.module_utils.basic import * -if __name__ == '__main__': - main() diff --git a/playbooks/logstash-config.yml b/playbooks/logstash-config.yml deleted file mode 100644 index 283457f170..0000000000 --- a/playbooks/logstash-config.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Setup supporting services -- hosts: logstash - user: root - roles: - - logstash diff --git a/playbooks/logstash-install.yml b/playbooks/logstash-install.yml deleted file mode 100644 index d33ed25f5d..0000000000 --- a/playbooks/logstash-install.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: logstash - user: root - roles: - - container_extra_setup - - common - - container_common - - logging_common - - logstash - vars_files: - - vars/repo_packages/logstash.yml - - vars/config_vars/container_config_logstash.yml diff --git a/playbooks/restart-containers.yml b/playbooks/lxc-containers-create.yml similarity index 69% rename from playbooks/restart-containers.yml rename to playbooks/lxc-containers-create.yml index 8ffc4af056..dbc5aa4f55 100644 --- a/playbooks/restart-containers.yml +++ b/playbooks/lxc-containers-create.yml @@ -13,11 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: "{{ host_group|default('hosts') }}" - user: root +- name: Create container(s) + hosts: "{{ container_group|default('all_containers') }}" + max_fail_percentage: 20 gather_facts: false + user: root roles: - - container_restart + - { role: "lxc_container_create", tags: [ "lxc-container-create" ] } vars: - default_container_groups: "{{ hostvars[inventory_hostname]['container_types'] }}" - container_groups: "{{ groups[container_group|default(default_container_groups)] | default([]) }}" + ansible_hostname: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" \ No newline at end of file diff --git a/playbooks/lxc-containers-destroy.yml b/playbooks/lxc-containers-destroy.yml new file mode 100644 index 0000000000..b8736c8e57 --- /dev/null +++ b/playbooks/lxc-containers-destroy.yml @@ -0,0 +1,52 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Destroy lxc containers + hosts: "{{ container_group|default('all_containers') }}" + max_fail_percentage: 20 + gather_facts: false + user: root + tasks: + - name: Destroy a container + lxc-container: + name: "{{ container_name }}" + state: "absent" + delegate_to: "{{ physical_host }}" + tags: + - container-destroy + - name: Destroy container service directories + file: + path: "{{ item }}" + state: "absent" + with_items: + - "/openstack/{{ container_name }}" + - "/openstack/backup/{{ container_name }}" + - "/openstack/log/{{ container_name }}" + - "/var/lib/lxc/{{ container_name }}" + delegate_to: "{{ physical_host }}" + tags: + - container-directories + +- name: Destroy lxc containers + hosts: "hosts" + max_fail_percentage: 20 + gather_facts: false + user: root + tasks: + - name: Flush net cache + command: /usr/local/bin/lxc-system-manage flush-net-cache + delegate_to: "{{ physical_host }}" + tags: + - flush-net-cache diff --git a/playbooks/cinder-common.yml b/playbooks/lxc-hosts-setup.yml similarity index 70% rename from playbooks/cinder-common.yml rename to playbooks/lxc-hosts-setup.yml index 560b33e1cf..882d517808 100644 --- a/playbooks/cinder-common.yml +++ b/playbooks/lxc-hosts-setup.yml @@ -13,15 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: cinder_all +- name: Basic lxc host setup + hosts: "{{ host_group|default('hosts') }}" + max_fail_percentage: 20 user: root roles: - - common - - common_sudoers - - container_common - - openstack_common - - openstack_openrc - - galera_client_cnf + - { role: "lxc_hosts", tags: [ "lxc-host", "host-setup" ] } + - { role: "py_from_git", tags: [ "lxc-libs" ] } vars_files: - - vars/repo_packages/cinder.yml - - vars/openstack_service_vars/cinder_api.yml \ No newline at end of file + - vars/repo_packages/python2_lxc.yml diff --git a/playbooks/memcached-install.yml b/playbooks/memcached-install.yml index adef0b3e8b..ee0b87ce16 100644 --- a/playbooks/memcached-install.yml +++ b/playbooks/memcached-install.yml @@ -13,13 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: memcached +- name: Install memcached + hosts: memcached + max_fail_percentage: 20 user: root roles: - - container_extra_setup - - common - - container_common - - memcached - vars_files: - - vars/config_vars/container_config_memcached.yml - - vars/repo_packages/memcached.yml + - { role: "memcached_server", tags: [ "memcached-server" ] } + vars: + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/neutron-all.yml b/playbooks/neutron-all.yml deleted file mode 100644 index 0c966c3d69..0000000000 --- a/playbooks/neutron-all.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: neutron-common.yml -- include: neutron-server.yml -- include: neutron-metadata-agent.yml -- include: neutron-dhcp-agent.yml -- include: neutron-linuxbridge-agent.yml -- include: neutron-l3-agent.yml -- include: neutron-metering-agent.yml diff --git a/playbooks/neutron-common.yml b/playbooks/neutron-common.yml deleted file mode 100644 index 81f8e31ce3..0000000000 --- a/playbooks/neutron-common.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: neutron_all - user: root - roles: - - common - - common_sudoers - - container_common - - openstack_common - - openstack_openrc - - galera_client_cnf - vars_files: - - vars/repo_packages/neutron.yml - - inventory/group_vars/neutron_all.yml diff --git a/playbooks/neutron-dhcp-agent.yml b/playbooks/neutron-dhcp-agent.yml deleted file mode 100644 index 4db7844a69..0000000000 --- a/playbooks/neutron-dhcp-agent.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: neutron_dhcp_agent - user: root - roles: - - neutron_common - - init_script - vars_files: - - inventory/group_vars/neutron_all.yml - - vars/openstack_service_vars/neutron_dhcp_agent.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/neutron-l3-agent.yml b/playbooks/neutron-l3-agent.yml deleted file mode 100644 index 0b9379c762..0000000000 --- a/playbooks/neutron-l3-agent.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: neutron_l3_agent - user: root - roles: - - neutron_common - - galera_client_cnf - - init_script - - neutron_l3_ha - vars_files: - - inventory/group_vars/neutron_all.yml - - vars/openstack_service_vars/neutron_l3_agent.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/neutron-linuxbridge-agent.yml b/playbooks/neutron-linuxbridge-agent.yml deleted file mode 100644 index 9ab96e0c2b..0000000000 --- a/playbooks/neutron-linuxbridge-agent.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: neutron_linuxbridge_agent - user: root - roles: - - container_extra_setup - - neutron_common - - init_script - vars_files: - - inventory/group_vars/neutron_all.yml - - vars/config_vars/container_config_neutron.yml - - vars/openstack_service_vars/neutron_linuxbridge_agent.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/neutron-metadata-agent.yml b/playbooks/neutron-metadata-agent.yml deleted file mode 100644 index 427125071f..0000000000 --- a/playbooks/neutron-metadata-agent.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: neutron_metadata_agent - user: root - roles: - - neutron_common - - init_script - vars_files: - - inventory/group_vars/neutron_all.yml - - vars/openstack_service_vars/neutron_metadata_agent.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/neutron-metering-agent.yml b/playbooks/neutron-metering-agent.yml deleted file mode 100644 index 5b69c1cd37..0000000000 --- a/playbooks/neutron-metering-agent.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: neutron_metering_agent - user: root - roles: - - neutron_common - - init_script - vars_files: - - inventory/group_vars/neutron_all.yml - - vars/openstack_service_vars/neutron_metering_agent.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/neutron-server.yml b/playbooks/neutron-server.yml deleted file mode 100644 index 64262886fe..0000000000 --- a/playbooks/neutron-server.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: neutron_server[0] - user: root - roles: - - galera_db_setup - - neutron_common - - neutron_setup - - init_script - vars_files: - - inventory/group_vars/neutron_all.yml - - vars/openstack_service_vars/neutron_server.yml - handlers: - - include: handlers/services.yml - -- hosts: neutron_server:!neutron_server[0] - user: root - roles: - - neutron_common - - init_script - vars_files: - - inventory/group_vars/neutron_all.yml - - vars/openstack_service_vars/neutron_server.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/nova-all.yml b/playbooks/nova-all.yml deleted file mode 100644 index cc5df54156..0000000000 --- a/playbooks/nova-all.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: nova-common.yml -- include: nova-api-os-compute.yml -- include: nova-api-ec2.yml -- include: nova-api-metadata.yml -- include: nova-scheduler.yml -- include: nova-conductor.yml -- include: nova-cert.yml -- include: nova-compute.yml -- include: nova-compute-keys.yml -- include: nova-spice-console.yml diff --git a/playbooks/nova-api-ec2.yml b/playbooks/nova-api-ec2.yml deleted file mode 100644 index fddcfccfa1..0000000000 --- a/playbooks/nova-api-ec2.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_api_ec2[0] - user: root - roles: - - keystone_add_service - vars_files: - - vars/openstack_service_vars/nova_api_ec2_endpoint.yml - -- hosts: nova_api_ec2[0] - user: root - roles: - - keystone_add_service - vars_files: - - vars/openstack_service_vars/nova_api_s3_endpoint.yml - -- hosts: nova_api_ec2 - user: root - roles: - - nova_common - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_api_ec2.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml - -- hosts: nova_api_ec2:!nova_api_ec2[0] - user: root - roles: - - nova_common - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_api_ec2.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/nova-api-metadata.yml b/playbooks/nova-api-metadata.yml deleted file mode 100644 index 0a2e443492..0000000000 --- a/playbooks/nova-api-metadata.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_api_metadata - user: root - roles: - - nova_common - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_api_metadata.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/nova-api-os-compute.yml b/playbooks/nova-api-os-compute.yml deleted file mode 100644 index 8542c35219..0000000000 --- a/playbooks/nova-api-os-compute.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_api_os_compute[0] - user: root - roles: - - keystone_add_service - vars_files: - - vars/openstack_service_vars/nova_api_os_compute_endpoint.yml - -- hosts: nova_api_os_compute[0] - user: root - roles: - - keystone_add_service - vars_files: - - vars/openstack_service_vars/nova_api_os_computev3_endpoint.yml - -- hosts: nova_api_os_compute[0] - user: root - roles: - - galera_db_setup - - nova_common - - nova_setup - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_api_os_compute.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml - -- hosts: nova_api_os_compute:!nova_api_os_compute[0] - user: root - roles: - - nova_common - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_api_os_compute.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/nova-cert.yml b/playbooks/nova-cert.yml deleted file mode 100644 index 1b091b9ce6..0000000000 --- a/playbooks/nova-cert.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_cert - user: root - roles: - - nova_common - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_cert.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/nova-common.yml b/playbooks/nova-common.yml deleted file mode 100644 index 6682c87010..0000000000 --- a/playbooks/nova-common.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_all - user: root - roles: - - common - - common_sudoers - - container_common - - openstack_common - - openstack_openrc - - galera_client_cnf - vars_files: - - inventory/group_vars/nova_all.yml - - vars/repo_packages/nova.yml diff --git a/playbooks/nova-compute-keys.yml b/playbooks/nova-compute-keys.yml deleted file mode 100644 index 82618a3a8c..0000000000 --- a/playbooks/nova-compute-keys.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_compute - user: root - roles: - - nova_compute_sshkey_create - vars_files: - - inventory/group_vars/nova_all.yml - -- hosts: nova_compute[0] - user: root - gather_facts: false - tasks: - - name: Distribute authorized keys for cluster consumption - memcached: - name: "{{ item.name }}" - file_path: "{{ item.src }}" - state: "present" - server: "{{ hostvars[groups['memcached'][0]]['ansible_ssh_host'] }}:11211" - encrypt_string: "{{ memcached_encryption_key }}" - with_items: - - { src: "/var/lib/nova/.ssh/authorized_keys", name: "authorized_keys" } - -- hosts: nova_compute:!nova_compute[0] - user: root - gather_facts: false - tasks: - - name: Retrieve authorized keys - memcached: - name: "{{ item.name }}" - file_path: "{{ item.src }}" - state: "retrieve" - file_mode: "{{ item.file_mode }}" - dir_mode: "{{ item.dir_mode }}" - server: "{{ hostvars[groups['memcached'][0]]['ansible_ssh_host'] }}:11211" - encrypt_string: "{{ memcached_encryption_key }}" - with_items: - - { src: "/var/lib/nova/.ssh/authorized_keys", name: "authorized_keys", file_mode: "0640", dir_mode: "0750" } - -- hosts: nova_compute - user: root - roles: - - nova_compute_sshkey_setup diff --git a/playbooks/nova-compute.yml b/playbooks/nova-compute.yml deleted file mode 100644 index f3a0803775..0000000000 --- a/playbooks/nova-compute.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_compute - user: root - roles: - - container_extra_setup - - container_common - - neutron_add_network_interfaces - - nova_compute_devices - - nova_common - - nova_libvirt - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/repo_packages/nova_libvirt.yml - - vars/config_vars/container_config_nova_compute.yml - - vars/openstack_service_vars/nova_compute.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/nova-conductor.yml b/playbooks/nova-conductor.yml deleted file mode 100644 index aed4c153cd..0000000000 --- a/playbooks/nova-conductor.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_conductor - user: root - roles: - - nova_common - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_conductor.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/nova-scheduler.yml b/playbooks/nova-scheduler.yml deleted file mode 100644 index 1a70060d79..0000000000 --- a/playbooks/nova-scheduler.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_scheduler - user: root - roles: - - nova_common - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/openstack_service_vars/nova_scheduler.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/nova-spice-console.yml b/playbooks/nova-spice-console.yml deleted file mode 100644 index 801e856601..0000000000 --- a/playbooks/nova-spice-console.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: nova_spice_console - user: root - roles: - - container_common - - nova_common - - init_script - vars_files: - - inventory/group_vars/nova_all.yml - - vars/repo_packages/nova_spice_console.yml - - vars/openstack_service_vars/nova_spice_console.yml - - vars/openstack_service_vars/nova_spice_console_endpoint.yml - handlers: - - include: handlers/services.yml - -- hosts: nova_spice_console - user: root - roles: - - nova_common - - init_script - vars_files: - - vars/openstack_service_vars/nova_console_auth.yml - handlers: - - include: handlers/services.yml diff --git a/playbooks/containers-setup.yml b/playbooks/openstack-hosts-setup.yml similarity index 78% rename from playbooks/containers-setup.yml rename to playbooks/openstack-hosts-setup.yml index 5c95810bcc..6ca1cdc1be 100644 --- a/playbooks/containers-setup.yml +++ b/playbooks/openstack-hosts-setup.yml @@ -13,10 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: "{{ host_group|default('all_containers') }}" +- name: Basic host setup + hosts: "{{ host_group|default('hosts') }}" + max_fail_percentage: 20 user: root - gather_facts: false roles: - - container_setup - vars_files: - - vars/config_vars/container_interfaces.yml + - { role: "openstack_hosts", tags: [ "openstack-hosts-setup" ] } diff --git a/playbooks/openstack-setup.yml b/playbooks/openstack-setup.yml deleted file mode 100644 index c0edd564ca..0000000000 --- a/playbooks/openstack-setup.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: keystone-all.yml -- include: glance-all.yml -- include: heat-all.yml -- include: nova-all.yml -- include: neutron-all.yml -- include: cinder-all.yml -- include: horizon-all.yml -- include: utility-all.yml -- include: rsyslog-config.yml diff --git a/playbooks/os-cinder-install.yml b/playbooks/os-cinder-install.yml new file mode 100644 index 0000000000..48faa75f63 --- /dev/null +++ b/playbooks/os-cinder-install.yml @@ -0,0 +1,95 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install cinder server + hosts: cinder_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Add volume group block device to cinder + shell: | + if [ "$(pvdisplay | grep -B1 {{ item.1.volume_group }} | awk '/PV/ {print $3}')" ];then + for device in `pvdisplay | grep -B1 {{ item.1.volume_group }} | awk '/PV/ {print $3}'` + do lxc-device -n {{ container_name }} add $device + done + fi + with_items: cinder_backends|dictsort + when: > + cinder_backends is defined and + physical_host != container_name + delegate_to: "{{ physical_host }}" + tags: + - cinder-lxc-devices + - name: Cinder extra lxc config + lxc-container: + name: "{{ container_name }}" + container_config: + - "lxc.aa_profile=unconfined" + - "lxc.cgroup.devices.allow=a *:* rmw" + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - cinder-container-setup + - name: Flush net cache + command: /usr/local/bin/lxc-system-manage flush-net-cache + delegate_to: "{{ physical_host }}" + tags: + - flush-net-cache + - name: Wait for container ssh + wait_for: + port: "22" + delay: 5 + host: "{{ ansible_ssh_host }}" + delegate_to: "{{ physical_host }}" + tags: + - rabbit-ssh-wait + - name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups['cinder_all'] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + - name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-cinder" } + when: is_metal == true or is_metal == "True" + tags: + - cinder-logs + - cinder-log-dirs + - name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + force: "yes" + with_items: + - { src: "/openstack/log/{{ inventory_hostname }}-cinder", dest: "/var/log/cinder", state: "link" } + when: is_metal == true or is_metal == "True" + tags: + - cinder-logs + roles: + - { role: "os_cinder", tags: [ "os-cinder" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" + glance_host: "{{ internal_lb_vip_address }}" + ansible_hostname: "{{ container_name }}" + cinder_storage_address: "{{ container_address }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/os-glance-install.yml b/playbooks/os-glance-install.yml new file mode 100644 index 0000000000..534c271a31 --- /dev/null +++ b/playbooks/os-glance-install.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install glance server + hosts: glance_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Glance extra lxc config + lxc-container: + name: "{{ container_name }}" + container_command: | + [[ ! -d "/var/lib/glance/images" ]] && mkdir -p "/var/lib/glance/images" + container_config: + - "lxc.mount.entry=/openstack/{{ container_name }} var/lib/glance/images none bind 0 0" + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - glance-cache-dir + - name: Flush net cache + command: /usr/local/bin/lxc-system-manage flush-net-cache + delegate_to: "{{ physical_host }}" + tags: + - flush-net-cache + - name: Wait for container ssh + wait_for: + port: "22" + delay: 5 + host: "{{ ansible_ssh_host }}" + delegate_to: "{{ physical_host }}" + tags: + - glance-ssh-wait + - name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups['glance_all'] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + - name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-glance" } + when: is_metal == true or is_metal == "True" + tags: + - glance-logs + - glance-log-dirs + - name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + force: "yes" + with_items: + - { src: "/openstack/log/{{ inventory_hostname }}-glance", dest: "/var/log/glance", state: "link" } + when: is_metal == true or is_metal == "True" + tags: + - glance-logs + roles: + - { role: "os_glance", tags: [ "os-glance" ] } + - { role: "openstack_openrc", tags: [ "openstack-openrc" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" + ansible_hostname: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/os-heat-install.yml b/playbooks/os-heat-install.yml new file mode 100644 index 0000000000..39548812cc --- /dev/null +++ b/playbooks/os-heat-install.yml @@ -0,0 +1,56 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install heat server + hosts: heat_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups['heat_all'] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + - name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-heat" } + when: is_metal == true or is_metal == "True" + tags: + - heat-logs + - heat-log-dirs + - name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + force: "yes" + with_items: + - { src: "/openstack/log/{{ inventory_hostname }}-heat", dest: "/var/log/heat", state: "link" } + when: is_metal == true or is_metal == "True" + tags: + - heat-logs + roles: + - { role: "os_heat", tags: [ "os-heat" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" + ansible_hostname: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/os-horizon-install.yml b/playbooks/os-horizon-install.yml new file mode 100644 index 0000000000..1ceec8d8c6 --- /dev/null +++ b/playbooks/os-horizon-install.yml @@ -0,0 +1,57 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install horizon server + hosts: horizon_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups['horizon_all'] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + - name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-horizon" } + when: is_metal == true or is_metal == "True" + tags: + - horizon-logs + - horizon-log-dirs + - name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + force: "yes" + with_items: + - { src: "/openstack/log/{{ inventory_hostname }}-horizon", dest: "/var/log/horizon", state: "link" } + when: is_metal == true or is_metal == "True" + tags: + - horizon-logs + roles: + - { role: "os_horizon", tags: [ "os-horizon" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" + ansible_hostname: "{{ container_name }}" + horizon_server_name: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/os-keystone-install.yml b/playbooks/os-keystone-install.yml new file mode 100644 index 0000000000..eb25d0f331 --- /dev/null +++ b/playbooks/os-keystone-install.yml @@ -0,0 +1,57 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Installation and setup of Keystone + hosts: keystone_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups['keystone_all'] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + - name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-keystone" } + when: is_metal == true or is_metal == "True" + tags: + - keystone-logs + - keystone-log-dirs + - name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + force: "yes" + with_items: + - { src: "/openstack/log/{{ inventory_hostname }}-keystone", dest: "/var/log/keystone", state: "link" } + when: is_metal == true or is_metal == "True" + tags: + - keystone-logs + roles: + - { role: "os_keystone", tags: [ "os-keystone" ] } + - { role: "openstack_openrc", tags: [ "openstack-openrc" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" + ansible_hostname: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/os-neutron-install.yml b/playbooks/os-neutron-install.yml new file mode 100644 index 0000000000..47322ee767 --- /dev/null +++ b/playbooks/os-neutron-install.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Installation and setup of Neutron + hosts: neutron_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Neutron extra lxc config + lxc-container: + name: "{{ container_name }}" + container_command: | + [[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules" + container_config: + - "lxc.aa_profile=unconfined" + - "lxc.cgroup.devices.allow=a *:* rmw" + - "lxc.mount.entry=/lib/modules lib/modules none bind 0 0" + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - neutron-container-setup + - name: Flush net cache + command: /usr/local/bin/lxc-system-manage flush-net-cache + delegate_to: "{{ physical_host }}" + tags: + - flush-net-cache + - name: Wait for container ssh + wait_for: + port: "22" + delay: 5 + host: "{{ ansible_ssh_host }}" + delegate_to: "{{ physical_host }}" + tags: + - neutron-ssh-wait + - name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups['neutron_all'] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + - name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-neutron" } + when: is_metal == true or is_metal == "True" + tags: + - neutron-logs + - neutron-log-dirs + - name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + force: "yes" + with_items: + - { src: "/openstack/log/{{ inventory_hostname }}-neutron", dest: "/var/log/neutron", state: "link" } + when: is_metal == true or is_metal == "True" + tags: + - neutron-logs + roles: + - { role: "os_neutron", tags: [ "os-neutron" ] } + - { role: "openstack_openrc", tags: [ "openstack-openrc" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" + ansible_hostname: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/os-nova-install.yml b/playbooks/os-nova-install.yml new file mode 100644 index 0000000000..a71a8ce989 --- /dev/null +++ b/playbooks/os-nova-install.yml @@ -0,0 +1,84 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Installation and setup of Nova + hosts: nova_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups['nova_all'] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + - name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + - name: Add nbd devices to the compute + shell: | + for i in /dev/nbd*;do + lxc-device -n {{ container_name }} add $i $i + done + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - nova-kvm + - nova-kvm-container-devices + - name: Add net/tun device to the compute + shell: | + lxc-device -n {{ container_name }} add /dev/net/tun /dev/net/tun + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - nova-kvm + - nova-kvm-container-devices + - name: Add kvm device to the compute + shell: | + lxc-device -n {{ container_name }} add /dev/kvm /dev/kvm + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - nova-kvm + - nova-kvm-container-devices + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-nova" } + when: is_metal == true or is_metal == "True" + tags: + - nova-logs + - nova-log-dirs + - name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + force: "yes" + with_items: + - { src: "/openstack/log/{{ inventory_hostname }}-nova", dest: "/var/log/nova", state: "link" } + when: is_metal == true or is_metal == "True" + tags: + - nova-logs + roles: + - { role: "os_nova", tags: [ "os-nova" ] } + - { role: "openstack_openrc", tags: [ "openstack-openrc" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" + ansible_hostname: "{{ container_name }}" + ansible_ssh_host: "{{ container_address }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/os-service-config-update.yml b/playbooks/os-service-config-update.yml deleted file mode 100644 index 89326662af..0000000000 --- a/playbooks/os-service-config-update.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This is a common configuration update play. -# To use this play specify the required arguments on the command line -# Example: -# ansible-playbook -e @/etc/openstack_deploy/user_variables.yml \ -# -e "service_group=nova_api_os_compute service_name=nova" \ -# os-service-config-update.yml - -- hosts: "{{ service_group }}" - user: root - roles: - - "{{ service_name }}_common" - vars_files: - - "inventory/group_vars/{{ service_name }}_all.yml" - - "vars/openstack_service_vars/{{ service_group }}.yml" - handlers: - - include: handlers/services.yml - diff --git a/playbooks/os-swift-install.yml b/playbooks/os-swift-install.yml new file mode 100644 index 0000000000..25d16b759c --- /dev/null +++ b/playbooks/os-swift-install.yml @@ -0,0 +1,53 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Installation and setup of Swift + hosts: swift_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-swift" } + when: is_metal == true or is_metal == "True" + tags: + - swift-logs + - swift-log-dirs + - name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + force: "yes" + with_items: + - src: "/openstack/log/{{ inventory_hostname }}-swift" + dest: "/var/log/swift" + owner: "syslog" + group: "syslog" + state: "link" + when: is_metal == true or is_metal == "True" + tags: + - swift-logs + roles: + - { role: "os_swift", tags: [ "os-swift" ] } + vars: + ansible_hostname: "{{ container_name }}" + ansible_ssh_host: "{{ container_address }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/elasticsearch-install.yml b/playbooks/os-tempest-install.yml similarity index 64% rename from playbooks/elasticsearch-install.yml rename to playbooks/os-tempest-install.yml index b846d94f01..070060a204 100644 --- a/playbooks/elasticsearch-install.yml +++ b/playbooks/os-tempest-install.yml @@ -13,14 +13,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: elasticsearch +- name: Installation and setup of Tempest + hosts: utility_all + max_fail_percentage: 20 user: root roles: - - container_extra_setup - - common - - container_common - - logging_common - - elasticsearch + - { role: "os_tempest", tags: [ "os-tempest" ] } vars_files: - - vars/config_vars/container_config_elasticsearch.yml - - vars/repo_packages/elasticsearch.yml + - vars/repo_packages/openstack_services.yml + vars: + # This sets the tempest group to the utility group + tempest_main_group: utility_all + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/plugins/lookups/py_pkgs.py b/playbooks/plugins/lookups/py_pkgs.py new file mode 100644 index 0000000000..e3fcac97b1 --- /dev/null +++ b/playbooks/plugins/lookups/py_pkgs.py @@ -0,0 +1,256 @@ +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2014, Kevin Carter + +import os +import traceback + +from distutils import version + +import yaml + +from ansible import utils, errors + + +VERSION_DESCRIPTORS = ['>=', '<=', '==', '!=', '<', '>'] + + +REQUIREMENTS_FILE_TYPES = [ + 'requirements.txt', + 'global-requirements.txt', + 'test-requirements.txt', + 'dev-requirements.txt' +] + + +# List of variable names that could be used within the yaml files that +# represent lists of python packages. +BUILT_IN_PIP_PACKAGE_VARS = [ + 'service_pip_dependencies', + 'pip_common_packages', + 'pip_container_packages', + 'pip_packages' +] + + +class DependencyFileProcessor(object): + def __init__(self, local_path): + """Find required files. + + :type local_path: ``str`` + :return: + """ + self.pip = dict() + self.pip['git_package'] = list() + self.pip['py_package'] = list() + self.git_pip_install = 'git+%s@%s' + self.file_names = self._get_files(path=local_path) + + # Process everything simply by calling the method + self._process_files(ext=('yaml', 'yml')) + + def _filter_files(self, file_names, ext): + """Filter the files and return a sorted list. + + :type file_names: + :type ext: ``str`` or ``tuple`` + :returns: ``list`` + """ + _file_names = list() + for file_name in file_names: + if file_name.endswith(ext): + if '/defaults/' in file_name or '/vars/' in file_name: + _file_names.append(file_name) + else: + continue + elif os.path.basename(file_name) in REQUIREMENTS_FILE_TYPES: + with open(file_name, 'rb') as f: + packages = [ + i.split()[0] for i in f.read().splitlines() + if i + if not i.startswith('#') + ] + self.pip['py_package'].extend(packages) + else: + return sorted(_file_names, reverse=True) + + @staticmethod + def _get_files(path): + """Return a list of all files in the vars/repo_packages directory. + + :type path: ``str`` + :returns: ``list`` + """ + paths = os.walk(os.path.abspath(path)) + files = list() + for fpath, _, afiles in paths: + for afile in afiles: + files.append(os.path.join(fpath, afile)) + else: + return files + + def _check_plugins(self, git_repo_plugins, git_data): + """Check if the git url is a plugin type. + + :type git_repo_plugins: ``dict`` + :type git_data: ``dict`` + """ + for repo_plugin in git_repo_plugins: + plugin = '%s/%s' % ( + repo_plugin['path'].strip('/'), + repo_plugin['package'].lstrip('/') + ) + + package = self.git_pip_install % ( + git_data['repo'], + '%s#egg=%s&subdirectory=%s' % ( + git_data['branch'], + repo_plugin['package'].strip('/'), + plugin + ) + ) + + self.pip['git_package'].append(package) + + def _process_git(self, loaded_yaml, git_item): + """Process git repos. + + :type loaded_yaml: ``dict`` + :type git_item: ``str`` + """ + git_data = dict() + if git_item.split('_')[0] == 'git': + var_name = 'git' + else: + var_name = git_item.split('_')[0] + + git_data['repo'] = loaded_yaml.get(git_item) + git_data['branch'] = loaded_yaml.get( + '%s_git_install_branch' % var_name.replace('.', '_') + ) + + if not git_data['branch']: + git_data['branch'] = loaded_yaml.get( + 'git_install_branch', + 'master' + ) + + package = self.git_pip_install % ( + git_data['repo'], git_data['branch'] + ) + + self.pip['git_package'].append(package) + + git_repo_plugins = loaded_yaml.get('%s_repo_plugins' % var_name) + if git_repo_plugins: + self._check_plugins( + git_repo_plugins=git_repo_plugins, + git_data=git_data + ) + + def _process_files(self, ext): + """Process files. + + :type ext: ``tuple`` + :type lower_priority: ``bol`` + """ + file_names = self._filter_files( + file_names=self.file_names, + ext=ext + ) + + for file_name in file_names: + with open(file_name, 'rb') as f: + loaded_config = yaml.safe_load(f.read()) + + for key, values in loaded_config.items(): + if key.endswith('git_repo'): + self._process_git( + loaded_yaml=loaded_config, + git_item=key + ) + + if [i for i in BUILT_IN_PIP_PACKAGE_VARS if i in key]: + self.pip['py_package'].extend(values) + +def _abs_path(path): + return os.path.abspath( + os.path.expanduser( + path + ) + ) + +class LookupModule(object): + + def __init__(self, basedir=None, **kwargs): + """Run the lookup module. + + :type basedir: + :type kwargs: + """ + self.basedir = basedir + + def run(self, terms, inject=None, **kwargs): + """Run the main application. + + :type terms: ``str`` + :type inject: ``str`` + :type kwargs: ``dict`` + :returns: ``list`` + """ + terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject) + if isinstance(terms, basestring): + terms = [terms] + + return_list = list() + for term in terms: + try: + dfp = DependencyFileProcessor( + local_path=_abs_path(str(term)) + ) + return_list.extend(dfp.pip['py_package']) + return_list.extend(dfp.pip['git_package']) + except Exception as exp: + raise errors.AnsibleError( + 'lookup_plugin.py_pkgs(%s) returned "%s" error "%s"' % ( + term, + str(exp), + traceback.format_exc() + ) + ) + else: + return_data = { + 'packages': list(), + 'remote_packages': list() + } + for file_name in sorted(set(return_list)): + is_url = file_name.startswith(('http:', 'https:', 'git+')) + if is_url: + if '@' not in file_name: + return_data['packages'].append(file_name) + else: + return_data['remote_packages'].append(file_name) + else: + return_data['packages'].append(file_name) + else: + return_data['packages'] = ' '.join( + ['"%s"' % i for i in set(return_data['packages'])] + ) + + return_data['remote_packages'] = ' '.join( + ['"%s"' % i for i in set(return_data['remote_packages'])] + ) + + return [return_data] diff --git a/playbooks/rabbit-add-node.yml b/playbooks/rabbit-add-node.yml deleted file mode 100644 index ad1327c31d..0000000000 --- a/playbooks/rabbit-add-node.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: rabbit:!rabbit[0] - user: root - serial: 1 - roles: - - rabbit_user - - rabbit_join_cluster diff --git a/playbooks/rabbit-bootstrap.yml b/playbooks/rabbit-bootstrap.yml deleted file mode 100644 index e5576a3250..0000000000 --- a/playbooks/rabbit-bootstrap.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: rabbit[0] - user: root - roles: - - rabbit_user - - rabbit_create_cluster diff --git a/playbooks/rabbit-config.yml b/playbooks/rabbit-config.yml deleted file mode 100644 index a2328d46a4..0000000000 --- a/playbooks/rabbit-config.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: rabbit - user: root - roles: - - container_extra_setup - - common - - container_common - - rabbit_common - vars_files: - - vars/config_vars/container_config_rabbitmq.yml - - vars/repo_packages/rabbitmq.yml diff --git a/playbooks/rabbit-install.yml b/playbooks/rabbit-install.yml deleted file mode 100644 index 4ce80c889e..0000000000 --- a/playbooks/rabbit-install.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: rabbit-config.yml -- include: rabbit-startup.yml diff --git a/playbooks/rabbit-remove.yml b/playbooks/rabbit-remove.yml deleted file mode 100644 index 9e45fdc2df..0000000000 --- a/playbooks/rabbit-remove.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: rabbit - user: root - roles: - - rabbit_remove diff --git a/playbooks/rabbit-startup.yml b/playbooks/rabbit-startup.yml deleted file mode 100644 index 3323904b9f..0000000000 --- a/playbooks/rabbit-startup.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: rabbit-bootstrap.yml -- include: rabbit-add-node.yml diff --git a/playbooks/rabbitmq-install.yml b/playbooks/rabbitmq-install.yml new file mode 100644 index 0000000000..97f6691ad7 --- /dev/null +++ b/playbooks/rabbitmq-install.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install rabbitmq server + hosts: rabbitmq_all + max_fail_percentage: 20 + user: root + roles: + - { role: "rabbitmq_server", tags: [ "rabbitmq-server" ] } + vars: + ansible_hostname: "{{ container_name }}" + ansible_ssh_host: "{{ container_address }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/repo-build.yml b/playbooks/repo-build.yml new file mode 100644 index 0000000000..6bfb41f5d1 --- /dev/null +++ b/playbooks/repo-build.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The purpose here is to allow for the environment to update/build the +# python wheel files from the CURRENT release, as set in the openstack_release +# variable. +- name: Build new repo packages for a given release + hosts: repo_all[0] + max_fail_percentage: 20 + gather_facts: false + user: root + tasks: + - name: Create a build report for all known packages within a release + shell: | + yaprt --quiet \ + create-report \ + --report-file {{ repo_service_home_folder }}/repo/reports/release-{{ openstack_release }}-report.json \ + --git-install-repos {{ item['remote_packages'] }} \ + --packages {{ item['packages'] }} + with_py_pkgs: ../ + sudo: yes + sudo_user: "{{ repo_service_user_name }}" + tags: + - repo-create-report + + - name: Build all known python packages requirements + shell: | + yaprt --quiet \ + build-wheels \ + --report-file {{ repo_service_home_folder }}/repo/reports/release-{{ openstack_release }}-report.json \ + --storage-pool "{{ repo_service_home_folder }}/repo/pools" \ + --link-dir "{{ repo_service_home_folder }}/repo/os-releases/{{ openstack_release }}" \ + --pip-extra-link-dirs "{{ repo_service_home_folder }}/repo/links" \ + --pip-index "{{ repo_pip_default_index }}" \ + --pip-extra-index "https://pypi.python.org/simple/" \ + --pip-bulk-operation \ + --build-output "{{ repo_build_output }}" \ + --build-dir "{{ repo_build_dir }}" \ + --build-requirements \ + --force-clean + sudo: yes + sudo_user: "{{ repo_service_user_name }}" + tags: + - repo-build-requirements + + - name: Build all known python packages git sources + shell: | + yaprt --quiet \ + build-wheels \ + --report-file {{ repo_service_home_folder }}/repo/reports/release-{{ openstack_release }}-report.json \ + --storage-pool "{{ repo_service_home_folder }}/repo/pools" \ + --link-dir "{{ repo_service_home_folder }}/repo/os-releases/{{ openstack_release }}" \ + --pip-extra-link-dirs "{{ repo_service_home_folder }}/repo/links" \ + --pip-no-deps \ + --build-output "{{ repo_build_output }}" \ + --build-dir "{{ repo_build_dir }}" \ + --build-branches \ + --build-releases \ + --force-clean + sudo: yes + sudo_user: "{{ repo_service_user_name }}" + tags: + - repo-build-git-sources + + - name: Create html indexes + shell: | + yaprt --quiet \ + create-html-indexes \ + --repo-dir "{{ repo_service_home_folder }}/repo" \ + --dir-exclude "{{ repo_service_home_folder }}/repo/openstackgit" "{{ repo_service_home_folder }}/repo/rpcgit" + sudo: yes + sudo_user: "{{ repo_service_user_name }}" + tags: + - repo-html-indexes + vars: + repo_build_dir: "/tmp/openstack-builder" + repo_build_output: "/tmp/openstack-wheel-output" diff --git a/playbooks/repo-clone-mirror.yml b/playbooks/repo-clone-mirror.yml new file mode 100644 index 0000000000..ae88960896 --- /dev/null +++ b/playbooks/repo-clone-mirror.yml @@ -0,0 +1,38 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This play was built to seed an environment with packages that may be used +# from within the environment as found from a given mirror_source_host. +# Currently the mirror source host is set to the Rackspace build servers but +# could be targeted to wherever you'd like. +- name: Cloning the upstream repo mirror + hosts: repo_all[0] + max_fail_percentage: 20 + gather_facts: false + user: root + tasks: + - name: Sync the upstream repo(s) + shell: | + rsync -rz \ + --exclude="repos/* mirror/* rpcgit/* openstackgit/*" \ + --links \ + {{ mirror_source_host }}::{{ mirror_name }} {{ mirror_path }} + sudo: yes + sudo_user: "{{ repo_service_user_name }}" + vars: + mirror_path: /var/www/repo/ + mirror_name: openstack_mirror + mirror_source_host: "rpc-repo.rackspace.com" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/galera-post-config.yml b/playbooks/repo-install.yml similarity index 90% rename from playbooks/galera-post-config.yml rename to playbooks/repo-install.yml index 3a81f69c61..3a299ac9d9 100644 --- a/playbooks/galera-post-config.yml +++ b/playbooks/repo-install.yml @@ -13,7 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: galera[0] - user: root - roles: - - galera_setup +- include: repo-server.yml +- include: repo-clone-mirror.yml diff --git a/playbooks/repo-server.yml b/playbooks/repo-server.yml new file mode 100644 index 0000000000..d3aa89d7f5 --- /dev/null +++ b/playbooks/repo-server.yml @@ -0,0 +1,50 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Setup repo servers + hosts: repo_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Package repo extra lxc config + lxc-container: + name: "{{ container_name }}" + container_command: | + [[ ! -d "/var/www" ]] && mkdir -p "/var/www" + container_config: + - "lxc.mount.entry=/openstack/{{ container_name }} var/www none bind 0 0" + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - repo-dirs + - name: Flush net cache + command: /usr/local/bin/lxc-system-manage flush-net-cache + delegate_to: "{{ physical_host }}" + tags: + - flush-net-cache + - name: Wait for container ssh + wait_for: + port: "22" + delay: 5 + host: "{{ ansible_ssh_host }}" + delegate_to: "{{ physical_host }}" + tags: + - repo-ssh-wait + roles: + - { role: "repo_server", tags: [ "repo-server" ] } + vars: + pip_no_index: false + ansible_hostname: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/repo-store-source.yml b/playbooks/repo-store-source.yml new file mode 100644 index 0000000000..dd9d633f16 --- /dev/null +++ b/playbooks/repo-store-source.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The purpose here is to allow for the environment to update/build the +# python wheel files from the CURRENT release, as set in the openstack_release +# variable. +- name: Build new repo packages for a given release + hosts: repo_all[0] + max_fail_percentage: 20 + gather_facts: false + user: root + tasks: + - name: Store git repos + shell: | + yaprt store-repos --report-file {{ repo_service_home_folder }}/repo/reports/release-{{ openstack_release }}-report.json \ + --git-repo-path "{{ repo_service_home_folder }}/repo/openstackgit" + sudo: yes + sudo_user: "{{ repo_service_user_name }}" + tags: + - repo-store-git diff --git a/playbooks/roles/cinder_common/templates/cinder.conf b/playbooks/roles/cinder_common/templates/cinder.conf deleted file mode 100644 index 8d7e752895..0000000000 --- a/playbooks/roles/cinder_common/templates/cinder.conf +++ /dev/null @@ -1,87 +0,0 @@ -[DEFAULT] -verbose = {{ verbose }} -debug = {{ debug }} -my_ip = {{ storage_address | default(container_address) }} - - -rpc_backend = {{ rpc_backend }} -rabbit_hosts = {{ rabbit_hosts }} -rabbit_userid = {{ rabbit_userid }} -rabbit_password = {{ rabbit_password }} - -lock_path = /var/lock/cinder -rootwrap_config = /etc/cinder/rootwrap.conf -api_paste_config = /etc/cinder/api-paste.ini -auth_strategy = keystone -volume_clear = {{ cinder_volume_clear }} -{% if cinder_volume_clear_ionice is defined %} -volume_clear_ionice = {{ cinder_volume_clear_ionice }} -{% endif %} -volume_clear_size = {{ cinder_volume_clear_size }} - -nova_catalog_info=compute:nova:internalURL -nova_catalog_admin_info=compute:nova:adminURL - -glance_host={{ internal_vip_address }} -glance_port={{ glance_port|default('9292') }} -glance_num_retries=0 -glance_api_servers={% for host in groups['glance_api'] %}{{ hostvars[host]['container_address'] }}:{{ glance_port|default('9292') }}{% if not loop.last %},{% endif %}{% endfor %} - -storage_availability_zone = {{ cinder_storage_availability_zone|default('nova') }} - -{% if cinder_default_availability_zone is defined %} -cinder_default_availability_zone = {{ cinder_default_availability_zone }} -{% endif %} - -{% if cinder_default_volume_type is defined %} -default_volume_type = {{ cinder_default_volume_type }} -{% endif %} - -iscsi_helper = {{ cinder_iscsi_helper | default('tgtadm') }} -iscsi_iotype = {{ cinder_iscsi_iotype | default('fileio') }} -iscsi_ip_address = $my_ip -iscsi_num_targets = {{ cinder_iscsi_num_targets | default('100') }} -iscsi_port = {{ cinder_iscsi_port | default('3260') }} - -volume_name_template = volume-%s - -{% if cinder_backends is defined %} - -enabled_backends={% for backend in cinder_backends|dictsort %}{{ backend.0 }}{% if not loop.last %},{% endif %}{% endfor %} - -{% for backend_section in cinder_backends|dictsort %} -[{{ backend_section.0 }}] -{% for key, value in backend_section.1.items() %} -{{ key }}={{ value }} -{% endfor %} -{% if nfs_client is defined %} -nfs_shares_config={{ nfs_client.nfs_shares_config }} -{% endif %} - -{% endfor %} -{% endif %} - -[database] -connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8 - - - -[keystone_authtoken] -identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} -auth_uri = {{ auth_identity_uri }} -signing_dir = /var/cache/cinder -admin_tenant_name = {{ service_admin_tenant_name }} -admin_user = {{ service_admin_username }} -admin_password = {{ service_admin_password }} - -memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}{% if not loop.last %},{% endif %}{% endfor %} - -token_cache_time = 300 -revocation_cache_time = 60 - -# if your memcached server is shared, use these settings to avoid cache poisoning -memcache_security_strategy = ENCRYPT -memcache_secret_key = {{ memcached_secret_key }} - -# if your keystone deployment uses PKI, and you value security over performance: -check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }} diff --git a/playbooks/roles/cinder_device_add/tasks/device_add.yml b/playbooks/roles/cinder_device_add/tasks/device_add.yml deleted file mode 100644 index e0ee5ba2c9..0000000000 --- a/playbooks/roles/cinder_device_add/tasks/device_add.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure container is running - lxc: > - name={{ container_name }} - command=start - when: cinder_backends is defined and is_metal != true - delegate_to: "{{ physical_host }}" - -- name: Add volume group block device to cinder - shell: | - if [ "$(pvdisplay | grep -B1 {{ cinder_backends[item.0]['volume_group'] }} | awk '/PV/ {print $3}')" ];then - for device in `pvdisplay | grep -B1 {{ cinder_backends[item.0]['volume_group'] }} | awk '/PV/ {print $3}'` - do lxc-device -n {{ container_name }} add $device - done - fi - with_items: cinder_backends|dictsort - when: cinder_backends is defined and is_metal != true and cinder_backends[item.0]['volume_group'] is defined - delegate_to: "{{ physical_host }}" diff --git a/playbooks/roles/common/tasks/ssh_config.yml b/playbooks/roles/common/tasks/ssh_config.yml deleted file mode 100644 index 49c87912a7..0000000000 --- a/playbooks/roles/common/tasks/ssh_config.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: set max sessions - lineinfile: - dest: /etc/ssh/sshd_config - regexp: 'MaxSessions' - line: "MaxSessions 500" - notify: - - restart ssh -- name: set max startups - lineinfile: - dest: /etc/ssh/sshd_config - regexp: 'MaxStartups' - line: "MaxStartups 500" - notify: - - restart ssh -- name: configure sshd to log to /var/log/sshd - lineinfile: - dest: /etc/init/ssh.conf - regexp: 'exec /usr/sbin/sshd' - line: "exec /usr/sbin/sshd -D -E /var/log/sshd" - notify: - - restart ssh diff --git a/playbooks/roles/common/templates/apt_pinned_packages.j2 b/playbooks/roles/common/templates/apt_pinned_packages.j2 deleted file mode 100644 index 8945778192..0000000000 --- a/playbooks/roles/common/templates/apt_pinned_packages.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# -### packages pinned by os-ansible-deployment ### -# -# DO NOT edit this file, it may be overwritten! - -{% for item in apt_pinned_packages %} -Package: {{ item.package }} -Pin: version {{ item.version }} -Pin-Priority: {{ item.priority | default("900") }} - -{% endfor %} diff --git a/playbooks/roles/common/templates/mariadb-priority b/playbooks/roles/common/templates/mariadb-priority deleted file mode 100644 index a09d0874d7..0000000000 --- a/playbooks/roles/common/templates/mariadb-priority +++ /dev/null @@ -1,3 +0,0 @@ -Package: * -Pin: release o=MariaDB -Pin-Priority: 1000 diff --git a/playbooks/roles/common/templates/openstack-release.j2 b/playbooks/roles/common/templates/openstack-release.j2 deleted file mode 100644 index 5e866ef377..0000000000 --- a/playbooks/roles/common/templates/openstack-release.j2 +++ /dev/null @@ -1,4 +0,0 @@ -DISTRIB_ID="OSAD" -DISTRIB_RELEASE="{{ openstack_release }}" -DISTRIB_CODENAME="{{ openstack_code_name }}" -DISTRIB_DESCRIPTION="OpenStack {{ openstack_code_name }} deployed by os-ansible-deployment {{ openstack_release }}" diff --git a/playbooks/roles/common/templates/pip/base/global.conf.j2 b/playbooks/roles/common/templates/pip/base/global.conf.j2 deleted file mode 100644 index dc55ba437a..0000000000 --- a/playbooks/roles/common/templates/pip/base/global.conf.j2 +++ /dev/null @@ -1,8 +0,0 @@ -[global] -no-index = true -pre = true -timeout = 120 - -[install] -upgrade = true -allow_all_external = true diff --git a/playbooks/roles/common/templates/pip/link/openstack_release.j2 b/playbooks/roles/common/templates/pip/link/openstack_release.j2 deleted file mode 100644 index b2c335c965..0000000000 --- a/playbooks/roles/common/templates/pip/link/openstack_release.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ openstack_repo_url }}/python_packages/{{ openstack_release }}/ diff --git a/playbooks/roles/common_sudoers/tasks/main.yml b/playbooks/roles/common_sudoers/tasks/main.yml deleted file mode 100644 index a9654f01bc..0000000000 --- a/playbooks/roles/common_sudoers/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Place the sudoers file - template: > - src=sudoers - dest=/etc/sudoers.d/{{ service_name }}_sudoers - mode=0440 - owner=0 - group=0 - when: service_name is defined and system_user is defined diff --git a/playbooks/roles/common_sudoers/templates/sudoers b/playbooks/roles/common_sudoers/templates/sudoers deleted file mode 100644 index b9b9a41335..0000000000 --- a/playbooks/roles/common_sudoers/templates/sudoers +++ /dev/null @@ -1,2 +0,0 @@ -# Defaults:{{ system_user }}!requiretty -{{ system_user }} ALL = (root) NOPASSWD: /usr/local/bin/{{ service_name }}-rootwrap diff --git a/playbooks/roles/container_archive/tasks/main.yml b/playbooks/roles/container_archive/tasks/main.yml deleted file mode 100644 index ab760b6bd9..0000000000 --- a/playbooks/roles/container_archive/tasks/main.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Create tar archive from Container - lxc: > - name={{ container_name }} - command=createtar - tarpath={{ remote_store_path }}/{{ container_name }} - -- name: set lxc archive - set_fact: - archive: - name: "{{ lxc_facts[container_name]['archive'] | basename }}" - path: "{{ lxc_facts[container_name]['archive'] }}" - -- name: Upload archive to swift - include: swift_upload.yml - when: swift_archive_store is defined - vars: - src: "{{ archive.path }}" - swift_container: "{{ swift_archive_store.container }}" - swift_object: "{{ archive.name }}" - creds_file: "{{ swift_archive_store.creds_file }}" - section: "{{ swift_archive_store.section }}" - -- name: Retrieve container archive locally - fetch: > - dest={{ local_store_path }}/{{ archive.name }} - src={{ archive.path }} - flat=true - when: swift_archive_store is not defined - -- name: Remove container archive from the host - file: > - path={{ archive.path }} - state=absent diff --git a/playbooks/roles/container_archive/tasks/swift_upload.yml b/playbooks/roles/container_archive/tasks/swift_upload.yml deleted file mode 100644 index 0ea6d0b6d9..0000000000 --- a/playbooks/roles/container_archive/tasks/swift_upload.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Check for local swift creds file - shell: "[ -f '{{ creds_file }}' ]" - register: swift_creds - delegate_to: localhost - ignore_errors: True - -- name: Copy swift credentials to host - copy: - src: "{{ creds_file }}" - dest: "{{ creds_file }}" - owner: "root" - group: "root" - mode: "0600" - register: copy_swift - when: swift_creds|success - -- name: Create container - swift: - command: "create" - container: "{{ swift_container }}" - config_file: "{{ creds_file }}" - section: "{{ section }}" - register: container_create - when: copy_swift|success - ignore_errors: True - -- name: Upload object - swift: - command: "upload" - src: "{{ src }}" - container: "{{ swift_container }}" - object: "{{ swift_object }}" - config_file: "{{ creds_file }}" - section: "{{ section }}" - when: container_create|success diff --git a/playbooks/roles/container_clone/tasks/main.yml b/playbooks/roles/container_clone/tasks/main.yml deleted file mode 100644 index be069c64e7..0000000000 --- a/playbooks/roles/container_clone/tasks/main.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: get container info - lxc: - command: "info" - name: "{{ container_name }}" - -- name: store_original_ip - set_fact: - orig_ip: "{{ lxc_facts[container_name]['ip_1'] }}" - when: "lxc_facts[container_name]['state'] == 'running'" - -- name: Clone Container - lxc: - command: "clone" - orig: "{{ container_name }}" - new: "{{ new_name }}" - backingstore: "{{ bdev }}" - fssize: "{{ fssize }}" - snapshot: "{{ snapshot }}" - state: "{{ state }}" - -- name: Ensure clean config - lineinfile: - dest: "{{ lxcpath }}/{{ new_name }}/config" - regexp: "{{ item }}" - state: "absent" - backup: "yes" - with_items: - - "^lxc.network.hwaddr" - - "^lxc.mount.entry" - -- name: restart new container - lxc: - command: "start" - name: "{{ new_name }}" - -- name: Update networking - lxc: - command: "attach" - name: "{{ new_name }}" - container_command: "sed -i 's/{{ orig_ip }}/{{ address }}/g' /etc/network/interfaces" - when: orig_ip is defined - register: result - -- name: restart new container - lxc: - command: "restart" - name: "{{ new_name }}" diff --git a/playbooks/roles/container_common/tasks/add_interfaces.yml b/playbooks/roles/container_common/tasks/add_interfaces.yml deleted file mode 100644 index 5d20f18f31..0000000000 --- a/playbooks/roles/container_common/tasks/add_interfaces.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Drop additional lxc network interfaces - template: - src: "host_container_interface.j2" - dest: "/var/lib/lxc/{{ container_name }}/add_network_interface.conf" - register: host_container_interface - when: provider_networks is defined and is_metal != true - delegate_to: "{{ physical_host }}" - -- name: Update container config - lineinfile: - dest: /var/lib/lxc/{{ container_name }}/config - line: "lxc.include = /var/lib/lxc/{{ container_name }}/add_network_interface.conf" - state: present - register: container_net_include - when: host_container_interface|changed and is_metal != true - delegate_to: "{{ physical_host }}" - -- name: Drop additional container network interfaces file(s) - template: - src: "container_interface_file.j2" - dest: "/etc/network/interfaces.d/provider_networks.cfg" - register: container_interface - when: provider_networks is defined and is_metal != true - -- name: Restart container - lxc: > - command=restart - name="{{ container_name }}" - register: restarted_container - when: container_net_include|changed or host_container_interface|changed or container_interface|changed and is_metal != true - delegate_to: "{{ physical_host }}" - -- name: Wait for container networking - wait_for: > - port=22 - timeout={{ container_start_timeout }} - search_regex=OpenSSH - host={{ container_address }} - when: restarted_container|changed and is_metal != true - delegate_to: "{{ physical_host }}" diff --git a/playbooks/roles/container_common/tasks/container_os_setup.yml b/playbooks/roles/container_common/tasks/container_os_setup.yml deleted file mode 100644 index 9e1150e70e..0000000000 --- a/playbooks/roles/container_common/tasks/container_os_setup.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Create the local directories - file: - path: "{{ item.name }}" - state: directory - group: "{{ system_group|default('root') }}" - owner: "{{ system_user|default('root') }}" - mode: "{{ item.mode|default('0750') }}" - recurse: no - when: container_directories is defined and ((item.skip_group is not defined) or (item.skip_group not in group_names)) - with_items: container_directories - tags: - - directories diff --git a/playbooks/roles/container_common/tasks/main.yml b/playbooks/roles/container_common/tasks/main.yml deleted file mode 100644 index 7e8b0f3d21..0000000000 --- a/playbooks/roles/container_common/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: container_user_create.yml - when: system_user is defined and system_user not in excluded_user_create -- include: container_os_setup.yml -- include: container_repos.yml -- include: container_packages.yml -- include: add_interfaces.yml diff --git a/playbooks/roles/container_common/templates/container_interface_file.j2 b/playbooks/roles/container_common/templates/container_interface_file.j2 deleted file mode 100644 index 66eaaeaa4f..0000000000 --- a/playbooks/roles/container_common/templates/container_interface_file.j2 +++ /dev/null @@ -1,25 +0,0 @@ -{%- set used_interfaces = [] %} -{%- for net in provider_networks %} - {%- if net.network.container_interface not in used_interfaces %} - {%- for group in net.network.group_binds if group in hostvars[inventory_hostname]['group_names'] %} - {%- if net.network.container_interface not in used_interfaces %} - {%- if used_interfaces.append(net.network.container_interface) %}{%- endif %} - {%- endif %} - {%- endfor %} -{% if net.network.container_interface in used_interfaces %} -{% if net.network.container_bridge != management_bridge %} -auto {{ net.network.container_interface }} - {% if 'ip_from_q' in net.network and hostvars[inventory_hostname][net.network.ip_from_q + '_address'] is defined %} -iface {{ net.network.container_interface }} inet static - address {{ hostvars[inventory_hostname][net.network.ip_from_q + '_address'] }} - netmask {{ net.network.subnetmask|default(hostvars[inventory_hostname][net.network.ip_from_q + '_netmask']) }} - {% else %} -iface {{ net.network.container_interface }} inet manual - {% endif %} -{% endif %} -{% endif %} - -{% endif %} -{% endfor %} - -# Used Devices: {{ used_interfaces }} diff --git a/playbooks/roles/container_common/templates/host_container_interface.j2 b/playbooks/roles/container_common/templates/host_container_interface.j2 deleted file mode 100644 index 9064d14b39..0000000000 --- a/playbooks/roles/container_common/templates/host_container_interface.j2 +++ /dev/null @@ -1,29 +0,0 @@ -{%- set used_interfaces = [] %} -{%- for net in provider_networks %} - {%- if net.network.container_interface not in used_interfaces %} - {%- for group in net.network.group_binds %} - {%- if group in hostvars[inventory_hostname]['group_names'] %} - {%- if net.network.container_interface not in used_interfaces %} - {%- if used_interfaces.append(net.network.container_interface) %}{%- endif %} - {%- endif %} - {%- endif %} - {%- endfor %} -{% if net.network.container_interface in used_interfaces %} -{% if net.network.container_bridge != management_bridge %} -# Create a veth pair within the container -lxc.network.type = veth -# Network device within the container -lxc.network.name = {{ net.network.container_interface }} -# Host link to attach to, this should be a bridge -lxc.network.link = {{ net.network.container_bridge }} -# Hardware Address -lxc.network.hwaddr = 00:16:3e:xx:xx:xx -# enable the device on boot -lxc.network.flags = up - -{% endif %} -{% endif %} -{%- endif %} -{%- endfor %} -# All used used interfaces built from the provider_networks array -# Devices: {{ used_interfaces }} diff --git a/playbooks/roles/container_create/tasks/container_create.yml b/playbooks/roles/container_create/tasks/container_create.yml deleted file mode 100644 index d0caae593c..0000000000 --- a/playbooks/roles/container_create/tasks/container_create.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Create an LXC container. - -- name: Check for lxc volume group - shell: "vgs | grep -o '{{ container_vg|default('lxc') }}'" - register: vg_result - failed_when: false - changed_when: false - delegate_to: "{{ physical_host }}" - -- name: Create Container Local - lxc: - name: "{{ container_name }}" - template: "{{ container_template }}" - config: "{{ container_config }}" - command: create - state: running - template_options: "--release {{ container_release }}" - when: vg_result.rc == 1 - delegate_to: "{{ physical_host }}" - -- name: Create Container LVM - lxc: - name: "{{ container_name }}" - template: "{{ container_template }}" - config: "{{ container_config }}" - command: "create" - state: "running" - bdev: "lvm" - lvname: "{{ container_name }}" - vgname: "{{ container_vg|default('lxc') }}" - fstype: "{{ container_lvm_fstype }}" - fssize: "{{ container_lvm_fssize }}" - template_options: " --release {{ container_release }}" - when: vg_result.rc == 0 - delegate_to: "{{ physical_host }}" diff --git a/playbooks/roles/container_extra_setup/tasks/container_setup.yml b/playbooks/roles/container_extra_setup/tasks/container_setup.yml deleted file mode 100644 index e31d33c2fa..0000000000 --- a/playbooks/roles/container_extra_setup/tasks/container_setup.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure extra inner directories - file: - path: "{{ item }}" - state: "directory" - with_items: required_inner_dirs - when: required_inner_dirs is defined - register: inner_extra_changed - -- name: Ensure extra local directories - file: - path: "{{ item }}" - state: "directory" - when: required_outer_dirs is defined - with_items: required_outer_dirs - register: local_extra_changed - delegate_to: "{{ physical_host }}" - -- name: Ensure extra container config options - lxc: - name: "{{ container_name }}" - command: "config" - options: "{{ container_config_options }}" - state: "running" - when: container_config_options is defined and is_metal != true - register: config_extra_changed - delegate_to: "{{ physical_host }}" - -- name: Wait for networking - wait_for: - port: "22" - search_regex: "OpenSSH" - timeout: "{{ container_start_timeout }}" - host: "{{ container_address }}" - delegate_to: localhost - when: inner_extra_changed|changed or local_extra_changed|changed or config_extra_changed|changed diff --git a/playbooks/roles/container_extra_setup/tasks/main.yml b/playbooks/roles/container_extra_setup/tasks/main.yml deleted file mode 100644 index b570c4ba58..0000000000 --- a/playbooks/roles/container_extra_setup/tasks/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: kernel_module.yml -- include: sysctl.yml -- include: container_setup.yml diff --git a/playbooks/roles/container_restart/tasks/container_restart.yml b/playbooks/roles/container_restart/tasks/container_restart.yml deleted file mode 100644 index ddcabba15f..0000000000 --- a/playbooks/roles/container_restart/tasks/container_restart.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Test Container Networking - wait_for: > - port=22 - timeout=20 - search_regex=OpenSSH - host={{ hostvars[item]['container_address'] }} - with_items: container_groups - delegate_to: localhost - register: network_check - ignore_errors: yes - -- name: Restart containers - lxc: > - name={{ hostvars[item]['container_name'] }} - command=restart - with_items: container_groups - when: network_check|failed - -- name: Check Networking After Restart - wait_for: > - port=22 - timeout={{ container_start_timeout }} - search_regex=OpenSSH - host={{ hostvars[item]['container_address'] }} - with_items: container_groups - delegate_to: localhost - when: network_check|failed - diff --git a/playbooks/roles/container_setup/tasks/container_setup.yml b/playbooks/roles/container_setup/tasks/container_setup.yml deleted file mode 100644 index 92d21f85b5..0000000000 --- a/playbooks/roles/container_setup/tasks/container_setup.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Obtain the Systems SSH-Key - set_fact: - container_ssh_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" - delegate_to: "{{ physical_host }}" - -- name: Fail when empty or non-existent SSH pub key - fail: msg="Failing - ~/.ssh/id_rsa.pub file doesn't exist or is empty" - when: container_ssh_key == "" - delegate_to: "{{ physical_host }}" - -- name: Create Required local monitoring directories - file: - path: "{{ item }}" - state: "directory" - with_items: - - "/openstack/backup/{{ container_name }}" - - "/openstack/log/{{ container_name }}" - delegate_to: "{{ physical_host }}" - -- name: Basic Inner Container Setup - lxc: - name: "{{ container_name }}" - command: "attach" - container_command: | - mkdir -p ~/.ssh/ - if [ ! -f "~/.ssh/authorized_keys" ];then - touch ~/.ssh/authorized_keys - fi - grep '{{ container_ssh_key }}' ~/.ssh/authorized_keys || echo '{{ container_ssh_key }}' | tee -a ~/.ssh/authorized_keys - # Create internal directories - mkdir -p /monitoring - mkdir -p /etc/network/interfaces.d - mkdir -p /var/backup - mkdir -p '/var/log/{{ service_name }}' - mkdir -p '/etc/{{ service_name }}' - sed -i 's/PermitRootLogin.*/PermitRootLogin\ yes/g' /etc/ssh/sshd_config - service ssh restart - apt-get update - apt-get -y install python2.7 - rm /usr/bin/python - ln -s /usr/bin/python2.7 /usr/bin/python - echo -e '{{ default_interfaces }}' | tee /etc/network/interfaces - echo -e '{{ management_interface }}' | tee /etc/network/interfaces.d/management.cfg - delegate_to: "{{ physical_host }}" - -- name: Ensure Required container config options - lxc: - name: "{{ container_name }}" - command: config - options: - - "lxc.mount.entry=/openstack/log/{{ container_name }} var/log/{{ service_name }} none defaults,bind,rw 0 0" - - "lxc.mount.entry=/openstack/backup/{{ container_name }} var/backup none defaults,bind,rw 0 0" - state: running - delegate_to: "{{ physical_host }}" diff --git a/playbooks/roles/elasticsearch/tasks/main.yml b/playbooks/roles/elasticsearch/tasks/main.yml deleted file mode 100644 index 4a25c9c845..0000000000 --- a/playbooks/roles/elasticsearch/tasks/main.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: ElasticSearch Setup - template: - src: "{{ item }}" - dest: "/etc/elasticsearch/{{ item }}" - owner: "root" - group: "root" - register: results - with_items: - - elasticsearch.yml - - logging.yml - -- name: ElasticSearch Tuning - template: - src: "{{ item }}" - dest: "/etc/default/{{ item }}" - owner: "root" - group: "root" - register: results - with_items: - - elasticsearch - -- name: Install ElasticHQ Plugin - command: ./plugin -install {{ item }} - args: - chdir: /usr/share/elasticsearch/bin - creates: /usr/share/elasticsearch/plugins/HQ - with_items: - - royrusso/elasticsearch-HQ - -- name: Install Kopf Plugin - command: ./plugin -install {{ item }} - args: - chdir: /usr/share/elasticsearch/bin - creates: /usr/share/elasticsearch/plugins/kopf - with_items: - - lmenezes/elasticsearch-kopf - -- name: Install Head Plugin - command: ./plugin -install {{ item }} - args: - chdir: /usr/share/elasticsearch/bin - creates: /usr/share/elasticsearch/plugins/head - with_items: - - mobz/elasticsearch-head - -- name: Install BigDesk Plugin - command: ./plugin -install {{ item }} - args: - chdir: /usr/share/elasticsearch/bin - creates: /usr/share/elasticsearch/plugins/bigdesk - with_items: - - lukas-vlcek/bigdesk/2.4.0 - -- name: restart elasticsearch - service: name=elasticsearch state=restarted pattern=elasticsearch enabled=yes - when: results|changed - -- name: Wait for elasticsearch port - wait_for: - host: "{{ ansible_ssh_host }}" - port: "9200" - -- name: Deploy mapping script - template: - src: "{{ item }}" - dest: "/opt/{{ item }}" - owner: "root" - group: "root" - mode: "0755" - with_items: - - mapping.sh - -- name: Add logging template - shell: /opt/mapping.sh diff --git a/playbooks/roles/elasticsearch/templates/elasticsearch b/playbooks/roles/elasticsearch/templates/elasticsearch deleted file mode 100644 index 6805462b76..0000000000 --- a/playbooks/roles/elasticsearch/templates/elasticsearch +++ /dev/null @@ -1,50 +0,0 @@ -# Run Elasticsearch as this user ID and group ID -#ES_USER=elasticsearch -#ES_GROUP=elasticsearch - -# Heap Size (defaults to 256m min, 1g max) -{% set host_ram = hostvars[inventory_hostname]['ansible_memtotal_mb']|int * 0.5 %} -{% set host_ram_int = host_ram // 1 %} -{% if host_ram > 16384 %} -ES_HEAP_SIZE=16g -{% else %} -ES_HEAP_SIZE={{ host_ram_int|int }}m -{% endif %} - -# Heap new generation -#ES_HEAP_NEWSIZE= - -# max direct memory -#ES_DIRECT_SIZE=16g - -# Maximum number of open files, defaults to 65535. -#MAX_OPEN_FILES=65535 - -# Maximum locked memory size. Set to "unlimited" if you use the -# bootstrap.mlockall option in elasticsearch.yml. You must also set -# ES_HEAP_SIZE. -#MAX_LOCKED_MEMORY=unlimited - -# Maximum number of VMA (Virtual Memory Areas) a process can own -#MAX_MAP_COUNT=262144 - -# Elasticsearch log directory -#LOG_DIR=/var/log/elasticsearch - -# Elasticsearch data directory -#DATA_DIR=/var/lib/elasticsearch - -# Elasticsearch work directory -#WORK_DIR=/tmp/elasticsearch - -# Elasticsearch configuration directory -#CONF_DIR=/etc/elasticsearch - -# Elasticsearch configuration file (elasticsearch.yml) -#CONF_FILE=/etc/elasticsearch/elasticsearch.yml - -# Additional Java OPTS -#ES_JAVA_OPTS= - -# Configure restart on package upgrade (true, every other setting will lead to not restarting) -#RESTART_ON_UPGRADE=true diff --git a/playbooks/roles/elasticsearch/templates/elasticsearch.yml b/playbooks/roles/elasticsearch/templates/elasticsearch.yml deleted file mode 100644 index 123af36094..0000000000 --- a/playbooks/roles/elasticsearch/templates/elasticsearch.yml +++ /dev/null @@ -1,378 +0,0 @@ -##################### Elasticsearch Configuration Example ##################### - -# This file contains an overview of various configuration settings, -# targeted at operations staff. Application developers should -# consult the guide at . -# -# The installation procedure is covered at -# . -# -# Elasticsearch comes with reasonable defaults for most settings, -# so you can try it out without bothering with configuration. -# -# Most of the time, these defaults are just fine for running a production -# cluster. If you're fine-tuning your cluster, or wondering about the -# effect of certain configuration option, please _do ask_ on the -# mailing list or IRC channel [http://elasticsearch.org/community]. - -# Any element in the configuration can be replaced with environment variables -# by placing them in ${...} notation. For example: -# -#node.rack: ${RACK_ENV_VAR} - -# For information on supported formats and syntax for the config file, see -# - - -################################### Cluster ################################### - -# Cluster name identifies your cluster for auto-discovery. If you're running -# multiple clusters on the same network, make sure you're using unique names. -# -#cluster.name: elasticsearch -cluster.name: {{ elasticsearch_cluster }} - - -#################################### Node ##################################### - -# Node names are generated dynamically on startup, so you're relieved -# from configuring them manually. You can tie this node to a specific name: -# -#node.name: "Franz Kafka" - -# Every node can be configured to allow or deny being eligible as the master, -# and to allow or deny to store the data. -# -# Allow this node to be eligible as a master node (enabled by default): -# -#node.master: true -# -# Allow this node to store data (enabled by default): -# -#node.data: true - -# You can exploit these settings to design advanced cluster topologies. -# -# 1. You want this node to never become a master node, only to hold data. -# This will be the "workhorse" of your cluster. -# -#node.master: false -#node.data: true -# -# 2. You want this node to only serve as a master: to not store any data and -# to have free resources. This will be the "coordinator" of your cluster. -# -#node.master: true -#node.data: false -# -# 3. You want this node to be neither master nor data node, but -# to act as a "search load balancer" (fetching data from nodes, -# aggregating results, etc.) -# -#node.master: false -#node.data: false - -# Use the Cluster Health API [http://localhost:9200/_cluster/health], the -# Node Info API [http://localhost:9200/_nodes] or GUI tools -# such as , -# , -# and -# to inspect the cluster state. - -# A node can have generic attributes associated with it, which can later be used -# for customized shard allocation filtering, or allocation awareness. An attribute -# is a simple key value pair, similar to node.key: value, here is an example: -# -#node.rack: rack314 - -# By default, multiple nodes are allowed to start from the same installation location -# to disable it, set the following: -#node.max_local_storage_nodes: 1 - - -#################################### Index #################################### - -# You can set a number of options (such as shard/replica options, mapping -# or analyzer definitions, translog settings, ...) for indices globally, -# in this file. -# -# Note, that it makes more sense to configure index settings specifically for -# a certain index, either when creating it or by using the index templates API. -# -# See and -# -# for more information. - -# Set the number of shards (splits) of an index (5 by default): -# -#index.number_of_shards: 10 - -# Set the number of replicas (additional copies) of an index (1 by default): -# -#index.number_of_replicas: 2 - -# Note, that for development on a local machine, with small indices, it usually -# makes sense to "disable" the distributed features: -# -index.number_of_shards: 1 -index.number_of_replicas: 0 - -# These settings directly affect the performance of index and search operations -# in your cluster. Assuming you have enough machines to hold shards and -# replicas, the rule of thumb is: -# -# 1. Having more *shards* enhances the _indexing_ performance and allows to -# _distribute_ a big index across machines. -# 2. Having more *replicas* enhances the _search_ performance and improves the -# cluster _availability_. -# -# The "number_of_shards" is a one-time setting for an index. -# -# The "number_of_replicas" can be increased or decreased anytime, -# by using the Index Update Settings API. -# -# Elasticsearch takes care about load balancing, relocating, gathering the -# results from nodes, etc. Experiment with different settings to fine-tune -# your setup. - -# Use the Index Status API () to inspect -# the index status. - - -#################################### Paths #################################### - -# Path to directory containing configuration (this file and logging.yml): -# -#path.conf: /path/to/conf - -# Path to directory where to store index data allocated for this node. -# -#path.data: /path/to/data -# -# Can optionally include more than one location, causing data to be striped across -# the locations (a la RAID 0) on a file level, favouring locations with most free -# space on creation. For example: -# -#path.data: /path/to/data1,/path/to/data2 - -# Path to temporary files: -# -#path.work: /path/to/work - -# Path to log files: -# -#path.logs: /path/to/logs - -# Path to where plugins are installed: -# -#path.plugins: /path/to/plugins - - -#################################### Plugin ################################### - -# If a plugin listed here is not installed for current node, the node will not start. -# -#plugin.mandatory: mapper-attachments,lang-groovy - - -################################### Memory #################################### - -# Elasticsearch performs poorly when JVM starts swapping: you should ensure that -# it _never_ swaps. -# -# Set this property to true to lock the memory: -# -bootstrap.mlockall: true - -# Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set -# to the same value, and that the machine has enough memory to allocate -# for Elasticsearch, leaving enough memory for the operating system itself. -# -# You should also make sure that the Elasticsearch process is allowed to lock -# the memory, eg. by using `ulimit -l unlimited`. - - -############################## Network And HTTP ############################### - -# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens -# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node -# communication. (the range means that if the port is busy, it will automatically -# try the next port). - -# Set the bind address specifically (IPv4 or IPv6): -# -network.bind_host: {{ hostvars[inventory_hostname]['container_address'] }} - -# Set the address other nodes will use to communicate with this node. If not -# set, it is automatically derived. It must point to an actual IP address. -# -network.publish_host: {{ hostvars[inventory_hostname]['container_address'] }} - -# Set both 'bind_host' and 'publish_host': -# -#network.host: 192.168.0.1 - -# Set a custom port for the node to node communication (9300 by default): -# -#transport.tcp.port: 9300 - -# Enable compression for all communication between nodes (disabled by default): -# -#transport.tcp.compress: true - -# Set a custom port to listen for HTTP traffic: -# -#http.port: 9200 - -# Set a custom allowed content length: -# -#http.max_content_length: 100mb - -# Disable HTTP completely: -# -#http.enabled: false - - -################################### Gateway ################################### - -# The gateway allows for persisting the cluster state between full cluster -# restarts. Every change to the state (such as adding an index) will be stored -# in the gateway, and when the cluster starts up for the first time, -# it will read its state from the gateway. - -# There are several types of gateway implementations. For more information, see -# . - -# The default gateway type is the "local" gateway (recommended): -# -#gateway.type: local - -# Settings below control how and when to start the initial recovery process on -# a full cluster restart (to reuse as much local data as possible when using shared -# gateway). - -# Allow recovery process after N nodes in a cluster are up: -# -#gateway.recover_after_nodes: 1 - -# Set the timeout to initiate the recovery process, once the N nodes -# from previous setting are up (accepts time value): -# -#gateway.recover_after_time: 5m - -# Set how many nodes are expected in this cluster. Once these N nodes -# are up (and recover_after_nodes is met), begin recovery process immediately -# (without waiting for recover_after_time to expire): -# -#gateway.expected_nodes: 2 - - -############################# Recovery Throttling ############################# - -# These settings allow to control the process of shards allocation between -# nodes during initial recovery, replica allocation, rebalancing, -# or when adding and removing nodes. - -# Set the number of concurrent recoveries happening on a node: -# -# 1. During the initial recovery -# -#cluster.routing.allocation.node_initial_primaries_recoveries: 4 -# -# 2. During adding/removing nodes, rebalancing, etc -# -#cluster.routing.allocation.node_concurrent_recoveries: 2 - -# Set to throttle throughput when recovering (eg. 100mb, by default 20mb): -# -#indices.recovery.max_bytes_per_sec: 20mb - -# Set to limit the number of open concurrent streams when -# recovering a shard from a peer: -# -#indices.recovery.concurrent_streams: 5 - - -################################## Discovery ################################## - -# Discovery infrastructure ensures nodes can be found within a cluster -# and master node is elected. Multicast discovery is the default. - -# Set to ensure a node sees N other master eligible nodes to be considered -# operational within the cluster. Its recommended to set it to a higher value -# than 1 when running more than 2 nodes in the cluster. -# -#discovery.zen.minimum_master_nodes: 1 - -# Set the time to wait for ping responses from other nodes when discovering. -# Set this option to a higher value on a slow or congested network -# to minimize discovery failures: -# -#discovery.zen.ping.timeout: 3s - -# For more information, see -# - -# Unicast discovery allows to explicitly control which nodes will be used -# to discover the cluster. It can be used when multicast is not present, -# or to restrict the cluster communication-wise. -# -# 1. Disable multicast discovery (enabled by default): -# -#discovery.zen.ping.multicast.enabled: false -# -# 2. Configure an initial list of master nodes in the cluster -# to perform discovery when new nodes (master or data) are started: -# -#discovery.zen.ping.unicast.hosts: ["host1", "host2:port"] - -# EC2 discovery allows to use AWS EC2 API in order to perform discovery. -# -# You have to install the cloud-aws plugin for enabling the EC2 discovery. -# -# For more information, see -# -# -# See -# for a step-by-step tutorial. - -# GCE discovery allows to use Google Compute Engine API in order to perform discovery. -# -# You have to install the cloud-gce plugin for enabling the GCE discovery. -# -# For more information, see . - -# Azure discovery allows to use Azure API in order to perform discovery. -# -# You have to install the cloud-azure plugin for enabling the Azure discovery. -# -# For more information, see . - -################################## Slow Log ################################## - -# Shard level query and fetch threshold logging. - -#index.search.slowlog.threshold.query.warn: 10s -#index.search.slowlog.threshold.query.info: 5s -#index.search.slowlog.threshold.query.debug: 2s -#index.search.slowlog.threshold.query.trace: 500ms - -#index.search.slowlog.threshold.fetch.warn: 1s -#index.search.slowlog.threshold.fetch.info: 800ms -#index.search.slowlog.threshold.fetch.debug: 500ms -#index.search.slowlog.threshold.fetch.trace: 200ms - -#index.indexing.slowlog.threshold.index.warn: 10s -#index.indexing.slowlog.threshold.index.info: 5s -#index.indexing.slowlog.threshold.index.debug: 2s -#index.indexing.slowlog.threshold.index.trace: 500ms - -################################## GC Logging ################################ - -#monitor.jvm.gc.young.warn: 1000ms -#monitor.jvm.gc.young.info: 700ms -#monitor.jvm.gc.young.debug: 400ms - -#monitor.jvm.gc.old.warn: 10s -#monitor.jvm.gc.old.info: 5s -#monitor.jvm.gc.old.debug: 2s diff --git a/playbooks/roles/elasticsearch/templates/logging.yml b/playbooks/roles/elasticsearch/templates/logging.yml deleted file mode 100644 index 9e00d01c66..0000000000 --- a/playbooks/roles/elasticsearch/templates/logging.yml +++ /dev/null @@ -1,56 +0,0 @@ -# you can override this using by setting a system property, for example -Des.logger.level=DEBUG -es.logger.level: INFO -rootLogger: ${es.logger.level}, console, file -logger: - # log action execution errors for easier debugging - action: DEBUG - # reduce the logging for aws, too much is logged under the default INFO - com.amazonaws: WARN - - # gateway - #gateway: DEBUG - #index.gateway: DEBUG - - # peer shard recovery - #indices.recovery: DEBUG - - # discovery - #discovery: TRACE - - index.search.slowlog: TRACE, index_search_slow_log_file - index.indexing.slowlog: TRACE, index_indexing_slow_log_file - -additivity: - index.search.slowlog: false - index.indexing.slowlog: false - -appender: - console: - type: console - layout: - type: consolePattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - file: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - index_search_slow_log_file: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}_index_search_slowlog.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - index_indexing_slow_log_file: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" diff --git a/playbooks/roles/elasticsearch/templates/mapping.sh b/playbooks/roles/elasticsearch/templates/mapping.sh deleted file mode 100755 index f8646121fc..0000000000 --- a/playbooks/roles/elasticsearch/templates/mapping.sh +++ /dev/null @@ -1,302 +0,0 @@ -#!/bin/sh -curl --retry 10 -XPUT 'http://{{ hostvars[groups['elasticsearch'][0]]['container_address'] }}:{{ elasticsearch_http_port }}/_template/log_test1' -d ' -{ - "template" : "*", - "order": 0, - "mappings" : { - "_default_" : { - "dynamic_templates" : [ { - "string_fields" : { - "mapping" : { - "index" : "analyzed", - "omit_norms" : true, - "type" : "string", - "fields" : { - "raw" : { - "index" : "not_analyzed", - "ignore_above" : 256, - "type" : "string" - } - } - }, - "match" : "*", - "match_mapping_type" : "string" - } - } ], - "properties" : { - "@version" : { - "type" : "string", - "index" : "not_analyzed" - }, - "geoip" : { - "dynamic" : "true", - "properties" : { - "location" : { - "type" : "geo_point" - } - } - } - } - }, - "logs" : { - "dynamic_templates" : [ { - "string_fields" : { - "mapping" : { - "index" : "analyzed", - "omit_norms" : true, - "type" : "string", - "fields" : { - "raw" : { - "index" : "not_analyzed", - "ignore_above" : 256, - "type" : "string" - } - } - }, - "match" : "*", - "match_mapping_type" : "string" - } - } ], - "properties" : { - "@fields" : { - "properties" : { - "facility" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "processid" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "program" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "severity" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - } - } - }, - "@message" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "@source" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "@source_host" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "@timestamp" : { - "type" : "date", - "format" : "dateOptionalTime" - }, - "@version" : { - "type" : "string", - "index" : "not_analyzed" - }, - "facility" : { - "type" : "long" - }, - "facility_label" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "geoip" : { - "dynamic" : "true", - "properties" : { - "location" : { - "type" : "geo_point" - } - } - }, - "host" : { - "type" : "ip", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "os_level" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "os_program" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "os_program_path" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "os_program_pid" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "os_timestamp" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "priority" : { - "type" : "long" - }, - "severity" : { - "type" : "long" - }, - "severity_label" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - }, - "tags" : { - "type" : "string", - "norms" : { - "enabled" : false - }, - "fields" : { - "raw" : { - "type" : "string", - "index" : "not_analyzed", - "ignore_above" : 256 - } - } - } - } - } - } - } -}' diff --git a/playbooks/roles/galera_client/CONTRIBUTING.rst b/playbooks/roles/galera_client/CONTRIBUTING.rst new file mode 100644 index 0000000000..6839565d7f --- /dev/null +++ b/playbooks/roles/galera_client/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack Galera Client +####################### +:tags: openstack, galera, client, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/LICENSE b/playbooks/roles/galera_client/LICENSE similarity index 100% rename from LICENSE rename to playbooks/roles/galera_client/LICENSE diff --git a/playbooks/roles/galera_client/README.rst b/playbooks/roles/galera_client/README.rst new file mode 100644 index 0000000000..87c4769bd6 --- /dev/null +++ b/playbooks/roles/galera_client/README.rst @@ -0,0 +1,20 @@ +OpenStack Galera Client +####################### +:tags: openstack, galera, client, cloud, ansible +:category: \*nix + +Role for the installation of the mariadb and xtrabackup clients used to interact with and manage a galera cluster. + +Example Ansible play + +.. code-block:: yaml + + - name: Install galera server + hosts: galera_all + user: root + roles: + - { role: "galera_server", tags: [ "galera-server" ] } + vars: + galera_address: "10.0.0.1" + galera_root_password: secrete + galera_root_user: root diff --git a/playbooks/vars/repo_packages/nova.yml b/playbooks/roles/galera_client/defaults/main.yml similarity index 55% rename from playbooks/vars/repo_packages/nova.yml rename to playbooks/roles/galera_client/defaults/main.yml index 7daff50e0d..c70acd2974 100644 --- a/playbooks/vars/repo_packages/nova.yml +++ b/playbooks/roles/galera_client/defaults/main.yml @@ -13,29 +13,24 @@ # See the License for the specific language governing permissions and # limitations under the License. -repo_package_name: nova +# Default galera connection address +galera_address: 127.0.0.1 +galera_root_user: root -repo_path: "{{ repo_package_name }}_{{ git_install_branch | replace('/', '_') }}" +# Galera GPG Keys +galera_client_gpg_keys: + - { key_name: 'mariadb', keyserver: 'hkp://keyserver.ubuntu.com:80', hash_id: '0xcbcb082a1bb943db' } -## Git Source -git_repo: https://github.com/openstack/nova -git_fallback_repo: https://git.openstack.org/openstack/nova -git_dest: "/opt/{{ repo_path }}" -git_etc_example: etc/nova/ -git_install_branch: stable/juno +# Repositories +galera_client_apt_repos: + - { repo: "deb http://mirror.rackspace.com/mariadb/repo/5.5/ubuntu {{ ansible_distribution_release }} main", state: "present" } -pip_wheel_name: nova +galera_client_apt_packages: + - libmariadbclient-dev + - mariadb-client + - xtrabackup -container_packages: - - libpq-dev - - open-iscsi - - vlan - - kpartx - -service_pip_dependencies: +galera_client_pip_packages: - MySQL-python - python-memcached - pycrypto - - python-keystoneclient - - python-novaclient - - keystonemiddleware diff --git a/playbooks/roles/galera_client/meta/main.yml b/playbooks/roles/galera_client/meta/main.yml new file mode 100644 index 0000000000..c5108f660a --- /dev/null +++ b/playbooks/roles/galera_client/meta/main.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation galera client + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - galera + - mariadb + - development + - openstack +dependencies: + - pip_lock_down diff --git a/playbooks/roles/galera_client/tasks/galera_client_install.yml b/playbooks/roles/galera_client/tasks/galera_client_install.yml new file mode 100644 index 0000000000..5de737faf5 --- /dev/null +++ b/playbooks/roles/galera_client/tasks/galera_client_install.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install galera packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: galera_client_apt_packages + tags: + - galera-client-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: galera_client_pip_packages + tags: + - galera-client-pip-packages diff --git a/playbooks/roles/galera_client_cnf/tasks/main.yml b/playbooks/roles/galera_client/tasks/galera_client_post_install.yml similarity index 91% rename from playbooks/roles/galera_client_cnf/tasks/main.yml rename to playbooks/roles/galera_client/tasks/galera_client_post_install.yml index d93f817eb2..de13da9614 100644 --- a/playbooks/roles/galera_client_cnf/tasks/main.yml +++ b/playbooks/roles/galera_client/tasks/galera_client_post_install.yml @@ -15,8 +15,10 @@ - name: Drop local .my.cnf file template: - src: "client_my.cnf" + src: "client.my.cnf.j2" dest: "/root/.my.cnf" owner: "root" group: "root" mode: "0600" + tags: + - galera-client-user-config diff --git a/playbooks/roles/container_common/tasks/container_repos.yml b/playbooks/roles/galera_client/tasks/galera_client_pre_install.yml similarity index 55% rename from playbooks/roles/container_common/tasks/container_repos.yml rename to playbooks/roles/galera_client/tasks/galera_client_pre_install.yml index 86e83c4f53..b2c562a063 100644 --- a/playbooks/roles/container_common/tasks/container_repos.yml +++ b/playbooks/roles/galera_client/tasks/galera_client_pre_install.yml @@ -13,27 +13,27 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Add Container apt keys - apt_key: - url: "{{ item.url }}" - state: "{{ item.state }}" - with_items: apt_container_keys - when: "ansible_distribution_version in ['12.04', '13.04', '13.10', '14.04'] and apt_container_keys is defined" - -- name: Add Container GPG Keys +- name: Add galera apt-keys apt_key: id: "{{ item.hash_id }}" keyserver: "{{ item.keyserver }}" - state: present - with_items: container_gpg_keys - when: "ansible_distribution_version in ['12.04', '13.04', '13.10', '14.04'] and container_gpg_keys is defined" + state: "present" + with_items: galera_client_gpg_keys + register: add_repos + until: add_repos|success + retries: 5 + delay: 2 + tags: + - galera-client-gpg-keys -- name: Add Container repos +- name: Add galera repo(s) apt_repository: repo: "{{ item.repo }}" state: "{{ item.state }}" - with_items: apt_container_repos - when: "ansible_distribution_version in ['12.04', '13.04', '13.10', '14.04'] and apt_container_repos is defined" + with_items: galera_client_apt_repos register: add_repos until: add_repos|success - retries: 3 + retries: 5 + delay: 2 + tags: + - galera-client-repos diff --git a/playbooks/roles/cinder_setup/tasks/main.yml b/playbooks/roles/galera_client/tasks/main.yml similarity index 83% rename from playbooks/roles/cinder_setup/tasks/main.yml rename to playbooks/roles/galera_client/tasks/main.yml index cb081bf3c9..3b95c28cc0 100644 --- a/playbooks/roles/cinder_setup/tasks/main.yml +++ b/playbooks/roles/galera_client/tasks/main.yml @@ -13,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Perform a Cinder DB sync - command: cinder-manage db sync - sudo: yes - sudo_user: "{{ system_user }}" +- include: galera_client_pre_install.yml +- include: galera_client_install.yml +- include: galera_client_post_install.yml diff --git a/playbooks/roles/galera_client/templates/client.my.cnf.j2 b/playbooks/roles/galera_client/templates/client.my.cnf.j2 new file mode 100644 index 0000000000..c180d8c0d9 --- /dev/null +++ b/playbooks/roles/galera_client/templates/client.my.cnf.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +[client] +host={{ galera_address }} +user={{ galera_root_user }} +password={{ galera_root_password }} diff --git a/playbooks/roles/galera_client_cnf/templates/client_my.cnf b/playbooks/roles/galera_client_cnf/templates/client_my.cnf deleted file mode 100644 index 7fd81e0bbb..0000000000 --- a/playbooks/roles/galera_client_cnf/templates/client_my.cnf +++ /dev/null @@ -1,4 +0,0 @@ -[client] -host={{ mysql_client_host|default(mysql_address) }} -user=root -password={{ mysql_password }} diff --git a/playbooks/roles/galera_common/templates/limits.conf b/playbooks/roles/galera_common/templates/limits.conf deleted file mode 100644 index ccb1c54b53..0000000000 --- a/playbooks/roles/galera_common/templates/limits.conf +++ /dev/null @@ -1,2 +0,0 @@ -# OpenFile limits -* - nofile 16384 diff --git a/playbooks/roles/galera_config/templates/cluster.cnf b/playbooks/roles/galera_config/templates/cluster.cnf deleted file mode 100644 index 4857db2b67..0000000000 --- a/playbooks/roles/galera_config/templates/cluster.cnf +++ /dev/null @@ -1,28 +0,0 @@ -[mysqld] -# Path to Galera library -wsrep_provider=/usr/lib/galera/libgalera_smm.so -wsrep_provider_options="gcache.size={{ galera_gcache_size|default('1G') }}" - -# Cluster connection URL contains the IPs of node#1, node#2 and node#3 -wsrep_cluster_address=gcomm://{% for host in groups['galera'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %} - -# In order for Galera to work correctly binlog format should be ROW -binlog_format=ROW - -# MyISAM storage engine has only experimental support -default_storage_engine=InnoDB - -# This changes how InnoDB autoincrement locks are managed and is a requirement for Galera -innodb_autoinc_lock_mode=2 - -# This should be the IP and DNS name for the current system on which you're editing the file. -wsrep_node_address={{ container_address }} -wsrep_node_name={{ ansible_hostname }} - -# SST method -wsrep_sst_method=xtrabackup -wsrep_sst_auth=root:{{ mysql_password }} -wsrep_slave_threads={{ galera_wsrep_slave_threads | default(ansible_processor_vcpus) }} - -# Cluster name -wsrep_cluster_name="openstack_galera_cluster" diff --git a/playbooks/roles/galera_db_setup/templates/my.cnf b/playbooks/roles/galera_db_setup/templates/my.cnf deleted file mode 100644 index ba7ab7adee..0000000000 --- a/playbooks/roles/galera_db_setup/templates/my.cnf +++ /dev/null @@ -1,3 +0,0 @@ -[client] -user={{ mysql_user }} -password={{ mysql_password }} diff --git a/playbooks/roles/galera_remove/tasks/main.yml b/playbooks/roles/galera_remove/tasks/main.yml deleted file mode 100644 index 98c23cf771..0000000000 --- a/playbooks/roles/galera_remove/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Stop mysql - service: - name: mysql - state: stopped - ignore_errors: yes - -- name: Remove galera packages - apt: - pkg: "{{ item }}" - state: absent - purge: no - update_cache: no - cache_valid_time: 600 - with_items: galera_packages - ignore_errors: yes - -- name: Remove db related paths - file: - path: "{{ item }}" - state: absent - with_items: - - /var/lib/mysql/* - - /etc/mysql - - /var/log/mysql/* - - /root/.my.cnf - ignore_errors: yes diff --git a/playbooks/roles/galera_server/CONTRIBUTING.rst b/playbooks/roles/galera_server/CONTRIBUTING.rst new file mode 100644 index 0000000000..68e599f4c3 --- /dev/null +++ b/playbooks/roles/galera_server/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack Galera Server +####################### +:tags: openstack, galera, server, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/galera_server/LICENSE b/playbooks/roles/galera_server/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/galera_server/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/galera_server/README.rst b/playbooks/roles/galera_server/README.rst new file mode 100644 index 0000000000..aad4a0a53b --- /dev/null +++ b/playbooks/roles/galera_server/README.rst @@ -0,0 +1,22 @@ +OpenStack Galera Server +####################### +:tags: openstack, galera, server, cloud, ansible +:category: \*nix + +Role for the installation and installation of a Galera Cluster powered by MariaDB + +.. code-block:: yaml + + - name: Install galera server + hosts: galera_all + user: root + roles: + - { role: "galera_server", tags: [ "galera-server" ] } + vars: + container_address: "{{ ansible_ssh_host }}" + galera_wsrep_address: "10.0.0.1,10.0.0.2,10.0.0.3" + galera_wsrep_node_name: "{{ ansible_hostname }}" + galera_wsrep_cluster_address: "{{ container_address }}" + galera_address: "{{ container_address }}" + galera_root_password: secrete + galera_root_user: root diff --git a/playbooks/roles/galera_server/defaults/main.yml b/playbooks/roles/galera_server/defaults/main.yml new file mode 100644 index 0000000000..46ca156a80 --- /dev/null +++ b/playbooks/roles/galera_server/defaults/main.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +galera_cluster_name: openstack_galera_cluster + +galera_monitoring_user: monitoring +galera_monitoring_user_password: "" +galera_root_user: root + +galera_gcache_size: 1024M + +galera_max_heap_table_size: 32M +galera_tmp_table_size: 32M + +galera_file_limits: 16384 +galera_wait_timeout: 28800 + +## innodb options +galera_innodb_buffer_pool_size: 4096M +galera_innodb_additional_mem_pool_size: 24M +galera_innodb_log_file_size: 1024M +galera_innodb_log_buffer_size: 128M + +## wsrep configuration +galera_wsrep_address: "127.0.0.1" +galera_wsrep_cluster_address: "{{ galera_wsrep_address }}" +galera_wsrep_node_incoming_address: "{{ galera_wsrep_address }}" +galera_wsrep_slave_threads: "{{ ansible_processor_vcpus }}" +galera_wsrep_retry_autocommit: 3 +galera_wsrep_debug: 0 + +# Galera GPG Keys +galera_gpg_keys: + - { key_name: 'mariadb', keyserver: 'hkp://keyserver.ubuntu.com:80', hash_id: '0xcbcb082a1bb943db' } + +# Repositories +galera_apt_repos: + - { repo: "deb http://mirror.rackspace.com/mariadb/repo/5.5/ubuntu {{ ansible_distribution_release }} main", state: "present" } + +galera_pip_packages: + - MySQL-python + - python-memcached + - pycrypto + +galera_pre_apt_packages: + - python-software-properties + - software-properties-common + - debconf-utils + +# The package name for mariaDB is set as a variable +# so that it can be used in debconf later in the +# "galera_common" role. +galera_mariadb_server_package: "mariadb-galera-server-5.5" + +# NB This is specifically galera_packages as these packages only get installed +# during the galera play - this is because of the preseed task and the service +# startup control used when installing mariadb-galera-server and galera. +galera_apt_packages: + - mariadb-client + - "{{ galera_mariadb_server_package }}" + - galera + - rsync + - xtrabackup + - socat + +galera_debconf_items: + - question: "mysql-server/root_password" + name: "{{ galera_mariadb_server_package }}" + value: "{{ galera_root_password }}" + vtype: "string" + - question: "mysql-server/root_password_again" + name: "{{ galera_mariadb_server_package }}" + value: "{{ galera_root_password }}" + vtype: "string" diff --git a/playbooks/roles/galera_config/templates/mysql_init.sh b/playbooks/roles/galera_server/files/mysql_init.sh similarity index 100% rename from playbooks/roles/galera_config/templates/mysql_init.sh rename to playbooks/roles/galera_server/files/mysql_init.sh diff --git a/playbooks/roles/galera_common/files/policy-rc.d b/playbooks/roles/galera_server/files/policy-rc.d similarity index 100% rename from playbooks/roles/galera_common/files/policy-rc.d rename to playbooks/roles/galera_server/files/policy-rc.d diff --git a/playbooks/roles/galera_server/meta/main.yml b/playbooks/roles/galera_server/meta/main.yml new file mode 100644 index 0000000000..7f03cca969 --- /dev/null +++ b/playbooks/roles/galera_server/meta/main.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation galera server + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - galera + - mariadb + - development + - openstack +dependencies: + - galera_client diff --git a/playbooks/roles/galera_restart/tasks/main.yml b/playbooks/roles/galera_server/tasks/galera_add_node.yml similarity index 74% rename from playbooks/roles/galera_restart/tasks/main.yml rename to playbooks/roles/galera_server/tasks/galera_add_node.yml index 4cddc7d8ea..3f798d6b88 100644 --- a/playbooks/roles/galera_restart/tasks/main.yml +++ b/playbooks/roles/galera_server/tasks/galera_add_node.yml @@ -14,12 +14,19 @@ # limitations under the License. - name: Get incoming addresses from cluster - shell: > + shell: | mysql -e 'show status like "wsrep_incoming_addresses"\G'|awk '/Value/{print $2}' register: wsrep_incoming_addresses + changed_when: "not wsrep_incoming_addresses.stdout|search('{{ ansible_ssh_host }}')" + tags: + - galera-add-node + - galera-bootstrap - name: Restart mysql service: name: mysql state: restarted - when: not wsrep_incoming_addresses.stdout|search("{{ container_address }}") + when: "not wsrep_incoming_addresses.stdout|search('{{ ansible_ssh_host }}')" + tags: + - galera-add-node + - galera-bootstrap diff --git a/playbooks/roles/galera_bootstrap/tasks/main.yml b/playbooks/roles/galera_server/tasks/galera_bootstrap.yml similarity index 83% rename from playbooks/roles/galera_bootstrap/tasks/main.yml rename to playbooks/roles/galera_server/tasks/galera_bootstrap.yml index ccded95b90..5ec5f446c7 100644 --- a/playbooks/roles/galera_bootstrap/tasks/main.yml +++ b/playbooks/roles/galera_server/tasks/galera_bootstrap.yml @@ -14,9 +14,12 @@ # limitations under the License. - name: Check wsrep cluster size - shell: > + shell: | mysql -e 'show status like "wsrep_cluster_size%"\G'|awk '/Value/{print $2}' register: wsrep_cluster_size + changed_when: wsrep_cluster_size.stdout|search("1") + tags: + - galera-bootstrap - name: Stop mariadb service: @@ -25,11 +28,15 @@ pattern: mysqld register: mysqlstopped when: wsrep_cluster_size.stdout | search("1") or wsrep_cluster_size.stderr | search("ERROR") + tags: + - galera-bootstrap - name: Check if mysql is running - shell: > - pgrep -fl mysqld + shell: "pgrep -fl mysqld" register: mysql_running + changed_when: mysql_running.rc != 0 + tags: + - galera-bootstrap - name: bootstrap cluster (initialise mysql with --wsrep-new-cluster) service: @@ -37,3 +44,5 @@ state: restarted args: --wsrep-new-cluster when: wsrep_cluster_size.stdout|search("1") or mysqlstopped|changed or not mysql_running.stdout|search("mysql") + tags: + - galera-bootstrap diff --git a/playbooks/roles/galera_common/tasks/main.yml b/playbooks/roles/galera_server/tasks/galera_install.yml similarity index 52% rename from playbooks/roles/galera_common/tasks/main.yml rename to playbooks/roles/galera_server/tasks/galera_install.yml index f1f7e787b7..e713659ba9 100644 --- a/playbooks/roles/galera_common/tasks/main.yml +++ b/playbooks/roles/galera_server/tasks/galera_install.yml @@ -13,27 +13,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Prevent mysql from starting on install - copy: - src: "policy-rc.d" - dest: "/usr/sbin/policy-rc.d" - mode: 0744 - backup: yes - -- name: Preseed mysql root password +- name: Preseed galera password(s) debconf: - name: "{{ mariadb_server_package }}" - question: "mysql-server/{{ item }}" - value: "{{ mysql_password }}" - vtype: string - with_items: - - root_password - - root_password_again - -- name: Drop limits config - template: - src: "limits.conf" - dest: "/etc/security/limits.conf" + name: "{{ item.name }}" + question: "{{ item.question }}" + value: "{{ item.value }}" + vtype: "{{ item.vtype }}" + with_items: galera_debconf_items + tags: + - galera-debconf - name: Install galera packages apt: @@ -41,10 +29,22 @@ state: latest update_cache: yes cache_valid_time: 600 - with_items: galera_packages + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: galera_apt_packages + tags: + - galera-apt-packages -# Remove the file that prevents the services from starting -- name: Remove /usr/sbin/policy-rc.d - file: - path: "/usr/sbin/policy-rc.d" - state: absent +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: galera_pip_packages + tags: + - galera-pip-packages diff --git a/playbooks/roles/galera_server/tasks/galera_post_install.yml b/playbooks/roles/galera_server/tasks/galera_post_install.yml new file mode 100644 index 0000000000..987465138b --- /dev/null +++ b/playbooks/roles/galera_server/tasks/galera_post_install.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create the local directories + file: + path: "{{ item.path }}" + state: "directory" + group: "{{ item.owner|default('root') }}" + owner: "{{ item.group|default('root') }}" + mode: "{{ item.mode|default('0755') }}" + recurse: "{{ item.recurse|default('false') }}" + with_items: + - { path: "/var/log/mysql/", owner: "mysql", recurse: "true" } + - { path: "/etc/mysql/conf.d" } + tags: + - galera-config + +- name: Drop mariadb config(s) + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: my.cnf.j2, dest: /etc/mysql/my.cnf } + - { src: cluster.cnf.j2, dest: /etc/mysql/conf.d/cluster.cnf } + - { src: debian.cnf.j2, dest: /etc/mysql/debian.cnf } + - { src: mysql_defaults.j2, dest: /etc/default/mysql } + tags: + - galera-config + +- name: Drop mariadb script(s) + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: mysql_init.sh, dest: /etc/init.d/mysql, mode: "0755" } + tags: + - galera-config + +- name: Remove policy-rc + file: + path: "/usr/sbin/policy-rc.d" + state: absent + tags: + - galera-config diff --git a/playbooks/roles/common/tasks/repos.yml b/playbooks/roles/galera_server/tasks/galera_pre_install.yml similarity index 53% rename from playbooks/roles/common/tasks/repos.yml rename to playbooks/roles/galera_server/tasks/galera_pre_install.yml index 3064e1815a..fbd4033564 100644 --- a/playbooks/roles/common/tasks/repos.yml +++ b/playbooks/roles/galera_server/tasks/galera_pre_install.yml @@ -13,44 +13,57 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: add apt-keys +- name: Install galera pre packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: galera_pre_apt_packages + tags: + - galera-pre-apt-packages + +- name: Add galera apt-keys apt_key: id: "{{ item.hash_id }}" keyserver: "{{ item.keyserver }}" state: "present" - with_items: gpg_keys - when: "ansible_distribution_version in ['12.04', '13.04', '13.10', '14.04']" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: galera_gpg_keys + tags: + - galera-apt-keys -- name: Add Common repos +- name: Add galera repo(s) apt_repository: repo: "{{ item.repo }}" state: "{{ item.state }}" - with_items: apt_common_repos - when: "ansible_distribution_version in ['12.04', '13.04', '13.10', '14.04']" + with_items: galera_apt_repos register: add_repos until: add_repos|success - retries: 3 + retries: 5 + delay: 2 + tags: + - galera-repos -- name: Add mariadb priority file +- name: Prevent galera from starting on install + copy: + src: "policy-rc.d" + dest: "/usr/sbin/policy-rc.d" + mode: "0755" + backup: yes + tags: + - galera-config + +- name: Drop limits config template: - src: "mariadb-priority" - dest: "/etc/apt/preferences.d/mariadb.pref" - owner: "root" - group: "root" - mode: "0644" - -- name: Update apt cache - apt: - update_cache: yes - -- name: Ensure common Packages are Installed - apt: - pkg: "{{ item }}" - state: present - update_cache: yes - cache_valid_time: 600 - with_items: apt_common_packages - when: "ansible_distribution_version in ['12.04', '13.04', '13.10', '14.04']" - register: common_packages - until: common_packages|success - retries: 3 + src: "limits.conf.j2" + dest: "/etc/security/limits.conf" + tags: + - galera-config diff --git a/playbooks/roles/galera_setup/tasks/main.yml b/playbooks/roles/galera_server/tasks/galera_setup.yml similarity index 70% rename from playbooks/roles/galera_setup/tasks/main.yml rename to playbooks/roles/galera_server/tasks/galera_setup.yml index 098ffffbd2..cac52750fa 100644 --- a/playbooks/roles/galera_setup/tasks/main.yml +++ b/playbooks/roles/galera_server/tasks/galera_setup.yml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Create mysql users +- name: Create galera users mysql_user: name: "{{ item.name }}" host: "{{ item.host }}" @@ -21,26 +21,25 @@ priv: "{{ item.priv }}" state: "{{ item.state }}" with_items: - - name: "root" + - name: "{{ galera_root_user }}" host: "%" - password: "{{ mysql_password }}" + password: "{{ galera_root_password }}" priv: "*.*:ALL,GRANT" state: present - - - name: "root" + - name: "{{ galera_root_user }}" host: "localhost" - password: "" + password: "{{ galera_root_password }}" priv: "*.*:ALL" state: absent - - - name: haproxy + - name: "{{ galera_monitoring_user }}" host: '%' - password: "" + password: "{{ galera_monitoring_user_password }}" priv: "*.*:USAGE" state: present - - - name: haproxy + - name: "{{ galera_monitoring_user }}" host: 'localhost' - password: "" + password: "{{ galera_monitoring_user_password }}" priv: "*.*:USAGE" state: present + tags: + - galera-user-create diff --git a/playbooks/vars/openstack_service_vars/neutron_agent.yml b/playbooks/roles/galera_server/tasks/main.yml similarity index 66% rename from playbooks/vars/openstack_service_vars/neutron_agent.yml rename to playbooks/roles/galera_server/tasks/main.yml index 386987c451..8fea8239b3 100644 --- a/playbooks/vars/openstack_service_vars/neutron_agent.yml +++ b/playbooks/roles/galera_server/tasks/main.yml @@ -13,8 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -# The variables file used by the playbooks in the nova-api-ec2 group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. +- include: galera_pre_install.yml +- include: galera_install.yml +- include: galera_post_install.yml -## Service Type and Data -program_name: neutron-agent +- include: galera_bootstrap.yml + when: inventory_hostname == groups['galera_all'][0] +- include: galera_setup.yml + when: inventory_hostname == groups['galera_all'][0] + +- include: galera_add_node.yml + when: inventory_hostname != groups['galera_all'][0] diff --git a/playbooks/roles/galera_server/templates/cluster.cnf.j2 b/playbooks/roles/galera_server/templates/cluster.cnf.j2 new file mode 100644 index 0000000000..5687a771d4 --- /dev/null +++ b/playbooks/roles/galera_server/templates/cluster.cnf.j2 @@ -0,0 +1,39 @@ +# {{ ansible_managed }} + +[mysqld] +# Path to Galera library +wsrep_provider = /usr/lib/galera/libgalera_smm.so +wsrep_provider_options = "gcache.size = {{ galera_gcache_size }}" + +# Cluster connection URL contains the IPs of node#1, node#2 and node#3 +wsrep_cluster_address = gcomm://{{ galera_wsrep_cluster_address }} + +# Address for incoming client connections. +wsrep_node_incoming_address = {{ galera_wsrep_address }} + +# In order for Galera to work correctly binlog format should be ROW +binlog_format = ROW + +# MyISAM storage engine has only experimental support +default_storage_engine = InnoDB + +# This changes how InnoDB autoincrement locks are managed and is a requirement for Galera +innodb_autoinc_lock_mode = 2 + +# This should be the IP and DNS name for the current system on which you're editing the file. +wsrep_node_address = {{ galera_wsrep_address }} +wsrep_node_name = {{ galera_wsrep_node_name }} + +# to enable debug level logging, set this to 1 +wsrep_debug = {{ galera_wsrep_debug }} + +# SST method +wsrep_sst_method = xtrabackup +wsrep_sst_auth = root:{{ galera_root_password }} +wsrep_slave_threads = {{ galera_wsrep_slave_threads }} + +# Cluster name +wsrep_cluster_name = "{{ galera_cluster_name }}" + +# how many times to retry deadlocked autocommits +wsrep_retry_autocommit = {{ galera_wsrep_retry_autocommit }} diff --git a/playbooks/roles/galera_config/templates/debian.cnf b/playbooks/roles/galera_server/templates/debian.cnf.j2 similarity index 65% rename from playbooks/roles/galera_config/templates/debian.cnf rename to playbooks/roles/galera_server/templates/debian.cnf.j2 index 5d4a0bd7b7..4bbfaeae6e 100644 --- a/playbooks/roles/galera_config/templates/debian.cnf +++ b/playbooks/roles/galera_server/templates/debian.cnf.j2 @@ -1,11 +1,14 @@ +# {{ ansible_managed }} + [client] host = localhost user = root -password = {{ mysql_password }} +password = {{ galera_root_password }} socket = /var/run/mysqld/mysqld.sock + [mysql_upgrade] host = localhost user = root -password = {{ mysql_password }} +password = {{ galera_root_password }} socket = /var/run/mysqld/mysqld.sock basedir = /usr diff --git a/playbooks/roles/galera_server/templates/limits.conf.j2 b/playbooks/roles/galera_server/templates/limits.conf.j2 new file mode 100644 index 0000000000..d8733510e6 --- /dev/null +++ b/playbooks/roles/galera_server/templates/limits.conf.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +# OpenFile limits +* - nofile {{ galera_file_limits }} diff --git a/playbooks/roles/galera_config/templates/my.cnf b/playbooks/roles/galera_server/templates/my.cnf.j2 similarity index 71% rename from playbooks/roles/galera_config/templates/my.cnf rename to playbooks/roles/galera_server/templates/my.cnf.j2 index 9020928fe4..6c4589f7ee 100644 --- a/playbooks/roles/galera_config/templates/my.cnf +++ b/playbooks/roles/galera_server/templates/my.cnf.j2 @@ -1,12 +1,12 @@ {%- set all_calculated_max_connections = [] %} - {%- for galera_node in groups['galera_all'] %} {%- if all_calculated_max_connections.append(hostvars[galera_node]['ansible_processor_vcpus'] * 100) %} {%- endif %} {%- endfor %} - {%- set calculated_max_connections = all_calculated_max_connections|sort %} +# {{ ansible_managed }} + [client] port = 3306 socket = /var/run/mysqld/mysqld.sock @@ -27,39 +27,6 @@ user = mysql collation-server = utf8_unicode_ci init-connect = 'SET NAMES utf8' character-set-server = utf8 - - -# SAFETY # -max-allowed-packet = 16M -max-connect-errors = 1000000 - -# NOTE: The number of max connections is defined by ( host_vcpus * 100 ). This value -# is the lowest integer based on the ansible facts gathered from every galera node. -# Computing the connections value using the lowest denominator maintains cluster integrity -# by not attempting to over commit to a less capable machine. -# These are the computed max_connections based on cluster data {{ calculated_max_connections }} -max_connections = {{ mysql_max_connections | default(calculated_max_connections[0]) }} - -wait_timeout = {{ galera_wait_timeout }} - -# CACHES AND LIMITS # -tmp-table-size = 32M -max-heap-table-size = 32M -query-cache-type = 0 -query-cache-size = 0M -thread-cache-size = 50 -open-files-limit = 65535 -table-definition-cache = 4096 -table-open-cache = 10240 - -# INNODB # -innodb-flush-method = O_DIRECT -innodb-log-files-in-group = 2 -innodb-log-file-size = 128M -innodb-flush-log-at-trx-commit = 1 -innodb-file-per-table = 1 -innodb-buffer-pool-size = 2G - datadir = /var/lib/mysql # LOGGING # @@ -71,6 +38,49 @@ log-bin = /var/lib/mysql/mariadb-bin log-bin-index = /var/lib/mysql/mariadb-bin.index expire-logs-days = 7 +# SAFETY # +max-allowed-packet = 16M +max-connect-errors = 1000000 + +# NOTE: The number of max connections is defined by ( host_vcpus * 100 ). This value +# is the lowest integer based on the ansible facts gathered from every galera node. +# Computing the connections value using the lowest denominator maintains cluster integrity +# by not attempting to over commit to a less capable machine. +# These are the computed max_connections based on cluster data {{ calculated_max_connections }} +max_connections = {{ galera_max_connections | default(calculated_max_connections[0]) }} + +wait_timeout = {{ galera_wait_timeout }} + +# CACHES AND LIMITS # +tmp-table-size = {{ galera_max_heap_table_size }} +max-heap-table-size = {{ galera_tmp_table_size }} +query-cache-type = 0 +query-cache-size = 0M +thread-cache-size = 50 +open-files-limit = 65535 +table-definition-cache = 4096 +table-open-cache = 10240 + +# INNODB # +innodb-flush-method = O_DIRECT +innodb-additional-mem-pool-size = {{ galera_innodb_additional_mem_pool_size }} +innodb-log-file-size = {{ galera_innodb_log_file_size }} +innodb-flush-log-at-trx-commit = 1 +innodb-file-per-table = 1 +innodb-buffer-pool-size = {{ galera_innodb_buffer_pool_size }} + +# Depending on number of cores and disk sub +innodb-read-io-threads = 4 +innodb-write-io-threads = 4 +innodb-doublewrite = 1 +innodb-log-buffer-size = {{ galera_innodb_log_buffer_size }} +innodb-buffer-pool-instances = 8 +innodb-log-files-in-group = 2 +innodb-thread-concurrency = 64 + +# avoid statistics update when doing e.g show tables +innodb_stats_on_metadata = 0 + [mysqldump] quick quote-names diff --git a/playbooks/roles/galera_config/templates/mysql_defaults b/playbooks/roles/galera_server/templates/mysql_defaults.j2 similarity index 85% rename from playbooks/roles/galera_config/templates/mysql_defaults rename to playbooks/roles/galera_server/templates/mysql_defaults.j2 index cac6914b23..f1c0021377 100644 --- a/playbooks/roles/galera_config/templates/mysql_defaults +++ b/playbooks/roles/galera_server/templates/mysql_defaults.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} + # How long to wait for successfull mysql startup # Startup can take a while if it requires a galera state transfer. MYSQLD_STARTUP_TIMEOUT=1800 diff --git a/playbooks/roles/glance_common/tasks/main.yml b/playbooks/roles/glance_common/tasks/main.yml deleted file mode 100644 index d5830160d7..0000000000 --- a/playbooks/roles/glance_common/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: glance_config.yml diff --git a/playbooks/roles/glance_common/templates/glance-api.conf b/playbooks/roles/glance_common/templates/glance-api.conf deleted file mode 100644 index ab4f77a036..0000000000 --- a/playbooks/roles/glance_common/templates/glance-api.conf +++ /dev/null @@ -1,82 +0,0 @@ -[DEFAULT] -verbose = {{ verbose }} -debug = {{ debug }} -log_file = /var/log/glance/glance-api.log -use_syslog = False -bind_host = 0.0.0.0 -bind_port = 9292 -backlog = 4096 -workers = 4 -registry_host = {{ registry_host }} -registry_port = 9191 -registry_client_protocol = http -cinder_catalog_info = volume:cinder:internalURL - -notification_driver = {{ notification_driver }} -{% if notification_driver == "messaging" %} -##### RPC MESSAGING OPTIONS ##### -rpc_backend = {{ rpc_backend }} -rabbit_hosts = {{ rabbit_hosts }} -rabbit_port = {{ rabbit_port }} -rabbit_use_ssl = {{ rabbit_use_ssl }} -rabbit_userid = {{ rabbit_userid }} -rabbit_password = {{ rabbit_password }} -rabbit_virtual_host = {{ rabbit_virtual_host }} -rabbit_notification_exchange = glance -rabbit_notification_topic = notifications -rabbit_durable_queues = False -{% endif %} - - -delayed_delete = False -scrub_time = 43200 -scrubber_datadir = /var/lib/glance/scrubber/ -image_cache_dir = /var/lib/glance/cache/ - -[database] -connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8 - -[keystone_authtoken] -signing_dir = /var/lib/glance/cache/api -identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} -auth_uri = {{ auth_identity_uri }} -admin_tenant_name = {{ service_admin_tenant_name }} -admin_user = {{ service_admin_username }} -admin_password = {{ service_admin_password }} - -memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}{% if not loop.last %},{% endif %}{% endfor %} - -token_cache_time = 300 -revocation_cache_time = 60 - -# if your memcached server is shared, use these settings to avoid cache poisoning -memcache_security_strategy = ENCRYPT -memcache_secret_key = {{ memcached_secret_key }} - -# if your keystone deployment uses PKI, and you value security over performance: -check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }} - -[paste_deploy] -flavor = {{ flavor }} - -[glance_store] -default_store = {{ default_store }} -stores = glance.store.filesystem.Store, - glance.store.http.Store, - glance.store.cinder.Store, - glance.store.swift.Store -{% if default_store == "file" %} -filesystem_store_datadir = /var/lib/glance/images/ -{% elif default_store == "swift" %} -swift_store_auth_version = 2 -swift_store_auth_address = {{ swift_store_auth_address }} -swift_store_user = {{ swift_store_user }} -swift_store_key = {{ swift_store_key }} -swift_store_region = {{ swift_store_region }} -swift_store_container = {{ swift_store_container }} -swift_store_create_container_on_put = True -swift_store_large_object_size = 5120 -swift_store_large_object_chunk_size = 200 -swift_store_retry_get_count = 5 -swift_store_endpoint_type = {{ swift_store_endpoint_type }} -{% endif %} diff --git a/playbooks/roles/glance_common/templates/glance-cache.conf b/playbooks/roles/glance_common/templates/glance-cache.conf deleted file mode 100644 index 2345321046..0000000000 --- a/playbooks/roles/glance_common/templates/glance-cache.conf +++ /dev/null @@ -1,14 +0,0 @@ -[DEFAULT] -verbose = {{ verbose }} -debug = {{ debug }} -admin_password = {{ glance_service_password }} -admin_user = glance -admin_tenant_name = service -use_syslog = False -image_cache_dir = /var/lib/glance/cache/ -image_cache_stall_time = 86400 -image_cache_max_size = {{ glance_image_cache_max_size|default(10737418240) }} -registry_host = {{ registry_host }} -registry_port = 9191 -auth_url = {{ auth_admin_uri }} -filesystem_store_datadir = /var/lib/glance/images/ diff --git a/playbooks/roles/glance_common/templates/glance-registry.conf b/playbooks/roles/glance_common/templates/glance-registry.conf deleted file mode 100644 index f4292adfea..0000000000 --- a/playbooks/roles/glance_common/templates/glance-registry.conf +++ /dev/null @@ -1,36 +0,0 @@ -[DEFAULT] -verbose = {{ verbose }} -debug = {{ debug }} -log_file = /var/log/glance/glance-registry.log -use_syslog = False -bind_host = 0.0.0.0 -bind_port = 9191 -backlog = 4096 -api_limit_max = 1000 -limit_param_default = 25 - -[database] -connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8 - -[keystone_authtoken] -signing_dir = /var/lib/glance/cache/registry/ -identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} -auth_uri = {{ auth_identity_uri }} -admin_tenant_name = {{ service_admin_tenant_name }} -admin_user = {{ service_admin_username }} -admin_password = {{ service_admin_password }} - -memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}{% if not loop.last %},{% endif %}{% endfor %} - -token_cache_time = 300 -revocation_cache_time = 60 - -# if your memcached server is shared, use these settings to avoid cache poisoning -memcache_security_strategy = ENCRYPT -memcache_secret_key = {{ memcached_secret_key }} - -# if your keystone deployment uses PKI, and you value security over performance: -check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }} - -[paste_deploy] -flavor = keystone diff --git a/playbooks/roles/glance_common/templates/schema-image.json b/playbooks/roles/glance_common/templates/schema-image.json deleted file mode 100644 index 5aafd6b371..0000000000 --- a/playbooks/roles/glance_common/templates/schema-image.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "kernel_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image." - }, - "ramdisk_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image." - }, - "instance_uuid": { - "type": "string", - "description": "ID of instance used to create this image." - }, - "architecture": { - "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_distro": { - "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_version": { - "description": "Operating system version as specified by the distributor", - "type": "string" - } -} diff --git a/playbooks/roles/glance_common/templates/template_gen b/playbooks/roles/glance_common/templates/template_gen deleted file mode 100644 index f7ec1856f3..0000000000 --- a/playbooks/roles/glance_common/templates/template_gen +++ /dev/null @@ -1,20 +0,0 @@ -# {{ ansible_managed }} -# Changes to this file are found within the vars/config_vars - -{% for key, value in item.var.items() %} - -[{{ key }}] -{% for _key, _value in value.items() %} -{% if _value is string %} -{{ _key }} = {{ _value }} -{% elif _value is number %} -{{ _key }} = {{ _value }} -{% elif _value is iterable %} -{{ _key }} = {{ _value|join(", ") }} -{% else %} -# Value type skipped as it was indeterminable -# {{ _value }} -{% endif %} -{% endfor %} - -{% endfor %} diff --git a/playbooks/roles/glance_setup/tasks/main.yml b/playbooks/roles/glance_setup/tasks/main.yml deleted file mode 100644 index c2d8a507fb..0000000000 --- a/playbooks/roles/glance_setup/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Perform a Glance DB sync - command: glance-manage db_sync - sudo: yes - sudo_user: "{{ system_user }}" diff --git a/playbooks/roles/haproxy_common/templates/haproxy.cfg b/playbooks/roles/haproxy_common/templates/haproxy.cfg deleted file mode 100644 index bf15b418cc..0000000000 --- a/playbooks/roles/haproxy_common/templates/haproxy.cfg +++ /dev/null @@ -1,27 +0,0 @@ -global - log 127.0.0.1 local0 - log 127.0.0.1 local1 notice - chroot /var/lib/haproxy - uid haproxy - gid haproxy - daemon - maxconn 4096 - tune.bufsize 384000 - stats socket /var/run/haproxy.stat mode 600 - -defaults - log global - option dontlognull - option redispatch - retries 3 - timeout client {{ haproxy_timeout|default('90s') }} - timeout connect 10s - timeout server {{ haproxy_timeout|default('90s') }} - maxconn 4096 - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http diff --git a/playbooks/roles/haproxy_server/CONTRIBUTING.rst b/playbooks/roles/haproxy_server/CONTRIBUTING.rst new file mode 100644 index 0000000000..9685c09d8f --- /dev/null +++ b/playbooks/roles/haproxy_server/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack Haproxy Server +######################## +:tags: openstack, galera, haproxy, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/haproxy_server/LICENSE b/playbooks/roles/haproxy_server/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/haproxy_server/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/haproxy_server/README.rst b/playbooks/roles/haproxy_server/README.rst new file mode 100644 index 0000000000..18d80a00c6 --- /dev/null +++ b/playbooks/roles/haproxy_server/README.rst @@ -0,0 +1,26 @@ +OpenStack Haproxy Server +######################## +:tags: openstack, galera, haproxy, cloud, ansible +:category: \*nix + +Role for the installation and setup of haproxy + +.. code-block:: yaml + + - name: Install haproxy + hosts: haproxy_hosts + user: root + roles: + - { role: "haproxy_server", tags: [ "haproxy-server" ] } + vars: + haproxy_service_configs: + - service: + hap_service_name: group_name + hap_backend_nodes: "{{ groups['group_name'][0] }}" + hap_backup_nodes: "{{ groups['group_name'][1:] }}" + hap_port: 80 + hap_balance_type: http + hap_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" diff --git a/playbooks/roles/haproxy_server/defaults/main.yml b/playbooks/roles/haproxy_server/defaults/main.yml new file mode 100644 index 0000000000..fccd990dc0 --- /dev/null +++ b/playbooks/roles/haproxy_server/defaults/main.yml @@ -0,0 +1,45 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +haproxy_apt_packages: + - haproxy + - hatop + - vim-haproxy + +## Haproxy Configuration +haproxy_rise: 3 +haproxy_fall: 3 +haproxy_interval: 12000 + +# Default haproxy backup nodes to empty list so this doesn't have to be +# defined for each service. +haproxy_backup_nodes: [] + +# haproxy_service_configs: +# - service: +# hap_service_name: haproxy_all +# hap_backend_nodes: "{{ groups['haproxy_all'][0] }}" +# # hap_backup_nodes: "{{ groups['haproxy_all'][1:] }}" +# hap_port: 80 +# hap_balance_type: http +# hap_backend_options: +# - "forwardfor" +# - "httpchk" +# - "httplog" + +galera_monitoring_user: monitoring diff --git a/playbooks/roles/haproxy_server/files/haproxy.cfg b/playbooks/roles/haproxy_server/files/haproxy.cfg new file mode 100644 index 0000000000..e7e1f60e28 --- /dev/null +++ b/playbooks/roles/haproxy_server/files/haproxy.cfg @@ -0,0 +1,20 @@ +global + log 127.0.0.1 local0 + log 127.0.0.1 local1 notice + chroot /var/lib/haproxy + uid haproxy + gid haproxy + daemon + maxconn 4096 + tune.bufsize 384000 + stats socket /var/run/haproxy.stat mode 600 + +defaults + log global + option dontlognull + option redispatch + retries 3 + timeout client 50s + timeout connect 10s + timeout server 50s + maxconn 4096 diff --git a/playbooks/roles/haproxy_common/files/haproxy.default b/playbooks/roles/haproxy_server/files/haproxy.default similarity index 99% rename from playbooks/roles/haproxy_common/files/haproxy.default rename to playbooks/roles/haproxy_server/files/haproxy.default index 6028662686..2da23cf633 100644 --- a/playbooks/roles/haproxy_common/files/haproxy.default +++ b/playbooks/roles/haproxy_server/files/haproxy.default @@ -1,5 +1,6 @@ # Set ENABLED to 1 if you want the init script to start haproxy. ENABLED=1 + # Add extra flags here. #EXTRAOPTS="-de -m 16" diff --git a/playbooks/roles/haproxy_common/files/haproxy.sh b/playbooks/roles/haproxy_server/files/haproxy.sh similarity index 100% rename from playbooks/roles/haproxy_common/files/haproxy.sh rename to playbooks/roles/haproxy_server/files/haproxy.sh diff --git a/playbooks/roles/haproxy_common/handlers/main.yml b/playbooks/roles/haproxy_server/handlers/main.yml similarity index 86% rename from playbooks/roles/haproxy_common/handlers/main.yml rename to playbooks/roles/haproxy_server/handlers/main.yml index b51a0b5ff2..9590648014 100644 --- a/playbooks/roles/haproxy_common/handlers/main.yml +++ b/playbooks/roles/haproxy_server/handlers/main.yml @@ -14,4 +14,8 @@ # limitations under the License. - name: Restart haproxy - service: name=haproxy state=restarted pattern=haproxy enabled=yes + service: + name: "haproxy" + state: "restarted" + pattern: "haproxy" + enabled: "yes" diff --git a/playbooks/roles/haproxy_server/meta/main.yml b/playbooks/roles/haproxy_server/meta/main.yml new file mode 100644 index 0000000000..a42b9905f3 --- /dev/null +++ b/playbooks/roles/haproxy_server/meta/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of HAPtoxy + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - development + - openstack +dependencies: [] diff --git a/playbooks/roles/haproxy_common/tasks/main.yml b/playbooks/roles/haproxy_server/tasks/haproxy_install.yml similarity index 79% rename from playbooks/roles/haproxy_common/tasks/main.yml rename to playbooks/roles/haproxy_server/tasks/haproxy_install.yml index fd7c10bba0..d6bc937003 100644 --- a/playbooks/roles/haproxy_common/tasks/main.yml +++ b/playbooks/roles/haproxy_server/tasks/haproxy_install.yml @@ -19,32 +19,33 @@ state: present update_cache: yes cache_valid_time: 600 - ignore_errors: yes - with_items: - - haproxy - - hatop - - vim-haproxy + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: haproxy_apt_packages + tags: + - haproxy-apt-packages - name: Replace haproxy DEFAULT file copy: src: haproxy.default dest: /etc/default/haproxy + tags: + - haproxy-config - name: Replace haproxy init script to allow conf.d copy: src: haproxy.sh dest: /etc/init.d/haproxy + mode: "0755" + tags: + - haproxy-config - name: Create haproxy conf.d file: path: /etc/haproxy/conf.d state: directory recurse: yes - -- name: Drop base haproxy config - template: > - src={{ item }} - dest=/etc/haproxy/{{ item }} - with_items: - - haproxy.cfg - notify: Restart haproxy + tags: + - haproxy-config diff --git a/playbooks/roles/haproxy_service/tasks/main.yml b/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml similarity index 65% rename from playbooks/roles/haproxy_service/tasks/main.yml rename to playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml index 8ae7bd3b84..3aae8f0f19 100644 --- a/playbooks/roles/haproxy_service/tasks/main.yml +++ b/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml @@ -13,9 +13,21 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Drop base haproxy config + copy: + src: "{{ item }}" + dest: "/etc/haproxy/{{ item }}" + with_items: + - haproxy.cfg + notify: Restart haproxy + tags: + - haproxy-base-config + - name: "Create haproxy service config files" template: - src: service - dest: "/etc/haproxy/conf.d/{{ item.service.hap_service_name }}" - with_items: haproxy_config + src: service.j2 + dest: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}" + with_items: haproxy_service_configs notify: Restart haproxy + tags: + - haproxy-service-config diff --git a/playbooks/roles/cinder_device_add/tasks/main.yml b/playbooks/roles/haproxy_server/tasks/main.yml similarity index 89% rename from playbooks/roles/cinder_device_add/tasks/main.yml rename to playbooks/roles/haproxy_server/tasks/main.yml index c54840248a..7d7a0e8c61 100644 --- a/playbooks/roles/cinder_device_add/tasks/main.yml +++ b/playbooks/roles/haproxy_server/tasks/main.yml @@ -13,4 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: device_add.yml +- include: haproxy_install.yml +- include: haproxy_post_install.yml diff --git a/playbooks/roles/haproxy_server/templates/service.j2 b/playbooks/roles/haproxy_server/templates/service.j2 new file mode 100644 index 0000000000..88910f7686 --- /dev/null +++ b/playbooks/roles/haproxy_server/templates/service.j2 @@ -0,0 +1,51 @@ +# {{ ansible_managed }} + +frontend {{ item.service.haproxy_service_name }}-front +bind {{ item.service.haproxy_bind|default('*') }}:{{ item.service.haproxy_port }} +{% if item.service.haproxy_balance_type == "http" %} + option httplog + option forwardfor except 127.0.0.0/8 + option http-server-close + + {% set request_option = "http" %} +{% else %} + option tcplog + {% set request_option = "tcp" %} +{% endif %} + +{% if item.service.haproxy_timeout_client is defined %} + timeout client {{ item.service.haproxy_timeout_client }} +{% endif %} + +{% if item.service.haproxy_whitelist_hosts is defined and item.service.haproxy_whitelist_hosts == true %} + acl white_list src 127.0.0.1/8 10.0.3.0/24 {{ container_cidr }} + + {{ request_option }}-request content accept if white_list + {{ request_option }}-request content reject +{% endif %} + + mode {{ item.service.haproxy_balance_type }} + default_backend {{ item.service.haproxy_service_name }}-back + + +{% if item.service.haproxy_backend_port is not defined %} + {% set haproxy_backend_port = item.service.haproxy_port %} +{% else %} + {% set haproxy_backend_port = item.service.haproxy_backend_port %} +{% endif %} + +backend {{ item.service.haproxy_service_name }}-back + mode {{ item.service.haproxy_balance_type }} + balance {{ item.service.haproxy_balance_alg|default("leastconn") }} +{% for option in item.service.haproxy_backend_options|default([]) %} + option {{ option }} +{% endfor %} +{% if item.service.haproxy_timeout_server is defined %} + timeout server {{ item.service.haproxy_timeout_server }} +{% endif %} +{% for host_name in item.service.haproxy_backend_nodes %} + server {{ host_name }} {{ hostvars[host_name]['ansible_ssh_host'] }}:{{ haproxy_backend_port }} check port {{ haproxy_backend_port }} inter {{ haproxy_interval }} rise {{ item.service.haproxy_backend_nodes|count }} fall {{ item.service.haproxy_backend_nodes|count }} +{% endfor %} +{% for host_name in item.service.haproxy_backup_nodes|default([]) %} + server {{ host_name }} {{ hostvars[host_name]['ansible_ssh_host'] }}:{{ haproxy_backend_port }} check port {{ haproxy_backend_port }} inter {{ haproxy_interval }} rise {{ item.service.haproxy_backend_nodes|count }} fall {{ item.service.haproxy_backend_nodes|count }} backup +{% endfor %} diff --git a/playbooks/roles/haproxy_service/handlers/main.yml b/playbooks/roles/haproxy_service/handlers/main.yml deleted file mode 100644 index b51a0b5ff2..0000000000 --- a/playbooks/roles/haproxy_service/handlers/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Restart haproxy - service: name=haproxy state=restarted pattern=haproxy enabled=yes diff --git a/playbooks/roles/haproxy_service/templates/service b/playbooks/roles/haproxy_service/templates/service deleted file mode 100644 index 0a37bc47c1..0000000000 --- a/playbooks/roles/haproxy_service/templates/service +++ /dev/null @@ -1,49 +0,0 @@ -frontend {{ item.service.hap_service_name }}-front -bind {{ item.service.hap_bind|default('*') }}:{{ item.service.hap_port }} -{% if item.service.hap_balance_type == "http" %} - option httplog - option forwardfor except 127.0.0.0/8 - option http-server-close - - {% set request_option = "http" %} -{% else %} - option tcplog - {% set request_option = "tcp" %} -{% endif %} - -{% if item.service.hap_timeout_client is defined %} - timeout client {{ item.service.hap_timeout_client }} -{% endif %} - -{% if item.service.hap_whitelist_hosts is defined and item.service.hap_whitelist_hosts == true %} - acl white_list src 127.0.0.1/8 10.0.3.0/24 {{ container_cidr }} - - {{ request_option }}-request content accept if white_list - {{ request_option }}-request content reject -{% endif %} - - mode {{ item.service.hap_balance_type }} - default_backend {{ item.service.hap_service_name }}-back - - -{% if item.service.hap_backend_port is not defined %} - {% set hap_backend_port = item.service.hap_port %} -{% else %} - {% set hap_backend_port = item.service.hap_backend_port %} -{% endif %} - -backend {{ item.service.hap_service_name }}-back - mode {{ item.service.hap_balance_type }} - balance {{ item.service.hap_balance_alg|default("leastconn") }} -{% for option in item.service.hap_backend_options|default([]) %} - option {{ option }} -{% endfor %} -{% if item.service.hap_timeout_server is defined %} - timeout server {{ item.service.hap_timeout_server }} -{% endif %} -{% for host_name in item.service.hap_backend_nodes %} - server {{ hostvars[host_name]['container_name']|default(host_name) }} {{ hostvars[host_name]['ansible_ssh_host'] }}:{{ hap_backend_port }} check port {{ hap_backend_port }} inter {{ hap_interval }} rise {{ item.service.hap_backend_nodes|count }} fall {{ item.service.hap_backend_nodes|count }} -{% endfor %} -{% for host_name in item.service.hap_backup_nodes|default([]) %} - server {{ hostvars[host_name]['container_name']|default(host_name) }} {{ hostvars[host_name]['ansible_ssh_host'] }}:{{ hap_backend_port }} check port {{ hap_backend_port }} inter {{ hap_interval }} rise {{ item.service.hap_backend_nodes|count }} fall {{ item.service.hap_backend_nodes|count }} backup -{% endfor %} diff --git a/playbooks/roles/heat_common/tasks/heat_config.yml b/playbooks/roles/heat_common/tasks/heat_config.yml deleted file mode 100644 index 5327837638..0000000000 --- a/playbooks/roles/heat_common/tasks/heat_config.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# We add the keystone role used by heat to delegate to the heat service user -# (for performing deferred operations via trusts) -- name: Ensure stack_owner role - keystone: > - command=ensure_role - login_tenant_name="{{ auth_admin_tenant }}" - login_user="{{ auth_admin_username }}" - login_password="{{ auth_admin_password }}" - endpoint="{{ auth_admin_uri }}" - role_name="heat_stack_owner" - -# Any user creating stacks needs to have the 'heat_stack_owner' role assigned, -# we add to admin user here for testing purposes -- name: Ensure admin has stack_owner role - keystone: > - command=ensure_user_role - login_tenant_name="{{ auth_admin_tenant }}" - login_user="{{ auth_admin_username }}" - login_password="{{ auth_admin_password }}" - endpoint="{{ auth_admin_uri }}" - user_name="admin" - tenant_name="admin" - role_name="heat_stack_owner" - -- name: Setup Heat Config - template: > - src={{ item }} - dest=/etc/heat/{{ item }} - owner={{ system_user }} - group={{ system_group }} - with_items: - - heat.conf - - environment.d/default.yaml - - templates/AWS_CloudWatch_Alarm.yaml - - templates/AWS_RDS_DBInstance.yaml - - api-paste.ini - - policy.json - notify: Restart os service diff --git a/playbooks/roles/heat_common/tasks/main.yml b/playbooks/roles/heat_common/tasks/main.yml deleted file mode 100644 index 60306c3490..0000000000 --- a/playbooks/roles/heat_common/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: heat_config.yml diff --git a/playbooks/roles/heat_common/templates/heat.conf b/playbooks/roles/heat_common/templates/heat.conf deleted file mode 100644 index 39089c0ece..0000000000 --- a/playbooks/roles/heat_common/templates/heat.conf +++ /dev/null @@ -1,101 +0,0 @@ -[DEFAULT] -verbose = True -debug = False -use_syslog = False - -log_file = /var/log/heat/heat.log - -stack_domain_admin_password = {{ stack_domain_admin_password }} -stack_domain_admin = {{ stack_domain_admin }} -stack_user_domain_id = {{ hostvars[groups['heat_api'][0]]['stack_user_domain_id'] }} -deferred_auth_method = {{ deferred_auth_method }} - -auth_encryption_key = {{ auth_encryption_key }} - -heat_watch_server_url = {{ heat_watch_server_url }} -heat_waitcondition_server_url = {{ heat_waitcondition_server_url }} -heat_metadata_server_url = {{ heat_metadata_server_url }} - - -## RPC Backend -rpc_backend = {{ rpc_backend }} -rpc_thread_pool_size = {{ rpc_thread_pool_size }} -rpc_conn_pool_size = {{ rpc_conn_pool_size }} -rpc_response_timeout = {{ rpc_response_timeout }} -rpc_cast_timeout = {{ rpc_cast_timeout }} - - -## RabbitMQ - -rabbit_hosts = {{ rabbit_hosts }} - -rabbit_port = {{ rabbit_port }} -rabbit_use_ssl = {{ rabbit_use_ssl }} -rabbit_userid = {{ rabbit_userid }} -rabbit_password = {{ rabbit_password }} -rabbit_virtual_host = {{ rabbit_virtual_host }} - -[clients] -endpoint_type = internalURL - -[clients_ceilometer] -endpoint_type = internalURL - -[clients_cinder] -endpoint_type = internalURL - -[clients_glance] -endpoint_type = internalURL - -[clients_heat] -endpoint_type = internalURL - -[clients_keystone] -endpoint_type = internalURL - -[clients_neutron] -endpoint_type = internalURL - -[clients_nova] -endpoint_type = internalURL - -[clients_swift] -endpoint_type = internalURL - -[clients_trove] -endpoint_type = internalURL - -[database] -connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8 - -[ec2authtoken] -auth_uri = {{ auth_identity_uri }} - -[heat_api] -bind_port = 8004 - -[heat_api_cfn] -bind_port = 8000 - -[heat_api_cloudwatch] -bind_port = 8003 - -[keystone_authtoken] -signing_dir = /var/cache/heat -identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} -auth_uri = {{ auth_identity_uri }} -admin_tenant_name = {{ service_admin_tenant_name }} -admin_user = {{ service_admin_username }} -admin_password = {{ service_admin_password }} - -memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}{% if not loop.last %},{% endif %}{% endfor %} - -token_cache_time = 300 -revocation_cache_time = 60 - -# if your memcached server is shared, use these settings to avoid cache poisoning -memcache_security_strategy = ENCRYPT -memcache_secret_key = {{ memcached_secret_key }} - -# if your keystone deployment uses PKI, and you value security over performance: -check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }} diff --git a/playbooks/roles/heat_domain_user/tasks/main.yml b/playbooks/roles/heat_domain_user/tasks/main.yml deleted file mode 100644 index d059778c8c..0000000000 --- a/playbooks/roles/heat_domain_user/tasks/main.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This is the role assigned to users created within Heat stacks themselves -- name: Ensure stack_user role - keystone: > - command=ensure_role - login_tenant_name="{{ auth_admin_tenant }}" - login_user="{{ auth_admin_username }}" - login_password="{{ auth_admin_password }}" - endpoint="{{ auth_admin_uri }}" - role_name="heat_stack_user" - -- name: Create heat domain - shell: | - . /root/openrc - openstack --os-identity-api-version=3 --os-auth-url={{ auth_identity_uri_v3 }} \ - domain create {{ stack_user_domain_name }} --description "Owns users and projects created by heat" - ignore_errors: true - -- name: Create heat domain admin user - shell: | - . /root/openrc - openstack --os-identity-api-version=3 --os-auth-url={{ auth_identity_uri_v3 }} \ - user create --domain {{ stack_user_domain_name }} --password {{ stack_domain_admin_password }} {{ stack_domain_admin }} - ignore_errors: true - -- name: Retrieve heat domain id - shell: | - . /root/openrc - openstack --os-identity-api-version=3 --os-auth-url={{ auth_identity_uri_v3 }} \ - domain show {{ stack_user_domain_name }} | grep -oE -m 1 "[0-9a-f]{32}" - register: stack_user_domain_id - -- name: Set fact for heat domain id - set_fact: - stack_user_domain_id: "{{ stack_user_domain_id.stdout }}" - -- name: Assign admin role to heat domain admin user - shell: | - . /root/openrc - openstack --os-identity-api-version=3 --os-auth-url={{ auth_identity_uri_v3 }} \ - role add --user {{ stack_domain_admin }} --domain {{ stack_user_domain_id }} admin diff --git a/playbooks/roles/heat_setup/tasks/main.yml b/playbooks/roles/heat_setup/tasks/main.yml deleted file mode 100644 index 40ba5174a5..0000000000 --- a/playbooks/roles/heat_setup/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Perform a Heat DB sync - command: heat-manage db_sync - sudo: yes - sudo_user: "{{ system_user }}" diff --git a/playbooks/roles/horizon_apache/templates/horizon-ports.conf b/playbooks/roles/horizon_apache/templates/horizon-ports.conf deleted file mode 100644 index 24c3bb2555..0000000000 --- a/playbooks/roles/horizon_apache/templates/horizon-ports.conf +++ /dev/null @@ -1,2 +0,0 @@ -Listen 80 -Listen 443 diff --git a/playbooks/roles/horizon_setup/tasks/main.yml b/playbooks/roles/horizon_setup/tasks/main.yml deleted file mode 100644 index a232e1785c..0000000000 --- a/playbooks/roles/horizon_setup/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This will create /var/lib/horizon/.secret_key_store, which needs to be owned -# by {{ system_user }}, otherwise horizon logins will fail -- name: Run syncdb - command: horizon-manage.py syncdb --noinput - sudo: yes - sudo_user: "{{ system_user }}" diff --git a/playbooks/roles/host_common/tasks/check_container_bridge.yml b/playbooks/roles/host_common/tasks/check_container_bridge.yml deleted file mode 100644 index 473f529fa3..0000000000 --- a/playbooks/roles/host_common/tasks/check_container_bridge.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Fail if Container Bridge doesnt exist - file: - state: file - path: "/sys/class/net/{{ management_bridge }}/bridge/bridge_id" diff --git a/playbooks/roles/host_common/tasks/irqbalance.yml b/playbooks/roles/host_common/tasks/irqbalance.yml deleted file mode 100644 index 3e90a9c459..0000000000 --- a/playbooks/roles/host_common/tasks/irqbalance.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Drop irqbalance default - template: - src: "irqbalance" - dest: "/etc/default/irqbalance" - notify: Restart irqbalance diff --git a/playbooks/roles/host_common/tasks/main.yml b/playbooks/roles/host_common/tasks/main.yml deleted file mode 100644 index 0a2e37a22b..0000000000 --- a/playbooks/roles/host_common/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: sysstat.yml -- include: updatehostsfile.yml -- include: authorized_keys.yml -- include: kernel_modules.yml -- include: irqbalance.yml -- include: check_container_bridge.yml - -- name: Set basic kernel optimization - sysctl: - name: "{{ item.key }}" - value: "{{ item.value }}" - sysctl_set: "{{ item.set|default('yes') }}" - state: "{{ item.state|default('present') }}" - reload: "{{ item.reload|default('yes') }}" - with_items: host_kernel_tuning - when: host_kernel_tuning is defined - -- name: Create /openstack hierachy - file: - path: "{{item}}" - state: directory - with_items: - - "/openstack" - - "/openstack/backup" - - "/openstack/log" diff --git a/playbooks/roles/host_common/templates/sysstat.cron b/playbooks/roles/host_common/templates/sysstat.cron deleted file mode 100644 index ce3b7f261f..0000000000 --- a/playbooks/roles/host_common/templates/sysstat.cron +++ /dev/null @@ -1,9 +0,0 @@ -# The first element of the path is a directory where the debian-sa1 -# script is located -PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin - -# Activity reports every 10 minutes everyday -*/1 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 - -# Additional run at 23:59 to rotate the statistics file -59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2 diff --git a/playbooks/roles/init_script/handlers/main.yml b/playbooks/roles/init_script/handlers/main.yml deleted file mode 100644 index 2da037ee1a..0000000000 --- a/playbooks/roles/init_script/handlers/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Restart service - service: name={{ program_name }} state=restarted pattern={{ program_name }} enabled=yes - when: program_name is defined diff --git a/playbooks/roles/init_script/tasks/main.yml b/playbooks/roles/init_script/tasks/main.yml deleted file mode 100644 index ef29fb1725..0000000000 --- a/playbooks/roles/init_script/tasks/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Place the init script - template: > - src=init-config - dest=/etc/init/{{ program_name }}.conf - mode=0644 - owner=root - group=root - notify: Restart service - -- name: Ensure init scripts are loaded - shell: > - initctl list | grep -w "{{ program_name }}" - register: init_loaded - changed_when: init_loaded.rc != 0 - failed_when: false - -- name: Reload init scripts - shell: > - initctl reload-configuration - when: init_loaded|changed - -- name: Load service - service: name={{ program_name }} enabled=yes - when: program_name is defined - -- name: Ensure service started - service: name={{ program_name }} state=started pattern={{ program_name }} enabled=yes - when: program_name is defined diff --git a/playbooks/roles/keystone_add_service/tasks/main.yml b/playbooks/roles/keystone_add_service/tasks/main.yml deleted file mode 100644 index 237b0e3ff6..0000000000 --- a/playbooks/roles/keystone_add_service/tasks/main.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Create a service -- name: Ensure Keystone Service - keystone: > - command=ensure_service - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - service_name="{{ service_name }}" - service_type="{{ service_type }}" - description="{{ service_description }}" - register: add_service - until: add_service|success - retries: 30 - delay: 2 - -# Create an admin user -- name: Ensure Keystone user - keystone: > - command=ensure_user - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - user_name="{{ service_name }}" - tenant_name=admin - password="{{ service_password }}" - -# Add a role to the user -- name: Ensure Keystone user to Admin role - keystone: > - command=ensure_user_role - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - user_name="{{ service_name }}" - tenant_name=service - role_name=admin - -# Create an endpoint -- name: Ensure Keystone Endpoint - keystone: > - command=ensure_endpoint - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - region_name={{ service_region }} - service_name="{{ service_name }}" - service_type="{{ service_type }}" - publicurl={{ service_publicurl }} - adminurl={{ service_adminurl }} - internalurl={{ service_internalurl }} - when: service_publicurl is defined and service_adminurl is defined and service_internalurl is defined diff --git a/playbooks/roles/keystone_add_user/tasks/main.yml b/playbooks/roles/keystone_add_user/tasks/main.yml deleted file mode 100644 index db11a64a6b..0000000000 --- a/playbooks/roles/keystone_add_user/tasks/main.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Create an admin tenant -- name: Ensure Additional Tenants - keystone: - command: "ensure_tenant" - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" - endpoint: "{{ auth_admin_uri }}" - tenant_name: "{{ item.tenant }}" - description: "{{ item.description }}" - with_items: additional_keystone_users - when: additional_keystone_users is defined - -# Create an admin user -- name: Ensure Additional Users - keystone: - command: "ensure_user" - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" - endpoint: "{{ auth_admin_uri }}" - user_name: "{{ item.user }}" - tenant_name: "{{ item.tenant }}" - password: "{{ item.password }}" - with_items: additional_keystone_users - when: additional_keystone_users is defined - -# Create an admin role -- name: Ensure Admin role - keystone: - command: "ensure_role" - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" - endpoint: "{{ auth_admin_uri }}" - role_name: "{{ item.role }}" - with_items: additional_keystone_users - when: additional_keystone_users is defined - -# Add a role to the user -- name: Ensure User has Role - keystone: - command: ensure_user_role - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" - endpoint: "{{ auth_admin_uri }}" - user_name: "{{ item.user }}" - tenant_name: "{{ item.tenant }}" - role_name: "{{ item.role }}" - with_items: additional_keystone_users - when: additional_keystone_users is defined diff --git a/playbooks/roles/keystone_apache/tasks/main.yml b/playbooks/roles/keystone_apache/tasks/main.yml deleted file mode 100644 index 7ee12395dc..0000000000 --- a/playbooks/roles/keystone_apache/tasks/main.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Drop apache2 ports file - template: - src: "keystone-ports.conf" - dest: "/etc/apache2/ports.conf" - owner: "root" - group: "root" - notify: Restart Apache - -- name: Drop keystone vhost file - template: - src: "keystone-httpd.conf" - dest: "/etc/apache2/sites-available/keystone-httpd.conf" - owner: "root" - group: "root" - notify: Restart Apache - -- name: Disable default apache site - file: - path: "/etc/apache2/sites-enabled/000-default.conf" - state: "absent" - notify: Restart Apache - -- name: Enabled keystone vhost - file: - src: "/etc/apache2/sites-available/keystone-httpd.conf" - dest: "/etc/apache2/sites-enabled/keystone-httpd.conf" - state: "link" - notify: Restart Apache - -- name: Link keystone wsgi admin file - file: - src: "/opt/{{ service_name }}_{{ git_install_branch | replace('/', '_') }}/httpd/keystone.py" - dest: "/var/www/cgi-bin/keystone/admin" - state: "link" - notify: Restart Apache - -- name: Link keystone wsgi main file - file: - src: "/opt/{{ service_name }}_{{ git_install_branch | replace('/', '_') }}/httpd/keystone.py" - dest: "/var/www/cgi-bin/keystone/main" - state: "link" - notify: Restart Apache - -- name: Ensure Apache ServerName - lineinfile: - dest: "/etc/apache2/apache2.conf" - line: "ServerName {{ container_name }}" - notify: Restart Apache diff --git a/playbooks/roles/keystone_apache/templates/keystone-httpd.conf b/playbooks/roles/keystone_apache/templates/keystone-httpd.conf deleted file mode 100644 index 3f75f1c4ba..0000000000 --- a/playbooks/roles/keystone_apache/templates/keystone-httpd.conf +++ /dev/null @@ -1,47 +0,0 @@ -WSGIDaemonProcess keystone user=keystone group=nogroup processes=3 threads=10 - - - LogLevel {{ keystone_apache_log_level|default('info') }} - ErrorLog /var/log/keystone/keystone-apache-error.log - CustomLog /var/log/keystone/ssl_access.log combined - Options +FollowSymLinks - - {% if keystone_ssl == true %} - SSLEngine on - SSLCertificateFile {{ keystone_ssl_cert|default('/etc/ssl/certs/apache.cert') }} - SSLCertificateKeyFile {{ keystone_ssl_key|default('/etc/ssl/private/apache.key') }} - SSLCACertificatePath {{ keystone_ssl_cert_path|default('/etc/ssl/certs') }} - SSLCARevocationPath {{ keystone_ssl_cert_path|default('/etc/ssl/certs') }} - SSLVerifyClient optional - SSLVerifyDepth 10 - SSLProtocol all -SSLv2 - SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW - SSLOptions +StdEnvVars +ExportCertData - {% endif %} - - WSGIScriptAlias / /var/www/cgi-bin/keystone/main - WSGIProcessGroup keystone - - - - LogLevel {{ keystone_apache_log_level|default('info') }} - ErrorLog /var/log/keystone/keystone-apache-error.log - CustomLog /var/log/keystone/ssl_access.log combined - Options +FollowSymLinks - - {% if keystone_ssl == true %} - SSLEngine on - SSLCertificateFile {{ keystone_ssl_cert|default('/etc/ssl/certs/apache.cert') }} - SSLCertificateKeyFile {{ keystone_ssl_key|default('/etc/ssl/private/apache.key') }} - SSLCACertificatePath {{ keystone_ssl_cert_path|default('/etc/ssl/certs') }} - SSLCARevocationPath {{ keystone_ssl_cert_path|default('/etc/ssl/certs') }} - SSLVerifyClient optional - SSLVerifyDepth 10 - SSLProtocol all -SSLv2 - SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW - SSLOptions +StdEnvVars +ExportCertData - {% endif %} - - WSGIScriptAlias / /var/www/cgi-bin/keystone/admin - WSGIProcessGroup keystone - diff --git a/playbooks/roles/keystone_apache/templates/keystone-ports.conf b/playbooks/roles/keystone_apache/templates/keystone-ports.conf deleted file mode 100644 index b5bf8dcb7c..0000000000 --- a/playbooks/roles/keystone_apache/templates/keystone-ports.conf +++ /dev/null @@ -1,2 +0,0 @@ -Listen {{ service_port }} -Listen {{ admin_port }} diff --git a/playbooks/roles/keystone_common/tasks/main.yml b/playbooks/roles/keystone_common/tasks/main.yml deleted file mode 100644 index 6479c30552..0000000000 --- a/playbooks/roles/keystone_common/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: keystone_config.yml diff --git a/playbooks/roles/keystone_common/templates/keystone.conf.j2 b/playbooks/roles/keystone_common/templates/keystone.conf.j2 deleted file mode 100644 index ce651a90e9..0000000000 --- a/playbooks/roles/keystone_common/templates/keystone.conf.j2 +++ /dev/null @@ -1,106 +0,0 @@ -[DEFAULT] -verbose = {{ verbose }} -debug = {{ debug }} -admin_token = {{ auth_admin_token }} -bind_host = 0.0.0.0 -# The port number which the public service listens on -public_port = {{ auth_public_port }} -# The port number which the public admin listens on -admin_port = {{ auth_port }} -public_endpoint = {{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_public_port }}/ -admin_endpoint = {{ auth_protocol }}://{{ internal_vip_address }}:{{ auth_port }}/ -log_file = keystone.log -log_dir = /var/log/keystone -rabbit_hosts = {{ rabbit_hosts }} -rabbit_userid = {{ rabbit_userid }} -rabbit_password = {{ rabbit_password }} -rpc_backend = {{ rpc_backend }} - -[memcache] -servers = {% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}{% if not loop.last %},{% endif %}{% endfor %} - -max_compare_and_set_retry = 16 - -[cache] -backend = dogpile.cache.memcached -backend_argument = url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }} -config_prefix = cache.keystone -distributed_lock = True -expiration_time = 5400 -enabled = true - -[revoke] -expiration_buffer = 1800 -caching = true - -[auth] -methods = {{ auth_methods }} - -[database] -connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8 -idle_timeout = 200 -min_pool_size = 5 -max_pool_size = 10 -pool_timeout = 200 - -[identity] -driver = {{ keystone_identity_driver|default('keystone.identity.backends.sql.Identity') }} - -[assignment] -driver = keystone.assignment.backends.sql.Assignment -caching = true - -[ldap] -url = ldap://{{ keystone_ldap_server|default('localhost') }} -user = {{ keystone_ldap_user_bind|default('root') }} -password = {{ keystone_ldap_user_bind_password|default('secrete') }} -suffix = {{ keystone_ldap_suffix|default('cn=example,cn=com') }} -use_dumb_member = {{ keystone_ldap_use_dumb_member|default('false') }} -dumb_member = {{ keystone_ldap_dumb_member|default('cn=dumb,dc=nonexistent') }} -allow_subtree_delete = {{ keystone_ldap_allow_subtree_delete|default('false') }} -query_scope = {{ keystone_ldap_query_scope|default('one') }} -page_size = {{ keystone_ldap_page_size|default('0') }} -debug_level = {{ keystone_ldap_debug_level|default('') }} -chase_referrals = {{ keystone_ldap_chase_referrals|default('True') }} -user_tree_dn = {{ keystone_ldap_user_tree_dn|default('') }} -user_filter = {{ keystone_ldap_user_filter|default('') }} -user_objectclass = {{ keystone_ldap_user_objectclass|default('inetOrgPerson') }} -user_id_attribute = {{ keystone_ldap_user_id_attribute|default('cn') }} -user_name_attribute = {{ keystone_ldap_user_name_attribute|default('sn') }} -user_mail_attribute = {{ keystone_ldap_user_mail_attribute|default('email') }} -user_pass_attribute = {{ keystone_ldap_user_pass_attribute|default('userPassword')}} -user_enabled_attribute = {{ keystone_ldap_user_enabled_attribute|default('enabled') }} -user_enabled_mask = {{ keystone_ldap_user_enabled_mask|default('0') }} -user_enabled_default = {{ keystone_ldap_user_enabled_default|default('True') }} -user_attribute_ignore = {{ keystone_ldap_user_attribute_ignore|default('default_project_id,tenants') }} -user_default_project_id_attribute = {{ keystone_ldap_user_default_project_id_attribute|default('') }} -user_allow_create = {{ keystone_ldap_user_allow_create|default('true') }} -user_allow_update = {{ keystone_ldap_user_allow_update|default('true') }} -user_allow_delete = {{ keystone_ldap_user_allow_delete|default('true') }} -user_enabled_emulation = {{ keystone_ldap_user_enabled_emulation|default('false') }} -user_enabled_emulation_dn = {{ keystone_ldap_user_enabled_emulation_dn|default('') }} -user_additional_attribute_mapping = {{ keystone_ldap_user_additional_attribute_mapping|default('') }} -group_tree_dn = {{ keystone_ldap_|default('') }} -group_filter = {{ keystone_ldap_group_filter|default('') }} -group_objectclass = {{ keystone_ldap_group_objectclass|default('groupOfNames') }} -group_id_attribute = {{ keystone_ldap_group_id_attribute|default('cn') }} -group_name_attribute = {{ keystone_ldap_group_name_attribute|default('ou') }} -group_member_attribute = {{ keystone_ldap_group_member_attribute|default('member') }} -group_desc_attribute = {{ keystone_ldap_group_desc_attribute|default('description') }} -group_attribute_ignore = {{ keystone_ldap_group_attribute_ignore|default('') }} -group_allow_create = {{ keystone_ldap_group_allow_create|default('true') }} -group_allow_update = {{ keystone_ldap_group_allow_update|default('true') }} -group_allow_delete = {{ keystone_ldap_group_allow_delete|default('true') }} -group_additional_attribute_mapping = {{ keystone_ldap_group_additional_attribute_mapping|default('') }} -tls_cacertfile = {{ keystone_ldap_tls_cacertfile|default('') }} -tls_cacertdir = {{ keystone_ldap_tls_cacertdir|default('') }} -use_tls = {{ keystone_ldap_use_tls|default('false') }} -tls_req_cert = {{ keystone_ldap_tls_req_cert|default('demand') }} - -[token] -enforce_token_bind = permissive -revocation_cache_time = 3600 -expiration = 43200 -caching = true -cache_time = 5400 -provider = {{ token_provider }} diff --git a/playbooks/roles/keystone_setup/tasks/main.yml b/playbooks/roles/keystone_setup/tasks/main.yml deleted file mode 100644 index 78dca29846..0000000000 --- a/playbooks/roles/keystone_setup/tasks/main.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Perform a Keystone DB sync - command: keystone-manage db_sync - sudo: yes - sudo_user: "{{ system_user }}" - -- name: Restart service - service: > - name="{{ program_name }}" - state=restarted - pattern="{{ program_name }}" - -- name: "Wait for keystone to come up" - wait_for: - host: "{{ ansible_ssh_host }}" - port: "{{ admin_port }}" - timeout: 25 - delay: 10 - -# Create an service tenant -- name: Ensure service tenant - keystone: > - command=ensure_tenant - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - tenant_name=service - description="Service Tenant" - -# Create an admin tenant -- name: Ensure admin tenant - keystone: > - command=ensure_tenant - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - tenant_name=admin - description="Admin Tenant" - -# Create an admin user -- name: Ensure Admin user - keystone: > - command=ensure_user - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - user_name=admin - tenant_name=admin - password="{{ auth_admin_password }}" - -# Create an admin role -- name: Ensure Admin role - keystone: > - command=ensure_role - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - role_name=admin - -# Add a role to the user -- name: Ensure Admin user to Admin role - keystone: > - command=ensure_user_role - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - user_name=admin - tenant_name=admin - role_name=admin - -- include: keystone_token_cron.yml diff --git a/playbooks/roles/kibana/tasks/main.yml b/playbooks/roles/kibana/tasks/main.yml deleted file mode 100644 index 62dd94ee16..0000000000 --- a/playbooks/roles/kibana/tasks/main.yml +++ /dev/null @@ -1,131 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Download Kibana - get_url: - url: "{{ kibana_url }}" - dest: "/tmp/kibana.tar.gz" - mode: "0644" - -- name: Extract Kibana - unarchive: - copy: "no" - src: "/tmp/kibana.tar.gz" - dest: "/opt" - -- name: Link Kibana Directory - file: - state: "link" - src: "/opt/kibana-3.1.0" - dest: "{{ kibana_root }}" - owner: "{{ system_user }}" - group: "{{ system_group }}" - -- name: create self-signed SSL cert - command: > - openssl req -new -nodes -x509 -subj - "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ kibana_server_name }}" - -days 365 - -keyout /etc/ssl/private/apache.key - -out /etc/ssl/certs/apache.cert - -extensions v3_ca - creates=/etc/ssl/certs/apache.cert - when: kibana_self_signed is defined and kibana_self_signed == true - -- name: enable mod_rewrite - command: a2enmod rewrite - -- name: enable mod_ssl - command: a2enmod ssl - -- name: enable mod_proxy - command: a2enmod proxy - -- name: enable mod_proxy_http (protocol handler) - command: a2enmod proxy_http - -- name: Kibana Setup - template: - src: "{{ item }}" - dest: "/etc/apache2/sites-available/{{ item }}" - owner: "{{ system_user }}" - group: "{{ system_group }}" - register: results - with_items: - - 000-kibana.conf - -- name: Fix Apache2 Paths - template: - src: "{{ item }}" - dest: "/etc/apache2/{{ item }}" - owner: "root" - group: "root" - with_items: - - apache2.conf - -- name: Drop Apache2 Ports File - template: - src: "{{ item }}" - dest: "/etc/apache2/{{ item }}" - owner: "root" - group: "root" - with_items: - - ports.conf - -- name: Kibana Config - template: - src: "{{ item }}" - dest: "{{ kibana_root }}/{{ item }}" - owner: "{{ system_user }}" - group: "{{ system_group }}" - register: results - with_items: - - config.js - -- name: Link Kibana Site - file: - state: "link" - src: "/etc/apache2/sites-available/000-kibana.conf" - dest: "/etc/apache2/sites-enabled/000-kibana.conf" - owner: "{{ system_user }}" - group: "{{ system_group }}" - -- name: Remove Apache Default Site - file: - state: "absent" - path: "/etc/apache2/sites-enabled/000-default.conf" - -- name: Create kibana http_auth user - htpasswd: - path: "/etc/apache2/users" - name: "kibana" - password: "{{ kibana_password }}" - owner: "root" - group: "www-data" - mode: "0640" - create: "yes" - state: "present" - -- name: Install Dashboards - template: - src: "{{ item }}" - dest: "/opt/kibana/app/dashboards/{{ item }}" - owner: "root" - group: "root" - with_items: - - Event-Dashboard.json - -- name: Restart Apache - service: name=apache2 state=restarted diff --git a/playbooks/roles/kibana/templates/000-kibana.conf b/playbooks/roles/kibana/templates/000-kibana.conf deleted file mode 100644 index b606f56d61..0000000000 --- a/playbooks/roles/kibana/templates/000-kibana.conf +++ /dev/null @@ -1,44 +0,0 @@ - - ServerName {{ kibana_server_name }} - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule ^/?(.*) https://%{HTTP_HOST}:{{ kibana_ssl_port }}/$1 [R,L] - - - - ServerName {{ kibana_server_name }} - - LogLevel {{ kibana_log_level|default('info') }} - ErrorLog /var/log/apache2/kibana-error.log - CustomLog /var/log/apache2/ssl_access.log combined - Options +FollowSymLinks - - SSLEngine on - SSLCertificateFile {{ kibana_ssl_cert|default('/etc/ssl/certs/apache.cert') }} - SSLCertificateKeyFile {{ kibana_ssl_key|default('/etc/ssl/private/apache.key') }} - SSLCACertificatePath {{ kibana_ssl_cert_path|default('/etc/ssl/certs') }} - SSLCARevocationPath {{ kibana_ssl_cert_path|default('/etc/ssl/certs') }} - SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown - - DocumentRoot {{ kibana_root }} - - - Options FollowSymLinks - AllowOverride None - - - # ElasticSearch Reverse Proxy - - ProxyPass http://{{ hostvars[groups['elasticsearch'][0]]['container_address'] }}:{{ elasticsearch_http_port }}/ - ProxyPassReverse / - - - - Options Indexes FollowSymLinks MultiViews - AllowOverride AuthConfig - AuthType Basic - AuthName Kibana - AuthUserFile /etc/apache2/users - Require user kibana - - diff --git a/playbooks/roles/kibana/templates/Event-Dashboard.json b/playbooks/roles/kibana/templates/Event-Dashboard.json deleted file mode 100644 index 91f8cc977c..0000000000 --- a/playbooks/roles/kibana/templates/Event-Dashboard.json +++ /dev/null @@ -1,633 +0,0 @@ -{ - "title": "Event Dashboard", - "services": { - "query": { - "list": { - "0": { - "id": 0, - "color": "#7EB26D", - "alias": "", - "pin": false, - "type": "lucene", - "enable": true, - "query": "tags:nova*" - }, - "1": { - "id": 1, - "color": "#EAB839", - "alias": "", - "pin": false, - "type": "lucene", - "enable": true, - "query": "tags:cinder*" - }, - "2": { - "id": 2, - "color": "#6ED0E0", - "alias": "", - "pin": false, - "type": "lucene", - "enable": true, - "query": "tags:neutron*" - }, - "3": { - "id": 3, - "color": "#EF843C", - "alias": "", - "pin": false, - "type": "lucene", - "enable": true, - "query": "tags:keystone*" - }, - "4": { - "id": 4, - "color": "#1F78C1", - "alias": "", - "pin": false, - "type": "lucene", - "enable": true, - "query": "tags:swift*" - }, - "5": { - "id": 5, - "color": "#BA43A9", - "alias": "", - "pin": false, - "type": "lucene", - "enable": true, - "query": "tags:horizon*" - }, - "6": { - "id": 6, - "color": "#C15C17", - "alias": "", - "pin": false, - "type": "lucene", - "enable": true, - "query": "tags:heat*" - }, - "7": { - "id": 7, - "color": "#629E51", - "alias": "", - "pin": false, - "type": "lucene", - "enable": true, - "query": "tags:openstack AND httptime:*" - }, - "8": { - "id": 8, - "color": "#EAB839", - "alias": "", - "pin": false, - "type": "lucene", - "enable": true, - "query": "tags:infrastructure" - } - }, - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8 - ] - }, - "filter": { - "list": { - "0": { - "type": "time", - "field": "@timestamp", - "from": "now-5m", - "to": "now", - "mandate": "must", - "active": true, - "alias": "", - "id": 0 - } - }, - "ids": [ - 0 - ] - } - }, - "rows": [ - { - "title": "Graph", - "height": "150px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "span": 4, - "editable": true, - "group": [ - "default" - ], - "type": "histogram", - "mode": "count", - "time_field": "@timestamp", - "value_field": null, - "auto_int": false, - "resolution": 100, - "interval": "10s", - "fill": 3, - "linewidth": 3, - "timezone": "browser", - "spyable": true, - "zoomlinks": false, - "bars": true, - "stack": true, - "points": false, - "lines": false, - "legend": false, - "x-axis": true, - "y-axis": true, - "percentage": false, - "interactive": true, - "queries": { - "mode": "selected", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ] - }, - "title": "OpenStack Events", - "intervals": [ - "auto", - "10s", - "1m", - "5m", - "10m", - "30m", - "1h", - "3h", - "12h", - "1d", - "1w", - "1M", - "1y" - ], - "options": false, - "tooltip": { - "value_type": "individual", - "query_as_alias": true - }, - "scale": 1, - "y_format": "none", - "grid": { - "max": null, - "min": 0 - }, - "annotate": { - "enable": false, - "query": "*", - "size": 20, - "field": "_type", - "sort": [ - "_score", - "desc" - ] - }, - "pointradius": 5, - "show_query": true, - "legend_counts": true, - "zerofill": true, - "derivative": false - }, - { - "span": 4, - "editable": true, - "type": "histogram", - "loadingEditor": false, - "mode": "mean", - "time_field": "@timestamp", - "value_field": "httptime", - "x-axis": true, - "y-axis": true, - "scale": "1000", - "y_format": "none", - "grid": { - "max": null, - "min": 0 - }, - "queries": { - "mode": "selected", - "ids": [ - 7 - ] - }, - "annotate": { - "enable": false, - "query": "*", - "size": 20, - "field": "_type", - "sort": [ - "_score", - "desc" - ] - }, - "auto_int": false, - "resolution": 100, - "interval": "10s", - "intervals": [ - "auto", - "10s", - "1m", - "5m", - "10m", - "30m", - "1h", - "3h", - "12h", - "1d", - "1w", - "1y" - ], - "lines": true, - "fill": 1, - "linewidth": 2, - "points": false, - "pointradius": 3, - "bars": false, - "stack": true, - "spyable": true, - "zoomlinks": false, - "options": false, - "legend": false, - "show_query": false, - "interactive": true, - "legend_counts": true, - "timezone": "browser", - "percentage": false, - "zerofill": true, - "derivative": false, - "tooltip": { - "value_type": "individual", - "query_as_alias": true - }, - "title": "OpenStack API Response (ms)" - }, - { - "span": 4, - "editable": true, - "type": "histogram", - "loadingEditor": false, - "mode": "count", - "time_field": "@timestamp", - "value_field": null, - "x-axis": true, - "y-axis": true, - "scale": 1, - "y_format": "none", - "grid": { - "max": null, - "min": 0 - }, - "queries": { - "mode": "selected", - "ids": [ - 8 - ] - }, - "annotate": { - "enable": false, - "query": "*", - "size": 20, - "field": "_type", - "sort": [ - "_score", - "desc" - ] - }, - "auto_int": false, - "resolution": 100, - "interval": "10s", - "intervals": [ - "auto", - "10s", - "1m", - "5m", - "10m", - "30m", - "1h", - "3h", - "12h", - "1d", - "1w", - "1y" - ], - "lines": false, - "fill": 0, - "linewidth": 3, - "points": false, - "pointradius": 5, - "bars": true, - "stack": true, - "spyable": true, - "zoomlinks": false, - "options": false, - "legend": false, - "show_query": true, - "interactive": true, - "legend_counts": true, - "timezone": "browser", - "percentage": false, - "zerofill": true, - "derivative": false, - "tooltip": { - "value_type": "cumulative", - "query_as_alias": true - }, - "title": "Infrastructure Events" - } - ], - "notice": false - }, - { - "title": "Services", - "height": "150px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "os_level", - "exclude": [], - "missing": false, - "other": false, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "horizontal", - "chart": "pie", - "counter_pos": "above", - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Severity" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "os_program", - "exclude": [], - "missing": false, - "other": false, - "size": 5, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "horizontal", - "chart": "pie", - "counter_pos": "above", - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Top 5 Event Sources" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "verb", - "exclude": [], - "missing": false, - "other": false, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "horizontal", - "chart": "pie", - "counter_pos": "above", - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "API Operations" - } - ], - "notice": false - }, - { - "title": "Events", - "height": "350px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "title": "All events", - "error": false, - "span": 12, - "editable": true, - "group": [ - "default" - ], - "type": "table", - "size": 100, - "pages": 5, - "offset": 0, - "sort": [ - "@timestamp", - "desc" - ], - "style": { - "font-size": "9pt" - }, - "overflow": "min-height", - "fields": [ - "@timestamp", - "os_program", - "os_level", - "host", - "openstack_message" - ], - "localTime": true, - "timeField": "@timestamp", - "highlight": [], - "sortable": true, - "header": true, - "paging": true, - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8 - ] - }, - "field_list": true, - "status": "Stable", - "trimFactor": 300, - "normTimes": true, - "all_fields": false - } - ], - "notice": false - } - ], - "editable": true, - "failover": false, - "index": { - "interval": "day", - "pattern": "[logstash-]YYYY.MM.DD", - "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED", - "warm_fields": true - }, - "style": "dark", - "panel_hints": true, - "pulldowns": [ - { - "type": "query", - "collapse": true, - "notice": false, - "query": "*", - "pinned": true, - "history": [], - "remember": 10, - "enable": true - }, - { - "type": "filtering", - "collapse": true, - "notice": false, - "enable": true - } - ], - "nav": [ - { - "type": "timepicker", - "collapse": false, - "notice": false, - "status": "Stable", - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ], - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "timefield": "@timestamp", - "now": true, - "filter_id": 0, - "enable": true - } - ], - "loader": { - "save_gist": false, - "save_elasticsearch": true, - "save_local": true, - "save_default": true, - "save_temp": true, - "save_temp_ttl_enable": true, - "save_temp_ttl": "30d", - "load_gist": true, - "load_elasticsearch": true, - "load_elasticsearch_size": 20, - "load_local": true, - "hide": false - }, - "refresh": "5s" -} diff --git a/playbooks/roles/kibana/templates/apache2.conf b/playbooks/roles/kibana/templates/apache2.conf deleted file mode 100644 index c5d6d91cee..0000000000 --- a/playbooks/roles/kibana/templates/apache2.conf +++ /dev/null @@ -1,218 +0,0 @@ -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See http://httpd.apache.org/docs/2.4/ for detailed information about -# the directives and /usr/share/doc/apache2/README.Debian about Debian specific -# hints. -# -# -# Summary of how the Apache 2 configuration works in Debian: -# The Apache 2 web server configuration in Debian is quite different to -# upstream's suggested way to configure the web server. This is because Debian's -# default Apache2 installation attempts to make adding and removing modules, -# virtual hosts, and extra configuration directives as flexible as possible, in -# order to make automating the changes and administering the server as easy as -# possible. - -# It is split into several files forming the configuration hierarchy outlined -# below, all located in the /etc/apache2/ directory: -# -# /etc/apache2/ -# |-- apache2.conf -# | `-- ports.conf -# |-- mods-enabled -# | |-- *.load -# | `-- *.conf -# |-- conf-enabled -# | `-- *.conf -# `-- sites-enabled -# `-- *.conf -# -# -# * apache2.conf is the main configuration file (this file). It puts the pieces -# together by including all remaining configuration files when starting up the -# web server. -# -# * ports.conf is always included from the main configuration file. It is -# supposed to determine listening ports for incoming connections which can be -# customized anytime. -# -# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ -# directories contain particular configuration snippets which manage modules, -# global configuration fragments, or virtual host configurations, -# respectively. -# -# They are activated by symlinking available configuration files from their -# respective *-available/ counterparts. These should be managed by using our -# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See -# their respective man pages for detailed information. -# -# * The binary is called apache2. Due to the use of environment variables, in -# the default configuration, apache2 needs to be started/stopped with -# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not -# work with the default configuration. - - -# Global configuration -# - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the Mutex documentation (available -# at ); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -#ServerRoot "/etc/apache2" - -# -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -# -Mutex file:${APACHE_LOCK_DIR} default - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# This needs to be set in /etc/apache2/envvars -# -PidFile ${APACHE_PID_FILE} - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 5 - - -# These need to be set in /etc/apache2/envvars -User ${APACHE_RUN_USER} -Group ${APACHE_RUN_GROUP} - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog ${APACHE_LOG_DIR}/error.log - -# -# LogLevel: Control the severity of messages logged to the error_log. -# Available values: trace8, ..., trace1, debug, info, notice, warn, -# error, crit, alert, emerg. -# It is also possible to configure the log level for particular modules, e.g. -# "LogLevel info ssl:warn" -# -LogLevel warn - -# Include module configuration: -IncludeOptional mods-enabled/*.load -IncludeOptional mods-enabled/*.conf - -# Include list of ports to listen on -Include ports.conf - - -# Sets the default security model of the Apache2 HTTPD server. It does -# not allow access to the root filesystem outside of /usr/share and /var/www. -# The former is used by web applications packaged in Debian, -# the latter may be used for local directories served by the web server. If -# your system is serving content from a sub-directory in /srv you must allow -# access here, or in any related virtual host. - - Options FollowSymLinks - AllowOverride None - Require all denied - - - - AllowOverride None - Require all granted - - - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - - -# -# The following directives define some format nicknames for use with -# a CustomLog directive. -# -# These deviate from the Common Log Format definitions in that they use %O -# (the actual bytes sent including headers) instead of %b (the size of the -# requested file), because the latter makes it impossible to detect partial -# requests. -# -# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. -# Use mod_remoteip instead. -# -LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined -LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %O" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# Include of directories ignores editors' and dpkg's backup files, -# see README.Debian for details. - -# Include generic snippets of statements -IncludeOptional conf-enabled/*.conf - -# Include the virtual host configurations: -IncludeOptional sites-enabled/*.conf - -# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/playbooks/roles/kibana/templates/config.js b/playbooks/roles/kibana/templates/config.js deleted file mode 100644 index 59017c43b2..0000000000 --- a/playbooks/roles/kibana/templates/config.js +++ /dev/null @@ -1,81 +0,0 @@ -/** @scratch /configuration/config.js/1 - * - * == Configuration - * config.js is where you will find the core Kibana configuration. This file contains parameter that - * must be set before kibana is run for the first time. - */ -define(['settings'], -function (Settings) { - - - /** @scratch /configuration/config.js/2 - * - * === Parameters - */ - return new Settings({ - - /** @scratch /configuration/config.js/5 - * - * ==== elasticsearch - * - * The URL to your elasticsearch server. You almost certainly don't - * want +http://localhost:9200+ here. Even if Kibana and Elasticsearch are on - * the same host. By default this will attempt to reach ES at the same host you have - * kibana installed on. You probably want to set it to the FQDN of your - * elasticsearch host - * - * Note: this can also be an object if you want to pass options to the http client. For example: - * - * +elasticsearch: {server: "http://localhost:9200", withCredentials: true}+ - * - */ - /* elasticsearch: "http://{{ elasticsearch_vip }}:{{ elasticsearch_http_port }}/", */ - elasticsearch: "https://{{ external_vip_address }}:8443/elasticsearch/", - - /** @scratch /configuration/config.js/5 - * - * ==== default_route - * - * This is the default landing page when you don't specify a dashboard to load. You can specify - * files, scripts or saved dashboards here. For example, if you had saved a dashboard called - * `WebLogs' to elasticsearch you might use: - * - * default_route: '/dashboard/elasticsearch/WebLogs', - */ - default_route : '/dashboard/file/Event-Dashboard.json', - - /** @scratch /configuration/config.js/5 - * - * ==== kibana-int - * - * The default ES index to use for storing Kibana specific object - * such as stored dashboards - */ - kibana_index: "kibana-int", - - /** @scratch /configuration/config.js/5 - * - * ==== panel_name - * - * An array of panel modules available. Panels will only be loaded when they are defined in the - * dashboard, but this list is used in the "add panel" interface. - */ - panel_names: [ - 'histogram', - 'map', - 'goal', - 'table', - 'filtering', - 'timepicker', - 'text', - 'hits', - 'column', - 'trends', - 'bettermap', - 'query', - 'terms', - 'stats', - 'sparklines' - ] - }); -}); diff --git a/playbooks/roles/kibana/templates/ports.conf b/playbooks/roles/kibana/templates/ports.conf deleted file mode 100644 index bb8601afc7..0000000000 --- a/playbooks/roles/kibana/templates/ports.conf +++ /dev/null @@ -1,13 +0,0 @@ -# If you just change the port or add more ports here, you will likely also -# have to change the VirtualHost statement in -# /etc/apache2/sites-enabled/000-default.conf - -Listen 80 - - - Listen {{ kibana_ssl_port }} - - - - Listen {{ kibana_ssl_port }} - diff --git a/playbooks/roles/logstash/tasks/main.yml b/playbooks/roles/logstash/tasks/main.yml deleted file mode 100644 index 542f2379e2..0000000000 --- a/playbooks/roles/logstash/tasks/main.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Logstash Setup - template: > - src={{ item }} - dest=/etc/logstash/conf.d/{{ item }} - owner=root - group=root - register: results - with_items: - - 01-input.conf - - 02-general.conf - - 03-openstack.conf - - 04-routes.conf - - 05-cinder.conf - - 06-nova.conf - - 07-sqlalchemy.conf - - 08-swift.conf - - 09-apache.conf - - 10-mysql.conf - - 11-neutron.conf - - 98-mutate.conf - - 99-output.conf - -- name: Logstash Extra Patterns - template: > - src={{ item }} - dest=/opt/logstash/patterns/{{ item }} - owner=logstash - group=logstash - register: results - with_items: - - extras - -- name: Logstash Tuning - template: > - src={{ item }} - dest=/etc/default/{{ item }} - owner=root - group=root - register: results - with_items: - - logstash - -- name: Delete old filter files if they exist - file: name=/etc/logstash/conf.d/{{ item }} state=absent - with_items: - - 02-rsyslog.conf - - 03-generic.conf - -- name: restart logstash - service: name=logstash state=restarted pattern=logstash - -- name: prevent logstash-web from starting on boot - copy: dest=/etc/init/logstash-web.override content="manual\n" owner=root group=root mode=644 - -- name: stop logstash-web - service: name=logstash-web state=stopped diff --git a/playbooks/roles/logstash/templates/01-input.conf b/playbooks/roles/logstash/templates/01-input.conf deleted file mode 100644 index da4644462f..0000000000 --- a/playbooks/roles/logstash/templates/01-input.conf +++ /dev/null @@ -1,8 +0,0 @@ -#=============================================================================== -input { - syslog { - port => {{ logstash_port }} - codec => json - } -} -#=============================================================================== diff --git a/playbooks/roles/logstash/templates/02-general.conf b/playbooks/roles/logstash/templates/02-general.conf deleted file mode 100644 index c714c4cfe4..0000000000 --- a/playbooks/roles/logstash/templates/02-general.conf +++ /dev/null @@ -1,72 +0,0 @@ -filter { - #--------------------------------------------------------------------------- - # Parse and tag openstack logs - # - grok { - match => { "@message" => "%{TIMESTAMP_ISO8601:os_timestamp} %{POSINT:os_program_pid} %{AUDITLOGLEVEL:os_level} %{OPENSTACK_FUNCTION:openstack_function} %{OPENSTACK_CODE:openstack_code} %{GREEDYDATA:openstack_message}" } - remove_tag => [ "_grokparsefailure" ] - add_tag => [ "openstack" ] - } - #--------------------------------------------------------------------------- - # Parse and tag syslog logs - # i.e.: - # 1) Nov 10 23:18:55 nosthame proxy-server: User: test uses token AUTH_tkc9512a6c98bb4ccf84e17e453347ebf8 (trans_id tx7872ea1e11eb48d989735-00546147df) - # 2) Jan 8 11:31:15 aio1_swift_proxy_container-cfcbc099 proxy-server: 172.29.237.150 172.29.236.100 08/Jan/2015/11/31/15 GET /v1/AUTH_648fa418490d41c6ab9b45ad1ca7918d%3Fformat%3Djson%26limit%3D1001 HTTP/1.0 200 - python-swiftclient-2.2.0 5cf068b1df774293... - 2 - tx5e26af272b6e4ce3950de-0054ae6a83 - 0.1823 - - 1420716675.014713049 1420716675.197021008 - # - grok { - match => { "@message" => "^%{SYSLOGTIMESTAMP:os_timestamp} (?:%{SYSLOGFACILITY} )?%{DATA:@source_host} %{DATA:@fields.program}(?:\[%{POSINT:@fields.processid}\])?: %{GREEDYDATA:openstack_message}" } - add_tag => [ "syslog" ] - overwrite => [ "os_timestamp", "@source_host", "@fields[program]", "@fields[processid]" ] - remove_tag => [ "_grokparsefailure" ] - tag_on_failure => [] - } - if "syslog" in [tags] { - mutate { - add_field => { - "os_program" => "%{@source_host}_%{@fields.program}" - "os_level" => "%{@fields[severity]}" - } - } - } - #--------------------------------------------------------------------------- - # Populate the os_program field using the container name, if applicable. - # - grok { - match => { "@fields[program]" => "%{CONTAINER_STRIP:os_program}" } - overwrite => [ "os_program" ] - remove_tag => [ "_grokparsefailure" ] - tag_on_failure => [] - } - # cater for nova-compute hosts - if "openstack" in [tags] and ![os_program] { - mutate { - add_field => { - "os_program" => "%{@fields[program]}" - } - } - } - #--------------------------------------------------------------------------- - # If none of the above worked, treat it generically - # - if "_grokparsefailure" in [tags] { - mutate { - add_field => { - "os_program" => "%{@source_host}_%{@fields[program]}" - "openstack_message" => "%{@message}" - "os_level" => "%{@fields[severity]}" - } - add_tag => [ "infrastructure" ] - remove_tag => [ "_grokparsefailure" ] - } - } - #--------------------------------------------------------------------------- - # If it's a message from rsyslog specifically, override some of the data - # as rsyslog tends to report program names like rsyslog0 and rsyslog-2359. - # FIXME (this doesn't seem to do the os_program mutation properly for some reason) - if [os_program] =~ /rsyslogd/ { - mutate { - replace => [ "os_program", "%{@source_host}_rsyslogd" ] - replace => [ "os_level", "%{@fields[severity]}" ] - } - } -} diff --git a/playbooks/roles/logstash/templates/03-openstack.conf b/playbooks/roles/logstash/templates/03-openstack.conf deleted file mode 100644 index be2e256616..0000000000 --- a/playbooks/roles/logstash/templates/03-openstack.conf +++ /dev/null @@ -1,95 +0,0 @@ -filter { - #--------------------------------------------------------------------------- - # Parse & tag specific openstack project log messages - if "openstack" in [tags] { - #----------------------------------------------------------------------- - # Parse & tag generic nova logs - # i.e.: - # 1) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [-] (11093) accepted ('192.168.1.100', 53437) - # 2) nova-compute.log: nova.compute.resource_tracker [-] Auditing locally available compute resources - grok { - match => ["openstack_function", "nova.%{GREEDYDATA:os_program_path}"] - add_tag => [ "nova" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag generic keystoneclient logs (as used by nova) - # i.e.: - # 1) nova-api-os-compute.log: keystonemiddleware.auth_token [-] Using /tmp/keystone-signing-FI3PTe as cache directory for signing certificate - grok { - match => ["openstack_function", "keystonemiddleware.%{GREEDYDATA:os_program_path}"] - add_tag => [ "keystoneclient" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag generic keystone logs - # i.e.: - # 1) keystone.log: keystone.common.controller [-] RBAC: Bypassing authorization - # 2) keystone.log: keystone-all [-] Configuration options gathered from: log_opt_values /usr/lib/python2.7/dist-packages/oslo/config/cfg.py:1929 - grok { - match => ["openstack_function", "keystone[.-]%{GREEDYDATA:os_program_path}"] - add_tag => [ "keystone" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag generic routes logs (as used by keystone & nova) - # i.e.: - # 1) keystone.log: routes.middleware [-] Initialized with method overriding = True, and path info altering = True __init__ /usr/lib/python2.7/dist-packages/routes/middleware.py:41 - # 2) keystone.log: routes.middleware [-] Matched GET /tenants __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - grok { - match => ["openstack_function", "routes[.-]%{GREEDYDATA:os_program_path}"] - add_tag => [ "routes" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag generic sqlalchemy logs (as used by keystone) - # i.e.: - # 1) keystone.log: 2014-06-10 13:41:24.789 18755 INFO sqlalchemy.engine.base.Engine [-] ('default',) - grok { - match => ["openstack_function", "sqlalchemy.%{GREEDYDATA:os_program_path}"] - add_tag => [ "sqlalchemy" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag generic cinder logs - # i.e.: - # 1) cinder.log: 2014-06-11 16:00:30.546 4131 INFO cinder.api.openstack.wsgi [-] http://10.127.26.62:8776/ returned with HTTP 200 - # 2) cinder.log: 2015-01-07 17:44:17.490 789 INFO eventlet.wsgi.server [-] 172.29.236.100 - - [07/Jan/2015 17:44:17] "OPTIONS / HTTP/1.0" 200 428 0.001507 - grok { - match => ["openstack_function", "cinder.%{GREEDYDATA:os_program_path}"] - add_tag => [ "cinder" ] - tag_on_failure => [] - } - if [os_program] =~ /cinder/ and "cinder" not in [tags] { - mutate { - add_tag => [ "cinder" ] - add_field => { - "os_program_path" => "%{openstack_function}" - } - } - } - #----------------------------------------------------------------------- - # Parse & tag generic neutron logs - # i.e.: - # 1) neutron.log: 2014-06-11 16:00:30.546 4131 INFO cinder.api.openstack.wsgi [-] http://10.127.26.62:8776/ returned with HTTP 200 - grok { - match => ["openstack_function", "neutron.%{GREEDYDATA:os_program_path}"] - add_tag => [ "neutron" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag generic glance logs - grok { - match => ["openstack_function", "glance.%{GREEDYDATA:os_program_path}"] - add_tag => [ "glance" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag generic heat logs - grok { - match => ["openstack_function", "heat.%{GREEDYDATA:os_program_path}"] - add_tag => [ "heat" ] - tag_on_failure => [] - } - } -} diff --git a/playbooks/roles/logstash/templates/04-routes.conf b/playbooks/roles/logstash/templates/04-routes.conf deleted file mode 100644 index c8b83d52ac..0000000000 --- a/playbooks/roles/logstash/templates/04-routes.conf +++ /dev/null @@ -1,73 +0,0 @@ -#=============================================================================== -filter { - #--------------------------------------------------------------------------- - # Parse & tag routes logs (as used by keystone & nova) - if "routes" in [tags] { - #----------------------------------------------------------------------- - # routes GET requests i.e.: - # 1) keystone.log: Matched GET /tenants __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - # 2) keystone.log: Matched GET /users __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - # 3) keystone.log: Matched GET /tenants/47942f2dc60d4b88804b8573c0e78d7e/users __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - # 4) keystone.log: Matched GET /tenants/47942f2dc60d4b88804b8573c0e78d7e/users/29f569a2066745659b4fb080ff3b5a67/roles # __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - # 5) keystone.log: Matched GET /users/965fbe7ab90d4b1b912f85d4eb34d1cd/credentials/OS-EC2 __call__ # # /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - grok { - match => [ - "@message", "GET /%{DATA:api_func}(/%{DATA:api_func_path})? %{GREEDYDATA:message}" - ] - add_tag => [ "routes-get-request" ] - break_on_match => false - overwrite => ["message"] # overwrites original message with whats left - tag_on_failure => [] - } - #----------------------------------------------------------------------- - if "routes-get-request" in [tags] { - #------------------------------------------------------------------- - # Tenants GET requests i.e.: - # 1) keystone.log: Matched GET /tenants/47942f2dc60d4b88804b8573c0e78d7e/users __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - # 2) keystone.log: Matched GET /tenants/47942f2dc60d4b88804b8573c0e78d7e/users/29f569a2066745659b4fb080ff3b5a67/roles # __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - if [api_func] == "tenants" { - grok { - match => [ - "api_func_path", "%{WORD:tenant_id}/%{WORD:tenant_func}(/%{WORD:user_id}/%{WORD:user_func})?" - ] - add_tag => [ "routes-tenants-get-request" ] - break_on_match => false - remove_field => ["api_func_path"] - tag_on_failure => [] - } - } - #------------------------------------------------------------------- - # Users GET requests i.e.: - # 1) Matched GET /users/965fbe7ab90d4b1b912f85d4eb34d1cd/credentials/OS-EC2 __call__ # # /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - if [api_func] == "users" { - grok { - match => [ - "api_func_path", "%{WORD:user_id}/%{WORD:user_func}(/%{PROG:user_func_detail})?" - ] - add_tag => [ "routes-users-get-request" ] - break_on_match => false - remove_field => ["api_func_path"] - tag_on_failure => [] - } - } - #------------------------------------------------------------------- - } - #----------------------------------------------------------------------- - # Parse & tag routes POST requests - #----------------------------------------------------------------------- - # routes POSTS requests i.e.: - # 1) routes.middleware [-] Matched POST /tokens __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:100 - grok { - match => [ - "@message", "POST /%{DATA:api_func} %{GREEDYDATA:message}" - ] - add_tag => [ "routes-post-request" ] - break_on_match => false - overwrite => ["message"] # overwrites original message with whats left - tag_on_failure => [] - } - #----------------------------------------------------------------------- - } - #--------------------------------------------------------------------------- -} -#=============================================================================== diff --git a/playbooks/roles/logstash/templates/05-cinder.conf b/playbooks/roles/logstash/templates/05-cinder.conf deleted file mode 100644 index abfa0cd6f2..0000000000 --- a/playbooks/roles/logstash/templates/05-cinder.conf +++ /dev/null @@ -1,23 +0,0 @@ -filter { - #--------------------------------------------------------------------------- - # Parse & tag cinder logs - # i.e.: - # 1) 2014-06-11 16:00:36.270 4131 AUDIT cinder.api.v1.volumes [req-6d007686-a7d7-4252-912a-0cb224dc148f 3701c870aea549039fdeb22a3ec36864 e77cc2a25f004ec099497d95f02f96dd] ... - # 2) 2015-01-14 10:19:56.143 1320 INFO eventlet.wsgi.server [req-1cbb1075-8e14-40f6-b275-4ea341774010 b83ea9412c9d4bdcb928410d5738d630 1b73c0cb45fc494d9c7122647a2670b7 - - -] 172.29.239.237,172.29.236.100 - - [14/Jan/2015 10:19:56] "GET /v1/1b73c0cb45fc494d9c7122647a2670b7/types/d99464c0-6fc0-4604-a4bf-47eff15a55a4 HTTP/1.1" 200 389 0.034164 - # 3) 2015-01-14 10:19:35.538 1320 INFO eventlet.wsgi.server [-] 172.29.236.100 - - [14/Jan/2015 10:19:35] "OPTIONS / HTTP/1.0" 200 426 0.003322 - if "cinder" in [tags] { - #----------------------------------------------------------------------- - # Parse & tag cinder request-id's - grok { - match => [ "@message", "\[req-%{UUID:request_id} %{WORD:request_user_id} %{WORD:request_tenant_id} %{NOTSPACE} %{NOTSPACE} %{NOTSPACE}\]" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag cinder HTTP interaction details - grok { - match => [ "@message", "\] %{IPORHOST:clientip}?(?:,%{IPORHOST:serverip})? %{NOTSPACE} %{NOTSPACE} \[%{OPENSTACK_TIMESTAMP:os_timestamp}\] \"%{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:response} %{NUMBER:bytes:int} %{BASE10NUM:httptime:float}" ] - overwrite => [ "os_timestamp" ] - tag_on_failure => [] - } - } -} diff --git a/playbooks/roles/logstash/templates/06-nova.conf b/playbooks/roles/logstash/templates/06-nova.conf deleted file mode 100644 index a17eb64e6e..0000000000 --- a/playbooks/roles/logstash/templates/06-nova.conf +++ /dev/null @@ -1,22 +0,0 @@ -filter { - #--------------------------------------------------------------------------- - # Parse and tag nova logs - # 1) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [req-264fe290-42c6-4252-9a87-c20685d360f1 23101739b41842babf322615686cdbf9 d6a76ef3d2a54fbbbdcf7694e4900c5d] 192.168.1.100 "GET /v2/d6a76ef3d2a54fbbbdcf7694e4900c5d/flavors/detail HTTP/1.1" status: 200 len: 2273 time: 0.1098659 - # 2) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [req-3c367499-7fbe-485d-9fc9-2482e0aa3f58 None] 172.29.239.237,172.29.236.100 "GET /v2/1b73c0cb45fc494d9c7122647a2670b7/limits HTTP/1.1" status: 200 len: 703 time: 0.0510271 - # 3) nova-api-os-compute.log: nova.osapi_compute.wsgi.server [req-94453a9e-fa9c-49e1-8f37-3d9c7374e2a7 None] 172.29.239.237,172.29.236.100 "GET /v2/1b73c0cb45fc494d9c7122647a2670b7/flavors/detail HTTP/1.1" status: 200 len: 2302 time: 0.0427060 - # - if "nova" in [tags] { - #----------------------------------------------------------------------- - # Parse & tag nova request-id's - grok { - match => [ "@message", "\[req-%{UUID:request_id} %{WORD:request_user_id}?(?: %{WORD:request_tenant_id})?\]" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag nova HTTP interaction details - grok { - match => [ "@message", "\] %{IPORHOST:clientip}?(?:,%{IPORHOST:serverip})? \"%{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion}\" status: %{NUMBER:response} len: %{NUMBER:bytes:int} time: %{BASE10NUM:httptime:float}" ] - tag_on_failure => [] - } - } -} diff --git a/playbooks/roles/logstash/templates/07-sqlalchemy.conf b/playbooks/roles/logstash/templates/07-sqlalchemy.conf deleted file mode 100644 index 24e8528374..0000000000 --- a/playbooks/roles/logstash/templates/07-sqlalchemy.conf +++ /dev/null @@ -1,28 +0,0 @@ -#=============================================================================== -filter { - #--------------------------------------------------------------------------- - # Parse & tag generic sqlalchemy logs (as used by keystone) - if "sqlalchemy" in [tags] { - #----------------------------------------------------------------------- - grok { - match => [ - "@message", "('%{WORD:sqlalchemy_id}', %{DATA:expires}, '%{DATA:extra}', %{NUMBER:valid}, '%{WORD:user_id}', (')?%{WORD:trust_id}(')?)" - ] - add_tag => [ "sqlalchemy-issued-token" ] - break_on_match => false - remove_field => ["message"] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag json from 'extra' field in sqlalchemy-issued-token - if "sqlalchemy-issued-token" in [tags] { - json { - source => "extra" - add_tag => "token-extra-json" - } - } - #----------------------------------------------------------------------- - } - #--------------------------------------------------------------------------- -} -#=============================================================================== diff --git a/playbooks/roles/logstash/templates/08-swift.conf b/playbooks/roles/logstash/templates/08-swift.conf deleted file mode 100644 index 692d30aea8..0000000000 --- a/playbooks/roles/logstash/templates/08-swift.conf +++ /dev/null @@ -1,130 +0,0 @@ -filter { - #--------------------------------------------------------------------------- - # Parse and tag syslog messages coming from swift - # - if "syslog" in [tags] { - #------------------------------------------------------------------- - # Parse and tag generic swift messages - # i.e.: - # 1) Nov 10 23:22:07 nosthame swift: Removing partition: /tmp/tmpj472bL/node/sda/objects-1/1 - # - grok { - match => ["@fields.program", "swift"] - add_tag => [ "openstack", "swift" ] - tag_on_failure => [] - } - #------------------------------------------------------------------- - # Parse and tag swift proxy messages - # i.e.: - # 1) Nov 10 23:18:55 nosthame proxy-server: User: test uses token AUTH_tkc9512a6c98bb4ccf84e17e453347ebf8 (trans_id tx7872ea1e11eb48d989735-00546147df) - # 2) Jan 8 11:31:15 aio1_swift_proxy_container-cfcbc099 proxy-server: 172.29.237.150 172.29.236.100 08/Jan/2015/11/31/15 GET /v1/AUTH_648fa418490d41c6ab9b45ad1ca7918d%3Fformat%3Djson%26limit%3D1001 HTTP/1.0 200 - python-swiftclient-2.2.0 5cf068b1df774293... - 2 - tx5e26af272b6e4ce3950de-0054ae6a83 - 0.1823 - - 1420716675.014713049 1420716675.197021008 - # - grok { - match => ["@fields.program", "proxy-server"] - add_tag => [ "openstack", "swift", "swift-proxy" ] - tag_on_failure => [] - } - #------------------------------------------------------------------- - # Parse and tag swift account messages - # i.e.: - # 1) Nov 10 23:18:55 nosthame account-6032: STDOUT: 127.0.0.1 - - [10/Nov/2014:23:18:55 +0000] "PUT /sdb3/802/AUTH_test" 201 - "-" "txb7c3d71cb7694f53b91db-00546147df" "-" 0.0116 "-" 19963 - # - grok { - match => ["@fields.program", "account-%{GREEDYDATA:os_program_port}"] - add_tag => [ "openstack", "swift", "swift-account" ] - tag_on_failure => [] - } - #------------------------------------------------------------------- - # Parse and tag swift container messages - # i.e.: - # 1) Nov 10 23:18:55 nosthame container-6021: STDOUT: 127.0.0.1 - - [10/Nov/2014:23:18:55 +0000] "PUT /sdb2/215/AUTH_test/vagrant" 201 - "PUT http://saio:8080/v1/AUTH_test/vagrant" "txb7c3d71cb7694f53b91db-00546147df" "proxy-server 19972" 0.0093 "-" 19975 - # - grok { - match => ["@fields.program", "container-%{GREEDYDATA:os_program_port}"] - add_tag => [ "openstack", "swift", "swift-container" ] - tag_on_failure => [] - } - #------------------------------------------------------------------- - # Parse and tag swift object messages - # i.e.: - # 1) Nov 10 23:30:48 nosthame object-6020: STDOUT: 127.0.0.1 - - [10/Nov/2014 23:30:48] "DELETE /sdb2/842/AUTH_test/01da6aad08a24973ae33b801142ec219/423748c25854442a9c11e970a68ed041 HTTP/1.1" 204 181 0.004709 (txn: txe9c4126d31a748818b9c4-0054614aa8) - # - grok { - match => ["@fields.program", "object-%{GREEDYDATA:os_program_port}"] - add_tag => [ "openstack", "swift", "swift-object" ] - tag_on_failure => [] - } - #------------------------------------------------------------------- - # Mutate messages from swift services which don't follow norms - # i.e.: - # 1) Jan 8 10:30:02 barry2 recon-cron: [Errno 2] No such file or directory: '/var/lock/swift/swift-recon-object-cron' - # - if "swift" not in [tags] and [@source] =~ /object/ { - mutate { - add_tag => [ "swift", "swift-object" ] - } - } - #------------------------------------------------------------------- - # Parse swift messages for additional information - if "swift" in [tags] { - #----------------------------------------------------------------------- - # Parse and tag messages sent to stdout - # - grok { - match => ["openstack_message", "STDOUT: %{GREEDYDATA:openstack_message}"] - add_tag => [ "swift-stdout" ] - tag_on_failure => [] - overwrite => ["openstack_message"] - } - #----------------------------------------------------------------------- - # Parse and tag swift access logs - # i.e.: - # 1) Nov 10 23:18:55 nosthame account-6032: 127.0.0.1 - - [10/Nov/2014:23:18:55 +0000] \"HEAD /sdb3/802/AUTH_test\" 404 - \"HEAD http://saio:8080/v1/AUTH_test\" \"tx7872ea1e11eb48d989735-00546147df\" \"proxy-server 19972\" 0.0010 \"-\" 19963" - # 2) Jan 8 13:26:35 aio1_swift_proxy_container-cfcbc099 proxy-server: 172.29.237.150 172.29.236.100 08/Jan/2015/13/26/35 PUT /v1/AUTH_648fa418490d41c6ab9b45ad1ca7918d/test10/test.txt HTTP/1.0 503 - python-swiftclient-2.2.0 b5c3c3b2da864a97... - 118 - tx014f74b2390345ddbd43b-0054ae858b - 0.0117 - - 1420723595.035259962 1420723595.046942949 - # - grok { - match => ["openstack_message", "%{COMBINEDAPACHELOG}"] - match => ["openstack_message", "%{SWIFTPROXY_ACCESS}"] - break_on_match => false - add_tag => [ "swift-access" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse and tag swift transaction IDs - # i.e.: - # 1) Nov 10 23:18:55 nosthame proxy-server: User: test uses token AUTH_tkc9512a6c98bb4ccf84e17e453347ebf8 (trans_id tx7872ea1e11eb48d989735-00546147df) - # 2) Nov 10 23:18:55 nosthame proxy-server: User test:tester has admin authorizing. (txn: txb7c3d71cb7694f53b91db-00546147df) (client_ip: 127.0.0.1) - # 3) Nov 10 23:18:55 nosthame account-6032: 127.0.0.1 - - [10/Nov/2014:23:18:55 +0000] \"HEAD /sdb3/802/AUTH_test\" 404 - \"HEAD http://saio:8080/v1/AUTH_test\" \"tx7872ea1e11eb48d989735-00546147df\" \"proxy-server 19972\" 0.0010 \"-\" 19963" - # - grok { - match => ["openstack_message", "\(trans_id %{DATA:swift_txn}\)" ] - tag_on_failure => [] - } - grok { - match => ["openstack_message", "\(txn: %{DATA:swift_txn}\)" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse and tag swift messages severity, assuming some defaults - # - if [@source] !~ /error$/ { - mutate { - replace => [ "os_level", "INFO" ] - } - } else { - mutate { - replace => [ "os_level", "NOTICE" ] - } - # if the message happens to have an actual severity, parse it - # i.e.: - # 1) Nov 10 23:21:47 nosthame swift: ERROR syncing /path/to/file with node ... - # - grok { - match => ["openstack_message", " %{AUDITLOGLEVEL:os_level} "] - overwrite => [ "os_level" ] - tag_on_failure => [] - } - } - } - } -} diff --git a/playbooks/roles/logstash/templates/09-apache.conf b/playbooks/roles/logstash/templates/09-apache.conf deleted file mode 100644 index 5ba7a9f473..0000000000 --- a/playbooks/roles/logstash/templates/09-apache.conf +++ /dev/null @@ -1,48 +0,0 @@ -filter { - if "swift" not in [tags] { - #----------------------------------------------------------------------- - # Generic Apache log (primarily GET/POST requests as seen in keystone) - # i.e.: - # 1) 192.168.1.100 - - [10/Jun/2014:11:43:14 +0000] "POST http://192.168.1.100:5000/v2.0/tokens HTTP/1.0" 200 8374 - grok { - match => [ "@message", "%{COMMONAPACHELOG}" ] - add_field => { - "openstack_message" => "%{request} %{response}" - "os_level" => "INFO" - } - add_tag => [ "apache-access" ] - overwrite => [ "os_level" ] - tag_on_failure => [] - } - - #----------------------------------------------------------------------- - # Generic Apache Error - # i.e.: - # 1) [Tue Oct 14 16:48:47.903895 2014] [ssl:info] [pid 1332:tid 140612212823808] [client 172.29.236.100:43523] AH01964: Connection to child 15 established (server aio1_horizon_container-616911e5:443) - # 2) [Wed Jan 07 17:31:58.317155 2015] [ssl:info] [pid 572:tid 140622947837696] SSL Library Error: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number - grok { - match => [ "@message", "%{APACHE_ERROR}" ] - add_field => { - "os_level" => "%{apache_severity}" - } - add_tag => [ "apache-error" ] - overwrite => [ "os_level" ] - tag_on_failure => [] - } - - #----------------------------------------------------------------------- - # Identify the service behind apache and tag it - if "apache-access" in [tags] or "apache-error" in [tags] { - if [os_program] =~ /keystone/ { - mutate { - add_tag => [ "openstack", "keystone" ] - } - } - if [os_program] =~ /horizon/ { - mutate { - add_tag => [ "openstack", "horizon" ] - } - } - } - } -} diff --git a/playbooks/roles/logstash/templates/10-mysql.conf b/playbooks/roles/logstash/templates/10-mysql.conf deleted file mode 100644 index 13e3f69381..0000000000 --- a/playbooks/roles/logstash/templates/10-mysql.conf +++ /dev/null @@ -1,93 +0,0 @@ -filter { - #--------------------------------------------------------------------------- - # Parse and tag messages coming from mysql - # - if [@source] =~ /mysql-slow/ { - mutate { - add_tag => [ "infrastructure", "mysql-slow" ] - } - } else if [@source] =~ /mysql/ { - mutate { - add_tag => [ "infrastructure", "mysql" ] - } - } - - if "mysql-slow" in [tags] { - #------------------------------------------------------------------- - # Parse and tag mysql slow log messages. These are multi-line logs. - # i.e.: - ## Time: 150108 15:33:49 - ## User@Host: nova[nova] @ aio1 [172.29.236.100] - ## Thread_id: 11912 Schema: nova QC_hit: No - ## Query_time: 0.000539 Lock_time: 0.000194 Rows_sent: 0 Rows_examined: 0 - #SET timestamp=1420731229; - #SELECT ... - #FROM ... - #WHERE ... - # - - # The multiline filter only operates on message, not @message - mutate { - add_field => [ "message", "%{@message}" ] - } - - grep { - match => [ "message", "^# Time:.*$" ] - negate => true - } - - multiline { - pattern => "^# User@Host:.*$" - negate => true - what => "previous" - } - - # Capture user, optional host and optional ip fields - # sample log file lines: - # User@Host: logstash[logstash] @ localhost [127.0.0.1] - # User@Host: logstash[logstash] @ [127.0.0.1] - grok { - match => [ "message", "(?m)^# User@Host: %{USER:mysql_user}(?:\[[^\]]+\])?\s+@\s+%{HOST:mysql_hostname}?\s+\[%{IP:mysql_ip}?\]" ] - tag_on_failure => [] - } - - # Capture thread id, schema name and qc_hit value - # i.e. - # 1) # Thread_id: 11912 Schema: nova QC_hit: No - # - grok { - match => [ "message", "(?m)^# Thread_id: %{NUMBER:mysql_threadid}\s+Schema: %{DATA:mysql_database}\s+QC_hit: %{DATA:mysql_qc_hit}" ] - tag_on_failure => [] - } - - # Capture query time, lock time, rows returned and rows examined - # sample log file lines: - # Query_time: 102.413328 Lock_time: 0.000167 Rows_sent: 0 Rows_examined: 1970 - # Query_time: 1.113464 Lock_time: 0.000128 Rows_sent: 1 Rows_examined: 0 - grok { - match => [ "message", "(?m)^# Query_time: %{NUMBER:mysql_query_time}\s+Lock_time: %{NUMBER:mysql_lock_time}\s+Rows_sent: %{NUMBER:mysql_rows_sent}\s+Rows_examined: %{NUMBER:mysql_rows_examined}"] - tag_on_failure => [] - } - - # Capture the time the query happened - grok { - match => [ "message", "(?m)^SET timestamp=%{NUMBER:mysql_timestamp};" ] - tag_on_failure => [] - } - - # Extract the time based on the time of the query and - # not the time the item got logged - date { - match => [ "mysql_timestamp", "UNIX" ] - } - - # Finalise the data - mutate { - add_field => { - "os_level" => "%{@fields[severity]}" - } - rename => [ "message", "openstack_message" ] - remove_field => [ "mysql_timestamp" ] - } - } -} diff --git a/playbooks/roles/logstash/templates/11-neutron.conf b/playbooks/roles/logstash/templates/11-neutron.conf deleted file mode 100644 index 1cb426ce42..0000000000 --- a/playbooks/roles/logstash/templates/11-neutron.conf +++ /dev/null @@ -1,23 +0,0 @@ -filter { - #--------------------------------------------------------------------------- - # Parse and tag neutron logs - # i.e.: - # 1) 2015-01-14 11:50:46.050 1264 INFO neutron.wsgi [-] 172.29.236.100 - - [14/Jan/2015 11:50:46] "OPTIONS / HTTP/1.0" 200 263 0.001275 - # 2) 2015-01-14 12:10:48.959 1266 INFO neutron.wsgi [req-99221664-1901-49e7-9c41-023048da8a6f None] 172.29.239.237,172.29.236.100 - - [14/Jan/2015 12:10:48] "POST /v2.0/routers.json HTTP/1.1" 201 462 0.053195 - # - if "neutron" in [tags] { - #----------------------------------------------------------------------- - # Parse & tag request-id's - grok { - match => [ "@message", "\[req-%{UUID:request_id} %{WORD:request_user_id}\]" ] - tag_on_failure => [] - } - #----------------------------------------------------------------------- - # Parse & tag HTTP interaction details - grok { - match => [ "@message", "\] %{IPORHOST:clientip}?(?:,%{IPORHOST:serverip})? %{NOTSPACE} %{NOTSPACE} \[%{OPENSTACK_TIMESTAMP:os_timestamp}\] \"%{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion}\" %{NUMBER:response} %{NUMBER:bytes:int} %{BASE10NUM:httptime:float}" ] - overwrite => [ "os_timestamp" ] - tag_on_failure => [] - } - } -} diff --git a/playbooks/roles/logstash/templates/98-mutate.conf b/playbooks/roles/logstash/templates/98-mutate.conf deleted file mode 100644 index 1a51ace92b..0000000000 --- a/playbooks/roles/logstash/templates/98-mutate.conf +++ /dev/null @@ -1,17 +0,0 @@ -filter { - #--------------------------------------------------------------------------- - # General mutations - # - # For consistency, ensure that os_level is always in upper case - if [os_level] { - mutate { - uppercase => [ "os_level" ] - } - } - if [os_program] { - # For consistency, ensure that all os_program items only use underscores - mutate { - gsub => [ "os_program", "[\.-]", "_" ] - } - } -} diff --git a/playbooks/roles/logstash/templates/99-output.conf b/playbooks/roles/logstash/templates/99-output.conf deleted file mode 100644 index 3214e08517..0000000000 --- a/playbooks/roles/logstash/templates/99-output.conf +++ /dev/null @@ -1,10 +0,0 @@ -#=============================================================================== -output { - elasticsearch { - host => '{{ hostvars[groups['elasticsearch'][0]]['container_address'] }}' - port => '{{ elasticsearch_tcp_port }}' - protocol => '{{ elasticsearch_mode }}' - cluster => '{{ elasticsearch_cluster }}' - } -} -#=============================================================================== diff --git a/playbooks/roles/logstash/templates/extras b/playbooks/roles/logstash/templates/extras deleted file mode 100644 index 00ee2a5ee9..0000000000 --- a/playbooks/roles/logstash/templates/extras +++ /dev/null @@ -1,27 +0,0 @@ -AUDITLOGLEVEL ([A|a]udit|AUDIT|[D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E|e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE|TRACE|[T|t]race) - -APACHE_LOG_LEVEL (?:emerg|alert|crit|error|warn|notice|info|debug) - -RABBITMQ_DATE %{MONTHDAY}-%{MONTH}-%{YEAR}::%{TIME} - -RSYSLOG_DATE %{MONTH} %{MONTHDAY} %{TIME} - -OPENSTACK_FUNCTION ((?:\w+)\.?)+ - -OPENSTACK_CODE (?:\[.*\]) - -CONTAINER_STRIP (?:(\w+)(?=_container-\S+)) - -APACHE_ERROR_TIMESTAMP %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR} - -APACHE_PIDTID pid %{POSINT:apache_pid}:tid %{POSINT:apache_tid} - -APACHE_CLIENT client %{IP:clientip}:%{POSINT:clientport} - -APACHE_ERROR \[%{APACHE_ERROR_TIMESTAMP}\] \[%{DATA:apache_module}:%{DATA:apache_severity}\] \[%{APACHE_PIDTID}\] ?(?:\[%{APACHE_CLIENT}\])? %{GREEDYDATA:openstack_message} - -SWIFTPROXY_DATE %{MONTHDAY}/%{MONTH}/%{YEAR}/%{HOUR}/%{MINUTE}/%{SECOND} - -SWIFTPROXY_ACCESS %{IPORHOST:clientip} %{IPORHOST:serverip} %{SWIFTPROXY_DATE:os_timestamp} %{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion} %{NUMBER:response} %{DATA:referrer} %{DATA:agent} %{DATA:swift_auth_token} %{DATA:swift_request_bytes} %{DATA:swift_response_bytes} %{DATA:swift_etag} %{DATA:swift_txn} %{DATA:swift_logged_headers} %{BASE10NUM:swift_trans_time} - -OPENSTACK_TIMESTAMP %{MONTHDAY}/%{MONTH}/%{YEAR} %{TIME} diff --git a/playbooks/roles/logstash/templates/logstash b/playbooks/roles/logstash/templates/logstash deleted file mode 100644 index 7c199583ec..0000000000 --- a/playbooks/roles/logstash/templates/logstash +++ /dev/null @@ -1,42 +0,0 @@ -############################### -# Default settings for logstash -############################### - -# Override Java location -#JAVACMD=/usr/bin/java - -# Set a home directory -#LS_HOME=/var/lib/logstash - -# Arguments to pass to logstash agent -LS_OPTS="-w {{ logstash_workers }} {{ logstash_verbose|default() }}" - -# Arguments to pass to java -{% set host_ram = hostvars[inventory_hostname]['ansible_memtotal_mb']|int * 0.5 %} -{% set host_ram_int = host_ram // 1 %} -{% if host_ram > 16384 %} -LS_HEAP_SIZE=16g -{% else %} -LS_HEAP_SIZE={{ host_ram_int|int }}m -{% endif %} - -#LS_JAVA_OPTS="-Djava.io.tmpdir=$HOME" - -# pidfiles aren't used for upstart; this is for sysv users. -#LS_PIDFILE=/var/run/logstash.pid - -# user id to be invoked as; for upstart: edit /etc/init/logstash.conf -#LS_USER=logstash - -# logstash logging -#LS_LOG_FILE=/var/log/logstash/logstash.log -#LS_USE_GC_LOGGING="true" - -# logstash configuration directory -#LS_CONF_DIR=/etc/logstash/conf.d - -# Open file limit; cannot be overridden in upstart -#LS_OPEN_FILES=16384 - -# Nice level -#LS_NICE=19 diff --git a/playbooks/roles/lxc_common/handlers/main.yml b/playbooks/roles/lxc_common/handlers/main.yml deleted file mode 100644 index 9d065a05d7..0000000000 --- a/playbooks/roles/lxc_common/handlers/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Reindex apparmor profiles for lxc - shell: "apparmor_parser -Kr /etc/apparmor.d/lxc-containers && service apparmor restart" diff --git a/playbooks/roles/lxc_common/tasks/lxc_host_setup.yml b/playbooks/roles/lxc_common/tasks/lxc_host_setup.yml deleted file mode 100644 index af62ebc171..0000000000 --- a/playbooks/roles/lxc_common/tasks/lxc_host_setup.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: set base lxc template - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "root" - group: "root" - mode: "{{ item.mode }}" - with_items: - - { src: lxc-openstack.conf, dest: "/etc/lxc/lxc-openstack.conf", mode: "0644" } - - { src: lxc-openstack, dest: "/usr/share/lxc/templates/lxc-openstack", mode: "0755" } - -- name: Set apparmor profile for nova-compute - copy: - src: "lxc-openstack" - dest: "/etc/apparmor.d/lxc/lxc-openstack" - owner: "root" - group: "root" - register: apparmor_update - notify: Reindex apparmor profiles for lxc - -# Ensure apparmor reindex runs before other things that may fail -- meta: flush_handlers - -- name: Drop lxc-system-manage script - copy: - src: "lxc-system-manage" - dest: "/usr/local/bin/lxc-system-manage" - owner: "root" - group: "root" - mode: "0755" diff --git a/playbooks/roles/lxc_common/templates/lxc-openstack.conf b/playbooks/roles/lxc_common/templates/lxc-openstack.conf deleted file mode 100644 index 00752ae5c9..0000000000 --- a/playbooks/roles/lxc_common/templates/lxc-openstack.conf +++ /dev/null @@ -1,22 +0,0 @@ -lxc.start.auto = 1 -lxc.start.delay = 15 -lxc.group = onboot -lxc.group = openstack - -# Default LXC network -lxc.network.type = veth -lxc.network.name = eth0 -lxc.network.link = lxcbr0 -lxc.network.flags = up -lxc.network.hwaddr = 00:16:3e:xx:xx:xx - -# Create a veth pair within the container -lxc.network.type = veth -# Network device within the container -lxc.network.name = eth1 -# Host link to attach to, this should be a bridge -lxc.network.link = {{ management_bridge }} -# Hardware Address -lxc.network.hwaddr = 00:16:3e:xx:xx:xx -# enable the device on boot -lxc.network.flags = up diff --git a/playbooks/roles/lxc_container_create/CONTRIBUTING.rst b/playbooks/roles/lxc_container_create/CONTRIBUTING.rst new file mode 100644 index 0000000000..dfda98a9ce --- /dev/null +++ b/playbooks/roles/lxc_container_create/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack LXC container create +############################## +:tags: openstack, lxc, container, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/lxc_container_create/LICENSE b/playbooks/roles/lxc_container_create/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/lxc_container_create/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/lxc_container_create/README.rst b/playbooks/roles/lxc_container_create/README.rst new file mode 100644 index 0000000000..a1f51682ff --- /dev/null +++ b/playbooks/roles/lxc_container_create/README.rst @@ -0,0 +1,81 @@ +OpenStack LXC container create +############################## +:tags: openstack, lxc, container, cloud, ansible +:category: \*nix + +Role for creating LXC containers. This role has been setup for use in OpenStack. This role will create several directories on the LXC host for use in bind mounted storage within the container. + +Example Play: + .. code-block:: yaml + + - name: Create container(s) + hosts: all_containers + gather_facts: false + user: root + roles: + - { role: "lxc_container_create", tags: [ "lxc-container-create" ] } + + +Example Inventory: + .. code-block:: json + + { + "all_containers": { + "children": [ + "group_of_containers" + ], + "hosts": [] + }, + "lxc_hosts": { + "children": [], + "hosts": [ + "infra1" + ] + }, + "group_of_containers": { + "children": [], + "hosts": [ + "container1" + ] + }, + "_meta": { + "hostvars": { + "infra1": { + "ansible_ssh_host": "192.168.0.1", + "container_address": "192.168.0.1", + "container_name": "infra1", + "container_networks": { + "management_address": { + "bridge": "br-mgmt", + "interface": "eth1", + "netmask": "255.255.252.0", + "type": "veth" + } + }, + "properties": { + "container_release": "trusty", + "is_metal": true + } + }, + "container1": { + "ansible_ssh_host": "10.0.0.1", + "container_address": "10.0.0.1", + "container_name": "container1", + "container_networks": { + "management_address": { + "address": "10.0.0.1", + "bridge": "br-mgmt", + "interface": "eth1", + "netmask": "255.255.252.0", + "type": "veth" + } + }, + "physical_host": "infra1", + "physical_host_group": "lxc_hosts", + "properties": { + "container_release": "trusty", + } + } + } + } + } diff --git a/playbooks/roles/lxc_container_create/defaults/main.yml b/playbooks/roles/lxc_container_create/defaults/main.yml new file mode 100644 index 0000000000..442e3bfc27 --- /dev/null +++ b/playbooks/roles/lxc_container_create/defaults/main.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +lxc_container_config: /etc/lxc/lxc-openstack.conf + +# Default container template to build from +lxc_container_template: openstack + +# container_fs.* is only used with building on an LVM backend +lxc_container_fs_size: 5G +lxc_container_fs_type: ext4 + +# Default store is lvm, however will fall back to dir if the +# container_volume_group is not found. +lxc_container_backing_store: lvm +lxc_container_vg_name: lxc + +# Default image to build from +lxc_container_release: trusty + +lxc_container_default_interfaces: | + # The loopback network interface + auto lo + iface lo inet loopback + # LXC interface, this is ALWAYS assumed to be DHCP. + auto eth0 + iface eth0 inet dhcp + # Load any additional configs + source /etc/network/interfaces.d/*.cfg + +# The container interface variable is a a default object that assume the +# Ansible iterator type is `with_dict`. +lxc_container_interface: | + ### start generated network for [ {{ item.value.interface }} ] ### + auto {{ item.value.interface }} + {% if item.value.address is defined %} + iface {{ item.value.interface }} inet static + address {{ item.value.address }} + netmask {{ item.value.netmask }} + {% if item.value.gateway is defined %} + gateway {{ item.value.gateway }} + {% endif %} + {% else %} + iface {{ item.value.interface }} inet manual + {% endif %} + ### end generated network for [ {{ item.value.interface }} ] ### diff --git a/playbooks/roles/container_destroy/tasks/main.yml b/playbooks/roles/lxc_container_create/handlers/main.yml similarity index 69% rename from playbooks/roles/container_destroy/tasks/main.yml rename to playbooks/roles/lxc_container_create/handlers/main.yml index cdde66d06b..e446dd44f3 100644 --- a/playbooks/roles/container_destroy/tasks/main.yml +++ b/playbooks/roles/lxc_container_create/handlers/main.yml @@ -13,11 +13,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -# destroy an LXC container. - -- name: Destroy Containers - lxc: - name: "{{ container_name }}" - command: "destroy" +- name: Lxc container restart + lxc-container: + name: "{{ inventory_hostname }}" + state: "stopped" + notify: + - Start Container delegate_to: "{{ physical_host }}" +- name: Start Container + lxc-container: + name: "{{ inventory_hostname }}" + state: "started" + delegate_to: "{{ physical_host }}" diff --git a/playbooks/roles/lxc_container_create/meta/main.yml b/playbooks/roles/lxc_container_create/meta/main.yml new file mode 100644 index 0000000000..dd46384a77 --- /dev/null +++ b/playbooks/roles/lxc_container_create/meta/main.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Create an LXC container + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - lxc + - container + - python + - development + - openstack +dependencies: [] diff --git a/playbooks/roles/lxc_container_create/tasks/container_create.yml b/playbooks/roles/lxc_container_create/tasks/container_create.yml new file mode 100644 index 0000000000..892310811a --- /dev/null +++ b/playbooks/roles/lxc_container_create/tasks/container_create.yml @@ -0,0 +1,137 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Obtain the Systems SSH-Key + set_fact: + lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" + when: > + lxc_container_ssh_key is not defined + delegate_to: "{{ physical_host }}" + +- name: Check for lxc volume group + shell: "(which vgs > /dev/null && vgs | grep -o '{{ lxc_container_vg_name }}') || false" + register: vg_result + failed_when: false + changed_when: vg_result.rc != 0 + delegate_to: "{{ physical_host }}" + tags: + - lxc-container-vg-detect + +- name: Set container backend "dir" if "lvm" not found + set_fact: + lxc_container_backing_store: dir + when: vg_result.rc != 0 + delegate_to: "{{ physical_host }}" + tags: + - lxc-container-vg-detect + +- name: Container service directories + file: + path: "{{ item }}" + state: "directory" + with_items: + - "/openstack/{{ inventory_hostname }}" + - "/openstack/backup/{{ inventory_hostname }}" + - "/openstack/log/{{ inventory_hostname }}" + delegate_to: "{{ physical_host }}" + tags: + - lxc-container-directories + +- name: Create container + lxc-container: + name: "{{ inventory_hostname }}" + container_log: "true" + config: "{{ lxc_container_config }}" + template: "{{ lxc_container_template }}" + state: started + backing_store: "{{ lxc_container_backing_store }}" + fs_size: "{{ lxc_container_fs_size }}" + fs_type: "{{ lxc_container_fs_type }}" + vg_name: "{{ lxc_container_vg_name }}" + template_options: "--release {{ properties.container_release|default(lxc_container_release) }}" + container_command: | + mkdir -p ~/.ssh/ + if [ ! -f "~/.ssh/authorized_keys" ];then + touch ~/.ssh/authorized_keys + fi + grep '{{ lxc_container_ssh_key }}' ~/.ssh/authorized_keys || echo '{{ lxc_container_ssh_key }}' | tee -a ~/.ssh/authorized_keys + # Create internal directories + mkdir -p /etc/network/interfaces.d + mkdir -p /var/backup + sed -i 's/PermitRootLogin.*/PermitRootLogin\ yes/g' /etc/ssh/sshd_config + service ssh restart + while timeout 120 apt-get update && apt-get -y install python2.7; [ $? = 124 ]; do + sleep 5 + done + rm /usr/bin/python + ln -s /usr/bin/python2.7 /usr/bin/python + echo -e '{{ lxc_container_default_interfaces }}' | tee /etc/network/interfaces + container_config: + - "lxc.aa_profile=lxc-openstack" + - "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0" + delegate_to: "{{ physical_host }}" + tags: + - lxc-container-create + +- name: Container network interfaces + lxc-container: + name: "{{ inventory_hostname }}" + container_command: | + echo -e '{{ lxc_container_interface }}' | tee /etc/network/interfaces.d/{{ item.value.interface }}.cfg + with_dict: container_networks + delegate_to: "{{ physical_host }}" + tags: + - lxc-container-networks + +- name: LXC host config for container networks + template: + src: "container-interface.ini.j2" + dest: "/var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini" + owner: "root" + group: "root" + mode: "0644" + with_dict: container_networks + notify: + - Lxc container restart + delegate_to: "{{ physical_host }}" + tags: + - lxc-container-networks + +- name: Container network configs + lineinfile: + dest: "/var/lib/lxc/{{ inventory_hostname }}/config" + line: "lxc.include = /var/lib/lxc/{{ inventory_hostname }}/{{ item.value.interface }}.ini" + backup: "true" + with_dict: container_networks + when: > + item.value.interface is defined + notify: + - Lxc container restart + delegate_to: "{{ physical_host }}" + tags: + - lxc-container-networks + +- name: Create container service directories + lxc-container: + name: "{{ inventory_hostname }}" + container_command: | + mkdir -p '/var/log/{{ properties.service_name }}' + mkdir -p '/etc/{{ properties.service_name }}' + container_config: + - "lxc.mount.entry=/openstack/log/{{ inventory_hostname }} var/log/{{ properties.service_name }} none defaults,bind,rw 0 0" + when: properties.service_name is defined + delegate_to: "{{ physical_host }}" + tags: + - lxc-container-service-dirs diff --git a/playbooks/roles/container_create/tasks/main.yml b/playbooks/roles/lxc_container_create/tasks/main.yml similarity index 80% rename from playbooks/roles/container_create/tasks/main.yml rename to playbooks/roles/lxc_container_create/tasks/main.yml index f0bb841ab7..fa84ce7d2e 100644 --- a/playbooks/roles/container_create/tasks/main.yml +++ b/playbooks/roles/lxc_container_create/tasks/main.yml @@ -14,4 +14,9 @@ # limitations under the License. - include: container_create.yml - + when: > + physical_host is defined and + inventory_hostname is defined and + physical_host != inventory_hostname + tags: + - lxc-container \ No newline at end of file diff --git a/playbooks/roles/lxc_container_create/templates/container-interface.ini.j2 b/playbooks/roles/lxc_container_create/templates/container-interface.ini.j2 new file mode 100644 index 0000000000..a5145120e6 --- /dev/null +++ b/playbooks/roles/lxc_container_create/templates/container-interface.ini.j2 @@ -0,0 +1,12 @@ +# {{ ansible_managed }} + +# Create a veth pair within the container +lxc.network.type = {{ item.value.type|default('veth') }} +# Network device within the container +lxc.network.name = {{ item.value.interface }} +# Host link to attach to, this should be a bridge +lxc.network.link = {{ item.value.bridge }} +# Hardware Address +lxc.network.hwaddr = 00:16:3e:xx:xx:xx +# enable the device on boot +lxc.network.flags = up diff --git a/playbooks/roles/lxc_container_destroy/CONTRIBUTING.rst b/playbooks/roles/lxc_container_destroy/CONTRIBUTING.rst new file mode 100644 index 0000000000..d18443a710 --- /dev/null +++ b/playbooks/roles/lxc_container_destroy/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack LXC container destroy +############################### +:tags: openstack, lxc, container, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/lxc_container_destroy/LICENSE b/playbooks/roles/lxc_container_destroy/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/lxc_container_destroy/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/lxc_container_destroy/README.rst b/playbooks/roles/lxc_container_destroy/README.rst new file mode 100644 index 0000000000..da6e7ec800 --- /dev/null +++ b/playbooks/roles/lxc_container_destroy/README.rst @@ -0,0 +1,81 @@ +OpenStack LXC container destroy +############################### +:tags: openstack, lxc, container, cloud, ansible +:category: \*nix + +Role for destroying LXC containers. This role has been setup for use in OpenStack. This role will remove several directories on the LXC host which were used in bind mounted storage within the container. + +Example Play: + .. code-block:: yaml + + - name: Destroy lxc containers + hosts: all_containers + gather_facts: false + user: root + roles: + - { role: "lxc_container_destroy", tags: [ "lxc-container-destroy" ] } + + +Example Inventory: + .. code-block:: json + + { + "all_containers": { + "children": [ + "group_of_containers" + ], + "hosts": [] + }, + "lxc_hosts": { + "children": [], + "hosts": [ + "infra1" + ] + }, + "group_of_containers": { + "children": [], + "hosts": [ + "container1" + ] + }, + "_meta": { + "hostvars": { + "infra1": { + "ansible_ssh_host": "192.168.0.1", + "container_address": "192.168.0.1", + "container_name": "infra1", + "container_networks": { + "management_address": { + "bridge": "br-mgmt", + "interface": "eth1", + "netmask": "255.255.252.0", + "type": "veth" + } + }, + "properties": { + "container_release": "trusty", + "is_metal": true + } + }, + "container1": { + "ansible_ssh_host": "10.0.0.1", + "container_address": "10.0.0.1", + "container_name": "container1", + "container_networks": { + "management_address": { + "address": "10.0.0.1", + "bridge": "br-mgmt", + "interface": "eth1", + "netmask": "255.255.252.0", + "type": "veth" + } + }, + "physical_host": "infra1", + "physical_host_group": "lxc_hosts", + "properties": { + "container_release": "trusty", + } + } + } + } + } diff --git a/playbooks/roles/lxc_container_destroy/meta/main.yml b/playbooks/roles/lxc_container_destroy/meta/main.yml new file mode 100644 index 0000000000..04a75ace4c --- /dev/null +++ b/playbooks/roles/lxc_container_destroy/meta/main.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Destroy an lxc container + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - lxc + - container + - python + - development + - openstack +dependencies: [] diff --git a/playbooks/roles/container_extra_setup/tasks/kernel_module.yml b/playbooks/roles/lxc_container_destroy/tasks/main.yml similarity index 59% rename from playbooks/roles/container_extra_setup/tasks/kernel_module.yml rename to playbooks/roles/lxc_container_destroy/tasks/main.yml index 1b90f435af..bf4a5a57be 100644 --- a/playbooks/roles/container_extra_setup/tasks/kernel_module.yml +++ b/playbooks/roles/lxc_container_destroy/tasks/main.yml @@ -13,17 +13,23 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: "Ensure kernel module(s)" - modprobe: - name: "{{ item }}" - with_items: kernel_modules - when: kernel_modules is defined +- name: Destroy a container + lxc-container: + name: "{{ container_name }}" + state: "absent" delegate_to: "{{ physical_host }}" + tags: + - container-destroy -- name: "Ensure kernel module(s) loaded at boot" - lineinfile: - dest: /etc/modules - line: "{{ item }}" - with_items: kernel_modules - when: kernel_modules is defined +- name: Destroy container service directories + file: + path: "{{ item }}" + state: "absent" + with_items: + - "/openstack/{{ container_name }}" + - "/openstack/backup/{{ container_name }}" + - "/openstack/log/{{ container_name }}" + - "/var/lib/lxc/{{ container_name }}" delegate_to: "{{ physical_host }}" + tags: + - container-directories diff --git a/playbooks/roles/lxc_hosts/CONTRIBUTING.rst b/playbooks/roles/lxc_hosts/CONTRIBUTING.rst new file mode 100644 index 0000000000..9ba364b16e --- /dev/null +++ b/playbooks/roles/lxc_hosts/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack LXC host setup +######################## +:tags: openstack, lxc, host, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/lxc_hosts/LICENSE b/playbooks/roles/lxc_hosts/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/lxc_hosts/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/lxc_hosts/README.rst b/playbooks/roles/lxc_hosts/README.rst new file mode 100644 index 0000000000..7ae5f47c9b --- /dev/null +++ b/playbooks/roles/lxc_hosts/README.rst @@ -0,0 +1,14 @@ +OpenStack LXC host setup +######################## +:tags: openstack, lxc, host, cloud, ansible +:category: \*nix + +Role for deployment and setup of an LXC host. + +.. code-block:: yaml + + - name: Basic lxc host setup + hosts: "hosts" + user: root + roles: + - { role: "lxc_hosts", tags: [ "lxc-host", "host-setup" ] } diff --git a/playbooks/roles/lxc_hosts/defaults/main.yml b/playbooks/roles/lxc_hosts/defaults/main.yml new file mode 100644 index 0000000000..5eca31b3d0 --- /dev/null +++ b/playbooks/roles/lxc_hosts/defaults/main.yml @@ -0,0 +1,62 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# lxc container net network +lxc_net_bridge: lxcbr0 +lxc_net_bridge_port: none +lxc_net_address: 10.0.3.1 +lxc_net_netmask: 255.255.255.0 +lxc_net_gateway: none ## if "none" no gateway will on the LXC bridge, nat must be "false" to use a gateway. + +# lxc container nat enabled +lxc_net_nat: true ## If "true" nat rules will be created with the lxc network. + +# lxc container dhcp settings +lxc_net_dhcp_range: 10.0.3.2,10.0.3.253 +lxc_net_dhcp_max: 253 +lxc_net_dhcp_config: '' +lxc_net_dnsmasq_user: lxc-dnsmasq +lxc_net_domain: '' + +# lxc_container_net_link variable should be set to the lxc-net bridge. +lxc_container_net_link: "{{ lxc_net_bridge }}" ## name of the host bridge to attach to +lxc_container_net_type: veth ## lxc network interface type (veth, phys, vlan, macvlan, empty) +lxc_container_net_name: eth0 ## name of the interface inside the container. + +# System control kernel tuning +lxc_kernel_options: + - { key: 'fs.inotify.max_user_instances', value: 1024 } + - { key: 'vm.swappiness', value: 10 } + +# Required apt packages. +lxc_apt_packages: + - apparmor-utils + - bridge-utils + - cgmanager + - cgroup-lite + - debootstrap + - dnsmasq + - git + - liblxc1 + - lxc + - lxc-dev + - lxc-templates + - python-dev + - python3-lxc + +# Prebuilt images to deploy onto hosts for use in containers. +# lxc_container_caches: +# - url: "{{ openstack_upstream_url }}/container_images/rpc-trusty-container.tgz" +# name: "trusty.tgz" diff --git a/playbooks/roles/lxc_common/files/lxc-openstack b/playbooks/roles/lxc_hosts/files/lxc-openstack similarity index 90% rename from playbooks/roles/lxc_common/files/lxc-openstack rename to playbooks/roles/lxc_hosts/files/lxc-openstack index 511e33fbfe..a38371369e 100644 --- a/playbooks/roles/lxc_common/files/lxc-openstack +++ b/playbooks/roles/lxc_hosts/files/lxc-openstack @@ -15,8 +15,7 @@ profile lxc-openstack flags=(attach_disconnected,mediate_deleted) { mount fstype=vfat* -> /**, mount fstype=fuseblk -> /**, mount fstype=nbd* -> /**, - mount fstype=nfs* -> /var/lib/cinder/mnt/**, - mount fstype=nfs* -> /var/lib/glance/images/**, + mount fstype=nfs* -> /**, mount fstype=devpts, # allow System access. diff --git a/playbooks/roles/lxc_common/templates/lxc-openstack b/playbooks/roles/lxc_hosts/files/lxc-openstack-template similarity index 99% rename from playbooks/roles/lxc_common/templates/lxc-openstack rename to playbooks/roles/lxc_hosts/files/lxc-openstack-template index d928f3deda..598b815b94 100644 --- a/playbooks/roles/lxc_common/templates/lxc-openstack +++ b/playbooks/roles/lxc_hosts/files/lxc-openstack-template @@ -7,7 +7,7 @@ # # This is a modified version of the base ubuntu template that will allow -# for the installation of packages that the os-ansible-deployment uses +# for the installation of packages that the Rackspace private cloud uses # within LXC containers. # Copyright © 2014 Kevin Carter @@ -297,7 +297,7 @@ download_ubuntu() { cache=$1 arch=$2 - release=$3 + release=$(echo $3 | awk -F'-' '{print $1}') packages_template=${packages_template:-"ssh,vim,"} packages_template+="libxslt1-dev,libxml2-dev,libffi-dev,sshpass,iptables,sqlite3,python-software-properties," diff --git a/playbooks/roles/host_common/handlers/main.yml b/playbooks/roles/lxc_hosts/handlers/main.yml similarity index 59% rename from playbooks/roles/host_common/handlers/main.yml rename to playbooks/roles/lxc_hosts/handlers/main.yml index f802dbe316..19d0bdb8f7 100644 --- a/playbooks/roles/host_common/handlers/main.yml +++ b/playbooks/roles/lxc_hosts/handlers/main.yml @@ -13,8 +13,23 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Restart sysstat - service: name=sysstat state=restarted pattern=sysstat enabled=yes +- name: Load lxc-openstack apparmor profile + command: apparmor_parser -Kr /etc/apparmor.d/lxc-containers + +- name: Restart apparmor + service: + name: "apparmor" + state: "restarted" + +- name: Init reload + command: "initctl reload-configuration" - name: Restart irqbalance - service: name=irqbalance state=restarted pattern=irqbalance enabled=yes + service: + name: "irqbalance" + state: "restarted" + pattern: "irqbalance" + enabled: "yes" + +- name: Bring bridge up + command: "ifup {{ lxc_net_bridge }}" diff --git a/playbooks/roles/lxc_hosts/meta/main.yml b/playbooks/roles/lxc_hosts/meta/main.yml new file mode 100644 index 0000000000..c65a663a77 --- /dev/null +++ b/playbooks/roles/lxc_hosts/meta/main.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Deployment of LXC hosts for use in Rackspace Private Cloud + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - lxc + - development + - openstack +dependencies: + - pip_install diff --git a/playbooks/roles/lxc_common/tasks/lxc_container_cache.yml b/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml similarity index 59% rename from playbooks/roles/lxc_common/tasks/lxc_container_cache.yml rename to playbooks/roles/lxc_hosts/tasks/lxc_cache.yml index 071ca7e641..798400446a 100644 --- a/playbooks/roles/lxc_common/tasks/lxc_container_cache.yml +++ b/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml @@ -13,21 +13,33 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Download lxc cache +- name: Download lxc cache(s) get_url: - url: "{{ container_cache_tarball }}" - dest: "/var/cache/lxc/trusty-container.tgz" - mode: "0440" + url: "{{ item.url }}" + dest: "/var/cache/lxc/{{ item.name }}" + mode: "0644" register: cache_download - async: 600 - poll: 15 - retries: 10 - delay: 120 until: cache_download|success + with_items: lxc_container_caches + tags: + - lxc-cache + - lxc-cache-download - name: Move lxc cached image into place unarchive: - src: "/var/cache/lxc/trusty-container.tgz" + src: "/var/cache/lxc/{{ item.name }}" dest: "/var/cache/lxc/" copy: "no" - when: cache_download|changed + with_items: lxc_container_caches + tags: + - lxc-cache + - lxc-cache-unarchive + +- name: Remove cache tarball + file: + path: "/var/cache/lxc/{{ item.name }}" + state: absent + with_items: lxc_container_caches + tags: + - lxc-cache + - lxc-cache-remove diff --git a/playbooks/roles/rsyslog/tasks/main.yml b/playbooks/roles/lxc_hosts/tasks/lxc_dnsmasq_cleanup.yml similarity index 71% rename from playbooks/roles/rsyslog/tasks/main.yml rename to playbooks/roles/lxc_hosts/tasks/lxc_dnsmasq_cleanup.yml index 548c749ada..7ef23a7d92 100644 --- a/playbooks/roles/rsyslog/tasks/main.yml +++ b/playbooks/roles/lxc_hosts/tasks/lxc_dnsmasq_cleanup.yml @@ -13,12 +13,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Rsyslog Setup - template: - src: "{{ item }}" - dest: "/etc/rsyslog.d/{{ item }}" - owner: "root" - group: "root" - register: results +- name: Ensure dnsmasq stopped + service: + name: "dnsmasq" + state: "stopped" + enabled: "no" + +- name: Remove dnsmasq file(s) + file: + path: "{{ item }}" + state: "absent" with_items: - - 50-default.conf + - /var/run/dnsmasq/resolv.conf + - /etc/dnsmasq.conf diff --git a/playbooks/roles/lxc_common/tasks/lxc_install.yml b/playbooks/roles/lxc_hosts/tasks/lxc_install.yml similarity index 77% rename from playbooks/roles/lxc_common/tasks/lxc_install.yml rename to playbooks/roles/lxc_hosts/tasks/lxc_install.yml index 8b65a5f344..fc108d2937 100644 --- a/playbooks/roles/lxc_common/tasks/lxc_install.yml +++ b/playbooks/roles/lxc_hosts/tasks/lxc_install.yml @@ -13,16 +13,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Ensure common LXC Packages are Installed +- name: Install apt packages apt: pkg: "{{ item }}" - state: latest + state: present update_cache: yes cache_valid_time: 600 - with_items: - - python3-lxc - - lxc-templates - - liblxc1 - - libssl-dev - - libffi-dev - - debootstrap + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: lxc_apt_packages + tags: + - lxc-packages diff --git a/playbooks/roles/lxc_hosts/tasks/lxc_kernel_tuning.yml b/playbooks/roles/lxc_hosts/tasks/lxc_kernel_tuning.yml new file mode 100644 index 0000000000..2b05b9924e --- /dev/null +++ b/playbooks/roles/lxc_hosts/tasks/lxc_kernel_tuning.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Tuning kernel for lxc + sysctl: + name: "{{ item.key }}" + value: "{{ item.value }}" + sysctl_set: "{{ item.set|default('yes') }}" + state: "{{ item.state|default('present') }}" + reload: "{{ item.reload|default('yes') }}" + ignore_errors: true + with_items: lxc_kernel_options diff --git a/playbooks/roles/lxc_hosts/tasks/lxc_net.yml b/playbooks/roles/lxc_hosts/tasks/lxc_net.yml new file mode 100644 index 0000000000..cafbd887d4 --- /dev/null +++ b/playbooks/roles/lxc_hosts/tasks/lxc_net.yml @@ -0,0 +1,53 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure networking includes interfaces.d + lineinfile: + dest: "/etc/network/interfaces" + line: "source /etc/network/interfaces.d/*.cfg" + backup: "yes" + tags: + - lxc-net + - lxc-interfaces + +- name: Check Container Bridge exists + file: + state: "file" + path: "/sys/class/net/{{ lxc_net_bridge }}/bridge/bridge_id" + register: bridge_check + failed_when: false + changed_when: bridge_check.state == 'absent' + notify: + - Bring bridge up + tags: + - lxc-net + - lxc-bridge + +- name: Drop lxc net bridge + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner|default('root') }}" + group: "{{ item.group|default('root') }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: lxc-net-bridge.cfg.j2, dest: "/etc/network/interfaces.d/lxc-net-bridge.cfg" } + when: bridge_check.state == "absent" + notify: + - Bring bridge up + tags: + - lxc-files + - lxc-net + - lxc-bridge diff --git a/playbooks/roles/lxc_hosts/tasks/lxc_pre_install.yml b/playbooks/roles/lxc_hosts/tasks/lxc_pre_install.yml new file mode 100644 index 0000000000..11677baf4c --- /dev/null +++ b/playbooks/roles/lxc_hosts/tasks/lxc_pre_install.yml @@ -0,0 +1,104 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create base directories + file: + path: "{{ item }}" + state: "directory" + owner: "root" + group: "root" + with_items: + - /etc/lxc + - /usr/local/bin + - /etc/network/interfaces.d + - /etc/apparmor.d/lxc + - /usr/share/lxc/templates + - /openstack + - /openstack/backup + tags: + - lxc-directories + +- name: Ensure the lxc dnsmasq user exists + user: + name: "{{ lxc_net_dnsmasq_user }}" + comment: "LXC dnsmasq" + system: "yes" + shell: "/bin/false" + home: "/var/lib/lxc" + tags: + - lxc-dnsmasq-user + +- name: Drop base config file(s) + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner|default('root') }}" + group: "{{ item.group|default('root') }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: lxc-openstack.conf.j2, dest: "/etc/lxc/lxc-openstack.conf" } + - { src: lxc.default.j2, dest: "/etc/default/lxc-net", mode: "0644" } + - { src: lxc-system-manage.j2, dest: "/usr/local/bin/lxc-system-manage", mode: "0755" } + - { src: manual-init.override.j2, dest: "/etc/init/lxc-net.override" } + tags: + - lxc-files + - lxc-config + +- name: Drop irqbalance config + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner|default('root') }}" + group: "{{ item.group|default('root') }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: irqbalance.j2, dest: "/etc/default/irqbalance" } + notify: + - Restart irqbalance + tags: + - lxc-files + - lxc-irqbalance + +- name: Drop lxc-openstack app armor profile + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner|default('root') }}" + group: "{{ item.group|default('root') }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: lxc-openstack, dest: "/etc/apparmor.d/lxc/lxc-openstack" } + notify: + - Load lxc-openstack apparmor profile + - Restart apparmor + tags: + - lxc-files + - lxc-apparmor + +- name: Drop lxc-openstack template + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner|default('root') }}" + group: "{{ item.group|default('root') }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: lxc-openstack-template, dest: "/usr/share/lxc/templates/lxc-openstack", mode: "0755" } + tags: + - lxc-files + - lxc-template + +# Ensure apparmor reindex runs before other things that may fail +- meta: flush_handlers diff --git a/playbooks/roles/lxc_common/tasks/main.yml b/playbooks/roles/lxc_hosts/tasks/main.yml similarity index 76% rename from playbooks/roles/lxc_common/tasks/main.yml rename to playbooks/roles/lxc_hosts/tasks/main.yml index 5203942572..0c1df66e48 100644 --- a/playbooks/roles/lxc_common/tasks/main.yml +++ b/playbooks/roles/lxc_hosts/tasks/main.yml @@ -13,6 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: lxc_pre_install.yml +- include: lxc_kernel_tuning.yml +- include: lxc_net.yml - include: lxc_install.yml -- include: lxc_host_setup.yml -- include: lxc_container_cache.yml +- include: lxc_dnsmasq_cleanup.yml +- include: lxc_cache.yml + when: lxc_container_caches is defined diff --git a/playbooks/roles/host_common/templates/irqbalance b/playbooks/roles/lxc_hosts/templates/irqbalance.j2 similarity index 86% rename from playbooks/roles/host_common/templates/irqbalance rename to playbooks/roles/lxc_hosts/templates/irqbalance.j2 index 93efb6df46..cf23a53db3 100644 --- a/playbooks/roles/host_common/templates/irqbalance +++ b/playbooks/roles/lxc_hosts/templates/irqbalance.j2 @@ -1,7 +1,10 @@ +# {{ ansible_managed }} + #Configuration for the irqbalance daemon #Should irqbalance be enabled? ENABLED="1" + #Balance the IRQs only once? ONESHOT="0" diff --git a/playbooks/roles/lxc_hosts/templates/lxc-net-bridge.cfg.j2 b/playbooks/roles/lxc_hosts/templates/lxc-net-bridge.cfg.j2 new file mode 100644 index 0000000000..afcb161bbf --- /dev/null +++ b/playbooks/roles/lxc_hosts/templates/lxc-net-bridge.cfg.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +auto {{ lxc_net_bridge }} +iface {{ lxc_net_bridge }} inet static + address {{ lxc_net_address }} + netmask {{ lxc_net_netmask }} +{% if lxc_net_nat == "true" %} +{% if lxc_net_gateway != "none" %} + gateway {{ lxc_net_gateway }} +{% endif %} + # nat rules start and stop + post-up /usr/local/bin/lxc-system-manage iptables-create + post-down /usr/local/bin/lxc-system-manage iptables-remove +{% endif %} + # dnsmasq start and stop + post-up /usr/local/bin/lxc-system-manage dnsmasq-start || true + post-up /usr/local/bin/lxc-system-manage iptables-create + post-down /usr/local/bin/lxc-system-manage dnsmasq-stop + post-down /usr/local/bin/lxc-system-manage iptables-remove + bridge_fd 0 + bridge_maxwait 0 + bridge_ports {{ lxc_net_bridge_port }} + bridge_hello 2 + bridge_maxage 12 + bridge_stp off diff --git a/playbooks/roles/lxc_hosts/templates/lxc-openstack.conf.j2 b/playbooks/roles/lxc_hosts/templates/lxc-openstack.conf.j2 new file mode 100644 index 0000000000..9d5d33f226 --- /dev/null +++ b/playbooks/roles/lxc_hosts/templates/lxc-openstack.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} + +lxc.start.auto = 1 +lxc.start.delay = 15 +lxc.group = onboot +lxc.group = rpc + +# Default LXC network +lxc.network.type = {{ lxc_container_net_type }} +lxc.network.name = {{ lxc_container_net_name }} +lxc.network.link = {{ lxc_container_net_link }} +lxc.network.flags = up +lxc.network.hwaddr = 00:16:3e:xx:xx:xx diff --git a/playbooks/roles/lxc_common/files/lxc-system-manage b/playbooks/roles/lxc_hosts/templates/lxc-system-manage.j2 similarity index 81% rename from playbooks/roles/lxc_common/files/lxc-system-manage rename to playbooks/roles/lxc_hosts/templates/lxc-system-manage.j2 index f5646b5068..74438508d5 100644 --- a/playbooks/roles/lxc_common/files/lxc-system-manage +++ b/playbooks/roles/lxc_hosts/templates/lxc-system-manage.j2 @@ -17,31 +17,34 @@ # host. The functions within this script provide for common operations # that may be required when working with LXC in production. +# {{ ansible_managed }} + export USE_LXC_BRIDGE="true" -export LXC_BRIDGE="lxcbr0" -export LXC_ADDR="10.0.3.1" -export LXC_NETMASK="255.255.255.0" -export LXC_NETWORK="10.0.3.0/24" -export LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" -export LXC_DHCP_MAX="253" -export LXC_DHCP_CONFILE="" +export LXC_BRIDGE="{{ lxc_net_bridge }}" +export LXC_ADDR="{{ lxc_net_address }}" +export LXC_NETMASK="{{ lxc_net_netmask }}" +export LXC_NETWORK="${LXC_ADDR}/${LXC_NETMASK}" +export LXC_DHCP_RANGE="{{ lxc_net_dhcp_range }}" +export LXC_DHCP_MAX="{{ lxc_net_dhcp_max }}" +export LXC_DHCP_CONFILE="{{ lxc_net_dhcp_config }}" +export LXC_DNSMASQ_USER="{{ lxc_net_dnsmasq_user }}" export VARRUN="/run/lxc" -export LXC_DOMAIN="" +export LXC_DOMAIN="{{ lxc_net_domain }}" function warn() { echo -e "\e[0;35m${@}\e[0m" } - + function info() { echo -e "\e[0;33m${@}\e[0m" } - + function success() { echo -e "\e[0;32m${@}\e[0m" } function remove_rules() { - success "Removing LXC IPtables rules." + info "Removing LXC IPtables rules." # Remove rules from the INPUT chain iptables ${USE_IPTABLES_LOCK} -D INPUT -i "${LXC_BRIDGE}" -p udp --dport 67 -j ACCEPT iptables ${USE_IPTABLES_LOCK} -D INPUT -i "${LXC_BRIDGE}" -p tcp --dport 67 -j ACCEPT @@ -54,24 +57,26 @@ function remove_rules() { # Remove rules from the nat POSTROUTING chain iptables ${USE_IPTABLES_LOCK} -t nat \ - -D POSTROUTING \ - -s "${LXC_NETWORK}" ! \ - -d "${LXC_NETWORK}" \ - -j MASQUERADE || true + -D POSTROUTING \ + -s "${LXC_NETWORK}" ! \ + -d "${LXC_NETWORK}" \ + -j MASQUERADE || true # Remove rules from the mangle POSTROUTING chain iptables ${USE_IPTABLES_LOCK} -t mangle \ - -D POSTROUTING \ - -o "${LXC_BRIDGE}" \ - -p udp \ - -m udp \ - --dport 68 \ - -j CHECKSUM \ - --checksum-fill + -D POSTROUTING \ + -s "${LXC_NETWORK}" \ + -o "${LXC_BRIDGE}" \ + -p udp \ + -m udp \ + --dport 68 \ + -j CHECKSUM \ + --checksum-fill + success "IPtables rules removed." } function add_rules() { - success "Creating LXC IPtables rules." + info "Creating LXC IPtables rules." set -e # Set ip_prwarding sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1 @@ -88,20 +93,22 @@ function add_rules() { # Add rules from the nat POSTROUTING chain iptables ${USE_IPTABLES_LOCK} -t nat \ - -A POSTROUTING \ - -s "${LXC_NETWORK}" ! \ - -d "${LXC_NETWORK}" \ - -j MASQUERADE + -A POSTROUTING \ + -s "${LXC_NETWORK}" ! \ + -d "${LXC_NETWORK}" \ + -j MASQUERADE # Add rules from the mangle POSTROUTING chain iptables ${USE_IPTABLES_LOCK} -t mangle \ - -A POSTROUTING \ - -o "${LXC_BRIDGE}" \ - -p udp \ - -m udp \ - --dport 68 \ - -j CHECKSUM \ - --checksum-fill + -A POSTROUTING \ + -s "${LXC_NETWORK}" \ + -o "${LXC_BRIDGE}" \ + -p udp \ + -m udp \ + --dport 68 \ + -j CHECKSUM \ + --checksum-fill + success "IPtables rules created." } function cleanup() { @@ -133,20 +140,21 @@ function pre_up() { function start_dnsmasq() { set -e - success "Starting LXC dnsmasq." - dnsmasq "${LXC_DOMAIN_ARG}" -u lxc-dnsmasq \ - --strict-order \ - --bind-interfaces \ + info "Starting LXC dnsmasq." + dnsmasq "${LXC_DOMAIN_ARG}" --user="${LXC_DNSMASQ_USER}" \ --pid-file="${VARRUN}/dnsmasq.pid" \ --conf-file="${LXC_DHCP_CONFILE}" \ - --listen-address "${LXC_ADDR}" \ - --dhcp-range "${LXC_DHCP_RANGE}" \ + --listen-address="${LXC_ADDR}" \ + --dhcp-range="${LXC_DHCP_RANGE}" \ --dhcp-lease-max="${LXC_DHCP_MAX}" \ - --dhcp-no-override \ --except-interface="lo" \ --interface="${LXC_BRIDGE}" \ --dhcp-leasefile="${DHCP_LEASE_FILE}" \ + --dhcp-no-override \ + --strict-order \ + --bind-interfaces \ --dhcp-authoritative + success "dnsmasq started." } function start_containers_nicely() { @@ -170,7 +178,7 @@ function stop_containers_with_fire() { function start_networks() { set -e - success "Building the LXC container network." + info "Building the LXC container network." # Create lxc bridge brctl addbr "${LXC_BRIDGE}" @@ -191,6 +199,7 @@ function start_networks() { # Start DNS mask DHCP_LEASE_FILE="/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases" start_dnsmasq + success "LXC container network has been created." } function stop_dnsmasq() { @@ -336,9 +345,9 @@ case "$1" in dnsmasq-start Start the LXC dnsmasq process. dnsmasq-stop Stop the LXC dnsmasq process. dnsmasq-restart Restart the LXC dnsmasq process. - iptables-create Create the LXC IPtables rules. - iptables-remove Remove the LXC IPtables rules. - iptables-recreate Recreate the LXC IPtables rules. + iptables-create Create the LXC IPtables rules for NAT. + iptables-remove Remove the LXC IPtables rules for NAT. + iptables-recreate Recreate the LXC IPtables rules for NAT. veth-cleanup Remove all DOWN veth interfaces from a system. flush-net-cache Flush the hosts network cache. This is usful if IP addresses are being recycled on to containers diff --git a/playbooks/roles/lxc_hosts/templates/lxc.default.j2 b/playbooks/roles/lxc_hosts/templates/lxc.default.j2 new file mode 100644 index 0000000000..3de81e02bf --- /dev/null +++ b/playbooks/roles/lxc_hosts/templates/lxc.default.j2 @@ -0,0 +1,12 @@ +# {{ ansible_managed }} + +USE_LXC_BRIDGE="true" +LXC_BRIDGE="{{ lxc_net_bridge }}" +LXC_ADDR="{{ lxc_net_address }}" +LXC_NETMASK="{{ lxc_net_netmask }}" +LXC_NETWORK="${LXC_ADDR}/${LXC_NETMASK}" +LXC_DHCP_RANGE="{{ lxc_net_dhcp_range }}" +LXC_DHCP_MAX="{{ lxc_net_dhcp_max }}" +LXC_DNSMASQ_USER="{{ lxc_net_dnsmasq_user }}" +LXC_DHCP_CONFILE="{{ lxc_net_dhcp_config }}" +LXC_DOMAIN="{{ lxc_net_domain }}" diff --git a/playbooks/roles/lxc_hosts/templates/manual-init.override.j2 b/playbooks/roles/lxc_hosts/templates/manual-init.override.j2 new file mode 100644 index 0000000000..306c937e51 --- /dev/null +++ b/playbooks/roles/lxc_hosts/templates/manual-init.override.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} + +pre-start script + echo "pass" +end script + +post-stop script + echo "pass" +end script diff --git a/playbooks/roles/memcached/templates/memcached.conf b/playbooks/roles/memcached/templates/memcached.conf deleted file mode 100644 index 8390c9aed8..0000000000 --- a/playbooks/roles/memcached/templates/memcached.conf +++ /dev/null @@ -1,6 +0,0 @@ --d -logfile /var/log/memcached.log --m {{ memcached_memory|default('4096') }} --p {{ memcached_port|default('11211') }} --u {{ memcached_user|default('memcache') }} --l {{ memcached_listen|default('127.0.0.1') }} diff --git a/playbooks/roles/memcached_server/CONTRIBUTING.rst b/playbooks/roles/memcached_server/CONTRIBUTING.rst new file mode 100644 index 0000000000..13eb0428ea --- /dev/null +++ b/playbooks/roles/memcached_server/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack memcached servers +########################### +:tags: openstack, memcached, server, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/memcached_server/LICENSE b/playbooks/roles/memcached_server/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/memcached_server/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/memcached_server/README.rst b/playbooks/roles/memcached_server/README.rst new file mode 100644 index 0000000000..8a2080f868 --- /dev/null +++ b/playbooks/roles/memcached_server/README.rst @@ -0,0 +1,16 @@ +OpenStack memcached servers +########################### +:tags: openstack, memcached, server, cloud, ansible +:category: \*nix + +Role for the deployoment and installation of Memcached + +.. code-block:: yaml + + - name: Install memcached + hosts: memcached + user: root + roles: + - { role: "memcached_server", tags: [ "memcached-server" ] } + vars: + memcached_listen: "10.0.0.1" diff --git a/playbooks/vars/repo_packages/memcached.yml b/playbooks/roles/memcached_server/defaults/main.yml similarity index 50% rename from playbooks/vars/repo_packages/memcached.yml rename to playbooks/roles/memcached_server/defaults/main.yml index 3c129e25ef..d36220c929 100644 --- a/playbooks/vars/repo_packages/memcached.yml +++ b/playbooks/roles/memcached_server/defaults/main.yml @@ -13,11 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. -repo_package_name: memcached +# Defines that the role will be deployed on a host machine +is_metal: true -container_packages: +# The default memcache memory setting is to use .25 of the available system ram +# as long as that value is < 8192. However you can set the `memcached_memory` +# value to whatever you like as an override. +base_memcached_memory: "{{ ansible_memtotal_mb | default(4096) }}" +memcached_memory: "{{ base_memcached_memory | int // 4 if base_memcached_memory | int // 4 < 8192 else 8192 }}" + +memcached_port: 11211 +memcached_user: memcache +memcached_listen: "127.0.0.1" +memcached_log: /var/log/memcached.log + +memcached_apt_packages: - memcached - -service_pip_dependencies: - - python-memcached - - pycrypto diff --git a/playbooks/roles/memcached/handlers/main.yml b/playbooks/roles/memcached_server/handlers/main.yml similarity index 88% rename from playbooks/roles/memcached/handlers/main.yml rename to playbooks/roles/memcached_server/handlers/main.yml index 91efab23e7..6fb7b94cf5 100644 --- a/playbooks/roles/memcached/handlers/main.yml +++ b/playbooks/roles/memcached_server/handlers/main.yml @@ -14,4 +14,7 @@ # limitations under the License. - name: Restart memcached - service: name=memcached state=restarted pattern=memcached + service: + name: "memcached" + state: "restarted" + pattern: "memcached" diff --git a/playbooks/roles/memcached_server/meta/main.yml b/playbooks/roles/memcached_server/meta/main.yml new file mode 100644 index 0000000000..80c41514f7 --- /dev/null +++ b/playbooks/roles/memcached_server/meta/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of memcached + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - memcached + - development + - openstack +dependencies: [] diff --git a/playbooks/roles/container_setup/tasks/main.yml b/playbooks/roles/memcached_server/tasks/main.yml similarity index 79% rename from playbooks/roles/container_setup/tasks/main.yml rename to playbooks/roles/memcached_server/tasks/main.yml index e5f599fb61..3aac544cd1 100644 --- a/playbooks/roles/container_setup/tasks/main.yml +++ b/playbooks/roles/memcached_server/tasks/main.yml @@ -13,5 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: container_setup.yml +- include: memcached_pre_install.yml +- include: memcached_install.yml +- include: memcached_config.yml +- name: Flush handlers + meta: flush_handlers diff --git a/playbooks/roles/memcached/tasks/main.yml b/playbooks/roles/memcached_server/tasks/memcached_config.yml similarity index 96% rename from playbooks/roles/memcached/tasks/main.yml rename to playbooks/roles/memcached_server/tasks/memcached_config.yml index d32aedd99a..edb9460768 100644 --- a/playbooks/roles/memcached/tasks/main.yml +++ b/playbooks/roles/memcached_server/tasks/memcached_config.yml @@ -21,3 +21,5 @@ group: "root" mode: "0644" notify: Restart memcached + tags: + - memcached-config diff --git a/playbooks/roles/common/tasks/utils.yml b/playbooks/roles/memcached_server/tasks/memcached_install.yml similarity index 78% rename from playbooks/roles/common/tasks/utils.yml rename to playbooks/roles/memcached_server/tasks/memcached_install.yml index 21bf98b0dc..8b9f9e253a 100644 --- a/playbooks/roles/common/tasks/utils.yml +++ b/playbooks/roles/memcached_server/tasks/memcached_install.yml @@ -13,10 +13,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Ensure common utils +- name: Install apt packages apt: pkg: "{{ item }}" state: present update_cache: yes cache_valid_time: 600 - with_items: common_util_packages + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: memcached_apt_packages + tags: + - memcached-apt-packages diff --git a/playbooks/roles/swift_common/tasks/log_setup.yml b/playbooks/roles/memcached_server/tasks/memcached_pre_install.yml similarity index 65% rename from playbooks/roles/swift_common/tasks/log_setup.yml rename to playbooks/roles/memcached_server/tasks/memcached_pre_install.yml index 898a1bb02b..32a07225a1 100644 --- a/playbooks/roles/swift_common/tasks/log_setup.yml +++ b/playbooks/roles/memcached_server/tasks/memcached_pre_install.yml @@ -13,19 +13,23 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: "Create logging directory" +- name: Ensure the memcache user exists + user: + name: "{{ memcached_user }}" + comment: "memcached user" + system: "yes" + shell: "/bin/false" + createhome: "no" + tags: + - memcached-user + +- name: Ensure memcached directories file: path: "{{ item }}" state: "directory" - owner: "syslog" - group: "adm" + owner: "root" + group: "root" with_items: - - /var/log/swift - - /openstack/log/{{ inventory_hostname }} - -- name: "Drop swift rsyslog conf" - template: - src: "swift-rsyslog.conf.j2" - dest: "/etc/rsyslog.d/49-swift.conf" - notify: - - restart rsyslog + - "{{ memcached_log | dirname }}" + tags: + - memcached-dirs diff --git a/playbooks/roles/memcached_server/templates/memcached.conf b/playbooks/roles/memcached_server/templates/memcached.conf new file mode 100644 index 0000000000..7a77444932 --- /dev/null +++ b/playbooks/roles/memcached_server/templates/memcached.conf @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +-d +logfile {{ memcached_log }} +-m {{ memcached_memory }} +-p {{ memcached_port }} +-u {{ memcached_user }} +-l {{ memcached_listen }} diff --git a/playbooks/roles/neutron_add_network_interfaces/tasks/main.yml b/playbooks/roles/neutron_add_network_interfaces/tasks/main.yml deleted file mode 100644 index a9726a6a54..0000000000 --- a/playbooks/roles/neutron_add_network_interfaces/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Drop additional lxc network interfaces - template: - src=host_container_interface.j2 - dest=/var/lib/lxc/{{ container_name }}/add_neutron_network_interface.conf - register: host_container_interface - delegate_to: "{{ physical_host }}" - when: provider_networks is defined and tunnel_address is defined and is_metal != true - -- name: Update container config - lineinfile: - dest: /var/lib/lxc/{{ container_name }}/config - line: "lxc.include = /var/lib/lxc/{{ container_name }}/add_neutron_network_interface.conf" - state: present - register: container_net_include - when: host_container_interface|changed and is_metal != true - delegate_to: "{{ physical_host }}" - -- name: Drop additional container network interfaces file(s) - template: - src=container_interface_file.j2 - dest="/etc/network/interfaces.d/provider_networks.cfg" - register: container_interface - when: provider_networks is defined and tunnel_address is defined and is_metal != true - -- name: Restart container - lxc: > - command=restart - name="{{ container_name }}" - register: restarted_container - when: container_net_include|changed or host_container_interface|changed or container_interface|changed and is_metal != true - delegate_to: "{{ physical_host }}" - -- name: Wait for container networking - wait_for: > - port=22 - timeout={{ container_start_timeout }} - search_regex=OpenSSH - host={{ container_address }} - when: restarted_container|changed and is_metal != true - delegate_to: "{{ physical_host }}" diff --git a/playbooks/roles/neutron_add_network_interfaces/templates/container_interface_file.j2 b/playbooks/roles/neutron_add_network_interfaces/templates/container_interface_file.j2 deleted file mode 100644 index 80cd829d86..0000000000 --- a/playbooks/roles/neutron_add_network_interfaces/templates/container_interface_file.j2 +++ /dev/null @@ -1,26 +0,0 @@ -{% set tunnel_interfaces = [] %} -{% for net in provider_networks %} -{% if net.network.container_interface not in tunnel_interfaces %} - {% if net.network.type == 'vxlan' %} - {% if tunnel_interfaces.append(net.network.container_interface) %}{% endif %} - {% endif %} -{% endif %} -{% endfor %} - -# Found Tunnel interfaces which have been assigned the tunnel_address -# Devices: {{ tunnel_interfaces }} -{% set used_interfaces = [] %} -{% for net in provider_networks %} -{% if net.network.container_interface not in used_interfaces %} - {% if used_interfaces.append(net.network.container_interface) %}{% endif %} - -auto {{ net.network.container_interface }} -{% if net.network.container_interface in tunnel_interfaces %} -iface {{ net.network.container_interface }} inet static - address {{ tunnel_address }} - netmask {{ net.network.subnetmask|default('255.255.255.0') }} -{% else %} -iface {{ net.network.container_interface }} inet manual -{% endif %} -{% endif %} -{% endfor %} diff --git a/playbooks/roles/neutron_add_network_interfaces/templates/host_container_interface.j2 b/playbooks/roles/neutron_add_network_interfaces/templates/host_container_interface.j2 deleted file mode 100644 index d82cc1d74e..0000000000 --- a/playbooks/roles/neutron_add_network_interfaces/templates/host_container_interface.j2 +++ /dev/null @@ -1,21 +0,0 @@ -{% set used_interfaces = [] %} -{% for net in provider_networks %} -{% if net.network.container_interface not in used_interfaces %} - {% if used_interfaces.append(net.network.container_interface) %}{% endif %} - -# Create a veth pair within the container -lxc.network.type = veth -# Network device within the container -lxc.network.name = {{ net.network.container_interface }} -# Host link to attach to, this should be a bridge -lxc.network.link = {{ net.network.container_bridge }} -# Hardware Address -lxc.network.hwaddr = 00:16:3e:xx:xx:xx -# enable the device on boot -lxc.network.flags = up - -{% endif %} -{% endfor %} - -# All used IP addresses built from the provider_networks array -# Devices: {{ used_interfaces }} diff --git a/playbooks/roles/neutron_common/tasks/main.yml b/playbooks/roles/neutron_common/tasks/main.yml deleted file mode 100644 index 23be80debd..0000000000 --- a/playbooks/roles/neutron_common/tasks/main.yml +++ /dev/null @@ -1,107 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure service tenant - keystone: > - command=ensure_tenant - token="{{ auth_admin_token }}" - endpoint="{{ auth_admin_uri }}" - tenant_name=service - description="Service Tenant" - tags: - - neutron_config - -- name: Get nova admin endpoint - shell: | - . /root/openrc - SERVICE_ID="$(keystone service-list | grep -w 'compute' | awk '{print $2}')" - keystone endpoint-list | grep -w "$SERVICE_ID" | awk '{print $10}' - register: novaendpoint - changed_when: false - failed_when: novaendpoint.rc != 0 - tags: - - neutron_config - -- name: Get nova admin user - shell: | - . /root/openrc - keystone service-list | grep -w compute | awk '{print $4}' - register: novauser - changed_when: false - failed_when: novauser.rc != 0 - tags: - - neutron_config - -- name: Set variable data - set_fact: - nova_admin_username: "{{ novauser.stdout }}" - nova_admin_tenant_id: "{{ keystone_facts['id'] }}" - nova_service_adminurl: "{{ novaendpoint.stdout|replace('/$(tenant_id)s', '') }}" - nova_admin_password: "{{ nova_service_password }}" - nova_admin_auth_url: "{{ auth_identity_uri }}" - tags: - - neutron_config - -- name: Setup Neutron Config - template: > - src={{ item }} - dest=/etc/neutron/{{ item }} - owner={{ system_group }} - group={{ system_user }} - with_items: - - neutron.conf - - metadata_agent.ini - - l3_agent.ini - - dhcp_agent.ini - - api-paste.ini - - policy.json - - dnsmasq-neutron.conf - - rootwrap.conf - - plugins/ml2/ml2_conf.ini - - rootwrap.d/debug.filters - - rootwrap.d/dhcp.filters - - rootwrap.d/iptables-firewall.filters - - rootwrap.d/l3.filters - - rootwrap.d/lbaas-haproxy.filters - - rootwrap.d/linuxbridge-plugin.filters - - rootwrap.d/nec-plugin.filters - - rootwrap.d/openvswitch-plugin.filters - - rootwrap.d/ryu-plugin.filters - - rootwrap.d/vpnaas.filters - - rootwrap.d/ipset-firewall.filters - notify: Restart os service - tags: - - neutron_config - -- name: Drop iptables checksum fix - copy: - src: "post-up-checksum-rules.sh" - dest: "/etc/network/if-up.d/post-up-checksum-rules.sh" - owner: "root" - group: "root" - mode: "0755" - when: > - inventory_hostname in groups['neutron_linuxbridge_agent'] - tags: - - neutron_config - - neutron_checksum_fix - -- name: Run iptables checksum fix - command: /etc/network/if-up.d/post-up-checksum-rules.sh - when: > - inventory_hostname in groups['neutron_linuxbridge_agent'] - tags: - - neutron_config - - neutron_checksum_fix diff --git a/playbooks/roles/neutron_common/templates/dhcp_agent.ini b/playbooks/roles/neutron_common/templates/dhcp_agent.ini deleted file mode 100644 index b095a29fd2..0000000000 --- a/playbooks/roles/neutron_common/templates/dhcp_agent.ini +++ /dev/null @@ -1,7 +0,0 @@ -[DEFAULT] -interface_driver = {{ interface_driver }} -dhcp_driver = {{ dhcp_driver }} -use_namespaces = True -enable_isolated_metadata = True -num_sync_threads = 8 -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf diff --git a/playbooks/roles/neutron_common/templates/dnsmasq-neutron.conf b/playbooks/roles/neutron_common/templates/dnsmasq-neutron.conf deleted file mode 100644 index d4dafbe997..0000000000 --- a/playbooks/roles/neutron_common/templates/dnsmasq-neutron.conf +++ /dev/null @@ -1,2 +0,0 @@ -dhcp-option-force=26,1450 -log-facility=/var/log/neutron/neutron-dnsmasq.log diff --git a/playbooks/roles/neutron_common/templates/l3_agent.ini b/playbooks/roles/neutron_common/templates/l3_agent.ini deleted file mode 100644 index 7de00c830e..0000000000 --- a/playbooks/roles/neutron_common/templates/l3_agent.ini +++ /dev/null @@ -1,26 +0,0 @@ -[DEFAULT] -allow_automatic_l3agent_failover = True -enable_metadata_proxy = True -external_network_bridge = -gateway_external_network_id = - -# L3 Agent HA -ha_confs_path = /var/lib/neutron/ha_confs -ha_vrrp_advert_int = 2 -ha_vrrp_auth_password = None -ha_vrrp_auth_type = PASS -handle_internal_only_routers = True -l3_ha = False -l3_ha_net_cidr = 169.254.192.0/18 -max_l3_agents_per_router = {{ groups['neutron_agent']|length }} - -{%- set min_router = groups['neutron_agent'] | length / 2 %} - -min_l3_agents_per_router = {{ min_router | round(1, 'floor') | int }} -send_arp_for_ha = 3 - -# L3 Agent interfaces -interface_driver = {{ interface_driver }} -handle_internal_only_routers = True -use_namespaces = True -agent_mode = legacy diff --git a/playbooks/roles/neutron_common/templates/metadata_agent.ini b/playbooks/roles/neutron_common/templates/metadata_agent.ini deleted file mode 100644 index 0b3f5fc2fb..0000000000 --- a/playbooks/roles/neutron_common/templates/metadata_agent.ini +++ /dev/null @@ -1,25 +0,0 @@ -[DEFAULT] -debug = {{ debug|default('False') }} -verbose = {{ verbose|default('True') }} - -# The Neutron user information for accessing the Neutron API. -auth_url = {{ auth_identity_uri }} -auth_region = {{ service_region }} -endpoint_type = adminURL - -# TCP Port used by Nova metadata server -nova_metadata_ip = {{ internal_vip_address }} -nova_metadata_port = {{ nova_metadata_port|default('8775') }} - -# Admin authentication -admin_tenant_name = {{ service_admin_tenant_name }} -admin_user = {{ service_admin_username }} -admin_password = {{ service_admin_password }} - -# Number of backlog requests to configure the metadata server socket with -metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }} -metadata_workers = 10 -metadata_backlog = 128 - -# Metadata Caching -cache_url = memory://?default_ttl=5 diff --git a/playbooks/roles/neutron_common/templates/metering_agent.ini b/playbooks/roles/neutron_common/templates/metering_agent.ini deleted file mode 100644 index 00312e67e1..0000000000 --- a/playbooks/roles/neutron_common/templates/metering_agent.ini +++ /dev/null @@ -1,9 +0,0 @@ -[DEFAULT] -debug = True -driver = {{ metering_driver }} -interface_driver = {{ interface_driver }} -measure_interval = 30 -use_namespaces = True - -[AGENT] -report_interval = 30 diff --git a/playbooks/roles/neutron_common/templates/neutron.conf b/playbooks/roles/neutron_common/templates/neutron.conf deleted file mode 100644 index 4c562c4e78..0000000000 --- a/playbooks/roles/neutron_common/templates/neutron.conf +++ /dev/null @@ -1,114 +0,0 @@ -[DEFAULT] -verbose = True -debug = False -use_syslog = False - -log_file = /var/log/neutron/neutron.log -auth_strategy = keystone -lock_path = /var/lock/neutron - -# Sets qdhcp and qrouter tap interfaces to 1450 for VXLAN compatibility -network_device_mtu = {{ neutron_network_device_mtu|default('1450') }} - - -## Schedulers -router_distributed = False -agent_down_time = {{ neutron_agent_down_time }} -network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler -router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler -loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler -network_auto_schedule = True -router_auto_schedule = True - - -## API -bind_port = 9696 -bind_host = 0.0.0.0 - - -## Workers -api_workers = 10 -rpc_workers = 5 - - -## Plugins -allow_overlapping_ips = True -core_plugin = {{ core_plugin }} - -service_plugins = {% for plugin in service_plugins %}{{ plugin }}{% if not loop.last %},{% endif %}{% endfor %} - - -## MAC Address -base_mac = fa:16:3e:00:00:00 -mac_generation_retries = 16 - - -## DHCP -dhcp_agent_notification = True -dhcp_agents_per_network = {{ groups['neutron_agent'] | length }} -dhcp_delete_namespaces = True -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq -dhcp_lease_duration = 86400 - - -## RabbitMQ -rabbit_hosts = {{ rabbit_hosts }} -rabbit_port = {{ rabbit_port }} -rabbit_userid = {{ rabbit_userid }} -rabbit_password = {{ rabbit_password }} - - -## Notifications -notification_driver = neutron.openstack.common.notifier.rpc_notifier -notify_nova_on_port_status_changes = True -notify_nova_on_port_data_changes = True -send_events_interval = 2 - - -## Nova -nova_url = {{ nova_service_adminurl }} -nova_admin_username = {{ nova_admin_username }} -nova_admin_tenant_id = {{ nova_admin_tenant_id }} -nova_admin_password = {{ nova_admin_password }} -nova_admin_auth_url = {{ nova_admin_auth_url }} - - -[quotas] -quota_driver = neutron.db.quota_db.DbQuotaDriver -quota_items = network,subnet,port - - -[agent] -polling_interval = {{ neutron_agent_polling_interval|default(5) }} -report_interval = {{ neutron_report_interval|int }} -root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - - -[keystone_authtoken] -signing_dir = /var/cache/neutron -identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} -auth_uri = {{ auth_identity_uri }} -admin_tenant_name = {{ service_admin_tenant_name }} -admin_user = {{ service_admin_username }} -admin_password = {{ service_admin_password }} - -memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}{% if not loop.last %},{% endif %}{% endfor %} - -token_cache_time = 300 -revocation_cache_time = 60 - -# if your memcached server is shared, use these settings to avoid cache poisoning -memcache_security_strategy = ENCRYPT -memcache_secret_key = {{ memcached_secret_key }} - -# if your keystone deployment uses PKI, and you value security over performance: -check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }} - - -[database] -connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8 - - -[service_providers] -service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default -service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default diff --git a/playbooks/roles/neutron_setup/tasks/main.yml b/playbooks/roles/neutron_setup/tasks/main.yml deleted file mode 100644 index 7bdaa32860..0000000000 --- a/playbooks/roles/neutron_setup/tasks/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Perform a Neutron DB Upgrade - command: > - neutron-db-manage --config-file {{ neutron_config }} - --config-file {{ neutron_plugin }} - upgrade {{ neutron_revision }} - sudo: yes - sudo_user: "{{ system_user }}" - tags: - - neutron_upgrade - -- name: Check for DB revision - shell: "neutron-db-manage history | grep -w 'Revision ID: {{ neutron_revision }}'" - register: neutron_dbmanage - ignore_errors: True - sudo: yes - sudo_user: "{{ system_user }}" - tags: - - neutron_stamp - -- name: Perform a Neutron DB Stamp - command: > - neutron-db-manage --config-file {{ neutron_config }} - --config-file {{ neutron_plugin }} - stamp {{ neutron_revision }} - when: neutron_dbmanage.rc != 0 - sudo: yes - sudo_user: "{{ system_user }}" - tags: - - neutron_stamp diff --git a/playbooks/roles/nfs_client/tasks/main.yml b/playbooks/roles/nfs_client/tasks/main.yml deleted file mode 100644 index dba486c077..0000000000 --- a/playbooks/roles/nfs_client/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Create nfs_shares file - template: - src=nfs_shares.j2 - dest="{{ nfs_client.nfs_shares_config }}" - when: nfs_client is defined diff --git a/playbooks/roles/nfs_client/templates/nfs_shares.j2 b/playbooks/roles/nfs_client/templates/nfs_shares.j2 deleted file mode 100644 index 766e1ed63e..0000000000 --- a/playbooks/roles/nfs_client/templates/nfs_shares.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for share in nfs_client.shares %} -{{ share.ip }}: {{ share.share }} -{% endfor %} diff --git a/playbooks/roles/nova_common/tasks/main.yml b/playbooks/roles/nova_common/tasks/main.yml deleted file mode 100644 index 377b24ef10..0000000000 --- a/playbooks/roles/nova_common/tasks/main.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Get glance admin endpoint - shell: > - . /root/openrc && keystone endpoint-list | grep "$(keystone service-list | awk '/image/ {print $2}')" | awk '{print $10}' - register: glanceendpoint - -- name: Get neutron admin endpoint - shell: > - . /root/openrc && keystone endpoint-list | grep "$(keystone service-list | awk '/network/ {print $2}')" | awk '{print $10}' - register: neutronendpoint - -- name: Set variable data - set_fact: - neutron_service_adminurl: "{{ neutronendpoint.stdout }}" - glance_service_adminurl: "{{ glanceendpoint.stdout }}" - -- name: Setup nova config - template: > - src={{ item }} - dest=/etc/nova/{{ item }} - owner={{ system_user }} - group={{ system_group }} - with_items: - - nova.conf - - rootwrap.conf - - rootwrap.d/api-metadata.filters - - rootwrap.d/baremetal-compute-ipmi.filters - - rootwrap.d/baremetal-deploy-helper.filters - - rootwrap.d/compute.filters - - rootwrap.d/network.filters - - policy.json - - cells.json - - api-paste.ini - notify: Restart os service diff --git a/playbooks/roles/nova_common/templates/cells.json b/playbooks/roles/nova_common/templates/cells.json deleted file mode 100644 index cc74930d4d..0000000000 --- a/playbooks/roles/nova_common/templates/cells.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parent": { - "name": "parent", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": true - }, - "cell1": { - "name": "cell1", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit1.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": false - }, - "cell2": { - "name": "cell2", - "api_url": "http://api.example.com:8774", - "transport_url": "rabbit://rabbit2.example.com", - "weight_offset": 0.0, - "weight_scale": 1.0, - "is_parent": false - } -} diff --git a/playbooks/roles/nova_compute_devices/tasks/main.yml b/playbooks/roles/nova_compute_devices/tasks/main.yml deleted file mode 100644 index fe862b6991..0000000000 --- a/playbooks/roles/nova_compute_devices/tasks/main.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure container is running - lxc: > - name={{ container_name }} - command=start - delegate_to: "{{ physical_host }}" - when: is_metal != true - -- name: Add nbd devices to the compute - shell: > - for i in /dev/nbd*; do lxc-device -n {{ container_name }} add $i $i; done; - delegate_to: "{{ physical_host }}" - when: is_metal != true - -- name: Add net/tun device to the compute - shell: > - lxc-device -n {{ container_name }} add /dev/net/tun /dev/net/tun - delegate_to: "{{ physical_host }}" - when: is_metal != true - -- name: Add kvm device to the compute - shell: > - lxc-device -n {{ container_name }} add /dev/kvm /dev/kvm - delegate_to: "{{ physical_host }}" - when: virt_type == 'kvm' and is_metal != true - -- name: Ensure kvm permissions - shell: > - udevadm trigger - when: virt_type == 'kvm' - -- name: Create log directory - file: - path: "/openstack/log/{{ physical_host}}" - state: directory - owner: "{{ system_user|default('root') }}" - group: "{{ system_group|default('root') }}" - mode: '0755' - force: true - when: is_metal == true - -- name: Remove old log dir on metal - shell: > - ls /openstack/log/{{ physical_host }}/nova-compute.log 2>/dev/null || rm -rf /var/log/nova/ - when: is_metal == true - -- name: Create log aggregation links - file: - src: "/openstack/log/{{ physical_host}}" - dest: "/var/log/nova" - state: "link" - when: is_metal == true - -- name: Create nova log dir - file: - path: "/var/log/nova" - state: directory - group: "{{ system_group|default('root') }}" - owner: "{{ system_user|default('root') }}" - mode: '0755' - recurse: no - when: is_metal == false - diff --git a/playbooks/roles/nova_compute_sshkey_create/tasks/main.yml b/playbooks/roles/nova_compute_sshkey_create/tasks/main.yml deleted file mode 100644 index 64631c36e0..0000000000 --- a/playbooks/roles/nova_compute_sshkey_create/tasks/main.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Set nova users shell to /bin/bash and generate ssh_key - user: - name: "nova" - shell: "/bin/bash" - -- name: Create the keys directory for the nova user - file: - state: "directory" - path: "/var/lib/nova/.ssh" - group: "nova" - owner: "nova" - mode: "0700" - -- name: Remove old key file(s) if found - file: - path: "{{ item }}" - state: "absent" - with_items: - - "/var/lib/nova/.ssh/authorized_keys" - - "/var/lib/nova/.ssh/id_rsa" - - "/var/lib/nova/.ssh/id_rsa.pub" - -- name: Create the nova SSH key if it doesnt exist - command: ssh-keygen -f /var/lib/nova/.ssh/id_rsa -t rsa -q -N "" - sudo: yes - sudo_user: "{{ system_user }}" - -- name: Create empty 'authorized_keys' file - file: path="/var/lib/nova/.ssh/authorized_keys" state="touch" - -- name: Change permissions on the generated keys - file: - path: "{{ item.path }}" - group: "{{ system_user }}" - owner: "{{ system_user }}" - mode: "{{ item.mode }}" - with_items: - - { path: "/var/lib/nova/.ssh/authorized_keys", mode: "0700" } - - { path: "/var/lib/nova/.ssh/id_rsa", mode: "0600" } - - { path: "/var/lib/nova/.ssh/id_rsa.pub", mode: "0644" } - -- name: Get public key contents - command: cat /var/lib/nova/.ssh/id_rsa.pub - register: nova_pub - changed_when: false - -- name: Build authorized keys - shell: echo "{{ nova_pub.stdout }}" | tee -a /var/lib/nova/.ssh/authorized_keys - delegate_to: "{{ groups['nova_compute'][0] }}" diff --git a/playbooks/roles/nova_compute_sshkey_setup/tasks/main.yml b/playbooks/roles/nova_compute_sshkey_setup/tasks/main.yml deleted file mode 100644 index dce386a278..0000000000 --- a/playbooks/roles/nova_compute_sshkey_setup/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Prevent known_hosts from causing an issue - copy: - src: "ssh_config" - dest: "/var/lib/nova/.ssh/config" - owner: "nova" - group: "nova" - mode: "0644" - -- name: Set authorized_keys permissions - file: - path: "/var/lib/nova/.ssh/authorized_keys" - owner: "nova" - group: "nova" - mode: "0600" diff --git a/playbooks/roles/nova_setup/tasks/main.yml b/playbooks/roles/nova_setup/tasks/main.yml deleted file mode 100644 index 2a17f17032..0000000000 --- a/playbooks/roles/nova_setup/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Perform a Nova DB sync - command: nova-manage db sync - sudo: yes - sudo_user: "{{ system_user }}" diff --git a/playbooks/roles/openstack_common/tasks/pip_install.yml b/playbooks/roles/openstack_common/tasks/pip_install.yml deleted file mode 100644 index 49cc6c3cd9..0000000000 --- a/playbooks/roles/openstack_common/tasks/pip_install.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Install service source - pip: - name: "/opt/{{ service_name }}_{{ git_install_branch | replace('/', '_') }}" - extra_args: "{{ pip_install_options|default('') }}" - register: pip_install - until: pip_install|success - retries: 5 - async: 1800 - delay: 5 - poll: 5 - -- name: Install pip repo plugins - pip: - name: "{{ git_dest }}/{{ item.path }}/{{ item.package }}" - extra_args: "{{ pip_install_options|default('') }}" - when: git_dest is defined and git_repo_plugins is defined - with_items: git_repo_plugins - register: pip_install - until: pip_install|success - retries: 5 - delay: 10 diff --git a/playbooks/roles/openstack_hosts/CONTRIBUTING.rst b/playbooks/roles/openstack_hosts/CONTRIBUTING.rst new file mode 100644 index 0000000000..a487f432e0 --- /dev/null +++ b/playbooks/roles/openstack_hosts/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack host setup +#################### +:tags: openstack, host, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/openstack_hosts/LICENSE b/playbooks/roles/openstack_hosts/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/openstack_hosts/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/openstack_hosts/README.rst b/playbooks/roles/openstack_hosts/README.rst new file mode 100644 index 0000000000..ae72e5f1f5 --- /dev/null +++ b/playbooks/roles/openstack_hosts/README.rst @@ -0,0 +1,14 @@ +OpenStack host setup +#################### +:tags: openstack, host, cloud, ansible +:category: \*nix + +Role for basic setup and configuration of a host machine for the intended purpose of use within OpenStack. + +.. code-block:: yaml + + - name: Basic host setup + hosts: "hosts" + user: root + roles: + - { role: "openstack_hosts", tags: [ "openstack-hosts-setup" ] } diff --git a/playbooks/vars/config_vars/container_config_nova_compute.yml b/playbooks/roles/openstack_hosts/defaults/main.yml similarity index 53% rename from playbooks/vars/config_vars/container_config_nova_compute.yml rename to playbooks/roles/openstack_hosts/defaults/main.yml index 0ac9caf2cc..9d185cc7d7 100644 --- a/playbooks/vars/config_vars/container_config_nova_compute.yml +++ b/playbooks/roles/openstack_hosts/defaults/main.yml @@ -13,49 +13,73 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Set the options that we want for the container, these are config options. -# The option is set as a YAML list which translates into "key = value" in config -container_config_options: - - "lxc.tty=4" - - "lxc.pts=1024" - - "lxc.aa_profile=unconfined" - - "lxc.mount.auto=cgroup" - - "lxc.cgroup.devices.allow=a *:* rmw" - - "lxc.mount.entry=/lib/modules lib/modules none bind 0 0" - - "lxc.mount.entry=/openstack/instances var/lib/nova/instances none defaults,bind 0.0" +openstack_code_name: 1AndOne=11 +openstack_release: master -required_inner_dirs: - - "/var/lib/nova/instances" - - "/lib/modules" +openstack_host_systat_enabled: true +openstack_host_systat_interval: 1 +openstack_host_systat_statistics_hour: 23 -required_outer_dirs: - - "/openstack/instances" - - "/lib/modules" +openstack_host_disbale_auto_updates: true -kernel_modules: - - nbd - - vhost_net - - ip6table_filter - - ip6_tables - - ipt_REJECT - - iptable_mangle - - ipt_MASQUERADE - - iptable_nat - - iptable_filter - - ip_tables - - nf_conntrack_ipv4 - - nf_defrag_ipv4 - - nf_nat_ipv4 - - nf_nat - - nf_conntrack - - x_tables - - iscsi_tcp - - scsi_dh +## Defined required kernel. presently 3.13.0-32-generic +openstack_host_required_kernel: 3.13.0-34-generic + +## Kernel modules loaded on hosts +openstack_host_kernel_modules: + - 8021q - dm_multipath - dm_snapshot + - ip6table_filter + - ip6_tables + - ip_tables + - ipt_MASQUERADE + - ipt_REJECT + - iptable_filter + - iptable_mangle + - iptable_nat + - iscsi_tcp + - nbd + - nf_conntrack + - nf_conntrack_ipv4 + - nf_defrag_ipv4 + - nf_nat + - nf_nat_ipv4 + - scsi_dh + - vhost_net + - x_tables -sysctl_options: +## Base packages +openstack_host_apt_packages: + - apparmor-utils + - bridge-utils + - build-essential + - cgroup-lite + - curl + - dmeventd + - dstat + - htop + - iptables + - libkmod-dev + - libkmod2 + - lvm2 + - python-software-properties + - python-dev + - rsync + - rsyslog + - sshpass + - sysstat + - time + - vlan + - wget + +# System control kernel tuning +openstack_kernel_options: + - { key: 'fs.inotify.max_user_watches', value: 36864 } - { key: 'net.ipv4.conf.all.rp_filter', value: 0 } - { key: 'net.ipv4.conf.default.rp_filter', value: 0 } - { key: 'net.ipv4.ip_forward', value: 1 } - { key: 'net.netfilter.nf_conntrack_max', value: 262144 } + - { key: 'vm.dirty_background_ratio', value: 5 } + - { key: 'vm.dirty_ratio', value: 10 } + - { key: 'vm.swappiness', value: 5 } diff --git a/playbooks/roles/rsyslog_stop/tasks/main.yml b/playbooks/roles/openstack_hosts/handlers/main.yml similarity index 84% rename from playbooks/roles/rsyslog_stop/tasks/main.yml rename to playbooks/roles/openstack_hosts/handlers/main.yml index 08df9f4259..f05c2b0281 100644 --- a/playbooks/roles/rsyslog_stop/tasks/main.yml +++ b/playbooks/roles/openstack_hosts/handlers/main.yml @@ -13,8 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: stop rsyslog +- name: Restart sysstat service: - name: "rsyslog" - state: "stopped" - pattern: "rsyslog" + name: "sysstat" + state: "restarted" + pattern: "sysstat" + enabled: "yes" diff --git a/playbooks/roles/openstack_hosts/meta/main.yml b/playbooks/roles/openstack_hosts/meta/main.yml new file mode 100644 index 0000000000..0960806654 --- /dev/null +++ b/playbooks/roles/openstack_hosts/meta/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Base host setup for a OpenStack Private Cloud host + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - host + - development + - openstack +dependencies: [] diff --git a/playbooks/roles/common/tasks/main.yml b/playbooks/roles/openstack_hosts/tasks/main.yml similarity index 66% rename from playbooks/roles/common/tasks/main.yml rename to playbooks/roles/openstack_hosts/tasks/main.yml index 4bd5cef4ae..6db6514f05 100644 --- a/playbooks/roles/common/tasks/main.yml +++ b/playbooks/roles/openstack_hosts/tasks/main.yml @@ -13,12 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: kernel_check.yml -- include: apt_pinning.yml -- include: repos.yml -- include: utils.yml -- include: get_pip.yml -- include: install_pip_deps.yml +- include: openstack_host_packages.yml +- include: openstack_sysstat.yml +- include: openstack_update_hosts_file.yml +- include: openstack_lvm_config.yml +- include: openstack_kernel_check.yml +- include: openstack_kernel_modules.yml +- include: openstack_kernel_tuning.yml +- include: openstack_authorized_keys.yml - include: openstack_release.yml -- include: lvm_conf.yml -- include: ssh_config.yml diff --git a/playbooks/roles/host_common/tasks/authorized_keys.yml b/playbooks/roles/openstack_hosts/tasks/openstack_authorized_keys.yml similarity index 92% rename from playbooks/roles/host_common/tasks/authorized_keys.yml rename to playbooks/roles/openstack_hosts/tasks/openstack_authorized_keys.yml index e5a6afa6e6..810ffd70d9 100644 --- a/playbooks/roles/host_common/tasks/authorized_keys.yml +++ b/playbooks/roles/openstack_hosts/tasks/openstack_authorized_keys.yml @@ -20,6 +20,8 @@ group: "{{ ansible_user_id }}" owner: "{{ ansible_user_id }}" mode: "0755" + tags: + - openstack-host-keys - name: Update SSH keys get_url: @@ -27,6 +29,8 @@ dest: "{{ ansible_env.HOME }}/.ssh/remotekeys" mode: "0640" when: ssh_key_url is defined + tags: + - openstack-host-keys - name: Ensure all keys in authorized_keys shell: | @@ -36,3 +40,5 @@ fi done < /root/.ssh/remotekeys when: ssh_key_url is defined + tags: + - openstack-host-keys diff --git a/playbooks/roles/host_common/tasks/sysstat.yml b/playbooks/roles/openstack_hosts/tasks/openstack_host_packages.yml similarity index 71% rename from playbooks/roles/host_common/tasks/sysstat.yml rename to playbooks/roles/openstack_hosts/tasks/openstack_host_packages.yml index 016769033d..884df426db 100644 --- a/playbooks/roles/host_common/tasks/sysstat.yml +++ b/playbooks/roles/openstack_hosts/tasks/openstack_host_packages.yml @@ -13,21 +13,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Install sysstat +- name: Install host packages apt: - pkg: sysstat + pkg: "{{ item }}" state: present update_cache: yes cache_valid_time: 600 - -- name: Enable sysstat - template: > - src=sysstat - dest=/etc/default/sysstat - notify: Restart sysstat - -- name: Enable sysstat cron - template: > - src=sysstat.cron - dest=/etc/cron.d/sysstat - notify: Restart sysstat + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: openstack_host_apt_packages + tags: + - openstack-host-packages diff --git a/playbooks/roles/common/tasks/kernel_check.yml b/playbooks/roles/openstack_hosts/tasks/openstack_kernel_check.yml similarity index 80% rename from playbooks/roles/common/tasks/kernel_check.yml rename to playbooks/roles/openstack_hosts/tasks/openstack_kernel_check.yml index 9a88602094..6a1f5f9d3d 100644 --- a/playbooks/roles/common/tasks/kernel_check.yml +++ b/playbooks/roles/openstack_hosts/tasks/openstack_kernel_check.yml @@ -13,8 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# This will check for kernel as defined in the required kernel hash - - name: Check Kernel Variant fail: msg: > @@ -22,11 +20,15 @@ [ {{ ansible_kernel.split('-')[2] }} != generic ] Resolve this issue before continuing. when: ansible_kernel.split('-')[2] != 'generic' + tags: + - openstack-host-kernel-check - name: Check Kernel Version fail: msg: > Wrong kernel Version found - [ {{ ansible_kernel }} < {{ required_kernel }} ] + [ {{ ansible_kernel }} < {{ openstack_host_required_kernel }} ] Resolve this issue before continuing. - when: ansible_kernel | version_compare(required_kernel, '<') + when: ansible_kernel | version_compare(openstack_host_required_kernel, '<') + tags: + - openstack-host-kernel-check diff --git a/playbooks/roles/host_common/tasks/kernel_modules.yml b/playbooks/roles/openstack_hosts/tasks/openstack_kernel_modules.yml similarity index 73% rename from playbooks/roles/host_common/tasks/kernel_modules.yml rename to playbooks/roles/openstack_hosts/tasks/openstack_kernel_modules.yml index a1a2a5ad04..0170ca204d 100644 --- a/playbooks/roles/host_common/tasks/kernel_modules.yml +++ b/playbooks/roles/openstack_hosts/tasks/openstack_kernel_modules.yml @@ -16,12 +16,16 @@ - name: "Ensure kernel module(s)" modprobe: name: "{{ item }}" - with_items: host_kernel_modules - when: host_kernel_modules is defined + with_items: openstack_host_kernel_modules + when: openstack_host_kernel_modules is defined + tags: + - openstack-host-kernel-modules - name: "Ensure kernel module(s) loaded at boot" lineinfile: dest: /etc/modules line: "{{ item }}" - with_items: host_kernel_modules - when: host_kernel_modules is defined + with_items: openstack_host_kernel_modules + when: openstack_host_kernel_modules is defined + tags: + - openstack-host-kernel-modules diff --git a/playbooks/roles/container_extra_setup/tasks/sysctl.yml b/playbooks/roles/openstack_hosts/tasks/openstack_kernel_tuning.yml similarity index 88% rename from playbooks/roles/container_extra_setup/tasks/sysctl.yml rename to playbooks/roles/openstack_hosts/tasks/openstack_kernel_tuning.yml index d79ace13b0..22d7bd13cc 100644 --- a/playbooks/roles/container_extra_setup/tasks/sysctl.yml +++ b/playbooks/roles/openstack_hosts/tasks/openstack_kernel_tuning.yml @@ -20,6 +20,7 @@ sysctl_set: "{{ item.set|default('yes') }}" state: "{{ item.state|default('present') }}" reload: "{{ item.reload|default('yes') }}" - when: sysctl_options is defined - with_items: sysctl_options - delegate_to: "{{ physical_host }}" + with_items: openstack_kernel_options + ignore_errors: true + tags: + - openstack-host-kernel-tuning diff --git a/playbooks/roles/openstack_hosts/tasks/openstack_lvm_config.yml b/playbooks/roles/openstack_hosts/tasks/openstack_lvm_config.yml new file mode 100644 index 0000000000..01af7dd131 --- /dev/null +++ b/playbooks/roles/openstack_hosts/tasks/openstack_lvm_config.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Discover lvm devices + shell: | + /sbin/pvdisplay | awk '/PV\ Name/ {print $3}' | sed 's/\/dev\///g' + register: lvm_devices + changed_when: lvm_devices.rc != 0 + failed_when: false + tags: + - openstack-host-lvm-config + +- name: Ensure "/etc/lvm" directory + file: + state: "directory" + path: "/etc/lvm" + when: lvm_devices.rc == 0 + tags: + - openstack-host-lvm-config + +- name: Drop lvm Config + template: + src: "lvm.conf.j2" + dest: "/etc/lvm/lvm.conf" + owner: "root" + group: "root" + backup: "yes" + when: lvm_devices.rc == 0 + tags: + - openstack-host-lvm-config diff --git a/playbooks/roles/common/tasks/openstack_release.yml b/playbooks/roles/openstack_hosts/tasks/openstack_release.yml similarity index 91% rename from playbooks/roles/common/tasks/openstack_release.yml rename to playbooks/roles/openstack_hosts/tasks/openstack_release.yml index 6f3d8c99eb..52c0bd99f2 100644 --- a/playbooks/roles/common/tasks/openstack_release.yml +++ b/playbooks/roles/openstack_hosts/tasks/openstack_release.yml @@ -13,9 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Drop openstack version file +- name: Drop openstack release file template: src: "openstack-release.j2" dest: "/etc/openstack-release" owner: "root" group: "root" + tags: + - openstack-release diff --git a/playbooks/roles/keystone_common/tasks/keystone_config.yml b/playbooks/roles/openstack_hosts/tasks/openstack_sysstat.yml similarity index 67% rename from playbooks/roles/keystone_common/tasks/keystone_config.yml rename to playbooks/roles/openstack_hosts/tasks/openstack_sysstat.yml index dcaa6c9c68..481b052eb5 100644 --- a/playbooks/roles/keystone_common/tasks/keystone_config.yml +++ b/playbooks/roles/openstack_hosts/tasks/openstack_sysstat.yml @@ -13,13 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Generate Keystone Config +- name: Enable sysstat template: src: "{{ item.src }}" - dest: "/etc/keystone/{{ item.dest }}" - owner: "{{ system_user }}" - group: "{{ system_group }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode|default('0644')}}" with_items: - - { dest: "keystone.conf", src: "keystone.conf.j2" } - - { dest: "policy.json", src: "policy.json.j2" } - - { dest: "keystone-paste.ini", src: "keystone-paste.ini.j2" } + - { src: "sysstat.default.j2", dest: "/etc/default/sysstat" } + - { src: "sysstat.cron.j2", dest: "/etc/cron.d/sysstat", mode: "0755" } + notify: Restart sysstat + tags: + - openstack-host-sysstat diff --git a/playbooks/roles/host_common/tasks/updatehostsfile.yml b/playbooks/roles/openstack_hosts/tasks/openstack_update_hosts_file.yml similarity index 92% rename from playbooks/roles/host_common/tasks/updatehostsfile.yml rename to playbooks/roles/openstack_hosts/tasks/openstack_update_hosts_file.yml index f306651209..cffdb2620c 100644 --- a/playbooks/roles/host_common/tasks/updatehostsfile.yml +++ b/playbooks/roles/openstack_hosts/tasks/openstack_update_hosts_file.yml @@ -21,6 +21,8 @@ with_items: - "{{ groups['all_containers'] }}" - "{{ groups['hosts'] }}" + tags: + - openstack-host-hostfile - name: Update hosts file remove stale Host entries lineinfile: @@ -30,6 +32,8 @@ with_items: - "{{ groups['all_containers'] }}" - "{{ groups['hosts'] }}" + tags: + - openstack-host-hostfile - name: Update hosts file from ansible inventory lineinfile: @@ -39,3 +43,5 @@ with_items: - "{{ groups['all_containers'] }}" - "{{ groups['hosts'] }}" + tags: + - openstack-host-hostfile diff --git a/playbooks/roles/common/templates/lvm.conf b/playbooks/roles/openstack_hosts/templates/lvm.conf.j2 similarity index 97% rename from playbooks/roles/common/templates/lvm.conf rename to playbooks/roles/openstack_hosts/templates/lvm.conf.j2 index ce81ba368d..5da4b68bcb 100644 --- a/playbooks/roles/common/templates/lvm.conf +++ b/playbooks/roles/openstack_hosts/templates/lvm.conf.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} + {% set used_lvm_devices = [] %} {% set lv_devices = lvm_devices.stdout.split('\n') %} {% if lv_devices|length > 0 %} @@ -10,12 +12,14 @@ {% endif %} # Ansible Discovered LVM Devices {{ lv_devices }} + {% if used_lvm_devices|length <= 0 %} {% if used_lvm_devices.append('"a/.*/"') %}{% endif %} {% else %} {% if used_lvm_devices.append('"r/.*/"') %}{% endif %} {% endif %} -{% if is_metal != true %} + +{% if is_metal == false or is_metal == "False" %} {% set use_udev = 0 %} {% else %} {% set use_udev = 1 %} diff --git a/playbooks/roles/openstack_hosts/templates/openstack-release.j2 b/playbooks/roles/openstack_hosts/templates/openstack-release.j2 new file mode 100644 index 0000000000..a35c342ec5 --- /dev/null +++ b/playbooks/roles/openstack_hosts/templates/openstack-release.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +DISTRIB_ID="OASD" +DISTRIB_RELEASE="{{ openstack_release }}" +DISTRIB_CODENAME="{{ openstack_code_name }}" +DISTRIB_DESCRIPTION="OpenStack Cloud" diff --git a/playbooks/roles/openstack_hosts/templates/sysstat.cron.j2 b/playbooks/roles/openstack_hosts/templates/sysstat.cron.j2 new file mode 100644 index 0000000000..6414cd384b --- /dev/null +++ b/playbooks/roles/openstack_hosts/templates/sysstat.cron.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +# The first element of the path is a directory where the debian-sa1 script is located +PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin + +# Activity reports every 10 minutes everyday +*/{{ openstack_host_systat_interval }} * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 + +# Additional run at 23:59 to rotate the statistics file +59 {{ openstack_host_systat_statistics_hour }} * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2 diff --git a/playbooks/roles/host_common/templates/sysstat b/playbooks/roles/openstack_hosts/templates/sysstat.default.j2 similarity index 78% rename from playbooks/roles/host_common/templates/sysstat rename to playbooks/roles/openstack_hosts/templates/sysstat.default.j2 index 285caefe6b..e97b0f2ac8 100644 --- a/playbooks/roles/host_common/templates/sysstat +++ b/playbooks/roles/openstack_hosts/templates/sysstat.default.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} + # # Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat # and /etc/cron.daily/sysstat files @@ -6,4 +8,4 @@ # Should sadc collect system activity informations? Valid values # are "true" and "false". Please do not put other values, they # will be overwritten by debconf! -ENABLED="true" \ No newline at end of file +ENABLED="{{ openstack_host_systat_enabled }}" diff --git a/playbooks/roles/openstack_openrc/CONTRIBUTING.rst b/playbooks/roles/openstack_openrc/CONTRIBUTING.rst new file mode 100644 index 0000000000..8504750aab --- /dev/null +++ b/playbooks/roles/openstack_openrc/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack openrc file +##################### +:tags: openstack, openrc, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/openstack_openrc/LICENSE b/playbooks/roles/openstack_openrc/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/openstack_openrc/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/openstack_openrc/README.rst b/playbooks/roles/openstack_openrc/README.rst new file mode 100644 index 0000000000..22a697701b --- /dev/null +++ b/playbooks/roles/openstack_openrc/README.rst @@ -0,0 +1,23 @@ +OpenStack openrc file +##################### +:tags: openstack, openrc, cloud, ansible +:category: \*nix + +Role for the creation of an openrc file for the intended purpose to set credentials up for use within OpenStack. + +.. code-block:: yaml + + - name: Install memcached + hosts: memcached + user: root + roles: + - { role: "memcached_server", tags: [ "memcached-server" ] } + vars: + openrc_cinder_endpoint_type: internalURL + openrc_nova_endpoint_type: internalURL + openrc_os_endpoint_type: internalURL + openrc_os_username: admin + openrc_os_tenant_name: admin + openrc_os_auth_url: "http://10.0.0.1:5000" + openrc_os_password: "secrete" + openrc_file_dest: /root/openrc diff --git a/playbooks/roles/utility_logging/tasks/main.yml b/playbooks/roles/openstack_openrc/defaults/main.yml similarity index 59% rename from playbooks/roles/utility_logging/tasks/main.yml rename to playbooks/roles/openstack_openrc/defaults/main.yml index 5205b4df7e..fda31de191 100644 --- a/playbooks/roles/utility_logging/tasks/main.yml +++ b/playbooks/roles/openstack_openrc/defaults/main.yml @@ -13,17 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Install elasticshell - get_url: > - url=https://github.com/d34dh0r53/es2unix/raw/master/bin/es - dest=/usr/local/bin/es - mode=0755 - register: es_success - until: es_success|success - retries: 3 +## Endpoint types +openrc_cinder_endpoint_type: internalURL +openrc_nova_endpoint_type: internalURL +openrc_os_endpoint_type: internalURL +## Default credentials +openrc_os_username: admin +openrc_os_tenant_name: admin +openrc_os_auth_url: "http://127.0.0.1:5000" -- name: Alias elasticshell - lineinfile: > - dest=/etc/bash.bashrc - line="alias es='es -u http://{{ internal_vip_address }}:9200'" +## Create file +openrc_file_dest: "{{ ansible_env.HOME }}/openrc" +openrc_file_owner: "{{ ansible_user_id }}" +openrc_file_group: "{{ ansible_user_id }}" diff --git a/playbooks/roles/openstack_openrc/meta/main.yml b/playbooks/roles/openstack_openrc/meta/main.yml new file mode 100644 index 0000000000..b1e1f1e4a1 --- /dev/null +++ b/playbooks/roles/openstack_openrc/meta/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Inclusion of the typical openstack openrc file + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - openrc + - development + - openstack +dependencies: [] diff --git a/playbooks/roles/openstack_openrc/tasks/main.yml b/playbooks/roles/openstack_openrc/tasks/main.yml index d27c3b733c..38a9a6e9ac 100644 --- a/playbooks/roles/openstack_openrc/tasks/main.yml +++ b/playbooks/roles/openstack_openrc/tasks/main.yml @@ -14,9 +14,11 @@ # limitations under the License. - name: Create openrc file - template: > - src=openrc - dest=/root/openrc - owner=root - group=root - mode=0600 + template: + src: openrc + dest: "{{ openrc_file_dest }}" + owner: "{{ openrc_file_owner }}" + group: "{{ openrc_file_group }}" + mode: "0600" + tags: + - openstack-openrc-file diff --git a/playbooks/roles/openstack_openrc/templates/openrc b/playbooks/roles/openstack_openrc/templates/openrc index def00638f4..1d43b554ee 100644 --- a/playbooks/roles/openstack_openrc/templates/openrc +++ b/playbooks/roles/openstack_openrc/templates/openrc @@ -1,15 +1,15 @@ # Do not edit, changes will be overwritten # COMMON CINDER ENVS -export CINDER_ENDPOINT_TYPE=internalURL +export CINDER_ENDPOINT_TYPE={{ openrc_cinder_endpoint_type }} # COMMON NOVA ENVS -export NOVA_ENDPOINT_TYPE=internalURL +export NOVA_ENDPOINT_TYPE={{ openrc_nova_endpoint_type }} # COMMON OPENSTACK ENVS -export OS_ENDPOINT_TYPE=internalURL -export OS_USERNAME={{ auth_admin_username }} -export OS_PASSWORD={{ auth_admin_password }} -export OS_TENANT_NAME={{ auth_admin_tenant }} -export OS_AUTH_URL={{ auth_identity_uri }} +export OS_ENDPOINT_TYPE={{ openrc_os_endpoint_type }} +export OS_USERNAME={{ openrc_os_username }} +export OS_PASSWORD={{ openrc_os_password }} +export OS_TENANT_NAME={{ openrc_os_tenant_name }} +export OS_AUTH_URL={{ openrc_os_auth_url }} export OS_NO_CACHE=1 diff --git a/playbooks/roles/os_cinder/CONTRIBUTING.rst b/playbooks/roles/os_cinder/CONTRIBUTING.rst new file mode 100644 index 0000000000..da591c5b4e --- /dev/null +++ b/playbooks/roles/os_cinder/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack cinder +################ +:tags: openstack, cinder, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/os_cinder/LICENSE b/playbooks/roles/os_cinder/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/os_cinder/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/os_cinder/README.rst b/playbooks/roles/os_cinder/README.rst new file mode 100644 index 0000000000..5ed16b73ef --- /dev/null +++ b/playbooks/roles/os_cinder/README.rst @@ -0,0 +1,21 @@ +OpenStack cinder +################ +:tags: openstack, cinder, cloud, ansible +:category: \*nix + +Role for deployment, setup and installation of cinder. + +This role will install the following: + * cinder-api + * cinder-volume + * cinder-scheduler + +.. code-block:: yaml + + - name: Installation and setup of cinder + hosts: cinder_all + user: root + roles: + - { role: "os_cinder", tags: [ "os-cinder" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" diff --git a/playbooks/roles/os_cinder/defaults/main.yml b/playbooks/roles/os_cinder/defaults/main.yml new file mode 100644 index 0000000000..b910b3a3b7 --- /dev/null +++ b/playbooks/roles/os_cinder/defaults/main.yml @@ -0,0 +1,172 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +cinder_storage_availability_zone: nova +cinder_default_availability_zone: "{{ cinder_storage_availability_zone }}" + +cinder_storage_address: 127.0.0.1 + +cinder_nova_catalog_info: compute:nova:internalURL +cinder_nova_catalog_admin_info: compute:nova:adminURL + +## DB +cinder_galera_user: cinder +cinder_galera_database: cinder + +## Cinder User / Group +cinder_system_user_name: cinder +cinder_system_group_name: cinder +cinder_system_comment: cinder system user +cinder_system_shell: /bin/false +cinder_system_home_folder: "/var/lib/{{ cinder_system_user_name }}" + +## Cinder Auth +cinder_service_admin_tenant_name: "service" +cinder_service_admin_username: "cinder" + +## Cinder api service type and data +cinder_service_name: cinder +cinder_service_user_name: cinder +cinder_service_tenant_name: service +cinder_service_role_name: admin +cinder_service_region: RegionOne +cinder_service_description: "Cinder Volume Service" +cinder_service_port: 8776 +cinder_service_proto: http +cinder_service_type: volume +cinder_service_publicuri: "{{ cinder_service_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}" +cinder_service_publicurl: "{{ cinder_service_publicuri }}/v1/%(tenant_id)s" +cinder_service_adminuri: "{{ cinder_service_proto }}://{{ internal_lb_vip_address }}:{{ cinder_service_port }}" +cinder_service_adminurl: "{{ cinder_service_adminuri }}/v1/%(tenant_id)s" +cinder_service_internaluri: "{{ cinder_service_proto }}://{{ internal_lb_vip_address }}:{{ cinder_service_port }}" +cinder_service_internalurl: "{{ cinder_service_internaluri }}/v1/%(tenant_id)s" +cinder_service_program_name: cinder-api + +cinder_service_v2_name: cinderv2 +cinder_service_v2_port: 8776 +cinder_service_v2_proto: http +cinder_service_v2_type: volumev2 +cinder_service_v2_description: "Cinder Volume Service V2" +cinder_service_v2_publicuri: "{{ cinder_service_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}" +cinder_service_v2_publicurl: "{{ cinder_service_publicuri }}/v2/%(tenant_id)s" +cinder_service_v2_adminuri: "{{ cinder_service_proto }}://{{ internal_lb_vip_address }}:{{ cinder_service_port }}" +cinder_service_v2_adminurl: "{{ cinder_service_adminuri }}/v2/%(tenant_id)s" +cinder_service_v2_internaluri: "{{ cinder_service_proto }}://{{ internal_lb_vip_address }}:{{ cinder_service_port }}" +cinder_service_v2_internalurl: "{{ cinder_service_internaluri }}/v2/%(tenant_id)s" + +## In order to enable the cinder backup you MUST set ``cinder_backup_program_enabled`` to "true" +## Additionally the configuration section will not be put in the `cinder.conf` file unless the +## following variables are defined: +# * cinder_service_backup_swift_user +# * cinder_service_backup_swift_user +# * cinder_service_backup_swift_key +cinder_service_backup_program_enabled: false +cinder_service_backup_program_name: cinder-volume +cinder_service_backup_driver: cinder.backup.drivers.swift +cinder_service_backup_swift_url: http://127.0.0.1:8080/v1/AUTH +cinder_service_backup_swift_user: admin +cinder_service_backup_swift_key: secrete +cinder_service_backup_swift_auth: per_user +cinder_service_backup_swift_container: volumebackups +cinder_service_backup_swift_object_size: 52428800 +cinder_service_backup_swift_retry_attempts: 3 +cinder_service_backup_swift_retry_backoff: 2 +cinder_service_backup_compression_algorithm: zlib + +cinder_service_volume_program_name: cinder-volume + +cinder_service_scheduler_program_name: cinder-scheduler + +# If ``cinder_osapi_volume_workers`` is unset the system will use half the number of +# available VCPUS to compute the number of api workers to use. +# cinder_osapi_volume_workers: 16 + +## Cinder iscsi +cinder_iscsi_helper: tgtadm +cinder_iscsi_iotype: fileio +cinder_iscsi_num_targets: 100 +cinder_iscsi_port: 3260 + +## Cinder RPC +cinder_rpc_backend: rabbit + +# (StrOpt) Method used to wipe old voumes (valid options are: none, zero, +# shred) +cinder_volume_clear: shred +# (StrOpt) The flag to pass to ionice to alter the i/o priority of the process +# used to zero a volume after deletion, for example "-c3" for idle only +# priority. +cinder_volume_clear_ionice: -c3 + +# (IntOpt) Size in MiB to wipe at start of old volumes. 0 => all +cinder_volume_clear_size: 0 + +cinder_volume_name_template: volume-%s + +## General configuration +## Set this in rpc_user_config.yml UNLESS you want all hosts to use the same +## Cinder backends. See the rpc_user_config example for more on how this is done. +# cinder_backends: +# lvm: +# volume_group: cinder-volumes +# volume_driver: cinder.volume.drivers.lvm.LVMISCSIDriver +# volume_backend_name: LVM_iSCSI + +## Define nfs information for cinder. When the cinder_nfs_client dictionary is defined, +## it will enable nfs shares. The value ``nfs_shares_config`` is the path on the disk +## where the NFS export will live. The ``shares`` value is a list of dictionaries that +## must have the IP address of the NFS server and the location where the export will be. +# cinder_nfs_client: +# nfs_shares_config: /etc/cinder/nfs_shares +# shares: +# - ip: "127.0.0.1" +# share: "/vol/cinder" + +# Common apt packages +cinder_apt_packages: + - dmeventd + - libpq-dev + - libkmod-dev + - libkmod2 + - nfs-common + - parted + - qemu-utils + - rpcbind + - tgt + - zlib1g + - zlibc + +# Common pip packages +cinder_pip_packages: + - cinder + - ecdsa + - httplib2 + - keystonemiddleware + - MySQL-python + - python-memcached + - pycrypto + - python-cinderclient + - python-keystoneclient + - pywbem + +# Service Names +cinder_service_names: + - cinder-api + - cinder-scheduler + - cinder-volume + - cinder-backup diff --git a/playbooks/roles/cinder_common/templates/api-paste.ini b/playbooks/roles/os_cinder/files/api-paste.ini similarity index 100% rename from playbooks/roles/cinder_common/templates/api-paste.ini rename to playbooks/roles/os_cinder/files/api-paste.ini diff --git a/playbooks/roles/cinder_common/templates/policy.json b/playbooks/roles/os_cinder/files/policy.json similarity index 100% rename from playbooks/roles/cinder_common/templates/policy.json rename to playbooks/roles/os_cinder/files/policy.json diff --git a/playbooks/roles/cinder_common/templates/rootwrap.conf b/playbooks/roles/os_cinder/files/rootwrap.conf similarity index 100% rename from playbooks/roles/cinder_common/templates/rootwrap.conf rename to playbooks/roles/os_cinder/files/rootwrap.conf diff --git a/playbooks/roles/cinder_common/templates/rootwrap.d/volume.filters b/playbooks/roles/os_cinder/files/volume.filters similarity index 51% rename from playbooks/roles/cinder_common/templates/rootwrap.d/volume.filters rename to playbooks/roles/os_cinder/files/volume.filters index 5b574040a7..2d23743f3a 100644 --- a/playbooks/roles/cinder_common/templates/rootwrap.d/volume.filters +++ b/playbooks/roles/os_cinder/files/volume.filters @@ -41,11 +41,17 @@ iscsiadm: CommandFilter, iscsiadm, root # cinder/volume/drivers/lvm.py: 'shred', '-n0', '-z', '-s%dMiB' shred: CommandFilter, shred, root -#cinder/volume/.py: utils.temporary_chown(path, 0), ... +# cinder/volume/utils.py: utils.temporary_chown(path, 0) chown: CommandFilter, chown, root -ionice_1: RegExpFilter, ionice, root, ionice, -c[0-3]( -n[0-7])?, dd, if=\S+, of=\S+, count=\d+, bs=\S+ -ionice_2: RegExpFilter, ionice, root, ionice, -c[0-3]( -n[0-7])?, dd, if=\S+, of=\S+, count=\d+, bs=\S+, iflag=direct, oflag=direct -ionice_3: RegExpFilter, ionice, root, ionice, -c[0-3]( -n[0-7])?, dd, if=\S+, of=\S+, count=\d+, bs=\S+, conv=fdatasync + +# cinder/volume/utils.py: copy_volume(..., ionice='...') +ionice_1: ChainingRegExpFilter, ionice, root, ionice, -c[0-3], -n[0-7] +ionice_2: ChainingRegExpFilter, ionice, root, ionice, -c[0-3] + +# cinder/volume/utils.py: setup_blkio_cgroup() +cgcreate: CommandFilter, cgcreate, root +cgset: CommandFilter, cgset, root +cgexec: ChainingRegExpFilter, cgexec, root, cgexec, -g, blkio:\S+ # cinder/volume/driver.py dmsetup: CommandFilter, dmsetup, root @@ -74,11 +80,15 @@ netapp_nfs_find: RegExpFilter, find, root, find, ^[/]*([^/\0]+(/+)?)*$, -maxdept # cinder/volume/drivers/glusterfs.py chgrp: CommandFilter, chgrp, root +umount: CommandFilter, umount, root # cinder/volumes/drivers/hds/hds.py: hus-cmd: CommandFilter, hus-cmd, root hus-cmd_local: CommandFilter, /usr/local/bin/hus-cmd, root +# cinder/volumes/drivers/hds/hnas_backend.py +ssc: CommandFilter, ssc, root + # cinder/brick/initiator/connector.py: ls: CommandFilter, ls, root tee: CommandFilter, tee, root @@ -113,3 +123,35 @@ sg_scan: CommandFilter, sg_scan, root #cinder/backup/services/tsm.py dsmc:CommandFilter,/usr/bin/dsmc,root + +# cinder/volume/drivers/hitachi/hbsd_horcm.py +raidqry: CommandFilter, raidqry, root +raidcom: CommandFilter, raidcom, root +pairsplit: CommandFilter, pairsplit, root +paircreate: CommandFilter, paircreate, root +pairdisplay: CommandFilter, pairdisplay, root +pairevtwait: CommandFilter, pairevtwait, root +horcmstart.sh: CommandFilter, horcmstart.sh, root +horcmshutdown.sh: CommandFilter, horcmshutdown.sh, root +horcmgr: EnvFilter, env, root, HORCMINST=, /etc/horcmgr + +# cinder/volume/drivers/hitachi/hbsd_snm2.py +auman: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auman +auluref: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auluref +auhgdef: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auhgdef +aufibre1: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aufibre1 +auhgwwn: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auhgwwn +auhgmap: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auhgmap +autargetmap: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetmap +aureplicationvvol: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationvvol +auluadd: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auluadd +auludel: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auludel +auluchgsize: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auluchgsize +auchapuser: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auchapuser +autargetdef: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetdef +autargetopt: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetopt +autargetini: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/autargetini +auiscsi: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/auiscsi +audppool: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/audppool +aureplicationlocal: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationlocal +aureplicationmon: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationmon diff --git a/playbooks/roles/common/tasks/install_pip_deps.yml b/playbooks/roles/os_cinder/handlers/main.yml similarity index 71% rename from playbooks/roles/common/tasks/install_pip_deps.yml rename to playbooks/roles/os_cinder/handlers/main.yml index cf3ea99f7b..e834503d31 100644 --- a/playbooks/roles/common/tasks/install_pip_deps.yml +++ b/playbooks/roles/os_cinder/handlers/main.yml @@ -13,12 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Install pip dependencies - pip: +- name: Restart cinder services + service: name: "{{ item }}" - extra_args: "{{ pip_install_options|default('') }}" - with_items: service_pip_dependencies - when: service_pip_dependencies is defined - register: pip_install - until: pip_install|success - retries: 3 + state: restarted + pattern: "{{ item }}" + with_items: cinder_service_names + failed_when: false + +- name: Ensure tgt service restarted + service: name=tgt state=restarted pattern=tgtd diff --git a/playbooks/roles/os_cinder/meta/main.yml b/playbooks/roles/os_cinder/meta/main.yml new file mode 100644 index 0000000000..8ab30f4cee --- /dev/null +++ b/playbooks/roles/os_cinder/meta/main.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of cinder + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - cinder + - development + - openstack +dependencies: + - galera_client + - openstack_openrc + - pip_lock_down diff --git a/playbooks/roles/cinder_backend_types/tasks/main.yml b/playbooks/roles/os_cinder/tasks/cinder_backends.yml similarity index 60% rename from playbooks/roles/cinder_backend_types/tasks/main.yml rename to playbooks/roles/os_cinder/tasks/cinder_backends.yml index d81d539b20..31192f0c40 100644 --- a/playbooks/roles/cinder_backend_types/tasks/main.yml +++ b/playbooks/roles/os_cinder/tasks/cinder_backends.yml @@ -14,26 +14,20 @@ # limitations under the License. - name: Ensure cinder api ip/port are responsive - wait_for: > - port={{ cinder_service_port }} - delay=10 - host="{{ internal_vip_address }}" - -- name: check cinder api service is available - uri: > - url=http://"{{ internal_vip_address }}":"{{ cinder_service_port }}" - method=GET - return_content=true - register: cinder_get - failed_when: "'CURRENT' not in cinder_get.content" - until: cinder_get|success - retries: 20 - delay: 2 + wait_for: + port: "{{ cinder_service_port }}" + delay: 10 + host: "{{ internal_lb_vip_address }}" + tags: + - cinder-backends - name: Add in cinder devices types shell: | - . ~/openrc + . {{ ansible_env.HOME }}/openrc cinder type-create "{{ item.0 }}" - cinder type-key "{{ item.0 }}" set volume_backend_name="{{ cinder_backends[item.0]['volume_backend_name'] }}" + cinder type-key "{{ item.0 }}" set volume_backend_name="{{ item.1.volume_backend_name }}" with_items: cinder_backends|dictsort when: cinder_backends is defined + tags: + - cinder-backends + - cinder-backends-types diff --git a/playbooks/roles/os_cinder/tasks/cinder_db_setup.yml b/playbooks/roles/os_cinder/tasks/cinder_db_setup.yml new file mode 100644 index 0000000000..b33274de89 --- /dev/null +++ b/playbooks/roles/os_cinder/tasks/cinder_db_setup.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ cinder_galera_database }}" + state: "present" + tags: + - cinder-db-setup + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ cinder_galera_user }}" + password: "{{ cinder_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ cinder_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + tags: + - cinder-db-setup + +- name: Perform a cinder DB sync + command: cinder-manage db sync + sudo: yes + sudo_user: "{{ cinder_system_user_name }}" + tags: + - cinder-db-sync + - cinder-setup diff --git a/playbooks/roles/os_cinder/tasks/cinder_install.yml b/playbooks/roles/os_cinder/tasks/cinder_install.yml new file mode 100644 index 0000000000..1f15dae11a --- /dev/null +++ b/playbooks/roles/os_cinder/tasks/cinder_install.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: cinder_apt_packages + tags: + - cinder-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ cinder_pip_packages }}" + tags: + - cinder-pip-packages diff --git a/playbooks/roles/common/tasks/lvm_conf.yml b/playbooks/roles/os_cinder/tasks/cinder_lvm_config.yml similarity index 82% rename from playbooks/roles/common/tasks/lvm_conf.yml rename to playbooks/roles/os_cinder/tasks/cinder_lvm_config.yml index fbbbd3e8ad..d5322da021 100644 --- a/playbooks/roles/common/tasks/lvm_conf.yml +++ b/playbooks/roles/os_cinder/tasks/cinder_lvm_config.yml @@ -14,21 +14,29 @@ # limitations under the License. - name: Discover lvm devices - shell: > + shell: | /sbin/pvdisplay | awk '/PV\ Name/ {print $3}' | sed 's/\/dev\///g' register: lvm_devices + changed_when: lvm_devices.rc != 0 failed_when: false + tags: + - cinder-lvm-config - name: Ensure "/etc/lvm" directory file: - state: directory + state: "directory" path: "/etc/lvm" when: lvm_devices.rc == 0 + tags: + - cinder-lvm-config - name: Drop lvm Config template: - src: "lvm.conf" + src: "lvm.conf.j2" dest: "/etc/lvm/lvm.conf" owner: "root" group: "root" + backup: "yes" when: lvm_devices.rc == 0 + tags: + - cinder-lvm-config diff --git a/playbooks/roles/os_cinder/tasks/cinder_post_install.yml b/playbooks/roles/os_cinder/tasks/cinder_post_install.yml new file mode 100644 index 0000000000..b67e52868b --- /dev/null +++ b/playbooks/roles/os_cinder/tasks/cinder_post_install.yml @@ -0,0 +1,60 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Generate cinder Config + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ cinder_system_user_name }}" + group: "{{ cinder_system_group_name }}" + with_items: + - { src: "cinder.conf.j2", dest: "/etc/cinder/cinder.conf" } + notify: + - Restart cinder services + tags: + - cinder-config + +- name: Drop cinder Configs + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ cinder_system_user_name }}" + group: "{{ cinder_system_group_name }}" + with_items: + - { src: "api-paste.ini", dest: "/etc/cinder/api-paste.ini" } + - { src: "policy.json", dest: "/etc/cinder/policy.json" } + - { src: "volume.filters", dest: "/etc/cinder/rootwrap.d/volume.filters" } + - { src: "rootwrap.conf", dest: "/etc/cinder/rootwrap.conf" } + notify: + - Restart cinder services + tags: + - cinder-config + +- name: Ensure cinder tgt include + lineinfile: + dest: /etc/tgt/targets.conf + line: "include /var/lib/cinder/volumes/*" + state: present + notify: Ensure tgt service restarted + tags: + - cinder-tgt + +- name: Create nfs shares export file + template: + src: nfs_shares.j2 + dest: "{{ cinder_nfs_client.nfs_shares_config }}" + when: cinder_nfs_client is defined + tags: + - cinder-nfs diff --git a/playbooks/roles/os_cinder/tasks/cinder_pre_install.yml b/playbooks/roles/os_cinder/tasks/cinder_pre_install.yml new file mode 100644 index 0000000000..d494118909 --- /dev/null +++ b/playbooks/roles/os_cinder/tasks/cinder_pre_install.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ cinder_system_group_name }}" + state: "present" + system: "yes" + tags: + - cinder-group + +- name: Create the cinder system user + user: + name: "{{ cinder_system_user_name }}" + group: "{{ cinder_system_group_name }}" + comment: "{{ cinder_system_comment }}" + shell: "{{ cinder_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ cinder_system_home_folder }}" + tags: + - cinder-user + +- name: Create cinder dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(cinder_system_user_name) }}" + group: "{{ item.group|default(cinder_system_group_name) }}" + with_items: + - { path: "/var/cache/cinder" } + - { path: "/etc/cinder" } + - { path: "/etc/cinder/rootwrap.d" } + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "{{ cinder_system_home_folder }}" } + tags: + - cinder-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/cinder" ]; then + chown -h {{ cinder_system_user_name }}:{{ cinder_system_group_name }} "/var/log/cinder" + chown -R {{ cinder_system_user_name }}:{{ cinder_system_group_name }} "$(readlink /var/log/cinder)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - cinder-dirs + - cinder-logs + +- name: Create cinder log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(cinder_system_user_name) }}" + group: "{{ item.group|default(cinder_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/cinder" } + when: log_dir.rc != 0 + tags: + - cinder-dirs + - cinder-logs + +- name: Drop sudoers file + template: + src: "sudoers.j2" + dest: "/etc/sudoers.d/{{ cinder_system_user_name }}_sudoers" + mode: "0440" + owner: "root" + group: "root" + tags: + - sudoers + - cinder-sudoers diff --git a/playbooks/roles/os_cinder/tasks/cinder_service_add.yml b/playbooks/roles/os_cinder/tasks/cinder_service_add.yml new file mode 100644 index 0000000000..8e6fc495d9 --- /dev/null +++ b/playbooks/roles/os_cinder/tasks/cinder_service_add.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create a service +- name: Ensure cinder service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + description: "{{ service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - cinder-api-setup + - cinder-service-add + - cinder-setup + +# Create an admin user +- name: Ensure cinder user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + password: "{{ service_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - cinder-api-setup + - cinder-service-add + - cinder-setup + +# Add a role to the user +- name: Ensure cinder user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + role_name: "{{ role_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - cinder-api-setup + - cinder-service-add + - cinder-setup + +# Create an endpoint +- name: Ensure cinder endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ service_region }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + publicurl: "{{ service_publicurl }}" + adminurl: "{{ service_internalurl }}" + internalurl: "{{ service_adminurl }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - cinder-api-setup + - cinder-service-add + - cinder-setup diff --git a/playbooks/roles/os_cinder/tasks/cinder_service_setup.yml b/playbooks/roles/os_cinder/tasks/cinder_service_setup.yml new file mode 100644 index 0000000000..003ef04cba --- /dev/null +++ b/playbooks/roles/os_cinder/tasks/cinder_service_setup.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: cinder_service_add.yml + vars: + service_user_name: "{{ cinder_service_user_name }}" + service_tenant_name: "{{ cinder_service_tenant_name }}" + service_name: "{{ cinder_service_name }}" + service_type: "{{ cinder_service_type }}" + service_region: "{{ cinder_service_region }}" + service_description: "{{ cinder_service_description }}" + service_password: "{{ cinder_service_password }}" + service_publicurl: "{{ cinder_service_publicurl }}" + service_internalurl: "{{ cinder_service_internalurl }}" + service_adminurl: "{{ cinder_service_adminurl }}" + role_name: "{{ cinder_service_role_name }}" + tags: + - cinder-server + +- include: cinder_service_add.yml + vars: + service_user_name: "{{ cinder_service_user_name }}" + service_tenant_name: "{{ cinder_service_tenant_name }}" + service_name: "{{ cinder_service_v2_name }}" + service_type: "{{ cinder_service_v2_type }}" + service_region: "{{ cinder_service_region }}" + service_description: "{{ cinder_service_v2_description }}" + service_password: "{{ cinder_service_password }}" + service_publicurl: "{{ cinder_service_v2_publicurl }}" + service_internalurl: "{{ cinder_service_v2_internalurl }}" + service_adminurl: "{{ cinder_service_v2_adminurl }}" + role_name: "{{ cinder_service_role_name }}" + tags: + - cinder-server diff --git a/playbooks/roles/os_cinder/tasks/cinder_upstart_common_init.yml b/playbooks/roles/os_cinder/tasks/cinder_upstart_common_init.yml new file mode 100644 index 0000000000..8c8227a8b5 --- /dev/null +++ b/playbooks/roles/os_cinder/tasks/cinder_upstart_common_init.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Place the init script + template: + src: "cinder-upstart-init.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart cinder services + tags: + - upstart-init + - cinder-init + +- name: Reload init scripts + shell: | + initctl reload-configuration + notify: + - Restart cinder services + tags: + - upstart-init + - cinder-init + +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" + notify: + - Restart cinder services + tags: + - upstart-init + - cinder-init diff --git a/playbooks/roles/os_cinder/tasks/cinder_upstart_init.yml b/playbooks/roles/os_cinder/tasks/cinder_upstart_init.yml new file mode 100644 index 0000000000..04877112bf --- /dev/null +++ b/playbooks/roles/os_cinder/tasks/cinder_upstart_init.yml @@ -0,0 +1,63 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: cinder_upstart_common_init.yml + vars: + program_name: "{{ cinder_service_program_name }}" + service_name: "{{ cinder_service_name }}" + system_user: "{{ cinder_system_user_name }}" + system_group: "{{ cinder_system_group_name }}" + service_home: "{{ cinder_system_home_folder }}" + when: > + inventory_hostname in groups['cinder_api'] + tags: + - upstart-init + +- include: cinder_upstart_common_init.yml + vars: + program_name: "{{ cinder_service_scheduler_program_name }}" + service_name: "{{ cinder_service_name }}" + system_user: "{{ cinder_system_user_name }}" + system_group: "{{ cinder_system_group_name }}" + service_home: "{{ cinder_system_home_folder }}" + when: > + inventory_hostname in groups['cinder_scheduler'] + tags: + - upstart-init + +- include: cinder_upstart_common_init.yml + vars: + program_name: "{{ cinder_service_volume_program_name }}" + service_name: "{{ cinder_service_name }}" + system_user: "{{ cinder_system_user_name }}" + system_group: "{{ cinder_system_group_name }}" + service_home: "{{ cinder_system_home_folder }}" + when: > + inventory_hostname in groups['cinder_volume'] + tags: + - upstart-init + +- include: cinder_upstart_common_init.yml + vars: + program_name: "{{ cinder_service_backup_program_name }}" + service_name: "{{ cinder_service_name }}" + system_user: "{{ cinder_system_user_name }}" + system_group: "{{ cinder_system_group_name }}" + service_home: "{{ cinder_system_home_folder }}" + when: > + inventory_hostname in groups['cinder_volume'] and + cinder_service_backup_program_enabled == true + tags: + - upstart-init diff --git a/playbooks/inventory/group_vars/rabbit.yml b/playbooks/roles/os_cinder/tasks/main.yml similarity index 51% rename from playbooks/inventory/group_vars/rabbit.yml rename to playbooks/roles/os_cinder/tasks/main.yml index 36e7b99877..c93e1b121e 100644 --- a/playbooks/inventory/group_vars/rabbit.yml +++ b/playbooks/roles/os_cinder/tasks/main.yml @@ -13,21 +13,27 @@ # See the License for the specific language governing permissions and # limitations under the License. -service_name: rabbitmq +- include: cinder_pre_install.yml +- include: cinder_install.yml +- include: cinder_post_install.yml -rabbitmq_version: "3.4.3" -rabbitmq_repo_url: "http://www.rabbitmq.com/releases/rabbitmq-server" -rabbitmq_package_url: "{{ rabbitmq_repo_url }}/v{{ rabbitmq_version }}/rabbitmq-server_{{ rabbitmq_version }}-1_all.deb" +- include: cinder_db_setup.yml + when: > + inventory_hostname == groups['cinder_all'][0] -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB +- include: cinder_service_setup.yml + when: > + inventory_hostname == groups['cinder_all'][0] -rabbit_cookie: "{{ rabbitmq_cookie_token }}" +- include: cinder_upstart_init.yml -enable_management_plugin: true +- name: Flush handlers + meta: flush_handlers -rabbit_cluster_name: openstack +- include: cinder_backends.yml + when: > + inventory_hostname in groups['cinder_volume'] -# Directories to create -container_directories: - - { name: '/var/log/rabbitmq', mode: 755 } +- include: cinder_lvm_config.yml + when: > + inventory_hostname in groups['cinder_volume'] diff --git a/playbooks/roles/init_script/templates/init-config b/playbooks/roles/os_cinder/templates/cinder-upstart-init.j2 similarity index 96% rename from playbooks/roles/init_script/templates/init-config rename to playbooks/roles/os_cinder/templates/cinder-upstart-init.j2 index afd64f9024..9ecb77d9be 100644 --- a/playbooks/roles/init_script/templates/init-config +++ b/playbooks/roles/os_cinder/templates/cinder-upstart-init.j2 @@ -1,4 +1,5 @@ # {{ ansible_managed }} + # vim:set ft=upstart ts=2 et: description "{{ program_name }}" @@ -8,12 +9,13 @@ start on runlevel [2345] stop on runlelvel [016] respawn +respawn limit 10 5 # Set the RUNBIN environment variable env RUNBIN="/usr/local/bin/{{ program_name }}" # Change directory to service users home -chdir "/var/lib/{{ service_name }}" +chdir "{{ service_home }}" # Pre start actions pre-start script diff --git a/playbooks/roles/os_cinder/templates/cinder.conf.j2 b/playbooks/roles/os_cinder/templates/cinder.conf.j2 new file mode 100644 index 0000000000..a535cf8654 --- /dev/null +++ b/playbooks/roles/os_cinder/templates/cinder.conf.j2 @@ -0,0 +1,109 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +my_ip = {{ cinder_storage_address }} + +osapi_volume_workers = {{ cinder_osapi_volume_workers | default(api_threads) }} + +lock_path = /var/lock/cinder +rootwrap_config = /etc/cinder/rootwrap.conf +api_paste_config = /etc/cinder/api-paste.ini +auth_strategy = keystone + +{% if inventory_hostname not in groups['cinder_volume'] %} +{% if cinder_service_backup_program_enabled == true %} +{% if cinder_service_backup_swift_url is defined and cinder_service_backup_swift_user is defined and cinder_service_backup_swift_key is defined %} +## Cinder Backup +backup_driver = {{ cinder_backup_driver }} +backup_swift_url = {{ cinder_service_backup_swift_url }} +backup_swift_auth = {{ cinder_service_backup_swift_auth }} +backup_swift_user = {{ cinder_service_backup_swift_user }} +backup_swift_key = {{ cinder_service_backup_swift_key }} +backup_swift_container = {{ cinder_service_backup_swift_container }} +backup_swift_object_size = {{ cinder_service_backup_swift_object_size }} +backup_swift_retry_attempts = {{ cinder_service_backup_swift_retry_attempts }} +backup_swift_retry_backoff = {{ cinder_service_backup_swift_retry_backoff }} +backup_compression_algorithm = {{ cinder_service_backup_compression_algorithm }} +{% endif %} +{% endif %} +{% endif %} + +## RabbitMQ +rpc_backend = {{ cinder_rpc_backend }} +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ rabbitmq_userid }} +rabbit_password = {{ rabbitmq_password }} +rabbit_hosts = {{ rabbitmq_servers }} + +## Nova +nova_catalog_info = {{ cinder_nova_catalog_info }} +nova_catalog_admin_info = {{ cinder_nova_catalog_admin_info }} + +## Glance +glance_host = {{ glance_host }} +glance_port = {{ glance_service_port }} +glance_num_retries = 0 +glance_api_servers = {{ glance_api_servers }} + +volume_clear = {{ cinder_volume_clear }} +volume_clear_size = {{ cinder_volume_clear_size }} +volume_clear_ionice = {{ cinder_volume_clear_ionice }} +volume_name_template = {{ cinder_volume_name_template }} + +storage_availability_zone = {{ cinder_storage_availability_zone }} +default_availability_zone = {{ cinder_default_availability_zone }} + +iscsi_helper = {{ cinder_iscsi_helper }} +iscsi_iotype = {{ cinder_iscsi_iotype }} +iscsi_ip_address = $my_ip +iscsi_num_targets = {{ cinder_iscsi_num_targets }} +iscsi_port = {{ cinder_iscsi_port }} + +{% if cinder_default_volume_type is defined %} +default_volume_type = {{ cinder_default_volume_type }} +{% endif %} + +{% if cinder_backends is defined %} +enabled_backends={% for backend in cinder_backends|dictsort %}{{ backend.0 }}{% if not loop.last %},{% endif %}{% endfor %} + +# All given backend(s) +{% for backend_section in cinder_backends|dictsort %} +[{{ backend_section.0 }}] +{% for key, value in backend_section.1.items() %} +{{ key }}={{ value }} +{% endfor %} +{% if cinder_nfs_client is defined %} +nfs_shares_config={{ cinder_nfs_client.nfs_shares_config }} +{% endif %} + +{% endfor %} +{% endif %} + +[database] +connection = mysql://{{ cinder_galera_user }}:{{ cinder_container_mysql_password }}@{{ galera_address }}/{{ cinder_galera_database }}?charset=utf8 + + +[keystone_authtoken] +signing_dir = /var/cache/cinder +identity_uri = {{ keystone_service_internaluri }} +auth_uri = {{ keystone_service_internaluri }} +admin_tenant_name = {{ cinder_service_tenant_name }} +admin_user = {{ cinder_service_user_name }} +admin_password = {{ cinder_service_password }} + +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 +revocation_cache_time = 60 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = False diff --git a/playbooks/roles/os_cinder/templates/lvm.conf.j2 b/playbooks/roles/os_cinder/templates/lvm.conf.j2 new file mode 100644 index 0000000000..5da4b68bcb --- /dev/null +++ b/playbooks/roles/os_cinder/templates/lvm.conf.j2 @@ -0,0 +1,125 @@ +# {{ ansible_managed }} + +{% set used_lvm_devices = [] %} +{% set lv_devices = lvm_devices.stdout.split('\n') %} +{% if lv_devices|length > 0 %} + {% for net in lv_devices %} + {% if net != '' %} + {% set lv_device = '"a/' + net + '/"' %} + {% if used_lvm_devices.append(lv_device) %}{% endif %} + {% endif %} + {% endfor %} +{% endif %} + +# Ansible Discovered LVM Devices {{ lv_devices }} + +{% if used_lvm_devices|length <= 0 %} + {% if used_lvm_devices.append('"a/.*/"') %}{% endif %} +{% else %} + {% if used_lvm_devices.append('"r/.*/"') %}{% endif %} +{% endif %} + +{% if is_metal == false or is_metal == "False" %} + {% set use_udev = 0 %} +{% else %} + {% set use_udev = 1 %} +{% endif %} + +devices { + dir = "/dev" + scan = [ "/dev" ] + obtain_device_list_from_udev = {{ use_udev }} + preferred_names = [ ] + filter = [ {{ used_lvm_devices|join(', ') }} ] + cache_dir = "/run/lvm" + cache_file_prefix = "" + write_cache_state = 1 + sysfs_scan = 1 + multipath_component_detection = 1 + md_component_detection = 1 + md_chunk_alignment = 1 + data_alignment_detection = 1 + data_alignment = 0 + data_alignment_offset_detection = 1 + ignore_suspended_devices = 0 + disable_after_error_count = 0 + require_restorefile_with_uuid = 1 + pv_min_size = 2048 + issue_discards = 1 +} +allocation { + maximise_cling = 1 + mirror_logs_require_separate_pvs = 0 + thin_pool_metadata_require_separate_pvs = 0 +} +log { + verbose = 0 + silent = 0 + syslog = 1 + overwrite = 0 + level = 0 + indent = 1 + command_names = 0 + prefix = " " +} +backup { + backup = 1 + backup_dir = "/etc/lvm/backup" + archive = 1 + archive_dir = "/etc/lvm/archive" + retain_min = 10 + retain_days = 30 +} +shell { + history_size = 100 +} +global { + umask = 077 + test = 0 + units = "h" + si_unit_consistency = 1 + activation = 1 + proc = "/proc" + locking_type = 1 + wait_for_locks = 1 + fallback_to_clustered_locking = 1 + fallback_to_local_locking = 1 + locking_dir = "/run/lock/lvm" + prioritise_write_locks = 1 + abort_on_internal_errors = 0 + detect_internal_vg_cache_corruption = 0 + metadata_read_only = 0 + mirror_segtype_default = "mirror" + use_lvmetad = 0 + thin_check_executable = "/usr/sbin/thin_check" + thin_check_options = [ "-q" ] +} +activation { + checks = 0 + udev_sync = {{ use_udev }} + udev_rules = {{ use_udev }} + verify_udev_operations = 0 + retry_deactivation = 1 + missing_stripe_filler = "error" + use_linear_target = 1 + reserved_stack = 64 + reserved_memory = 8192 + process_priority = -18 + mirror_region_size = 512 + readahead = "auto" + raid_fault_policy = "warn" + mirror_log_fault_policy = "allocate" + mirror_image_fault_policy = "remove" + snapshot_autoextend_threshold = 100 + snapshot_autoextend_percent = 20 + thin_pool_autoextend_threshold = 100 + thin_pool_autoextend_percent = 20 + use_mlockall = 0 + monitoring = 0 + polling_interval = 15 +} +dmeventd { + mirror_library = "libdevmapper-event-lvm2mirror.so" + snapshot_library = "libdevmapper-event-lvm2snapshot.so" + thin_library = "libdevmapper-event-lvm2thin.so" +} diff --git a/playbooks/roles/os_cinder/templates/nfs_shares.j2 b/playbooks/roles/os_cinder/templates/nfs_shares.j2 new file mode 100644 index 0000000000..17fcf3b5b0 --- /dev/null +++ b/playbooks/roles/os_cinder/templates/nfs_shares.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for share in nfs_client.shares %} +{{ share.ip }}:{{ share.share }} +{% endfor %} diff --git a/playbooks/roles/os_cinder/templates/sudoers.j2 b/playbooks/roles/os_cinder/templates/sudoers.j2 new file mode 100644 index 0000000000..625e252151 --- /dev/null +++ b/playbooks/roles/os_cinder/templates/sudoers.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +# Defaults:{{ cinder_system_user_name }}!requiretty +{{ cinder_system_user_name }} ALL = (root) NOPASSWD: /usr/local/bin/{{ cinder_service_name }}-rootwrap diff --git a/playbooks/roles/os_glance/CONTRIBUTING.rst b/playbooks/roles/os_glance/CONTRIBUTING.rst new file mode 100644 index 0000000000..daf20da940 --- /dev/null +++ b/playbooks/roles/os_glance/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack glance +################ +:tags: openstack, glance, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/os_glance/LICENSE b/playbooks/roles/os_glance/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/os_glance/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/os_glance/README.rst b/playbooks/roles/os_glance/README.rst new file mode 100644 index 0000000000..b740f7eeb2 --- /dev/null +++ b/playbooks/roles/os_glance/README.rst @@ -0,0 +1,22 @@ +OpenStack glance +################ +:tags: openstack, glance, cloud, ansible +:category: \*nix + +Role to install glance and glance registry. + +This role will install the following: + * glance-api + * glance-registry + +.. code-block:: yaml + + - name: Install glance server + hosts: glance_all + user: root + roles: + - { role: "os_glance", tags: [ "os-glance" ] } + vars: + external_lb_vip_address: 172.16.24.1 + internal_lb_vip_address: 192.168.0.1 + galera_address: "{{ internal_lb_vip_address }}" diff --git a/playbooks/roles/os_glance/defaults/main.yml b/playbooks/roles/os_glance/defaults/main.yml new file mode 100644 index 0000000000..80b73eb3cf --- /dev/null +++ b/playbooks/roles/os_glance/defaults/main.yml @@ -0,0 +1,119 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +## Verbosity Options +debug: False +verbose: True + +## System info +glance_system_user_name: glance +glance_system_group_name: glance +glance_system_shell: /bin/false +glance_system_comment: glance system user +glance_system_user_home: "/var/lib/{{ glance_system_user_name }}" + +glance_flavor: "keystone+cachemanagement" +glance_registry_host: "{{ internal_lb_vip_address }}" +glance_notification_driver: noop +glance_rpc_backend: glance.openstack.common.rpc.impl_kombu +glance_default_store: file + +## Swift Options +glance_swift_store_auth_address: NoAuthAddress +glance_swift_store_user: NoUser +glance_swift_store_key: NoKey +glance_swift_store_region: NoRegion +glance_swift_store_container: NoContainer +glance_swift_store_endpoint_type: internalURL + +## DB info +glance_galera_database: glance +glance_galera_user: glance + +glance_role_name: admin +glance_api_bind_address: 0.0.0.0 +glance_api_service_port: 9292 +glance_api_program_name: glance-api + +glance_registry_bind_address: 0.0.0.0 +glance_registry_service_port: 9191 +glance_registry_program_name: glance-registry + +## Service Type and Data +glance_service_region: RegionOne +glance_service_name: glance +glance_service_port: 9292 +glance_service_proto: http +glance_service_type: image +glance_service_description: "Glance Image Service" +glance_service_user_name: glance +glance_service_tenant_name: service +glance_service_publicuri: "{{ glance_service_proto }}://{{ external_lb_vip_address }}:{{ glance_service_port }}" +glance_service_publicurl: "{{ glance_service_publicuri }}" +glance_service_internaluri: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}" +glance_service_internalurl: "{{ glance_service_internaluri }}" +glance_service_adminuri: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}" +glance_service_adminurl: "{{ glance_service_adminuri }}" + +## Glance config +glance_image_cache_max_size: 10737418240 + +# If ``glance_api_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# glance_api_workers: 16 + +# If ``glance_registry_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# glance_registry_workers: 16 + + +## Define nfs information for glance. When the glance_nfs_client dictionary is +## defined it will enable nfs shares as mounted directories. The +## ``glance_nfs_mounts`` value is a list of dictionaries that must be filled +## out completely to enable the persistent NFS mounts. +# glance_nfs_mounts: +# - server: "127.0.0.1" ## Hostname or IP address of NFS Server +# remote_path: "/images" ## Remote path from the NFS server's export +# local_path: "/var/lib/glance/images" ## Local path on machine +# type: "nfs" ## This can be nfs or nfs4 +# options: "_netdev,auto" ## Mount options + +# Common apt packages +glance_apt_packages: + - rpcbind + - rsync + - git + - nfs-common + +# Common pip packages +glance_pip_packages: + - glance + - keystonemiddleware + - MySQL-python + - python-memcached + - pycrypto + - python-glanceclient + - python-swiftclient + - python-glanceclient + - python-keystoneclient + - warlock + +## Service Names +glance_service_names: + - "glance-api" + - "glance-registry" diff --git a/playbooks/roles/glance_common/templates/glance-api-paste.ini b/playbooks/roles/os_glance/files/glance-api-paste.ini similarity index 100% rename from playbooks/roles/glance_common/templates/glance-api-paste.ini rename to playbooks/roles/os_glance/files/glance-api-paste.ini diff --git a/playbooks/roles/glance_common/templates/glance-registry-paste.ini b/playbooks/roles/os_glance/files/glance-registry-paste.ini similarity index 100% rename from playbooks/roles/glance_common/templates/glance-registry-paste.ini rename to playbooks/roles/os_glance/files/glance-registry-paste.ini diff --git a/playbooks/roles/glance_common/templates/policy.json b/playbooks/roles/os_glance/files/policy.json similarity index 76% rename from playbooks/roles/glance_common/templates/policy.json rename to playbooks/roles/os_glance/files/policy.json index 1c84c743d5..d8f0a78cb6 100644 --- a/playbooks/roles/glance_common/templates/policy.json +++ b/playbooks/roles/os_glance/files/policy.json @@ -7,15 +7,15 @@ "get_image": "", "get_images": "", "modify_image": "", - "publicize_image": "role:admin", + "publicize_image": "", "copy_from": "", "download_image": "", "upload_image": "", - "delete_image_location": "role:admin or role:remote_image", + "delete_image_location": "", "get_image_location": "", - "set_image_location": "role:admin or role:remote_image", + "set_image_location": "", "add_member": "", "delete_member": "", diff --git a/playbooks/roles/glance_common/templates/schema.json b/playbooks/roles/os_glance/files/schema.json similarity index 100% rename from playbooks/roles/glance_common/templates/schema.json rename to playbooks/roles/os_glance/files/schema.json diff --git a/playbooks/vars/openstack_service_vars/nova_compute.yml b/playbooks/roles/os_glance/handlers/main.yml similarity index 50% rename from playbooks/vars/openstack_service_vars/nova_compute.yml rename to playbooks/roles/os_glance/handlers/main.yml index aa2d058b6b..94c28780b5 100644 --- a/playbooks/vars/openstack_service_vars/nova_compute.yml +++ b/playbooks/roles/os_glance/handlers/main.yml @@ -13,7 +13,30 @@ # See the License for the specific language governing permissions and # limitations under the License. -# The variables file used by the playbooks in the nova-scheduler group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. +- name: Restart glance api + service: + name: "glance-api" + state: "restarted" + pattern: "glance-api" -program_name: nova-compute +- name: Restart glance registry + service: + name: "glance-registry" + state: "restarted" + pattern: "glance-registry" + +- name: Restart glance services + service: + name: "{{ item }}" + state: "restarted" + pattern: "{{ item }}" + with_items: glance_service_names + +- name: Glance mount nfs + mount: + name: "{{ item.server }}:{{ item.remote_path }}" + src: "{{ item.local_path }}" + fstype: "{{ item.type }}" + opts: "{{ item.options }}" + state: "present" + with_items: glance_nfs_client diff --git a/playbooks/roles/os_glance/meta/main.yml b/playbooks/roles/os_glance/meta/main.yml new file mode 100644 index 0000000000..0f4bfb7899 --- /dev/null +++ b/playbooks/roles/os_glance/meta/main.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of glance + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - glance + - development + - openstack +dependencies: + - galera_client + - openstack_openrc + - pip_lock_down diff --git a/playbooks/roles/os_glance/tasks/glance_db_setup.yml b/playbooks/roles/os_glance/tasks/glance_db_setup.yml new file mode 100644 index 0000000000..c5a67590e5 --- /dev/null +++ b/playbooks/roles/os_glance/tasks/glance_db_setup.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ glance_galera_database }}" + state: "present" + tags: + - glance-db-setup + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ glance_galera_user }}" + password: "{{ glance_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ glance_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + tags: + - glance-db-setup + +- name: Perform a Glance DB sync + command: glance-manage db_sync + sudo: yes + sudo_user: "{{ glance_system_user_name }}" + tags: + - glance-db-sync + - glance-setup diff --git a/playbooks/roles/os_glance/tasks/glance_install.yml b/playbooks/roles/os_glance/tasks/glance_install.yml new file mode 100644 index 0000000000..dc007e0600 --- /dev/null +++ b/playbooks/roles/os_glance/tasks/glance_install.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: glance_apt_packages + tags: + - glance-install + - glance-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ glance_pip_packages }}" + tags: + - glance-install + - glance-pip-packages diff --git a/playbooks/roles/os_glance/tasks/glance_post_install.yml b/playbooks/roles/os_glance/tasks/glance_post_install.yml new file mode 100644 index 0000000000..2873ee51fa --- /dev/null +++ b/playbooks/roles/os_glance/tasks/glance_post_install.yml @@ -0,0 +1,91 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create glance cache management cron jobs + cron: + name: "{{ item.name }}" + minute: "{{ 59 |random }}" + day: "*" + hour: "{{ item.hour }}" + month: "*" + state: present + job: "{{ item.name }}" + user: glance + with_items: + - name: /usr/local/bin/glance-cache-pruner + hour: "*" + - name: /usr/local/bin/glance-cache-cleaner + hour: "{{ 23|random }}" + when: glance_flavor | search("cache") + tags: + - glance-cron + +- name: Drop Glance Config(s) + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ glance_system_user_name }}" + group: "{{ glance_system_group_name }}" + with_items: + - { src: "glance-api.conf.j2", dest: "/etc/glance/glance-api.conf" } + - { src: "glance-cache.conf.j2", dest: "/etc/glance/glance-cache.conf" } + - { src: "glance-registry.conf.j2", dest: "/etc/glance/glance-registry.conf" } + - { src: "glance-scrubber.conf.j2", dest: "/etc/glance/glance-scrubber.conf" } + notify: + - Restart glance api + - Restart glance registry + tags: + - glance-config + +- name: Drop Glance Config(s) + copy: + src: "{{ item }}" + dest: "/etc/glance/{{ item }}" + owner: "{{ glance_system_user_name }}" + group: "{{ glance_system_group_name }}" + with_items: + - glance-api-paste.ini + - glance-registry-paste.ini + - policy.json + - schema.json + notify: + - Restart glance api + - Restart glance registry + tags: + - glance-config + +- name: Create nfs shares local path + file: + path: "{{ item.local_path }}" + state: directory + with_items: glance_nfs_client + when: > + glance_nfs_client is defined + tags: + - glance-nfs + - glance-nfs-local-path + +- name: Create nfs mounts + lineinfile: + dest: "/etc/fstab" + line: "{{ item.server }}:{{ item.remote_path }} {{ item.local_path }} {{ item.type }} {{ item.options }} 0 0" + backup: "true" + with_items: glance_nfs_client + when: > + glance_nfs_client is defined + notify: Glance mount nfs + tags: + - glance-nfs + - glance-nfs-fstab diff --git a/playbooks/roles/os_glance/tasks/glance_pre_install.yml b/playbooks/roles/os_glance/tasks/glance_pre_install.yml new file mode 100644 index 0000000000..5bbab69404 --- /dev/null +++ b/playbooks/roles/os_glance/tasks/glance_pre_install.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ glance_system_group_name }}" + state: "present" + system: "yes" + tags: + - glance-group + +- name: Create the glance system user + user: + name: "{{ glance_system_user_name }}" + group: "{{ glance_system_group_name }}" + comment: "{{ glance_system_comment }}" + shell: "{{ glance_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ glance_system_user_home }}" + tags: + - glance-user + +- name: Create glance dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(glance_system_user_name) }}" + group: "{{ item.group|default(glance_system_group_name) }}" + with_items: + - { path: "/etc/glance" } + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "/var/cache/glance" } + - { path: "{{ glance_system_user_home }}" } + - { path: "{{ glance_system_user_home }}/cache/api" } + - { path: "{{ glance_system_user_home }}/cache/registry" } + - { path: "{{ glance_system_user_home }}/images/" } + - { path: "{{ glance_system_user_home }}/scrubber" } + tags: + - glance-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/glance" ]; then + chown -h {{ glance_system_user_name }}:{{ glance_system_group_name }} "/var/log/glance" + chown -R {{ glance_system_user_name }}:{{ glance_system_group_name }} "$(readlink /var/log/glance)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - glance-dirs + - glance-logs + +- name: Create glance log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(glance_system_user_name) }}" + group: "{{ item.group|default(glance_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/glance" } + when: log_dir.rc != 0 + tags: + - glance-dirs + - glance-logs diff --git a/playbooks/roles/os_glance/tasks/glance_service_setup.yml b/playbooks/roles/os_glance/tasks/glance_service_setup.yml new file mode 100644 index 0000000000..526b7094e1 --- /dev/null +++ b/playbooks/roles/os_glance/tasks/glance_service_setup.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create a service +- name: Ensure glance service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ glance_service_name }}" + service_type: "{{ glance_service_type }}" + description: "{{ glance_service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 + tags: + - glance-api-setup + - glance-service-add + - glance-setup + +# Create an admin user +- name: Ensure glance user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ glance_service_user_name }}" + tenant_name: "{{ glance_service_tenant_name }}" + password: "{{ glance_service_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - glance-api-setup + - glance-service-add + - glance-setup + +# Add a role to the user +- name: Ensure glance user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ glance_service_user_name }}" + tenant_name: "{{ glance_service_tenant_name }}" + role_name: "{{ glance_role_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - glance-api-setup + - glance-service-add + - glance-setup + +# Create an endpoint +- name: Ensure glance endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ glance_service_region }}" + service_name: "{{ glance_service_name }}" + service_type: "{{ glance_service_type }}" + publicurl: "{{ glance_service_publicurl }}" + adminurl: "{{ glance_service_internalurl }}" + internalurl: "{{ glance_service_adminurl }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - glance-api-setup + - glance-service-add + - glance-setup diff --git a/playbooks/roles/os_glance/tasks/glance_upstart_common_init.yml b/playbooks/roles/os_glance/tasks/glance_upstart_common_init.yml new file mode 100644 index 0000000000..02c923ef24 --- /dev/null +++ b/playbooks/roles/os_glance/tasks/glance_upstart_common_init.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Place the init script + template: + src: "glance-upstart-init.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart glance services + tags: + - upstart-init + - glance-init + +- name: Reload init scripts + shell: | + initctl reload-configuration + notify: + - Restart glance services + tags: + - upstart-init + - glance-init + +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" + notify: + - Restart glance services + tags: + - upstart-init + - glance-init diff --git a/playbooks/clone-container.yml b/playbooks/roles/os_glance/tasks/glance_upstart_init.yml similarity index 50% rename from playbooks/clone-container.yml rename to playbooks/roles/os_glance/tasks/glance_upstart_init.yml index 67350a237a..f54100b975 100644 --- a/playbooks/clone-container.yml +++ b/playbooks/roles/os_glance/tasks/glance_upstart_init.yml @@ -13,15 +13,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Example usage: -# ansible-playbook -i inventory/hosts -M library/lxc -e "host_group=infra1-keystone name=keystone new_name=keystone2 address=192.168.18.149" clone-container.yml -- hosts: "{{ host_group }}" - user: root - roles: - - container_clone +- include: glance_upstart_common_init.yml vars: - fssize: "5G" - bdev: "lvm" - snapshot: "false" - state: "stopped" - lxcpath: /var/lib/lxc + program_name: "{{ glance_api_program_name }}" + service_name: "{{ glance_service_name }}" + system_user: "{{ glance_system_user_name }}" + system_group: "{{ glance_system_group_name }}" + service_home: "{{ glance_system_user_home }}" + +- include: glance_upstart_common_init.yml + vars: + program_name: "{{ glance_registry_program_name }}" + service_name: "{{ glance_service_name }}" + system_user: "{{ glance_system_user_name }}" + system_group: "{{ glance_system_group_name }}" + service_home: "{{ glance_system_user_home }}" diff --git a/playbooks/roles/safe_upgrade/tasks/main.yml b/playbooks/roles/os_glance/tasks/main.yml similarity index 64% rename from playbooks/roles/safe_upgrade/tasks/main.yml rename to playbooks/roles/os_glance/tasks/main.yml index 41941b04d7..05abf0c1af 100644 --- a/playbooks/roles/safe_upgrade/tasks/main.yml +++ b/playbooks/roles/os_glance/tasks/main.yml @@ -13,15 +13,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Update cache - apt: > - update_cache=yes - cache_valid_time=10800 +- include: glance_pre_install.yml +- include: glance_install.yml +- include: glance_post_install.yml +- include: glance_upstart_init.yml -- name: Ensure Aptitude - apt: > - pkg=aptitude - state=present +- include: glance_db_setup.yml + when: > + inventory_hostname == groups['glance_all'][0] -- name: Do safe upgrade - apt: upgrade=safe +- include: glance_service_setup.yml + when: > + inventory_hostname == groups['glance_all'][0] diff --git a/playbooks/roles/os_glance/templates/glance-api.conf.j2 b/playbooks/roles/os_glance/templates/glance-api.conf.j2 new file mode 100644 index 0000000000..28a5ebaaaf --- /dev/null +++ b/playbooks/roles/os_glance/templates/glance-api.conf.j2 @@ -0,0 +1,86 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +log_file = /var/log/glance/glance-api.log +use_syslog = False +bind_host = {{ glance_api_bind_address }} +bind_port = {{ glance_api_service_port }} +backlog = 4096 +workers = {{ glance_api_workers | default(api_threads) }} +registry_host = {{ glance_registry_host }} +registry_port = {{ glance_registry_service_port }} +registry_client_protocol = {{ glance_service_proto }} +cinder_catalog_info = volume:cinder:internalURL + +notification_driver = {{ glance_notification_driver }} +{% if glance_notification_driver == "messaging" %} +##### RPC MESSAGING OPTIONS ##### +rpc_backend = {{ glance_rpc_backend }} +rabbit_hosts = {{ rabbitmq_servers }} +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ rabbitmq_userid }} +rabbit_password = {{ rabbitmq_password }} +rabbit_virtual_host = {{ rabbitmq_virtual_host }} +rabbit_notification_exchange = glance +rabbit_notification_topic = notifications +rabbit_durable_queues = False +{% endif %} + + +delayed_delete = False +scrub_time = 43200 +scrubber_datadir = {{ glance_system_user_home }}/scrubber/ +image_cache_dir = {{ glance_system_user_home }}/cache/ + +[database] +connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8 + +[keystone_authtoken] +signing_dir = {{ glance_system_user_home }}/cache/api +identity_uri = {{ keystone_service_internaluri }} +auth_uri = {{ keystone_service_internaluri }} +admin_tenant_name = {{ glance_service_tenant_name }} +admin_user = {{ glance_service_user_name }} +admin_password = {{ glance_service_password }} + +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 +revocation_cache_time = 60 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = False + +[paste_deploy] +flavor = {{ glance_flavor }} + +[glance_store] +default_store = {{ glance_default_store }} +stores = glance.store.filesystem.Store, + glance.store.http.Store, + glance.store.cinder.Store, + glance.store.swift.Store +{% if glance_default_store == "file" %} +filesystem_store_datadir = {{ glance_system_user_home }}/images/ +{% elif glance_default_store == "swift" %} +swift_store_auth_version = 2 +swift_store_auth_address = {{ glance_swift_store_auth_address }} +swift_store_user = {{ glance_swift_store_user }} +swift_store_key = {{ glance_swift_store_key }} +swift_store_region = {{ glance_swift_store_region }} +swift_store_container = {{ glance_swift_store_container }} +swift_store_create_container_on_put = True +swift_store_large_object_size = 5120 +swift_store_large_object_chunk_size = 200 +swift_store_retry_get_count = 5 +swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }} +{% endif %} diff --git a/playbooks/roles/os_glance/templates/glance-cache.conf.j2 b/playbooks/roles/os_glance/templates/glance-cache.conf.j2 new file mode 100644 index 0000000000..d5f38ea6e2 --- /dev/null +++ b/playbooks/roles/os_glance/templates/glance-cache.conf.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +admin_password = {{ glance_service_password }} +admin_user = glance +admin_tenant_name = service +use_syslog = False +image_cache_dir = {{ glance_system_user_home }}/cache/ +image_cache_stall_time = 86400 +image_cache_max_size = {{ glance_image_cache_max_size }} +registry_host = {{ glance_registry_host }} +registry_port = 9191 +auth_url = {{ keystone_service_internaluri }} +filesystem_store_datadir = {{ glance_system_user_home }}/images/ diff --git a/playbooks/roles/os_glance/templates/glance-registry.conf.j2 b/playbooks/roles/os_glance/templates/glance-registry.conf.j2 new file mode 100644 index 0000000000..f89e35f7a0 --- /dev/null +++ b/playbooks/roles/os_glance/templates/glance-registry.conf.j2 @@ -0,0 +1,42 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +log_file = /var/log/glance/glance-registry.log +use_syslog = False +bind_host = {{ glance_registry_bind_address }} +bind_port = {{ glance_registry_service_port }} +backlog = 4096 +workers = {{ glance_registry_workers | default(api_threads) }} +api_limit_max = 1000 +limit_param_default = 25 + +[database] +connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8 + +[keystone_authtoken] +signing_dir = {{ glance_system_user_home }}/cache/registry/ +identity_uri = {{ keystone_service_internaluri }} +auth_uri = {{ keystone_service_internaluri }} +admin_tenant_name = {{ glance_service_tenant_name }} +admin_user = {{ glance_service_user_name }} +admin_password = {{ glance_service_password }} + +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 +revocation_cache_time = 60 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = False + +[paste_deploy] +flavor = keystone diff --git a/playbooks/roles/glance_common/templates/glance-scrubber.conf b/playbooks/roles/os_glance/templates/glance-scrubber.conf.j2 similarity index 84% rename from playbooks/roles/glance_common/templates/glance-scrubber.conf rename to playbooks/roles/os_glance/templates/glance-scrubber.conf.j2 index cf32966203..0382fef04e 100644 --- a/playbooks/roles/glance_common/templates/glance-scrubber.conf +++ b/playbooks/roles/os_glance/templates/glance-scrubber.conf.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} + [DEFAULT] verbose = {{ verbose }} debug = {{ debug }} @@ -19,7 +21,7 @@ wakeup_time = 300 # Directory that the scrubber will use to remind itself of what to delete # Make sure this is also set in glance-api.conf -scrubber_datadir = /var/lib/glance/scrubber +scrubber_datadir = {{ glance_system_user_home }}/scrubber # Only one server in your deployment should be designated the cleanup host cleanup_scrubber = False @@ -28,7 +30,7 @@ cleanup_scrubber = False cleanup_scrubber_time = 86400 # Address to find the registry server for cleanups -registry_host = 0.0.0.0 +registry_host = {{ glance_registry_bind_address }} # Port the registry server is listening on -registry_port = 9191 +registry_port = {{ glance_registry_service_port }} diff --git a/playbooks/roles/os_glance/templates/glance-upstart-init.j2 b/playbooks/roles/os_glance/templates/glance-upstart-init.j2 new file mode 100644 index 0000000000..9ecb77d9be --- /dev/null +++ b/playbooks/roles/os_glance/templates/glance-upstart-init.j2 @@ -0,0 +1,41 @@ +# {{ ansible_managed }} + +# vim:set ft=upstart ts=2 et: + +description "{{ program_name }}" +author "Kevin Carter " + +start on runlevel [2345] +stop on runlelvel [016] + +respawn +respawn limit 10 5 + +# Set the RUNBIN environment variable +env RUNBIN="/usr/local/bin/{{ program_name }}" + +# Change directory to service users home +chdir "{{ service_home }}" + +# Pre start actions +pre-start script + mkdir -p "/var/run/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}" + + mkdir -p "/var/lock/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}" +end script + +# Post stop actions +post-stop script + rm "/var/run/{{ program_name }}/{{ program_name }}.pid" +end script + +# Run the start up job +exec start-stop-daemon --start \ + --chuid {{ system_user }} \ + --make-pidfile \ + --pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \ + --exec "{{ program_override|default('$RUNBIN') }}" \ + -- {{ program_config_options|default('') }} \ + --log-file=/var/log/{{ service_name }}/{{ program_name }}.log diff --git a/playbooks/roles/os_heat/CONTRIBUTING.rst b/playbooks/roles/os_heat/CONTRIBUTING.rst new file mode 100644 index 0000000000..daf20da940 --- /dev/null +++ b/playbooks/roles/os_heat/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack glance +################ +:tags: openstack, glance, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/os_heat/LICENSE b/playbooks/roles/os_heat/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/os_heat/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/os_heat/README.rst b/playbooks/roles/os_heat/README.rst new file mode 100644 index 0000000000..050745cf8d --- /dev/null +++ b/playbooks/roles/os_heat/README.rst @@ -0,0 +1,26 @@ +OpenStack heat +############## +:tags: openstack, heat, cloud, ansible +:category: \*nix + +Role to install heat api, cfn, cloudwatch, and engine. + +This role will install the following: + * heat-api + * heat-api-cfn + * heat-api-cloudwatch + * heat-engine + +.. code-block:: yaml + + - name: Install heat server + hosts: heat_all + user: root + roles: + - { role: "os_heat", tags: [ "os-heat" ] } + vars: + external_lb_vip_address: 172.16.24.1 + internal_lb_vip_address: 192.168.0.1 + galera_address: "{{ internal_lb_vip_address }}" + keystone_admin_user_name: admin + keystone_admin_tenant_name: admin diff --git a/playbooks/roles/os_heat/defaults/main.yml b/playbooks/roles/os_heat/defaults/main.yml new file mode 100644 index 0000000000..9b06e3ec5c --- /dev/null +++ b/playbooks/roles/os_heat/defaults/main.yml @@ -0,0 +1,131 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The variables file used by the playbooks in the Heat-api group. +# These don't have to be explicitly imported by vars_files: they are autopopulated. + +# Defines that the role will be deployed on a host machine +is_metal: true + +## Verbosity Options +debug: False +verbose: True + +heat_client_endpoint: internalURL + +## DB +heat_galera_user: heat +heat_galera_database: heat + +## RPC +heat_rpc_backend: heat.openstack.common.rpc.impl_kombu + +## Heat User / Group +heat_system_user_name: heat +heat_system_group_name: heat +heat_system_comment: heat system user +heat_system_shell: /bin/false +heat_system_home_folder: "/var/lib/{{ heat_system_user_name }}" + +## Default domain +heat_project_domain_id: default +heat_project_name: admin +heat_user_domain_id: default + +## Stack +heat_stack_domain_admin: stack_domain_admin +heat_stack_owner_name: heat_stack_owner +heat_stack_domain_description: Owns users and projects created by heat +heat_stack_user_domain_name: heat +heat_stack_admin_user_name: admin +heat_stack_admin_tenant_name: admin +heat_deferred_auth_method: trusts + +## Auth +heat_service_tenant_name: "service" +heat_service_user_name: "heat" + +## Heat api service type and data +heat_service_name: heat +heat_service_role_name: admin +heat_service_region: RegionOne +heat_service_description: "Heat Orchestration Service" +heat_service_port: 8004 +heat_service_proto: http +heat_service_type: orchestration +heat_service_publicuri: "{{ heat_service_proto }}://{{ external_lb_vip_address }}:{{ heat_service_port }}" +heat_service_publicurl: "{{ heat_service_publicuri }}/v1/%(tenant_id)s" +heat_service_adminuri: "{{ heat_service_proto }}://{{ internal_lb_vip_address }}:{{ heat_service_port }}" +heat_service_adminurl: "{{ heat_service_adminuri }}/v1/%(tenant_id)s" +heat_service_internaluri: "{{ heat_service_proto }}://{{ internal_lb_vip_address }}:{{ heat_service_port }}" +heat_service_internalurl: "{{ heat_service_internaluri }}/v1/%(tenant_id)s" +heat_service_program_name: heat-api + +## Heat wait and metadata server +heat_waitcondition_server_uri: "{{ heat_service_proto }}://{{ external_lb_vip_address }}:{{ heat_cfn_service_port }}" +heat_waitcondition_server_url: "{{ heat_waitcondition_server_uri }}/v1/waitcondition" +heat_metadata_server_url: "{{ heat_service_proto }}://{{ internal_lb_vip_address }}:{{ heat_cfn_service_port }}" + +## Heat api cfn service type and data +heat_cfn_service_name: heat-cfn +heat_cfn_service_description: "Heat CloudFormation Service" +heat_cfn_service_port: 8000 +heat_cfn_service_proto: http +heat_cfn_service_type: cloudformation +heat_cfn_service_publicuri: "{{ heat_cfn_service_proto }}://{{ external_lb_vip_address }}:{{ heat_cfn_service_port }}" +heat_cfn_service_publicurl: "{{ heat_cfn_service_publicuri }}/v1" +heat_cfn_service_adminuri: "{{ heat_cfn_service_proto }}://{{ internal_lb_vip_address }}:{{ heat_cfn_service_port }}" +heat_cfn_service_adminurl: "{{ heat_cfn_service_adminuri }}/v1" +heat_cfn_service_internaluri: "{{ heat_cfn_service_proto }}://{{ internal_lb_vip_address }}:{{ heat_cfn_service_port }}" +heat_cfn_service_internalurl: "{{ heat_cfn_service_internaluri }}/v1" +heat_cfn_service_program_name: heat-api-cfn + +## Heat cloudwatch +heat_cloudwatch_program_name: heat-api-cloudwatch +heat_engine_program_name: heat-engine + +## Heat watch server +heat_watch_proto: http +heat_watch_port: 8003 +heat_watch_server_uri: "{{ heat_watch_proto }}://{{ external_lb_vip_address }}:{{ heat_watch_port }}" +heat_watch_server_url: "{{ heat_watch_server_uri }}" + +heat_apt_packages: + - rsync + - libxslt1.1 + +heat_pip_packages: + - keystonemiddleware + - MySQL-python + - python-memcached + - pycrypto + - python-ceilometerclient + - python-cinderclient + - python-glanceclient + - python-heatclient + - python-keystoneclient + - python-neutronclient + - python-novaclient + - python-openstackclient + - python-swiftclient + - python-troveclient + - heat + +## Service Names +heat_service_names: + - heat-api + - heat-api-cfn + - heat-api-cloudwatch + - heat-engine diff --git a/playbooks/roles/heat_common/templates/api-paste.ini b/playbooks/roles/os_heat/files/api-paste.ini similarity index 100% rename from playbooks/roles/heat_common/templates/api-paste.ini rename to playbooks/roles/os_heat/files/api-paste.ini diff --git a/playbooks/roles/heat_common/templates/environment.d/default.yaml b/playbooks/roles/os_heat/files/environment.d/default.yaml similarity index 100% rename from playbooks/roles/heat_common/templates/environment.d/default.yaml rename to playbooks/roles/os_heat/files/environment.d/default.yaml diff --git a/playbooks/roles/heat_common/templates/policy.json b/playbooks/roles/os_heat/files/policy.json similarity index 100% rename from playbooks/roles/heat_common/templates/policy.json rename to playbooks/roles/os_heat/files/policy.json diff --git a/playbooks/roles/heat_common/templates/templates/AWS_CloudWatch_Alarm.yaml b/playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml similarity index 100% rename from playbooks/roles/heat_common/templates/templates/AWS_CloudWatch_Alarm.yaml rename to playbooks/roles/os_heat/files/templates/AWS_CloudWatch_Alarm.yaml diff --git a/playbooks/roles/heat_common/templates/templates/AWS_RDS_DBInstance.yaml b/playbooks/roles/os_heat/files/templates/AWS_RDS_DBInstance.yaml similarity index 100% rename from playbooks/roles/heat_common/templates/templates/AWS_RDS_DBInstance.yaml rename to playbooks/roles/os_heat/files/templates/AWS_RDS_DBInstance.yaml diff --git a/playbooks/roles/os_heat/handlers/main.yml b/playbooks/roles/os_heat/handlers/main.yml new file mode 100644 index 0000000000..1ca13a973e --- /dev/null +++ b/playbooks/roles/os_heat/handlers/main.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Restart heat services + service: + name: "{{ item }}" + state: restarted + pattern: "{{ item }}" + with_items: heat_service_names + failed_when: false diff --git a/playbooks/roles/os_heat/meta/main.yml b/playbooks/roles/os_heat/meta/main.yml new file mode 100644 index 0000000000..51666637ca --- /dev/null +++ b/playbooks/roles/os_heat/meta/main.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of heat + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - heat + - development + - openstack +dependencies: + - galera_client + - openstack_openrc + - pip_lock_down diff --git a/playbooks/roles/galera_db_setup/tasks/main.yml b/playbooks/roles/os_heat/tasks/heat_db_setup.yml similarity index 55% rename from playbooks/roles/galera_db_setup/tasks/main.yml rename to playbooks/roles/os_heat/tasks/heat_db_setup.yml index e61714f187..022e72052a 100644 --- a/playbooks/roles/galera_db_setup/tasks/main.yml +++ b/playbooks/roles/os_heat/tasks/heat_db_setup.yml @@ -15,22 +15,34 @@ - name: Create DB for service mysql_db: - login_user: "{{ mysql_user }}" - login_password: "{{ mysql_password }}" - login_host: "{{ mysql_address }}" - name: "{{ container_database }}" + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ heat_galera_database }}" state: "present" + tags: + - heat-db-setup - name: Grant access to the DB for the service mysql_user: - login_user: "{{ mysql_user }}" - login_password: "{{ mysql_password }}" - login_host: "{{ mysql_address }}" - name: "{{ container_mysql_user }}" - password: "{{ container_mysql_password }}" + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ heat_galera_user }}" + password: "{{ heat_container_mysql_password }}" host: "{{ item }}" state: "present" - priv: "{{ container_database }}.*:ALL" + priv: "{{ heat_galera_database }}.*:ALL" with_items: - "localhost" - "%" + tags: + - heat-db-setup + +- name: Perform a heat DB sync + command: heat-manage db_sync + sudo: yes + sudo_user: "{{ heat_system_user_name }}" + tags: + - heat-db-sync + - heat-setup diff --git a/playbooks/roles/os_heat/tasks/heat_domain_setup.yml b/playbooks/roles/os_heat/tasks/heat_domain_setup.yml new file mode 100644 index 0000000000..69aecd66d2 --- /dev/null +++ b/playbooks/roles/os_heat/tasks/heat_domain_setup.yml @@ -0,0 +1,149 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This is the role assigned to users created within Heat stacks themselves +- name: Ensure stack_user role + keystone: + command: "ensure_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + role_name: "heat_stack_user" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - heat-domain + - heat-domain-role + - heat-domain-setup + - heat-config + +- name: check for heat domain + shell: | + . {{ ansible_env.HOME }}/openrc + openstack --os-identity-api-version=3 \ + --os-auth-url={{ keystone_service_adminurl_v3 }} \ + --os-project-name={{ heat_project_name }} \ + --os-project-domain-id={{ heat_project_domain_id }} \ + --os-user-domain-id={{ heat_user_domain_id }} \ + domain \ + show \ + "{{ heat_stack_user_domain_name }}" | grep -w "{{ heat_stack_user_domain_name }}" + failed_when: false + changed_when: stack_user_domain.rc == 1 + register: stack_user_domain + tags: + - heat-domain + - heat-domain-setup + - heat-config + +- name: Create heat domain + shell: | + . {{ ansible_env.HOME }}/openrc + openstack --os-identity-api-version=3 \ + --os-auth-url={{ keystone_service_adminurl_v3 }} \ + --os-project-name={{ heat_project_name }} \ + --os-project-domain-id={{ heat_project_domain_id }} \ + --os-user-domain-id={{ heat_user_domain_id }} \ + domain \ + create \ + --description "{{ heat_stack_domain_description }}" \ + "{{ heat_stack_user_domain_name }}" + when: stack_user_domain.rc == 1 + tags: + - heat-domain + - heat-domain-setup + - heat-config + +- name: Check for heat user + shell: | + . {{ ansible_env.HOME }}/openrc + openstack --os-identity-api-version=3 \ + --os-auth-url={{ keystone_service_adminurl_v3 }} \ + --os-project-name={{ heat_project_name }} \ + --os-project-domain-id={{ heat_project_domain_id }} \ + --os-user-domain-id={{ heat_user_domain_id }} \ + user \ + list | grep -w "{{ heat_stack_domain_admin }}" + failed_when: false + changed_when: stack_user.rc == 1 + register: stack_user + tags: + - heat-domain + - heat-domain-setup + - heat-config + +- name: Create heat domain admin user + shell: | + . {{ ansible_env.HOME }}/openrc + openstack --os-identity-api-version=3 \ + --os-auth-url={{ keystone_service_adminurl_v3 }} \ + --os-project-name={{ heat_project_name }} \ + --os-project-domain-id={{ heat_project_domain_id }} \ + --os-user-domain-id={{ heat_user_domain_id }} \ + user \ + create \ + --domain {{ heat_stack_user_domain_name }} \ + --password {{ heat_stack_domain_admin_password }} \ + "{{ heat_stack_domain_admin }}" + when: stack_user.rc == 1 + tags: + - heat-domain + - heat-domain-setup + - heat-config + +- name: Retrieve heat domain id + shell: | + . {{ ansible_env.HOME }}/openrc + openstack --os-identity-api-version=3 \ + --os-auth-url={{ keystone_service_adminurl_v3 }} \ + --os-project-name={{ heat_project_name }} \ + --os-project-domain-id={{ heat_project_domain_id }} \ + --os-user-domain-id={{ heat_user_domain_id }} \ + domain \ + show \ + {{ heat_stack_user_domain_name }} | grep -oE -m 1 "[0-9a-f]{32}" + register: stack_user_domain_id + tags: + - heat-domain + - heat-domain-setup + - heat-config + +- name: Set fact for heat domain id + set_fact: + stack_user_domain_id: "{{ stack_user_domain_id.stdout }}" + tags: + - heat-domain + - heat-domain-setup + - heat-config + +- name: Assign admin role to heat domain admin user + shell: | + . {{ ansible_env.HOME }}/openrc + openstack --os-identity-api-version=3 \ + --os-auth-url={{ keystone_service_adminurl_v3 }} \ + --os-project-name={{ heat_project_name }} \ + --os-project-domain-id={{ heat_project_domain_id }} \ + --os-user-domain-id={{ heat_user_domain_id }} \ + role \ + add \ + --user {{ heat_stack_domain_admin }} \ + --domain {{ stack_user_domain_id }} \ + admin + tags: + - heat-domain + - heat-domain-setup + - heat-config + diff --git a/playbooks/roles/container_common/tasks/container_packages.yml b/playbooks/roles/os_heat/tasks/heat_install.yml similarity index 61% rename from playbooks/roles/container_common/tasks/container_packages.yml rename to playbooks/roles/os_heat/tasks/heat_install.yml index 9c244461bc..99f6f4ca17 100644 --- a/playbooks/roles/container_common/tasks/container_packages.yml +++ b/playbooks/roles/os_heat/tasks/heat_install.yml @@ -13,20 +13,29 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Ensure container packages are installed +- name: Install apt packages apt: pkg: "{{ item }}" - state: present + state: latest update_cache: yes cache_valid_time: 600 - with_items: container_packages - when: container_packages is defined + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: heat_apt_packages + tags: + - heat-apt-packages -- name: Ensure apt common Packages are installed - apt: - pkg: "{{ item }}" +- name: Install pip packages + pip: + name: "{{ item }}" state: present - update_cache: yes - cache_valid_time: 600 - with_items: apt_common_packages - when: apt_common_packages is defined + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ heat_pip_packages }}" + tags: + - heat-pip-packages diff --git a/playbooks/roles/os_heat/tasks/heat_post_install.yml b/playbooks/roles/os_heat/tasks/heat_post_install.yml new file mode 100644 index 0000000000..1b7a38ce40 --- /dev/null +++ b/playbooks/roles/os_heat/tasks/heat_post_install.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Generate heat Config + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ heat_system_user_name }}" + group: "{{ heat_system_group_name }}" + with_items: + - { src: "heat.conf.j2", dest: "/etc/heat/heat.conf" } + notify: + - Restart heat services + tags: + - heat-config + +- name: Drop heat Configs + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ heat_system_user_name }}" + group: "{{ heat_system_group_name }}" + with_items: + - { src: "api-paste.ini", dest: "/etc/heat/api-paste.ini" } + - { src: "environment.d/default.yaml", dest: "/etc/heat/environment.d/default.yaml" } + - { src: "policy.json", dest: "/etc/heat/policy.json" } + - { src: "templates/AWS_CloudWatch_Alarm.yaml", dest: "/etc/heat/templates/AWS_CloudWatch_Alarm.yaml" } + - { src: "templates/AWS_RDS_DBInstance.yaml", dest: "/etc/heat/templates/AWS_RDS_DBInstance.yaml" } + notify: + - Restart heat services + tags: + - heat-config diff --git a/playbooks/roles/os_heat/tasks/heat_pre_install.yml b/playbooks/roles/os_heat/tasks/heat_pre_install.yml new file mode 100644 index 0000000000..f6683b5b7f --- /dev/null +++ b/playbooks/roles/os_heat/tasks/heat_pre_install.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ heat_system_group_name }}" + state: "present" + system: "yes" + tags: + - heat-group + +- name: Create the heat system user + user: + name: "{{ heat_system_user_name }}" + group: "{{ heat_system_group_name }}" + comment: "{{ heat_system_comment }}" + shell: "{{ heat_system_shell }}" + system: "yes" + createhome: "yes" + home: "/var/lib/{{ heat_system_user_name }}" + tags: + - heat-user + +- name: Create heat dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(heat_system_user_name) }}" + group: "{{ item.group|default(heat_system_group_name) }}" + with_items: + - { path: "/etc/heat" } + - { path: "/etc/heat/environment.d" } + - { path: "/etc/heat/templates" } + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "/var/cache/heat" } + - { path: "{{ heat_system_home_folder }}" } + tags: + - heat-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/heat" ]; then + chown -h {{ heat_system_user_name }}:{{ heat_system_group_name }} "/var/log/heat" + chown -R {{ heat_system_user_name }}:{{ heat_system_group_name }} "$(readlink /var/log/heat)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - heat-dirs + - heat-logs + +- name: Create heat log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(heat_system_user_name) }}" + group: "{{ item.group|default(heat_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/heat" } + when: log_dir.rc != 0 + tags: + - heat-dirs + - heat-logs diff --git a/playbooks/roles/os_heat/tasks/heat_service_add.yml b/playbooks/roles/os_heat/tasks/heat_service_add.yml new file mode 100644 index 0000000000..260802fb5c --- /dev/null +++ b/playbooks/roles/os_heat/tasks/heat_service_add.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create a service +- name: Ensure heat service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + description: "{{ service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - heat-api-setup + - heat-service-add + - heat-setup + +# Create an admin user +- name: Ensure heat user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + password: "{{ service_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - heat-api-setup + - heat-service-add + - heat-setup + +# Add a role to the user +- name: Ensure heat user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + role_name: "{{ role_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - heat-api-setup + - heat-service-add + - heat-setup + +# Create an endpoint +- name: Ensure heat endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ service_region }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + publicurl: "{{ service_publicurl }}" + adminurl: "{{ service_internalurl }}" + internalurl: "{{ service_adminurl }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - heat-api-setup + - heat-service-add + - heat-setup diff --git a/playbooks/roles/os_heat/tasks/heat_service_setup.yml b/playbooks/roles/os_heat/tasks/heat_service_setup.yml new file mode 100644 index 0000000000..5302ad2a74 --- /dev/null +++ b/playbooks/roles/os_heat/tasks/heat_service_setup.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: heat_service_add.yml + vars: + service_user_name: "{{ heat_service_user_name }}" + service_tenant_name: "{{ heat_service_tenant_name }}" + service_name: "{{ heat_service_name }}" + service_type: "{{ heat_service_type }}" + service_region: "{{ heat_service_region }}" + service_description: "{{ heat_service_description }}" + service_password: "{{ heat_service_password }}" + service_publicurl: "{{ heat_service_publicurl }}" + service_internalurl: "{{ heat_service_internalurl }}" + service_adminurl: "{{ heat_service_adminurl }}" + role_name: "{{ heat_service_role_name }}" + tags: + - heat-api + +- include: heat_service_add.yml + vars: + service_user_name: "{{ heat_service_user_name }}" + service_tenant_name: "{{ heat_service_tenant_name }}" + service_name: "{{ heat_cfn_service_name }}" + service_type: "{{ heat_cfn_service_type }}" + service_region: "{{ heat_service_region }}" + service_description: "{{ heat_cfn_service_description }}" + service_password: "{{ heat_cfn_service_password }}" + service_publicurl: "{{ heat_cfn_service_publicurl }}" + service_internalurl: "{{ heat_cfn_service_internalurl }}" + service_adminurl: "{{ heat_cfn_service_adminurl }}" + role_name: "{{ heat_service_role_name }}" + tags: + - heat-api + - heat-api-cfn + +# We add the keystone role used by heat to delegate to the heat service user +# (for performing deferred operations via trusts) +- name: Ensure stack_owner role + keystone: + command: "ensure_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ heat_service_user_name }}" + tenant_name: "{{ heat_service_tenant_name }}" + role_name: "{{ heat_stack_owner_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - heat-api + - heat-api-cfn + +# Any user creating stacks needs to have the 'heat_stack_owner' role assigned, +# we add to admin user here for testing purposes +- name: Ensure admin has stack_owner role + keystone: + command: ensure_user_role + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ keystone_admin_user_name }}" + tenant_name: "{{ keystone_admin_tenant_name }}" + role_name: "{{ heat_stack_owner_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - heat-api + - heat-api-cfn diff --git a/playbooks/roles/nova_libvirt/tasks/main.yml b/playbooks/roles/os_heat/tasks/heat_upstart_common_init.yml similarity index 55% rename from playbooks/roles/nova_libvirt/tasks/main.yml rename to playbooks/roles/os_heat/tasks/heat_upstart_common_init.yml index baadb3393b..cd6f602360 100644 --- a/playbooks/roles/nova_libvirt/tasks/main.yml +++ b/playbooks/roles/os_heat/tasks/heat_upstart_common_init.yml @@ -13,28 +13,34 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Set libvirtd config - template: > - src=libvirtd.conf - dest=/etc/libvirt/libvirtd.conf - owner="root" - group="root" - mode=0644 - notify: Restart libvirt-bin - -- name: Set libvirt-bin upstart script - copy: - src: "libvirt-bin.conf" - dest: "/etc/init/libvirt-bin.conf" +- name: Place the init script + template: + src: "heat-upstart-init.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" owner: "root" group: "root" - mode: "0644" - notify: Restart libvirt-bin + notify: + - Restart heat services + tags: + - upstart-init + - heat-init -- name: Add nova user to libvirtd group - user: - name: "{{ system_user }}" - groups: "libvirtd" - append: "yes" +- name: Reload init scripts + shell: | + initctl reload-configuration + notify: + - Restart heat services + tags: + - upstart-init + - heat-init -- include: virsh_net_remove.yml +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" + notify: + - Restart heat services + tags: + - upstart-init + - heat-init diff --git a/playbooks/roles/os_heat/tasks/heat_upstart_init.yml b/playbooks/roles/os_heat/tasks/heat_upstart_init.yml new file mode 100644 index 0000000000..ca38d1f833 --- /dev/null +++ b/playbooks/roles/os_heat/tasks/heat_upstart_init.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: heat_upstart_common_init.yml + vars: + program_name: "{{ heat_service_program_name }}" + service_name: "{{ heat_service_name }}" + system_user: "{{ heat_system_user_name }}" + system_group: "{{ heat_system_group_name }}" + service_home: "{{ heat_system_home_folder }}" + when: > + inventory_hostname in groups['heat_api'] + +- include: heat_upstart_common_init.yml + vars: + program_name: "{{ heat_cfn_service_program_name }}" + service_name: "{{ heat_service_name }}" + system_user: "{{ heat_system_user_name }}" + system_group: "{{ heat_system_group_name }}" + service_home: "{{ heat_system_home_folder }}" + when: > + inventory_hostname in groups['heat_api_cfn'] + +- include: heat_upstart_common_init.yml + vars: + program_name: "{{ heat_cloudwatch_program_name }}" + service_name: "{{ heat_service_name }}" + system_user: "{{ heat_system_user_name }}" + system_group: "{{ heat_system_group_name }}" + service_home: "{{ heat_system_home_folder }}" + when: > + inventory_hostname in groups['heat_api_cloudwatch'] + +- include: heat_upstart_common_init.yml + vars: + program_name: "{{ heat_engine_program_name }}" + service_name: "{{ heat_service_name }}" + system_user: "{{ heat_system_user_name }}" + system_group: "{{ heat_system_group_name }}" + service_home: "{{ heat_system_home_folder }}" + when: > + inventory_hostname in groups['heat_engine'] diff --git a/playbooks/vars/repo_packages/logstash.yml b/playbooks/roles/os_heat/tasks/main.yml similarity index 59% rename from playbooks/vars/repo_packages/logstash.yml rename to playbooks/roles/os_heat/tasks/main.yml index e5a54f5881..f447468f1a 100644 --- a/playbooks/vars/repo_packages/logstash.yml +++ b/playbooks/roles/os_heat/tasks/main.yml @@ -13,20 +13,21 @@ # See the License for the specific language governing permissions and # limitations under the License. -repo_package_name: logstash +- include: heat_pre_install.yml +- include: heat_install.yml -# Apt repos for ELK -apt_container_keys: - - { url: "http://packages.elasticsearch.org/GPG-KEY-elasticsearch", state: "present" } +- include: heat_domain_setup.yml + when: > + inventory_hostname == groups['heat_all'][0] -apt_container_repos: - - { repo: "deb {{ logstash_repo_url }} stable main", state: "present"} +- include: heat_post_install.yml -container_packages: - - logstash - - logstash-contrib - - openjdk-7-jre +- include: heat_db_setup.yml + when: > + inventory_hostname == groups['heat_all'][0] -service_pip_dependencies: - - python-memcached - - pycrypto +- include: heat_service_setup.yml + when: > + inventory_hostname == groups['heat_all'][0] + +- include: heat_upstart_init.yml diff --git a/playbooks/roles/os_heat/templates/heat-upstart-init.j2 b/playbooks/roles/os_heat/templates/heat-upstart-init.j2 new file mode 100644 index 0000000000..9ecb77d9be --- /dev/null +++ b/playbooks/roles/os_heat/templates/heat-upstart-init.j2 @@ -0,0 +1,41 @@ +# {{ ansible_managed }} + +# vim:set ft=upstart ts=2 et: + +description "{{ program_name }}" +author "Kevin Carter " + +start on runlevel [2345] +stop on runlelvel [016] + +respawn +respawn limit 10 5 + +# Set the RUNBIN environment variable +env RUNBIN="/usr/local/bin/{{ program_name }}" + +# Change directory to service users home +chdir "{{ service_home }}" + +# Pre start actions +pre-start script + mkdir -p "/var/run/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}" + + mkdir -p "/var/lock/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}" +end script + +# Post stop actions +post-stop script + rm "/var/run/{{ program_name }}/{{ program_name }}.pid" +end script + +# Run the start up job +exec start-stop-daemon --start \ + --chuid {{ system_user }} \ + --make-pidfile \ + --pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \ + --exec "{{ program_override|default('$RUNBIN') }}" \ + -- {{ program_config_options|default('') }} \ + --log-file=/var/log/{{ service_name }}/{{ program_name }}.log diff --git a/playbooks/roles/os_heat/templates/heat.conf.j2 b/playbooks/roles/os_heat/templates/heat.conf.j2 new file mode 100644 index 0000000000..7b6317c256 --- /dev/null +++ b/playbooks/roles/os_heat/templates/heat.conf.j2 @@ -0,0 +1,96 @@ +# {{ ansible_managed }} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +use_syslog = False + +log_file = /var/log/heat/heat.log + +stack_domain_admin_password = {{ heat_stack_domain_admin_password }} +stack_domain_admin = {{ heat_stack_domain_admin }} +stack_user_domain_id = {{ hostvars[groups['heat_api'][0]]['stack_user_domain_id'] }} +deferred_auth_method = {{ heat_deferred_auth_method }} + +auth_encryption_key = {{ heat_auth_encryption_key }} + +heat_watch_server_url = {{ heat_watch_server_url }} +heat_waitcondition_server_url = {{ heat_waitcondition_server_url }} +heat_metadata_server_url = {{ heat_metadata_server_url }} + + +## RPC Backend +rpc_backend = {{ heat_rpc_backend }} + + +## RabbitMQ +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ rabbitmq_userid }} +rabbit_password = {{ rabbitmq_password }} +rabbit_hosts = {{ rabbitmq_servers }} + + +[clients] +endpoint_type = {{ heat_client_endpoint }} + +[clients_ceilometer] +endpoint_type = {{ heat_client_endpoint }} + +[clients_cinder] +endpoint_type = {{ heat_client_endpoint }} + +[clients_glance] +endpoint_type = {{ heat_client_endpoint }} + +[clients_heat] +endpoint_type = {{ heat_client_endpoint }} + +[clients_keystone] +endpoint_type = {{ heat_client_endpoint }} + +[clients_neutron] +endpoint_type = {{ heat_client_endpoint }} + +[clients_nova] +endpoint_type = {{ heat_client_endpoint }} + +[clients_swift] +endpoint_type = {{ heat_client_endpoint }} + +[clients_trove] +endpoint_type = {{ heat_client_endpoint }} + +[database] +connection = mysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ galera_address }}/{{ heat_galera_database }}?charset=utf8 + +[ec2authtoken] +auth_uri = {{ keystone_service_internaluri }} + +[heat_api] +bind_port = {{ heat_service_port }} + +[heat_api_cfn] +bind_port = {{ heat_cfn_service_port }} + +[heat_api_cloudwatch] +bind_port = {{ heat_watch_port }} + +[keystone_authtoken] +signing_dir = /var/cache/heat +identity_uri = {{ keystone_service_internaluri }} +auth_uri = {{ keystone_service_internaluri }} +admin_tenant_name = {{ heat_service_tenant_name }} +admin_user = {{ heat_service_user_name }} +admin_password = {{ heat_service_password }} + +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 +revocation_cache_time = 60 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = False diff --git a/playbooks/roles/os_horizon/CONTRIBUTING.rst b/playbooks/roles/os_horizon/CONTRIBUTING.rst new file mode 100644 index 0000000000..7be6438617 --- /dev/null +++ b/playbooks/roles/os_horizon/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack horizon +################# +:tags: openstack, horizon, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/os_horizon/LICENSE b/playbooks/roles/os_horizon/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/os_horizon/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/os_horizon/README.rst b/playbooks/roles/os_horizon/README.rst new file mode 100644 index 0000000000..54ea7770de --- /dev/null +++ b/playbooks/roles/os_horizon/README.rst @@ -0,0 +1,19 @@ +OpenStack horizon +############## +:tags: openstack, horizon, cloud, ansible +:category: \*nix + +Role for deployment, setup and installation of horizon. + +This role will install the following: + * horizon-dashboard + +.. code-block:: yaml + + - name: Installation and setup of horizon + hosts: horizon_all + user: root + roles: + - { role: "os_horizon", tags: [ "os-horizon" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" diff --git a/playbooks/roles/os_horizon/defaults/main.yml b/playbooks/roles/os_horizon/defaults/main.yml new file mode 100644 index 0000000000..a514982246 --- /dev/null +++ b/playbooks/roles/os_horizon/defaults/main.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +## Verbosity Options +debug: False +verbose: True + +## System info +horizon_system_user_name: horizon +horizon_system_group_name: www-data +horizon_system_shell: /bin/false +horizon_system_comment: horizon system user +horizon_system_user_home: "/var/lib/{{ horizon_system_user_name }}" + +## Service Type and Data +horizon_service_region: RegionOne +horizon_service_name: horizon + +## DB info +horizon_galera_database: dash +horizon_galera_user: dash + + +## Horizon Help URL Path +horizon_help_url: http://docs.openstack.org + +## Installation directories +horizon_lib_dir: /usr/local/lib/python2.7/dist-packages + +horizon_endpoint_type: internalURL + +horizon_fqdn: "{{ external_vip_address }}" +horizon_server_name: "horizon" +horizon_log_level: info +horizon_self_signed: true +horizon_self_signed_regen: false +horizon_time_zone: UTC + +## Horizon SSL +### Set the cacert pem if you'd like horizon to verify it. +# horizon_cacert_pem: /path/to/cacert.pem +horizon_ssl_cert: /etc/ssl/certs/apache.cert +horizon_ssl_key: /etc/ssl/private/apache.key +horizon_ssl_cert_path: /etc/ssl/certs + +horizon_listen_ports: + - "80" + - "443" + +horizon_apt_packages: + - apache2 + - apache2-utils + - libapache2-mod-wsgi + - libssl-dev + - libxslt1.1 + - openssl + +horizon_pip_packages: + - django-appconf + - greenlet + - horizon + - keystonemiddleware + - MySQL-python + - oslo.config + - ply + - pycrypto + - python-memcached + - python-keystoneclient diff --git a/playbooks/roles/os_horizon/files/horizon-manage.py b/playbooks/roles/os_horizon/files/horizon-manage.py new file mode 100644 index 0000000000..5818a6de38 --- /dev/null +++ b/playbooks/roles/os_horizon/files/horizon-manage.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import os +import sys + +from django.core.management import execute_from_command_line # noqa + +if __name__ == "__main__": + os.environ.setdefault("DJANGO_SETTINGS_MODULE", + "openstack_dashboard.settings") + execute_from_command_line(sys.argv) diff --git a/playbooks/roles/common/handlers/main.yml b/playbooks/roles/os_horizon/handlers/main.yml similarity index 90% rename from playbooks/roles/common/handlers/main.yml rename to playbooks/roles/os_horizon/handlers/main.yml index f2d40a5405..5ee6a4f494 100644 --- a/playbooks/roles/common/handlers/main.yml +++ b/playbooks/roles/os_horizon/handlers/main.yml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: restart ssh +- name: Restart apache2 service: - name: ssh - state: restarted + name: "apache2" + state: "restarted" \ No newline at end of file diff --git a/playbooks/roles/os_horizon/meta/main.yml b/playbooks/roles/os_horizon/meta/main.yml new file mode 100644 index 0000000000..51866b1e8a --- /dev/null +++ b/playbooks/roles/os_horizon/meta/main.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of horizon + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - horizon + - development + - openstack +dependencies: + - galera_client + - openstack_openrc + - pip_lock_down diff --git a/playbooks/roles/horizon_apache/tasks/main.yml b/playbooks/roles/os_horizon/tasks/horizon_apache.yml similarity index 60% rename from playbooks/roles/horizon_apache/tasks/main.yml rename to playbooks/roles/os_horizon/tasks/horizon_apache.yml index 329dae8fa3..a9a331d465 100644 --- a/playbooks/roles/horizon_apache/tasks/main.yml +++ b/playbooks/roles/os_horizon/tasks/horizon_apache.yml @@ -13,19 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Drop apache2 ports file +- name: Drop apache2 configs template: - src: "horizon-ports.conf" - dest: "/etc/apache2/ports.conf" - owner: "root" - group: "root" - -- name: Drop Horizon config - template: - src: "openstack-dashboard.conf" - dest: "/etc/apache2/sites-available/openstack-dashboard.conf" - owner: "{{ system_user }}" - group: "{{ system_group }}" + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner|default(horizon_system_user_name) }}" + group: "{{ item.group|default(horizon_system_group_name) }}" + with_items: + - { src: "horizon_apache_ports.conf.j2", dest: "/etc/apache2/ports.conf", owner: "root", group: "root" } + - { src: "openstack_dashboard.conf.j2", dest: "/etc/apache2/sites-available/openstack-dashboard.conf" } + notify: Restart apache2 + tags: + - horizon-apache-config + - horizon-apache-ports + - horizon-apache-vhost - name: Enable Horizon Site file: @@ -35,6 +36,10 @@ with_items: - { state: link, name: openstack-dashboard.conf } - { state: absent, name: 000-default.conf } + notify: Restart apache2 + tags: + - horizon-apache-config + - horizon-apache-sites-enabled - name: Enable apache2 modules apache2_module: @@ -46,13 +51,15 @@ - { state: absent, name: mpm_event } - { state: present, name: mpm_worker } - { state: present, name: rewrite } + notify: Restart apache2 + tags: + - horizon-apache-config + - horizon-apache-modules - name: Ensure Apache ServerName lineinfile: dest: "/etc/apache2/apache2.conf" - line: "ServerName {{ container_name }}" - -- name: Ensure Apache is running - service: - name: "apache2" - state: "restarted" + line: "ServerName {{ horizon_server_name }}" + notify: Restart apache2 + tags: + - horizon-apache-config diff --git a/playbooks/roles/os_horizon/tasks/horizon_db_setup.yml b/playbooks/roles/os_horizon/tasks/horizon_db_setup.yml new file mode 100644 index 0000000000..9d9f1492a6 --- /dev/null +++ b/playbooks/roles/os_horizon/tasks/horizon_db_setup.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ horizon_galera_database }}" + state: "present" + tags: + - horizon-db-setup + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ horizon_galera_user }}" + password: "{{ horizon_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ horizon_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + tags: + - horizon-db-setup + +- name: Perform a horizon DB sync + command: horizon-manage.py syncdb --noinput + sudo: yes + sudo_user: "{{ horizon_system_user_name }}" + tags: + - horizon-db-sync + - horizon-setup diff --git a/playbooks/roles/os_horizon/tasks/horizon_install.yml b/playbooks/roles/os_horizon/tasks/horizon_install.yml new file mode 100644 index 0000000000..e760d56576 --- /dev/null +++ b/playbooks/roles/os_horizon/tasks/horizon_install.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: horizon_apt_packages + tags: + - horizon-install + - horizon-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ horizon_pip_packages }}" + tags: + - horizon-install + - horizon-pip-packages diff --git a/playbooks/roles/horizon_common/tasks/main.yml b/playbooks/roles/os_horizon/tasks/horizon_post_install.yml similarity index 51% rename from playbooks/roles/horizon_common/tasks/main.yml rename to playbooks/roles/os_horizon/tasks/horizon_post_install.yml index fde00a2227..8cdb2f9eb5 100644 --- a/playbooks/roles/horizon_common/tasks/main.yml +++ b/playbooks/roles/os_horizon/tasks/horizon_post_install.yml @@ -13,51 +13,49 @@ # See the License for the specific language governing permissions and # limitations under the License. -# The Horizon config files should be replaced for the JUNO release -# juno_revision: true - name: Setup Horizon config(s) template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: "{{ system_user }}" - group: "{{ system_group }}" + owner: "{{ horizon_system_user_name }}" + group: "{{ horizon_system_group_name }}" mode: "{{ item.mode }}" with_items: - - { src: "local_settings.py", dest: "/etc/horizon/local_settings.py", mode: "0644" } + - { src: "horizon_local_settings.py.j2", dest: "/etc/horizon/local_settings.py", mode: "0644" } + tags: + - horizon-configs -- name: Copy manage.py to /usr/local/bin/horizon-manage.py - command: rsync -ci {{ git_dest }}/manage.py /usr/local/bin/horizon-manage.py - register: rsync_result - changed_when: rsync_result.stdout != "" - -- name: Set permissions on /usr/local/bin/horizon-manage.py - file: - path: /usr/local/bin/horizon-manage.py - owner: root - group: root - mode: 0755 - -- name: Remove old links deployed in v9.0.0 - file: path={{ item }} state=absent +- name: Setup Horizon config(s) + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ horizon_system_user_name }}" + group: "{{ horizon_system_group_name }}" + mode: "{{ item.mode }}" with_items: - - "{{ install_lib_dir }}/openstack_dashboard/static/bootstrap/js" - - "{{ install_lib_dir }}/openstack_dashboard/static/horizon" + - { src: "horizon-manage.py", dest: "/usr/local/bin/horizon-manage.py", mode: "0755" } + tags: + - horizon-configs - name: Create horizon links file: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: "{{ system_user }}" - group: "{{ system_group }}" + owner: "{{ horizon_system_user_name }}" + group: "{{ horizon_system_group_name }}" state: "link" with_items: - - { src: "/etc/horizon/local_settings.py", dest: "{{ install_lib_dir }}/openstack_dashboard/local/local_settings.py" } + - { src: "/etc/horizon/local_settings.py", dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/local_settings.py" } + tags: + - horizon-configs -# /opt/horizon/lib/python2.7/site-packages/manage.py - name: Collect and compress static files command: "{{ item }}" sudo: yes - sudo_user: "{{ system_user }}" + sudo_user: "{{ horizon_system_user_name }}" with_items: - horizon-manage.py collectstatic --noinput - horizon-manage.py compress --force + tags: + - horizon-configs + - horizon-static-collect diff --git a/playbooks/roles/os_horizon/tasks/horizon_pre_install.yml b/playbooks/roles/os_horizon/tasks/horizon_pre_install.yml new file mode 100644 index 0000000000..f06d01ec98 --- /dev/null +++ b/playbooks/roles/os_horizon/tasks/horizon_pre_install.yml @@ -0,0 +1,77 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ horizon_system_group_name }}" + state: "present" + system: "yes" + tags: + - horizon-group + +- name: Create the horizon system user + user: + name: "{{ horizon_system_user_name }}" + group: "{{ horizon_system_group_name }}" + comment: "{{ horizon_system_comment }}" + shell: "{{ horizon_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ horizon_system_user_home }}" + tags: + - horizon-user + +- name: Create horizon dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(horizon_system_user_name) }}" + group: "{{ item.group|default(horizon_system_group_name) }}" + with_items: + - { path: "/etc/horizon" } + - { path: "{{ horizon_system_user_home }}" } + - { path: "/usr/local/lib/python2.7/dist-packages/static" } + - { path: "/usr/local/lib/python2.7/dist-packages/openstack_dashboard/local" } + tags: + - horizon-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/horizon" ]; then + chown -h {{ horizon_system_user_name }}:{{ horizon_system_group_name }} "/var/log/horizon" + chown -R {{ horizon_system_user_name }}:{{ horizon_system_group_name }} "$(readlink /var/log/horizon)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - horizon-dirs + - horizon-logs + +- name: Create horizon log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(horizon_system_user_name) }}" + group: "{{ item.group|default(horizon_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/horizon" } + when: log_dir.rc != 0 + tags: + - horizon-dirs + - horizon-logs diff --git a/playbooks/roles/horizon_ssl/tasks/main.yml b/playbooks/roles/os_horizon/tasks/horizon_ssl_key_create.yml similarity index 60% rename from playbooks/roles/horizon_ssl/tasks/main.yml rename to playbooks/roles/os_horizon/tasks/horizon_ssl_key_create.yml index aa8b128ae0..c235860930 100644 --- a/playbooks/roles/horizon_ssl/tasks/main.yml +++ b/playbooks/roles/os_horizon/tasks/horizon_ssl_key_create.yml @@ -13,13 +13,27 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: create self-signed SSL cert +- name: Remove self signed cert for regen + file: + dest: "{{ horizon_ssl_cert }}" + state: "absent" + when: > + horizon_self_signed_regen == true or + horizon_self_signed_regen == "True" + +- name: Create self-signed ssl cert command: > openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizon_server_name }}" -days 3650 - -keyout /etc/ssl/private/apache.key - -out /etc/ssl/certs/apache.cert + -keyout {{ horizon_ssl_key }} + -out {{ horizon_ssl_cert }} -extensions v3_ca - creates=/etc/ssl/certs/apache.cert - when: horizon_self_signed is defined and horizon_self_signed == true + creates={{ horizon_ssl_cert }} + when: > + horizon_self_signed == true or + horizon_self_signed == "True" + notify: Restart apache2 + tags: + - horizon-apache-self-ssl + - horizon-ssl diff --git a/playbooks/roles/os_horizon/tasks/horizon_ssl_key_distribute.yml b/playbooks/roles/os_horizon/tasks/horizon_ssl_key_distribute.yml new file mode 100644 index 0000000000..ba151a7cd9 --- /dev/null +++ b/playbooks/roles/os_horizon/tasks/horizon_ssl_key_distribute.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Distribute self signed ssl + memcached: + name: "{{ item.name }}" + file_path: "{{ item.src }}" + state: "retrieve" + file_mode: "{{ item.file_mode }}" + dir_mode: "{{ item.dir_mode }}" + server: "{{ memcached_servers }}" + encrypt_string: "{{ memcached_encryption_key }}" + with_items: + - { src: "{{ horizon_ssl_cert }}", name: "apache_cert", file_mode: "0640", dir_mode: "0750" } + - { src: "{{ horizon_ssl_key }}", name: "apache_key", file_mode: "0640", dir_mode: "0750" } + register: memcache_keys + until: memcache_keys|success + retries: 5 + delay: 2 + notify: Restart apache2 + tags: + - horizon-key + - horizon-key-distribute + - horizon-ssl diff --git a/playbooks/roles/os_horizon/tasks/horizon_ssl_key_store.yml b/playbooks/roles/os_horizon/tasks/horizon_ssl_key_store.yml new file mode 100644 index 0000000000..bbf8a61268 --- /dev/null +++ b/playbooks/roles/os_horizon/tasks/horizon_ssl_key_store.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Store self signed ssl + memcached: + name: "{{ item.name }}" + file_path: "{{ item.src }}" + state: "present" + server: "{{ memcached_servers }}" + encrypt_string: "{{ memcached_encryption_key }}" + with_items: + - { src: "{{ horizon_ssl_cert }}", name: "apache_cert" } + - { src: "{{ horizon_ssl_key }}", name: "apache_key" } + register: memcache_keys + until: memcache_keys|success + retries: 5 + delay: 2 + tags: + - horizon-key + - horizon-key-store + - horizon-ssl diff --git a/playbooks/inventory/group_vars/rsyslog.yml b/playbooks/roles/os_horizon/tasks/horizon_ssl_self_signed.yml similarity index 66% rename from playbooks/inventory/group_vars/rsyslog.yml rename to playbooks/roles/os_horizon/tasks/horizon_ssl_self_signed.yml index 4eda92992f..d3554b779e 100644 --- a/playbooks/inventory/group_vars/rsyslog.yml +++ b/playbooks/roles/os_horizon/tasks/horizon_ssl_self_signed.yml @@ -13,12 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Variables for the rsyslog containers -# -service_name: rsyslog +- include: horizon_ssl_key_create.yml + when: > + inventory_hostname == groups['horizon_all'][0] -debug: False -verbose: True +- include: horizon_ssl_key_store.yml + when: > + inventory_hostname == groups['horizon_all'][0] -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB +- include: horizon_ssl_key_distribute.yml + when: > + inventory_hostname != groups['horizon_all'][0] diff --git a/playbooks/roles/os_horizon/tasks/horizon_ssl_user_provided.yml b/playbooks/roles/os_horizon/tasks/horizon_ssl_user_provided.yml new file mode 100644 index 0000000000..e723abdc44 --- /dev/null +++ b/playbooks/roles/os_horizon/tasks/horizon_ssl_user_provided.yml @@ -0,0 +1,29 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Drop user provided ssl cert + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "root" + mode: "{{ item.mode }}" + with_items: + - { src: "/etc/ssl/certs/apache.cert", name: "apache.cert", mode: "0640" } + - { src: "/etc/ssl/private/apache.key", name: "apache.key", mode: "0640" } + notify: Restart apache2 + tags: + - horizon-configs + - horizon-ssl diff --git a/playbooks/roles/haproxy_check/tasks/main.yml b/playbooks/roles/os_horizon/tasks/main.yml similarity index 54% rename from playbooks/roles/haproxy_check/tasks/main.yml rename to playbooks/roles/os_horizon/tasks/main.yml index 9dddd16092..4de972d1a4 100644 --- a/playbooks/roles/haproxy_check/tasks/main.yml +++ b/playbooks/roles/os_horizon/tasks/main.yml @@ -13,9 +13,25 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: "Wait for HAProxy to come up" - wait_for: - host: "{{ internal_vip_address }}" - port: "{{ hap_port }}" - timeout: 5 - delay: 0 +- include: horizon_pre_install.yml +- include: horizon_install.yml +- include: horizon_post_install.yml + +- include: horizon_db_setup.yml + when: > + inventory_hostname == groups['horizon_all'][0] + +- include: horizon_ssl_self_signed.yml + when: > + horizon_self_signed == true or + horizon_self_signed == "True" + +- include: horizon_ssl_user_provided.yml + when: > + horizon_self_signed == false or + horizon_self_signed == "False" + +- include: horizon_apache.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/playbooks/roles/os_horizon/templates/horizon_apache_ports.conf.j2 b/playbooks/roles/os_horizon/templates/horizon_apache_ports.conf.j2 new file mode 100644 index 0000000000..442d248c09 --- /dev/null +++ b/playbooks/roles/os_horizon/templates/horizon_apache_ports.conf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for horizon_listen_port in horizon_listen_ports %} +Listen {{ horizon_listen_port }} +{% endfor %} diff --git a/playbooks/roles/horizon_common/templates/local_settings.py b/playbooks/roles/os_horizon/templates/horizon_local_settings.py.j2 similarity index 96% rename from playbooks/roles/horizon_common/templates/local_settings.py rename to playbooks/roles/os_horizon/templates/horizon_local_settings.py.j2 index 2a5139d13a..54192db98c 100644 --- a/playbooks/roles/horizon_common/templates/local_settings.py +++ b/playbooks/roles/os_horizon/templates/horizon_local_settings.py.j2 @@ -2,10 +2,10 @@ import os from django.utils.translation import ugettext_lazy as _ from openstack_dashboard import exceptions -DEBUG = {{ debug|default('False') }} +DEBUG = {{ debug }} TEMPLATE_DEBUG = DEBUG COMPRESS_ENABLED = True -COMPRESS_ROOT = '{{ install_lib_dir }}/static' +COMPRESS_ROOT = '{{ horizon_lib_dir }}/static' # Required for Django 1.5. # If horizon is running in production (DEBUG is False), set this @@ -107,10 +107,7 @@ SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/horizon/.secret_key CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', - 'LOCATION': [ - {% for host in groups['memcached'] %}'{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}'{% if not loop.last %},{% endif %}{% endfor %} - - ] + 'LOCATION': {{ memcached_servers.split(',') }} } } @@ -119,10 +116,10 @@ SESSION_ENGINE = "django.contrib.sessions.backends.cached_db" DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', - 'HOST': '{{ mysql_address }}', - 'NAME': '{{ container_database }}', - 'USER': '{{ container_mysql_user }}', - 'PASSWORD': '{{ container_mysql_password }}', + 'HOST': '{{ galera_address }}', + 'NAME': '{{ horizon_galera_database }}', + 'USER': '{{ horizon_galera_user }}', + 'PASSWORD': '{{ horizon_container_mysql_password }}', 'default-character-set': 'utf8' }, } @@ -144,8 +141,8 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # ('http://cluster2.example.com:5000/v2.0', 'cluster2'), # ] -OPENSTACK_HOST = "{{ auth_host }}" -OPENSTACK_KEYSTONE_URL = "{{ auth_identity_uri }}" +OPENSTACK_HOST = "{{ internal_lb_vip_address }}" +OPENSTACK_KEYSTONE_URL = "{{ keystone_service_internalurl }}" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" # Disable SSL certificate checks (useful for self-signed certificates): @@ -153,11 +150,12 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" OPENSTACK_SSL_NO_VERIFY = True {% else %} OPENSTACK_SSL_NO_VERIFY = False -OPENSTACK_SSL_CACERT = "{{ horizon_cacert_pem }}" {% endif %} +{% if horizon_cacert_pem is defined %} # The CA certificate to use to verify SSL connections -# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' +OPENSTACK_SSL_CACERT = "{{ horizon_cacert_pem }}" +{% endif %} # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the # capabilities of the auth backend for Keystone. @@ -270,7 +268,7 @@ API_RESULT_PAGE_SIZE = 20 # The timezone of the server. This should correspond with the timezone # of your entire OpenStack installation, and hopefully be in UTC. -TIME_ZONE = "UTC" +TIME_ZONE = "{{ horizon_time_zone }}" # When launching an instance, the menu of available flavors is # sorted by RAM usage, ascending. If you would like a different sort order, diff --git a/playbooks/roles/horizon_apache/templates/openstack-dashboard.conf b/playbooks/roles/os_horizon/templates/openstack_dashboard.conf.j2 similarity index 63% rename from playbooks/roles/horizon_apache/templates/openstack-dashboard.conf rename to playbooks/roles/os_horizon/templates/openstack_dashboard.conf.j2 index 810793ec20..6cb8187966 100644 --- a/playbooks/roles/horizon_apache/templates/openstack-dashboard.conf +++ b/playbooks/roles/os_horizon/templates/openstack_dashboard.conf.j2 @@ -1,3 +1,7 @@ +# {{ ansible_managed }} + +{% set threads = ansible_processor_vcpus // 2 %} + ServerName {{ horizon_server_name }} RewriteEngine On @@ -8,26 +12,25 @@ ServerName {{ horizon_server_name }} - LogLevel {{ horizon_log_level|default('info') }} + LogLevel {{ horizon_log_level }} ErrorLog /var/log/horizon/horizon-error.log CustomLog /var/log/horizon/ssl_access.log combined Options +FollowSymLinks SSLEngine on - SSLCertificateFile {{ horizon_ssl_cert|default('/etc/ssl/certs/apache.cert') }} - SSLCertificateKeyFile {{ horizon_ssl_key|default('/etc/ssl/private/apache.key') }} - SSLCACertificatePath {{ horizon_ssl_cert_path|default('/etc/ssl/certs') }} - SSLCARevocationPath {{ horizon_ssl_cert_path|default('/etc/ssl/certs') }} + SSLCertificateFile {{ horizon_ssl_cert }} + SSLCertificateKeyFile {{ horizon_ssl_key }} + SSLCACertificatePath {{ horizon_ssl_cert_path }} + SSLCARevocationPath {{ horizon_ssl_cert_path }} SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown - WSGIScriptAlias / {{ install_lib_dir }}/openstack_dashboard/wsgi/django.wsgi - WSGIDaemonProcess horizon user={{ system_user }} group={{ system_group }} processes=3 threads=10 - - Alias /static {{ install_lib_dir }}/static/ + WSGIScriptAlias / {{ horizon_lib_dir }}/openstack_dashboard/wsgi/django.wsgi + WSGIDaemonProcess horizon user={{ horizon_system_user_name }} group={{ horizon_system_group_name }} processes={{ ansible_processor_cores }} threads={{ threads if threads > 0 else 1 }} + Alias /static {{ horizon_lib_dir }}/static/ Order allow,deny @@ -36,7 +39,7 @@ - + Options -FollowSymlinks AllowOverride None Order allow,deny diff --git a/playbooks/roles/os_keystone/CONTRIBUTING.rst b/playbooks/roles/os_keystone/CONTRIBUTING.rst new file mode 100644 index 0000000000..f2f9a03a9f --- /dev/null +++ b/playbooks/roles/os_keystone/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack keystone +################## +:tags: openstack, keystone, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/os_keystone/LICENSE b/playbooks/roles/os_keystone/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/os_keystone/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/os_keystone/README.rst b/playbooks/roles/os_keystone/README.rst new file mode 100644 index 0000000000..d3deff18cf --- /dev/null +++ b/playbooks/roles/os_keystone/README.rst @@ -0,0 +1,22 @@ +OpenStack keystone +################## +:tags: openstack, keystone, cloud, ansible +:category: \*nix + +Role to install keystone. This will install keystone using apache. + +This role will install the following: + * keystone + * apache2 + +.. code-block:: yaml + + - name: Installation and setup of Keystone + hosts: keystone_all + user: root + roles: + - { role: "os_keystone", tags: [ "os-keystone" ] } + vars: + external_lb_vip_address: 172.16.24.1 + internal_lb_vip_address: 192.168.0.1 + galera_address: "{{ internal_lb_vip_address }}" diff --git a/playbooks/roles/os_keystone/defaults/main.yml b/playbooks/roles/os_keystone/defaults/main.yml new file mode 100644 index 0000000000..187e19f94c --- /dev/null +++ b/playbooks/roles/os_keystone/defaults/main.yml @@ -0,0 +1,133 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +## Verbosity Options +debug: False +verbose: True + +## System info +keystone_system_user_name: keystone +keystone_system_group_name: keystone +keystone_system_service_name: apache2 +keystone_system_shell: /bin/false +keystone_system_comment: keystone system user +keystone_system_user_home: "/var/lib/{{ keystone_system_user_name }}" + +keystone_rpc_backend: rabbit + +## Drivers +keystone_auth_methods: "password,token" +keystone_identity_driver: "keystone.identity.backends.sql.Identity" +# For a sql backed token storage use: "keystone.token.backends.sql.Token" +keystone_token_driver: "keystone.token.persistence.backends.memcache.Token" +keystone_token_provider: "keystone.token.providers.uuid.Provider" + +keystone_bind_address: 0.0.0.0 + +## Memcached servers used within keystone. +# String or Comma separated list of servers. +keystone_memcached_servers: 127.0.0.1 + +## DB info +keystone_galera_user: keystone +keystone_galera_database: keystone + +## Role info +keystone_role_name: admin + +## Admin info +keystone_admin_port: 35357 +keystone_admin_user_name: admin +keystone_admin_tenant_name: admin +keystone_admin_description: Admin Tenant + +## Service Type and Data +keystone_service_region: RegionOne +keystone_service_name: keystone +keystone_service_port: 5000 +keystone_service_proto: http +keystone_service_type: identity +keystone_service_description: "Keystone Identity Service" +keystone_service_user_name: keystone +keystone_service_tenant_name: service + +keystone_service_publicuri: "{{ keystone_service_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}" +keystone_service_publicurl: "{{ keystone_service_publicuri }}/v2.0" +keystone_service_internaluri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}" +keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0" +keystone_service_adminuri: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}" +keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0" + +keystone_service_publicuri_v3: "{{ keystone_service_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}" +keystone_service_publicurl_v3: "{{ keystone_service_publicuri_v3 }}/v3" +keystone_service_internaluri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}" +keystone_service_internalurl_v3: "{{ keystone_service_internaluri_v3 }}/v3" +keystone_service_adminuri_v3: "{{ keystone_service_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}" +keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3" + +## Apache setup +keystone_apache_log_level: info + +keystone_ssl_enabled: false +keystone_ssl_cert: /etc/ssl/certs/apache.cert +keystone_ssl_key: /etc/ssl/private/apache.key +keystone_ssl_cert_path: /etc/ssl/certs + +## Caching +# If set this will enable dog pile cache for keystone. +# keystone_cache_backend_argument: url:127.0.0.1:11211 + +## LDAP section +# Define keystone ldap information here. +# See the http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html +# for more information on available options. The sections here are defined as key: value pairs. Each +# top level key bellow ``keystone_ldap`` is a section. +# (EXAMPLE LAYOUT) +# keystone_ldap: +# ldap: +# url: "ldap://127.0.0.1" +# user: "root" +# password: "secrete" +# ... + +# Common apt packages +keystone_apt_packages: + - apache2 + - apache2-utils + - debhelper + - dh-apparmor + - docutils-common + - git + - libapache2-mod-wsgi + - libjs-sphinxdoc + - libjs-underscore + - libldap2-dev + - libsasl2-dev + - libxslt1.1 + +# Common pip packages +keystone_pip_packages: + - repoze.lru + - pbr + - MySQL-python + - pycrypto + - python-memcached + - python-keystoneclient + - keystonemiddleware + - lxml + - keystone diff --git a/playbooks/roles/keystone_common/templates/keystone-paste.ini.j2 b/playbooks/roles/os_keystone/files/keystone-paste.ini similarity index 80% rename from playbooks/roles/keystone_common/templates/keystone-paste.ini.j2 rename to playbooks/roles/os_keystone/files/keystone-paste.ini index cd13297168..b9515747b6 100644 --- a/playbooks/roles/keystone_common/templates/keystone-paste.ini.j2 +++ b/playbooks/roles/os_keystone/files/keystone-paste.ini @@ -12,15 +12,6 @@ paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory [filter:admin_token_auth] paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory -[filter:xml_body] -paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory - -[filter:xml_body_v2] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV2.factory - -[filter:xml_body_v3] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV3.factory - [filter:json_body] paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory @@ -79,13 +70,13 @@ paste.app_factory = keystone.service:v3_app_factory paste.app_factory = keystone.service:admin_app_factory [pipeline:public_api] -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service +pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service [pipeline:admin_api] -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service +pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service [pipeline:api_v3] -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3 +pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3 [app:public_version_service] paste.app_factory = keystone.service:public_version_app_factory @@ -94,10 +85,10 @@ paste.app_factory = keystone.service:public_version_app_factory paste.app_factory = keystone.service:admin_version_app_factory [pipeline:public_version_api] -pipeline = sizelimit url_normalize xml_body public_version_service +pipeline = sizelimit url_normalize public_version_service [pipeline:admin_version_api] -pipeline = sizelimit url_normalize xml_body admin_version_service +pipeline = sizelimit url_normalize admin_version_service [composite:main] use = egg:Paste#urlmap diff --git a/playbooks/roles/os_keystone/files/keystone-wsgi.py b/playbooks/roles/os_keystone/files/keystone-wsgi.py new file mode 100644 index 0000000000..f5ce498c51 --- /dev/null +++ b/playbooks/roles/os_keystone/files/keystone-wsgi.py @@ -0,0 +1,60 @@ +# Copyright 2013 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import logging +import os + +from oslo import i18n + + +# NOTE(dstanek): i18n.enable_lazy() must be called before +# keystone.i18n._() is called to ensure it has the desired lazy lookup +# behavior. This includes cases, like keystone.exceptions, where +# keystone.i18n._() is called at import time. +i18n.enable_lazy() + + +from keystone import backends +from keystone.common import dependency +from keystone.common import environment +from keystone.common import sql +from keystone import config +from keystone.openstack.common import log +from keystone import service + + +CONF = config.CONF + +config.configure() +sql.initialize() +config.set_default_for_default_log_levels() + +CONF(project='keystone') +config.setup_logging() + +environment.use_stdlib() +name = os.path.basename(__file__) + +if CONF.debug: + CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG) + + +drivers = backends.load_backends() + +# NOTE(ldbragst): 'application' is required in this context by WSGI spec. +# The following is a reference to Python Paste Deploy documentation +# http://pythonpaste.org/deploy/ +application = service.loadapp('config:%s' % config.find_paste_config(), name) + +dependency.resolve_future_dependencies() diff --git a/playbooks/roles/keystone_common/templates/policy.json.j2 b/playbooks/roles/os_keystone/files/policy.json similarity index 100% rename from playbooks/roles/keystone_common/templates/policy.json.j2 rename to playbooks/roles/os_keystone/files/policy.json diff --git a/playbooks/roles/keystone_apache/handlers/main.yml b/playbooks/roles/os_keystone/handlers/main.yml similarity index 79% rename from playbooks/roles/keystone_apache/handlers/main.yml rename to playbooks/roles/os_keystone/handlers/main.yml index 74558ebea0..989637d10b 100644 --- a/playbooks/roles/keystone_apache/handlers/main.yml +++ b/playbooks/roles/os_keystone/handlers/main.yml @@ -14,4 +14,11 @@ # limitations under the License. - name: Restart Apache - service: name=apache2 state=restarted pattern=apache2 + service: + name: "apache2" + state: "restarted" + pattern: "apache2" + register: apache_restart + until: apache_restart|success + retries: 5 + delay: 2 diff --git a/playbooks/roles/os_keystone/meta/main.yml b/playbooks/roles/os_keystone/meta/main.yml new file mode 100644 index 0000000000..f2d66cb77d --- /dev/null +++ b/playbooks/roles/os_keystone/meta/main.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of keystone + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - keystone + - development + - openstack +dependencies: + - galera_client + - openstack_openrc + - pip_lock_down + - memcached_server diff --git a/playbooks/roles/os_keystone/tasks/keystone_apache.yml b/playbooks/roles/os_keystone/tasks/keystone_apache.yml new file mode 100644 index 0000000000..b553e042f0 --- /dev/null +++ b/playbooks/roles/os_keystone/tasks/keystone_apache.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Drop apache2 ports file + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "root" + with_items: + - { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" } + - { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" } + notify: + - Restart Apache + tags: + - keystone-httpd + +- name: Disable default apache site + file: + path: "/etc/apache2/sites-enabled/000-default.conf" + state: "absent" + notify: + - Restart Apache + tags: + - keystone-httpd + +- name: Enabled keystone vhost + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + with_items: + - { src: "/etc/apache2/sites-available/keystone-httpd.conf", dest: "/etc/apache2/sites-enabled/keystone-httpd.conf", state: "link" } + notify: + - Restart Apache + tags: + - keystone-httpd + +- name: Ensure Apache ServerName + lineinfile: + dest: "/etc/apache2/apache2.conf" + line: "ServerName {{ inventory_hostname }}" + notify: + - Restart Apache + tags: + - keystone-httpd diff --git a/playbooks/roles/os_keystone/tasks/keystone_db_setup.yml b/playbooks/roles/os_keystone/tasks/keystone_db_setup.yml new file mode 100644 index 0000000000..8b1c92e9b1 --- /dev/null +++ b/playbooks/roles/os_keystone/tasks/keystone_db_setup.yml @@ -0,0 +1,49 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ keystone_galera_database }}" + state: "present" + tags: + - keystone-db-setup + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ keystone_galera_user }}" + password: "{{ keystone_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ keystone_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + tags: + - keystone-db-setup + +- name: Perform a Keystone DB sync + command: keystone-manage db_sync + sudo: yes + sudo_user: "{{ keystone_system_user_name }}" + tags: + - keystone-db-setup + - keystone-db-sync + - keystone-setup diff --git a/playbooks/roles/os_keystone/tasks/keystone_install.yml b/playbooks/roles/os_keystone/tasks/keystone_install.yml new file mode 100644 index 0000000000..69c9b5a55b --- /dev/null +++ b/playbooks/roles/os_keystone/tasks/keystone_install.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: keystone_apt_packages + tags: + - keystone-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ keystone_pip_packages }}" + tags: + - keystone-pip-packages diff --git a/playbooks/roles/os_keystone/tasks/keystone_post_install.yml b/playbooks/roles/os_keystone/tasks/keystone_post_install.yml new file mode 100644 index 0000000000..dbc8b2e36f --- /dev/null +++ b/playbooks/roles/os_keystone/tasks/keystone_post_install.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Generate Keystone Config + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ keystone_system_user_name }}" + group: "{{ keystone_system_group_name }}" + with_items: + - { src: "keystone.conf.j2", dest: "/etc/keystone/keystone.conf" } + notify: + - Restart Apache + tags: + - keystone-config + +- name: Drop Keystone Configs + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ keystone_system_user_name }}" + group: "{{ keystone_system_group_name }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: "policy.json", dest: "/etc/keystone/policy.json" } + - { src: "keystone-paste.ini", dest: "/etc/keystone/keystone-paste.ini" } + - { src: "keystone-wsgi.py", dest: "/var/www/cgi-bin/keystone/admin", mode: "0755" } + - { src: "keystone-wsgi.py", dest: "/var/www/cgi-bin/keystone/main", mode: "0755" } + notify: + - Restart Apache + tags: + - keystone-config diff --git a/playbooks/roles/os_keystone/tasks/keystone_pre_install.yml b/playbooks/roles/os_keystone/tasks/keystone_pre_install.yml new file mode 100644 index 0000000000..9c27804acd --- /dev/null +++ b/playbooks/roles/os_keystone/tasks/keystone_pre_install.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ keystone_system_group_name }}" + state: "present" + system: "yes" + tags: + - keystone-group + +- name: Create the keystone system user + user: + name: "{{ keystone_system_user_name }}" + group: "{{ keystone_system_group_name }}" + comment: "{{ keystone_system_comment }}" + shell: "{{ keystone_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ keystone_system_user_home }}" + tags: + - keystone-user + +- name: Create keystone dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(keystone_system_user_name) }}" + group: "{{ item.group|default(keystone_system_group_name) }}" + with_items: + - { path: "/etc/keystone" } + - { path: "/etc/keystone/ssl" } + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "{{ keystone_system_user_home }}" } + - { path: "/var/www/cgi-bin", owner: root, group: root } + - { path: "/var/www/cgi-bin/keystone" } + tags: + - keystone-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/keystone" ]; then + chown -h {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "/var/log/keystone" + chown -R {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "$(readlink /var/log/keystone)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - keystone-dirs + - keystone-logs + +- name: Create keystone log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(keystone_system_user_name) }}" + group: "{{ item.group|default(keystone_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/keystone" } + when: log_dir.rc != 0 + tags: + - keystone-dirs + - keystone-logs diff --git a/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml b/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml new file mode 100644 index 0000000000..499d157616 --- /dev/null +++ b/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml @@ -0,0 +1,199 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Restart service + service: + name: "{{ keystone_system_service_name }}" + state: restarted + pattern: "{{ keystone_system_service_name }}" + tags: + - keystone-db-sync + - keystone-setup + +- name: Wait for keystone admin to come up + wait_for: + host: "{{ ansible_ssh_host }}" + port: "{{ keystone_admin_port }}" + timeout: 25 + delay: 10 + tags: + - keystone-db-sync + - keystone-setup + +- name: Wait for keystone service to come up + wait_for: + host: "{{ ansible_ssh_host }}" + port: "{{ keystone_service_port }}" + timeout: 25 + delay: 10 + tags: + - keystone-db-sync + - keystone-setup + +# Create an service tenant +- name: Ensure service tenant + keystone: + command: "ensure_tenant" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + tenant_name: "{{ keystone_service_tenant_name }}" + description: "{{ keystone_service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - keystone-api-setup + - keystone-setup + +# Create an admin tenant +- name: Ensure admin tenant + keystone: + command: "ensure_tenant" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + tenant_name: "{{ keystone_admin_tenant_name }}" + description: "{{ keystone_admin_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - keystone-api-setup + - keystone-setup + +# Create an admin user +- name: Ensure Admin user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ keystone_admin_user_name }}" + tenant_name: "{{ keystone_admin_tenant_name }}" + password: "{{ keystone_auth_admin_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - keystone-api-setup + - keystone-setup + +# Create an admin role +- name: Ensure Admin role + keystone: + command: "ensure_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + role_name: "{{ keystone_role_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - keystone-api-setup + - keystone-setup + +# Add a role to the user +- name: Ensure Admin user to Admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ keystone_admin_user_name }}" + tenant_name: "{{ keystone_admin_tenant_name }}" + role_name: "{{ keystone_role_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - keystone-api-setup + - keystone-setup + +# Create a service +- name: Ensure Keystone Service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ keystone_service_name }}" + service_type: "{{ keystone_service_type }}" + description: "{{ keystone_service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - keystone-api-setup + - keystone-service-add + - keystone-setup + +# Create an admin user +- name: Ensure Keystone user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ keystone_service_user_name }}" + tenant_name: "{{ keystone_service_tenant_name }}" + password: "{{ keystone_auth_admin_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - keystone-api-setup + - keystone-service-add + - keystone-setup + +# Add a role to the user +- name: Ensure Keystone user to Admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ keystone_service_user_name }}" + tenant_name: "{{ keystone_service_tenant_name }}" + role_name: "{{ keystone_role_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - keystone-api-setup + - keystone-service-add + - keystone-setup + +# Create an endpoint +- name: Ensure Keystone Endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ keystone_service_region }}" + service_name: "{{ keystone_service_name }}" + service_type: "{{ keystone_service_type }}" + publicurl: "{{ keystone_service_publicurl }}" + adminurl: "{{ keystone_service_adminurl }}" + internalurl: "{{ keystone_service_internalurl }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - keystone-api-setup + - keystone-service-add + - keystone-setup diff --git a/playbooks/roles/keystone_setup/tasks/keystone_token_cron.yml b/playbooks/roles/os_keystone/tasks/keystone_token_cleanup.yml similarity index 86% rename from playbooks/roles/keystone_setup/tasks/keystone_token_cron.yml rename to playbooks/roles/os_keystone/tasks/keystone_token_cleanup.yml index 1d3622b9ba..9e5f33e4f0 100644 --- a/playbooks/roles/keystone_setup/tasks/keystone_token_cron.yml +++ b/playbooks/roles/os_keystone/tasks/keystone_token_cleanup.yml @@ -18,4 +18,8 @@ name: "Clear out stale keystone tokens" minute: 0 job: "/usr/local/bin/keystone-manage token_flush" - user: "{{ system_user }}" + user: "{{ keystone_system_user_name }}" + when: > + 'sql' in keystone_token_driver + tags: + - keystone-config diff --git a/playbooks/vars/repo_packages/kibana.yml b/playbooks/roles/os_keystone/tasks/main.yml similarity index 61% rename from playbooks/vars/repo_packages/kibana.yml rename to playbooks/roles/os_keystone/tasks/main.yml index 06bca449ba..d2a6304e48 100644 --- a/playbooks/vars/repo_packages/kibana.yml +++ b/playbooks/roles/os_keystone/tasks/main.yml @@ -13,17 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -repo_package_name: kibana +- include: keystone_pre_install.yml +- include: keystone_install.yml +- include: keystone_post_install.yml -kibana_root: /opt/kibana -kibana_url: "{{ openstack_repo_url }}/downloads/kibana-3.1.0.tar.gz" -kibana_sha256sum: "059a4b6b507b9ff771901d12035e499b0e8d1cae7d9e5284633e19da6c294e07" +- include: keystone_db_setup.yml + when: > + inventory_hostname == groups['keystone_all'][0] -container_packages: - - apache2 - - python-passlib - - openjdk-7-jre +- include: keystone_apache.yml +- include: keystone_token_cleanup.yml -service_pip_dependencies: - - python-memcached - - pycrypto +- include: keystone_service_setup.yml + when: > + inventory_hostname == groups['keystone_all'][0] diff --git a/playbooks/roles/os_keystone/templates/keystone-httpd.conf.j2 b/playbooks/roles/os_keystone/templates/keystone-httpd.conf.j2 new file mode 100644 index 0000000000..1a98a8c731 --- /dev/null +++ b/playbooks/roles/os_keystone/templates/keystone-httpd.conf.j2 @@ -0,0 +1,51 @@ +# {{ ansible_managed }} + +{% set threads = ansible_processor_vcpus|default(2) // 2 %} + +WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup processes={{ ansible_processor_cores|default(1) }} threads={{ threads if threads > 0 else 1 }} + + + LogLevel {{ keystone_apache_log_level }} + ErrorLog /var/log/keystone/keystone-apache-error.log + CustomLog /var/log/keystone/ssl_access.log combined + Options +FollowSymLinks + + {% if keystone_ssl_enabled == true %} + SSLEngine on + SSLCertificateFile {{ keystone_ssl_cert }} + SSLCertificateKeyFile {{ keystone_ssl_key }} + SSLCACertificatePath {{ keystone_ssl_cert_path }} + SSLCARevocationPath {{ keystone_ssl_cert_path }} + SSLVerifyClient optional + SSLVerifyDepth 10 + SSLProtocol all -SSLv2 + SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW + SSLOptions +StdEnvVars +ExportCertData + {% endif %} + + WSGIScriptAlias / /var/www/cgi-bin/keystone/main + WSGIProcessGroup keystone + + + + LogLevel {{ keystone_apache_log_level }} + ErrorLog /var/log/keystone/keystone-apache-error.log + CustomLog /var/log/keystone/ssl_access.log combined + Options +FollowSymLinks + + {% if keystone_ssl_enabled == true %} + SSLEngine on + SSLCertificateFile {{ keystone_ssl_cert }} + SSLCertificateKeyFile {{ keystone_ssl_key }} + SSLCACertificatePath {{ keystone_ssl_cert_path }} + SSLCARevocationPath {{ keystone_ssl_cert_path }} + SSLVerifyClient optional + SSLVerifyDepth 10 + SSLProtocol all -SSLv2 + SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW + SSLOptions +StdEnvVars +ExportCertData + {% endif %} + + WSGIScriptAlias / /var/www/cgi-bin/keystone/admin + WSGIProcessGroup keystone + diff --git a/playbooks/roles/os_keystone/templates/keystone-ports.conf.j2 b/playbooks/roles/os_keystone/templates/keystone-ports.conf.j2 new file mode 100644 index 0000000000..35891dc19c --- /dev/null +++ b/playbooks/roles/os_keystone/templates/keystone-ports.conf.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +Listen {{ keystone_service_port }} +Listen {{ keystone_admin_port }} diff --git a/playbooks/roles/os_keystone/templates/keystone.conf.j2 b/playbooks/roles/os_keystone/templates/keystone.conf.j2 new file mode 100644 index 0000000000..78d79da9a3 --- /dev/null +++ b/playbooks/roles/os_keystone/templates/keystone.conf.j2 @@ -0,0 +1,75 @@ +# {{ ansible_managed }} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +admin_token = {{ keystone_auth_admin_token }} +bind_host = {{ keystone_bind_address }} +public_port = {{ keystone_service_port }} +public_endpoint = {{ keystone_service_publicuri }} +admin_port = {{ keystone_admin_port }} +admin_endpoint = {{ keystone_service_adminuri }} + +log_file = keystone.log +log_dir = /var/log/keystone +rabbit_hosts = {{ rabbitmq_servers }} +rabbit_userid = {{ rabbitmq_userid }} +rabbit_password = {{ rabbitmq_password }} +rpc_backend = {{ keystone_rpc_backend }} + + +[memcache] +servers = {{ keystone_memcached_servers }} + + +max_compare_and_set_retry = 16 + +{% if keystone_cache_backend_argument is defined %} +[cache] +backend = dogpile.cache.memcached +backend_argument = {{ keystone_cache_backend_argument }} +config_prefix = cache.keystone +distributed_lock = True +expiration_time = 5400 +enabled = true +{% endif %} + +[revoke] +expiration_buffer = 1800 +caching = true + +[auth] +methods = {{ keystone_auth_methods }} + +[database] +connection = mysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ galera_address }}/{{ keystone_galera_database }}?charset=utf8 +idle_timeout = 200 +min_pool_size = 5 +max_pool_size = 10 +pool_timeout = 200 + +[identity] +driver = {{ keystone_identity_driver }} + +[assignment] +driver = keystone.assignment.backends.sql.Assignment +caching = true + +{% if keystone_ldap is defined %} +{% for section in keystone_ldap|dictsort %} +[{{ section.0 }}] +{% for key, value in section.1.items() %} +{{ key }} = {{ value }} +{% endfor %} +{% endfor %} +{% endif %} + + +[token] +enforce_token_bind = permissive +revocation_cache_time = 3600 +expiration = 43200 +caching = true +cache_time = 5400 +provider = {{ keystone_token_provider }} +driver = {{ keystone_token_driver }} diff --git a/playbooks/roles/os_neutron/CONTRIBUTING.rst b/playbooks/roles/os_neutron/CONTRIBUTING.rst new file mode 100644 index 0000000000..0fadbad475 --- /dev/null +++ b/playbooks/roles/os_neutron/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack neutron +################# +:tags: openstack, neutron, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/os_neutron/LICENSE b/playbooks/roles/os_neutron/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/os_neutron/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/os_neutron/README.rst b/playbooks/roles/os_neutron/README.rst new file mode 100644 index 0000000000..82143fdfa0 --- /dev/null +++ b/playbooks/roles/os_neutron/README.rst @@ -0,0 +1,20 @@ +OpenStack Neutron +################# +:tags: openstack, nova, cloud, ansible +:category: \*nix + +Role for deployment, setup and installation of nova. + +This role will install the following: + * neutron-server + * neutron-agents + +.. code-block:: yaml + + - name: Installation and setup of Neutron + hosts: neutron_all + user: root + roles: + - { role: "os_neutron", tags: [ "os-neutron" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" diff --git a/playbooks/roles/os_neutron/defaults/main.yml b/playbooks/roles/os_neutron/defaults/main.yml new file mode 100644 index 0000000000..570e5c615c --- /dev/null +++ b/playbooks/roles/os_neutron/defaults/main.yml @@ -0,0 +1,186 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +## Verbosity Options +debug: False +verbose: True + +## neutron User / Group +neutron_system_user_name: neutron +neutron_system_group_name: neutron +neutron_system_comment: neutron system user +neutron_system_shell: /bin/false +neutron_system_home_folder: "/var/lib/{{ neutron_system_user_name }}" + +## DB +neutron_galera_user: neutron +neutron_galera_password: "{{ neutron_container_mysql_password }}" +neutron_galera_database: neutron +neutron_db_revision: head +neutron_db_config: /etc/neutron/neutron.conf +neutron_db_plugin: /etc/neutron/plugins/ml2/ml2_conf.ini + +## Plugins +neutron_plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin +neutron_plugin_base: + - neutron.services.l3_router.l3_router_plugin.L3RouterPlugin + - neutron.services.loadbalancer.plugin.LoadBalancerPlugin + - neutron.services.vpn.plugin.VPNDriverPlugin + - neutron.services.metering.metering_plugin.MeteringPlugin +neutron_plugin_loaded_base: "{% for plugin in neutron_plugin_base %}{{ plugin }}{% if not loop.last %},{% endif %}{% endfor %}" + +## Drivers +neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler +neutron_driver_loadbalancer_pool_scheduler: neutron.services.loadbalancer.agent_scheduler.ChanceScheduler +neutron_driver_interface: neutron.agent.linux.interface.BridgeInterfaceDriver +neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver +neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq +neutron_driver_notification: neutron.openstack.common.notifier.rpc_notifier +neutron_driver_quota: neutron.db.quota_db.DbQuotaDriver + +## General Neutron configuration +# If ``neutron_api_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# neutron_api_workers: 16 + +# If ``neutron_rpc_workers`` is unset the system will use half the number of ``neutron_api_workers`` to +# compute the number of api workers to use. +# neutron_rpc_workers: 16 + +# If ``neutron_metadata_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# neutron_metadata_workers: 16 +neutron_metadata_backlog: 128 + + +## Auth +neutron_service_tenant_name: service +neutron_service_role_name: admin +neutron_service_user_name: neutron +neutron_service_name: neutron +neutron_service_type: network +neutron_service_description: "OpenStack Networking" +neutron_service_port: 9696 +neutron_service_proto: http +neutron_service_publicuri: "{{ neutron_service_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}" +neutron_service_publicurl: "{{ neutron_service_publicuri }}" +neutron_service_adminuri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" +neutron_service_adminurl: "{{ neutron_service_adminuri }}" +neutron_service_internaluri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" +neutron_service_internalurl: "{{ neutron_service_internaluri }}" +neutron_service_region: RegionOne + +neutron_service_program_name: neutron-server +neutron_service_program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini +neutron_service_program_enabled: false + +neutron_service_dhcp_program_name: neutron-dhcp-agent +neutron_service_dhcp_program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini +neutron_service_dhcp_program_enabled: false + +neutron_service_l3_program_name: neutron-l3-agent +neutron_service_l3_program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini +neutron_service_l3_program_enabled: false + +neutron_service_linuxbridge_program_name: neutron-linuxbridge-agent +neutron_service_linuxbridge_program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini +neutron_service_linuxbridge_program_enabled: false + +neutron_service_metadata_program_name: neutron-metadata-agent +neutron_service_metadata_program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini +neutron_service_metadata_program_enabled: false + +neutron_service_metering_program_name: neutron-metering-agent +neutron_service_metering_program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metering_agent.ini +neutron_service_metering_program_enabled: false + +## Agent +neutron_external_network_bridge: "" +neutron_gateway_external_network_id: "" + +neutron_agent_mode: legacy +neutron_agent_down_time: 120 +neutron_agent_polling_interval: 5 +neutron_report_interval: "{{ neutron_agent_down_time | int / 2 | int }}" +neutron_network_device_mtu: 1450 + +# L3HA configuration options. +neutron_ha_vrrp_advert_int: 2 +neutron_ha_vrrp_auth_password: None +neutron_ha_vrrp_auth_type: PASS +neutron_handle_internal_only_routers: True +neutron_l3_ha_enabled: False +neutron_l3_ha_net_cidr: 169.254.192.0/18 + +# If ``neutron_min_l3_agents_per_router`` is unset the system will use half the number of hosts in the +# "neutron_agent" group to determine the min agents per routers. +# neutron_min_l3_agents_per_router: 3 + +# If ``neutron_max_l3_agents_per_router`` is unset the system will use the number of hosts in the +# "neutron_agent" group to determine the max agents per routers. +# neutron_max_l3_agents_per_router: 3 + +# DHCP AGENT CONFIG +neutron_dhcp_config: + dhcp-option-force: "26,1450" + log-facility: "/var/log/neutron/neutron-dnsmasq.log" + +neutron_dhcp_domain: openstacklocal +neutron_dhcp_delete_namespaces: True +# Comma-separated list of DNS servers which will be used by dnsmasq as forwarders. +neutron_dnsmasq_dns_servers: "" +# Limit number of leases to prevent a denial-of-service. +neutron_dnsmasq_lease_max: 16777216 + +## RPC +neutron_rpc_backend: rabbit + +neutron_apt_packages: + - conntrackd + - conntrack + - dnsmasq-base + - dnsmasq-utils + - ipset + - iputils-arping + - keepalived + - libpq-dev + +neutron_pip_packages: + - configobj + - cliff + - keystonemiddleware + - MySQL-python + - neutron + - pycrypto + - python-glanceclient + - python-keystoneclient + - python-memcached + - python-neutronclient + - python-novaclient + - repoze.lru + +## Service Names +neutron_service_names: + - neutron-agent + - neutron-dhcp-agent + - neutron-linuxbridge-agent + - neutron-l3-agent + - neutron-metadata-agent + - neutron-metering-agent + - neutron-server diff --git a/playbooks/roles/neutron_common/templates/api-paste.ini b/playbooks/roles/os_neutron/files/api-paste.ini similarity index 100% rename from playbooks/roles/neutron_common/templates/api-paste.ini rename to playbooks/roles/os_neutron/files/api-paste.ini diff --git a/playbooks/roles/neutron_l3_ha/files/neutron-ha-tool.py b/playbooks/roles/os_neutron/files/neutron-ha-tool.py similarity index 100% rename from playbooks/roles/neutron_l3_ha/files/neutron-ha-tool.py rename to playbooks/roles/os_neutron/files/neutron-ha-tool.py diff --git a/playbooks/roles/neutron_common/templates/policy.json b/playbooks/roles/os_neutron/files/policy.json similarity index 100% rename from playbooks/roles/neutron_common/templates/policy.json rename to playbooks/roles/os_neutron/files/policy.json diff --git a/playbooks/roles/neutron_common/files/post-up-checksum-rules.sh b/playbooks/roles/os_neutron/files/post-up-checksum-rules similarity index 61% rename from playbooks/roles/neutron_common/files/post-up-checksum-rules.sh rename to playbooks/roles/os_neutron/files/post-up-checksum-rules index 75154698ff..f640b5257b 100644 --- a/playbooks/roles/neutron_common/files/post-up-checksum-rules.sh +++ b/playbooks/roles/os_neutron/files/post-up-checksum-rules @@ -27,26 +27,16 @@ # Iptables path, used for ipv4 firewall. IPTABLES=$(which iptables) -if [ ! -z "${IPTABLES}" ];then - if [ ! "$(${IPTABLES} -t mangle -nL | awk '$4 == "0.0.0.0/0" && $5 == "0.0.0.0/0" && $9 == "fill"')" ];then - ${IPTABLES} -A POSTROUTING \ - -t mangle \ - -p udp \ - --dport 68 \ - -j CHECKSUM \ - --checksum-fill +if [ ! -z "${IPTABLES}" ]; then + if ! ${IPTABLES} -C POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill 2> /dev/null; then + ${IPTABLES} -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill fi fi # Ip6tables path, used for ipv6 firewall. IP6TABLES=$(which ip6tables) -if [ ! -z "${IP6TABLES}" ];then - if [ ! "$(${IP6TABLES} -t mangle -nL | awk '$3 == "::/0" && $4 == "::/0" && $8 == "fill"')" ];then - ${IP6TABLES} -A POSTROUTING \ - -t mangle \ - -p udp \ - --dport 68 \ - -j CHECKSUM \ - --checksum-fill +if [ ! -z "${IP6TABLES}" ]; then + if ! ${IP6TABLES} -C POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill 2> /dev/null; then + ${IP6TABLES} -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill fi fi diff --git a/playbooks/roles/neutron_common/templates/rootwrap.conf b/playbooks/roles/os_neutron/files/rootwrap.conf similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.conf rename to playbooks/roles/os_neutron/files/rootwrap.conf diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/debug.filters b/playbooks/roles/os_neutron/files/rootwrap.d/debug.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/debug.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/debug.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/dhcp.filters b/playbooks/roles/os_neutron/files/rootwrap.d/dhcp.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/dhcp.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/dhcp.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/ipset-firewall.filters b/playbooks/roles/os_neutron/files/rootwrap.d/ipset-firewall.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/ipset-firewall.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/ipset-firewall.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/iptables-firewall.filters b/playbooks/roles/os_neutron/files/rootwrap.d/iptables-firewall.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/iptables-firewall.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/iptables-firewall.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/l3.filters b/playbooks/roles/os_neutron/files/rootwrap.d/l3.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/l3.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/l3.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/lbaas-haproxy.filters b/playbooks/roles/os_neutron/files/rootwrap.d/lbaas-haproxy.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/lbaas-haproxy.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/lbaas-haproxy.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/linuxbridge-plugin.filters b/playbooks/roles/os_neutron/files/rootwrap.d/linuxbridge-plugin.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/linuxbridge-plugin.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/linuxbridge-plugin.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/nec-plugin.filters b/playbooks/roles/os_neutron/files/rootwrap.d/nec-plugin.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/nec-plugin.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/nec-plugin.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/openvswitch-plugin.filters b/playbooks/roles/os_neutron/files/rootwrap.d/openvswitch-plugin.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/openvswitch-plugin.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/openvswitch-plugin.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/ryu-plugin.filters b/playbooks/roles/os_neutron/files/rootwrap.d/ryu-plugin.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/ryu-plugin.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/ryu-plugin.filters diff --git a/playbooks/roles/neutron_common/templates/rootwrap.d/vpnaas.filters b/playbooks/roles/os_neutron/files/rootwrap.d/vpnaas.filters similarity index 100% rename from playbooks/roles/neutron_common/templates/rootwrap.d/vpnaas.filters rename to playbooks/roles/os_neutron/files/rootwrap.d/vpnaas.filters diff --git a/playbooks/roles/os_neutron/handlers/main.yml b/playbooks/roles/os_neutron/handlers/main.yml new file mode 100644 index 0000000000..99f3b87e4f --- /dev/null +++ b/playbooks/roles/os_neutron/handlers/main.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Restart neutron services + service: + name: "{{ item }}" + state: restarted + pattern: "{{ item }}" + with_items: neutron_service_names + failed_when: false diff --git a/playbooks/roles/os_neutron/meta/main.yml b/playbooks/roles/os_neutron/meta/main.yml new file mode 100644 index 0000000000..fc91881069 --- /dev/null +++ b/playbooks/roles/os_neutron/meta/main.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of neutron + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - neutron + - development + - openstack +dependencies: + - galera_client + - openstack_openrc + - pip_lock_down diff --git a/playbooks/inventory/group_vars/kibana.yml b/playbooks/roles/os_neutron/tasks/main.yml similarity index 58% rename from playbooks/inventory/group_vars/kibana.yml rename to playbooks/roles/os_neutron/tasks/main.yml index 663c50bd1d..d274629668 100644 --- a/playbooks/inventory/group_vars/kibana.yml +++ b/playbooks/roles/os_neutron/tasks/main.yml @@ -13,23 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Variables for the logstash containers -service_name: kibana +- include: neutron_pre_install.yml +- include: neutron_install.yml +- include: neutron_post_install.yml -debug: False -verbose: True +- include: neutron_db_setup.yml + when: > + inventory_hostname == groups['neutron_all'][0] -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB +- include: neutron_service_setup.yml + when: > + inventory_hostname == groups['neutron_all'][0] -system_user: www-user -system_group: www-data +- include: neutron_l3_ha.yml + when: > + inventory_hostname in groups['neutron_agent'] -kibana_fqdn: "{{ external_vip_address }}" -kibana_server_name: "{{ container_name }}" -kibana_self_signed: true -kibana_ssl_port: 8443 - -# Directories to create -container_directories: - - { name: /var/log/kibana, mode: 755 } +- include: neutron_upstart_init.yml diff --git a/playbooks/roles/os_neutron/tasks/neutron_db_setup.yml b/playbooks/roles/os_neutron/tasks/neutron_db_setup.yml new file mode 100644 index 0000000000..4837a825ad --- /dev/null +++ b/playbooks/roles/os_neutron/tasks/neutron_db_setup.yml @@ -0,0 +1,76 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ neutron_galera_database }}" + state: "present" + tags: + - neutron-db-setup + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ neutron_galera_user }}" + password: "{{ neutron_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ neutron_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + tags: + - neutron-db-setup + +- name: Perform a Neutron DB Upgrade + command: | + neutron-db-manage --config-file {{ neutron_db_config }} + --config-file {{ neutron_db_plugin }} + upgrade {{ neutron_db_revision }} + sudo: yes + sudo_user: "{{ neutron_system_user_name }}" + tags: + - neutron-db-setup + - neutron-upgrade + +# This is using shell because we are grep-ing +- name: Check for DB revision + shell: | + neutron-db-manage history | grep -w 'Revision ID: {{ neutron_db_revision }}' + register: neutron_dbmanage + failed_when: false + changed_when: neutron_dbmanage.rc != 0 + sudo: yes + sudo_user: "{{ neutron_system_user_name }}" + tags: + - neutron-db-setup + - neutron-stamp + +- name: Perform a Neutron DB Stamp + command: | + neutron-db-manage --config-file {{ neutron_db_config }} + --config-file {{ neutron_db_plugin }} + stamp {{ neutron_db_revision }} + when: neutron_dbmanage.rc != 0 + sudo: yes + sudo_user: "{{ neutron_system_user_name }}" + tags: + - neutron-db-setup + - neutron-stamp diff --git a/playbooks/roles/os_neutron/tasks/neutron_install.yml b/playbooks/roles/os_neutron/tasks/neutron_install.yml new file mode 100644 index 0000000000..2211335aaf --- /dev/null +++ b/playbooks/roles/os_neutron/tasks/neutron_install.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: neutron_apt_packages + tags: + - neutron-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ neutron_pip_packages }}" + tags: + - neutron-pip-packages diff --git a/playbooks/roles/neutron_l3_ha/tasks/main.yml b/playbooks/roles/os_neutron/tasks/neutron_l3_ha.yml similarity index 86% rename from playbooks/roles/neutron_l3_ha/tasks/main.yml rename to playbooks/roles/os_neutron/tasks/neutron_l3_ha.yml index a883a716d5..3bbd546787 100644 --- a/playbooks/roles/neutron_l3_ha/tasks/main.yml +++ b/playbooks/roles/os_neutron/tasks/neutron_l3_ha.yml @@ -13,6 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +# This should be revised in Kilo +# kilo_revision: true + - name: "Drop AT&T neutron ha tool" copy: src: "neutron-ha-tool.py" @@ -20,17 +23,23 @@ owner: "root" group: "root" mode: "0755" + tags: + - neutron-ha-tool - name: Convert the hostname to an int name2int: name: "{{ inventory_hostname }}" register: hashed_name + tags: + - neutron-ha-tool -# These are used in the Neutron HA Cron job script +# These are used in the Neutron HA Cron job script, and processed in the template. - name: Creating Job Facts set_fact: do_job: ". /root/openrc && /opt/neutron-ha-tool.py --l3-agent-migrate" sleep_time: "{{ hashed_name.int_value }}" + tags: + - neutron-ha-tool - name: "Drop Neutron HA job script" template: @@ -39,6 +48,8 @@ owner: "root" group: "root" mode: "0755" + tags: + - neutron-ha-tool - name: Create Neutron HA cron: @@ -51,9 +62,9 @@ job: "/opt/neutron-ha-tool.sh" user: root cron_file: "neutron-ha-tool" + tags: + - neutron-ha-tool -# This should be revised in Kilo -# kilo_revision: true - name: Remove old cronjobs if found. file: path: "{{ item }}" @@ -61,3 +72,5 @@ with_items: - /etc/cron.d/replicate_dhcp - /etc/cron.d/l3_agent_migrate + tags: + - neutron-ha-tool diff --git a/playbooks/roles/os_neutron/tasks/neutron_post_install.yml b/playbooks/roles/os_neutron/tasks/neutron_post_install.yml new file mode 100644 index 0000000000..b6d4ba0708 --- /dev/null +++ b/playbooks/roles/os_neutron/tasks/neutron_post_install.yml @@ -0,0 +1,93 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure service tenant + shell: | + . {{ ansible_env.HOME }}/openrc && keystone tenant-list | awk '/service/ {print $2}' + register: service_id + tags: + - neutron-config + +- name: Set service tenant id + set_fact: + nova_admin_tenant_id: "{{ service_id.stdout }}" + tags: + - neutron-config + +- name: Generate neutron Config + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ neutron_system_user_name }}" + group: "{{ neutron_system_group_name }}" + with_items: + - { src: "dhcp_agent.ini.j2", dest: "/etc/neutron/dhcp_agent.ini" } + - { src: "dnsmasq-neutron.conf.j2", dest: "/etc/neutron/dnsmasq-neutron.conf" } + - { src: "l3_agent.ini.j2", dest: "/etc/neutron/l3_agent.ini" } + - { src: "metadata_agent.ini.j2", dest: "/etc/neutron/metadata_agent.ini" } + - { src: "metering_agent.ini.j2", dest: "/etc/neutron/metering_agent.ini" } + - { src: "neutron.conf.j2", dest: "/etc/neutron/neutron.conf" } + - { src: "plugins/ml2/ml2_conf.ini.j2", dest: "/etc/neutron/plugins/ml2/ml2_conf.ini" } + notify: + - Restart neutron services + tags: + - neutron-config + +- name: Drop neutron Configs + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ neutron_system_user_name }}" + group: "{{ neutron_system_group_name }}" + with_items: + - { src: "api-paste.ini", dest: "/etc/neutron/api-paste.ini" } + - { src: "policy.json", dest: "/etc/neutron/policy.json" } + - { src: "rootwrap.conf", dest: "/etc/neutron/rootwrap.conf" } + - { src: "rootwrap.d/debug.filters", dest: "/etc/neutron/rootwrap.d/debug.filters" } + - { src: "rootwrap.d/dhcp.filters", dest: "/etc/neutron/rootwrap.d/dhcp.filters" } + - { src: "rootwrap.d/ipset-firewall.filters", dest: "/etc/neutron/rootwrap.d/ipset-firewall.filters" } + - { src: "rootwrap.d/iptables-firewall.filters", dest: "/etc/neutron/rootwrap.d/iptables-firewall.filters" } + - { src: "rootwrap.d/nec-plugin.filters", dest: "/etc/neutron/rootwrap.d/nec-plugin.filters" } + - { src: "rootwrap.d/openvswitch-plugin.filters", dest: "/etc/neutron/rootwrap.d/openvswitch-plugin.filters" } + - { src: "rootwrap.d/ryu-plugin.filters", dest: "/etc/neutron/rootwrap.d/ryu-plugin.filters" } + - { src: "rootwrap.d/lbaas-haproxy.filters", dest: "/etc/neutron/rootwrap.d/lbaas-haproxy.filters" } + - { src: "rootwrap.d/linuxbridge-plugin.filters", dest: "/etc/neutron/rootwrap.d/linuxbridge-plugin.filters" } + - { src: "rootwrap.d/l3.filters", dest: "/etc/neutron/rootwrap.d/l3.filters" } + - { src: "rootwrap.d/vpnaas.filters", dest: "/etc/neutron/rootwrap.d/vpnaas.filters" } + notify: + - Restart neutron services + tags: + - neutron-config + +- name: Drop iptables checksum fix + copy: + src: "post-up-checksum-rules" + dest: "/etc/network/if-up.d/post-up-checksum-rules" + owner: "root" + group: "root" + mode: "0755" + when: > + inventory_hostname in groups['neutron_linuxbridge_agent'] + tags: + - neutron-config + - neutron-checksum-fix + +- name: Run iptables checksum fix + command: /etc/network/if-up.d/post-up-checksum-rules + when: > + inventory_hostname in groups['neutron_linuxbridge_agent'] + tags: + - neutron-config + - neutron-checksum-fix diff --git a/playbooks/roles/os_neutron/tasks/neutron_pre_install.yml b/playbooks/roles/os_neutron/tasks/neutron_pre_install.yml new file mode 100644 index 0000000000..b134c956c7 --- /dev/null +++ b/playbooks/roles/os_neutron/tasks/neutron_pre_install.yml @@ -0,0 +1,94 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create the system group + group: + name: "{{ neutron_system_group_name }}" + state: "present" + system: "yes" + tags: + - neutron-group + +- name: Create the neutron system user + user: + name: "{{ neutron_system_user_name }}" + group: "{{ neutron_system_group_name }}" + comment: "{{ neutron_system_comment }}" + shell: "{{ neutron_system_shell }}" + system: "yes" + createhome: "yes" + home: "/var/lib/{{ neutron_system_user_name }}" + tags: + - neutron-user + +- name: Create neutron dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(neutron_system_user_name) }}" + group: "{{ item.group|default(neutron_system_group_name) }}" + with_items: + - { path: "/etc/neutron" } + - { path: "/etc/neutron/plugins" } + - { path: "/etc/neutron/plugins/ml2" } + - { path: "/etc/neutron/rootwrap.d" } + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "/var/cache/neutron" } + - { path: "/var/lock/neutron" } + - { path: "/var/run/neutron" } + - { path: "{{ neutron_system_home_folder }}" } + - { path: "{{ neutron_system_home_folder }}/ha_confs" } + tags: + - neutron-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/neutron" ]; then + chown -h {{ neutron_system_user_name }}:{{ neutron_system_group_name }} "/var/log/neutron" + chown -R {{ neutron_system_user_name }}:{{ neutron_system_group_name }} "$(readlink /var/log/neutron)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - neutron-dirs + - neutron-logs + +- name: Create neutron log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(neutron_system_user_name) }}" + group: "{{ item.group|default(neutron_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/neutron" } + when: log_dir.rc != 0 + tags: + - neutron-dirs + - neutron-logs + +- name: Drop sudoers file + template: + src: "sudoers.j2" + dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers" + mode: "0440" + owner: "root" + group: "root" + tags: + - sudoers + - neutron-sudoers diff --git a/playbooks/roles/os_neutron/tasks/neutron_service_add.yml b/playbooks/roles/os_neutron/tasks/neutron_service_add.yml new file mode 100644 index 0000000000..55e0b6cb4c --- /dev/null +++ b/playbooks/roles/os_neutron/tasks/neutron_service_add.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create a service +- name: Ensure neutron service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + description: "{{ service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 + tags: + - neutron-api-setup + - neutron-service-add + - neutron-setup + +# Create an admin user +- name: Ensure neutron user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + password: "{{ service_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - neutron-api-setup + - neutron-service-add + - neutron-setup + +# Add a role to the user +- name: Ensure neutron user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + role_name: "{{ role_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - neutron-api-setup + - neutron-service-add + - neutron-setup + +# Create an endpoint +- name: Ensure neutron endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ service_region }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + publicurl: "{{ service_publicurl }}" + adminurl: "{{ service_internalurl }}" + internalurl: "{{ service_adminurl }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - neutron-api-setup + - neutron-service-add + - neutron-setup diff --git a/playbooks/roles/os_neutron/tasks/neutron_service_setup.yml b/playbooks/roles/os_neutron/tasks/neutron_service_setup.yml new file mode 100644 index 0000000000..0d0fdb258b --- /dev/null +++ b/playbooks/roles/os_neutron/tasks/neutron_service_setup.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: neutron_service_add.yml + vars: + service_user_name: "{{ neutron_service_user_name }}" + service_tenant_name: "{{ neutron_service_tenant_name }}" + service_name: "{{ neutron_service_name }}" + service_type: "{{ neutron_service_type }}" + service_region: "{{ neutron_service_region }}" + service_description: "{{ neutron_service_description }}" + service_password: "{{ neutron_service_password }}" + service_publicurl: "{{ neutron_service_publicurl }}" + service_internalurl: "{{ neutron_service_internalurl }}" + service_adminurl: "{{ neutron_service_adminurl }}" + role_name: "{{ neutron_service_role_name }}" + tags: + - neutron-server diff --git a/playbooks/roles/os_neutron/tasks/neutron_upstart_common_init.yml b/playbooks/roles/os_neutron/tasks/neutron_upstart_common_init.yml new file mode 100644 index 0000000000..f7a94af6f5 --- /dev/null +++ b/playbooks/roles/os_neutron/tasks/neutron_upstart_common_init.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Place the init script + template: + src: "neutron-upstart-init.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart neutron services + tags: + - upstart-init + - neutron-init + +- name: Reload init scripts + shell: | + initctl reload-configuration + notify: + - Restart neutron services + tags: + - upstart-init + - neutron-init + +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" + notify: + - Restart neutron services + tags: + - upstart-init + - neutron-init diff --git a/playbooks/roles/os_neutron/tasks/neutron_upstart_init.yml b/playbooks/roles/os_neutron/tasks/neutron_upstart_init.yml new file mode 100644 index 0000000000..491dd9cdb4 --- /dev/null +++ b/playbooks/roles/os_neutron/tasks/neutron_upstart_init.yml @@ -0,0 +1,98 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: neutron_upstart_common_init.yml + vars: + program_name: "{{ neutron_service_program_name }}" + program_config_options: "{{ neutron_service_program_config_options }}" + service_name: "{{ neutron_service_name }}" + system_user: "{{ neutron_system_user_name }}" + system_group: "{{ neutron_system_group_name }}" + service_home: "{{ neutron_system_home_folder }}" + when: > + inventory_hostname in groups['neutron_server'] and + neutron_service_program_enabled == true + tags: + - upstart-init + +- include: neutron_upstart_common_init.yml + vars: + program_name: "{{ neutron_service_dhcp_program_name }}" + program_config_options: "{{ neutron_service_dhcp_program_config_options }}" + service_name: "{{ neutron_service_name }}" + system_user: "{{ neutron_system_user_name }}" + system_group: "{{ neutron_system_group_name }}" + service_home: "{{ neutron_system_home_folder }}" + when: > + inventory_hostname in groups['neutron_agent'] and + neutron_service_dhcp_program_enabled == true + tags: + - upstart-init + +- include: neutron_upstart_common_init.yml + vars: + program_name: "{{ neutron_service_l3_program_name }}" + program_config_options: "{{ neutron_service_l3_program_config_options }}" + service_name: "{{ neutron_service_name }}" + system_user: "{{ neutron_system_user_name }}" + system_group: "{{ neutron_system_group_name }}" + service_home: "{{ neutron_system_home_folder }}" + when: > + inventory_hostname in groups['neutron_agent'] and + neutron_service_l3_program_enabled == true + tags: + - upstart-init + +- include: neutron_upstart_common_init.yml + vars: + program_name: "{{ neutron_service_linuxbridge_program_name }}" + program_config_options: "{{ neutron_service_linuxbridge_program_config_options }}" + service_name: "{{ neutron_service_name }}" + system_user: "{{ neutron_system_user_name }}" + system_group: "{{ neutron_system_group_name }}" + service_home: "{{ neutron_system_home_folder }}" + when: > + inventory_hostname in groups['neutron_linuxbridge_agent'] and + neutron_service_linuxbridge_program_enabled == true + tags: + - upstart-init + +- include: neutron_upstart_common_init.yml + vars: + program_name: "{{ neutron_service_metadata_program_name }}" + program_config_options: "{{ neutron_service_metadata_program_config_options }}" + service_name: "{{ neutron_service_name }}" + system_user: "{{ neutron_system_user_name }}" + system_group: "{{ neutron_system_group_name }}" + service_home: "{{ neutron_system_home_folder }}" + when: > + inventory_hostname in groups['neutron_agent'] and + neutron_service_metadata_program_enabled == true + tags: + - upstart-init + +- include: neutron_upstart_common_init.yml + vars: + program_name: "{{ neutron_service_metering_program_name }}" + program_config_options: "{{ neutron_service_metering_program_config_options }}" + service_name: "{{ neutron_service_name }}" + system_user: "{{ neutron_system_user_name }}" + system_group: "{{ neutron_system_group_name }}" + service_home: "{{ neutron_system_home_folder }}" + when: > + inventory_hostname in groups['neutron_agent'] and + neutron_service_metering_program_enabled == true + tags: + - upstart-init diff --git a/playbooks/roles/os_neutron/templates/dhcp_agent.ini.j2 b/playbooks/roles/os_neutron/templates/dhcp_agent.ini.j2 new file mode 100644 index 0000000000..464902e849 --- /dev/null +++ b/playbooks/roles/os_neutron/templates/dhcp_agent.ini.j2 @@ -0,0 +1,22 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} + +interface_driver = {{ neutron_driver_interface }} +dhcp_driver = {{ neutron_driver_dhcp }} +use_namespaces = True +enable_isolated_metadata = True + +num_sync_threads = {{ neutron_api_workers | default(api_threads) }} + +dhcp_domain = {{ neutron_dhcp_domain }} +dhcp_delete_namespaces = {{ neutron_dhcp_delete_namespaces }} + +dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf +dnsmasq_dns_servers = {{ neutron_dnsmasq_dns_servers }} +dnsmasq_lease_max = {{ neutron_dnsmasq_lease_max }} diff --git a/playbooks/roles/os_neutron/templates/dnsmasq-neutron.conf.j2 b/playbooks/roles/os_neutron/templates/dnsmasq-neutron.conf.j2 new file mode 100644 index 0000000000..15e912eb7d --- /dev/null +++ b/playbooks/roles/os_neutron/templates/dnsmasq-neutron.conf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for key, value in neutron_dhcp_config.items() %} +{{ key }}={{ value }} +{% endfor %} diff --git a/playbooks/roles/os_neutron/templates/l3_agent.ini.j2 b/playbooks/roles/os_neutron/templates/l3_agent.ini.j2 new file mode 100644 index 0000000000..a6d37f9240 --- /dev/null +++ b/playbooks/roles/os_neutron/templates/l3_agent.ini.j2 @@ -0,0 +1,32 @@ +# {{ ansible_managed }} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} + +allow_automatic_l3agent_failover = True +enable_metadata_proxy = True +external_network_bridge = {{ neutron_external_network_bridge }} +gateway_external_network_id = {{ neutron_gateway_external_network_id }} + +# L3 Agent HA +ha_confs_path = {{ neutron_system_home_folder }}/ha_confs +ha_vrrp_advert_int = {{ neutron_ha_vrrp_advert_int }} +ha_vrrp_auth_password = {{ neutron_ha_vrrp_auth_password }} +ha_vrrp_auth_type = {{ neutron_ha_vrrp_auth_type }} +handle_internal_only_routers = {{ neutron_handle_internal_only_routers }} +l3_ha = {{ neutron_l3_ha_enabled }} +l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }} +max_l3_agents_per_router = {{ neutron_max_l3_agents_per_router | default(groups['neutron_agent']|length) }} + +{% set min_router = groups['neutron_agent'] | length // 2 %} +{% set min_l3_router = min_router if min_router > 0 else 1 %} + +min_l3_agents_per_router = {{ neutron_min_l3_agents_per_router | default(min_l3_router) }} +send_arp_for_ha = 3 + +# L3 Agent interfaces +interface_driver = {{ neutron_driver_interface }} +handle_internal_only_routers = True +use_namespaces = True +agent_mode = {{ neutron_agent_mode }} diff --git a/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 b/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 new file mode 100644 index 0000000000..287aa073d8 --- /dev/null +++ b/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 @@ -0,0 +1,30 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} + +# The Neutron user information for accessing the Neutron API. +auth_url = {{ keystone_service_adminuri }} +auth_region = {{ keystone_service_region }} +endpoint_type = adminURL + +# TCP Port used by Nova metadata server +nova_metadata_ip = {{ internal_lb_vip_address }} +nova_metadata_port = {{ nova_metadata_port }} + +# Admin authentication +admin_tenant_name = {{ neutron_service_tenant_name }} +admin_user = {{ neutron_service_user_name }} +admin_password = {{ neutron_service_password }} + +# Number of backlog requests to configure the metadata server socket with +metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }} +metadata_workers = {{ neutron_metadata_workers | default(api_threads) }} +metadata_backlog = {{ neutron_metadata_backlog }} + +# Metadata Caching +cache_url = memory://?default_ttl=5 diff --git a/playbooks/roles/os_neutron/templates/metering_agent.ini.j2 b/playbooks/roles/os_neutron/templates/metering_agent.ini.j2 new file mode 100644 index 0000000000..0f7b5b0f1d --- /dev/null +++ b/playbooks/roles/os_neutron/templates/metering_agent.ini.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} + +driver = {{ neutron_driver_metering }} +interface_driver = {{ neutron_driver_interface }} +measure_interval = 30 +use_namespaces = True + +[AGENT] +report_interval = 30 diff --git a/playbooks/roles/os_neutron/templates/neutron-upstart-init.j2 b/playbooks/roles/os_neutron/templates/neutron-upstart-init.j2 new file mode 100644 index 0000000000..9ecb77d9be --- /dev/null +++ b/playbooks/roles/os_neutron/templates/neutron-upstart-init.j2 @@ -0,0 +1,41 @@ +# {{ ansible_managed }} + +# vim:set ft=upstart ts=2 et: + +description "{{ program_name }}" +author "Kevin Carter " + +start on runlevel [2345] +stop on runlelvel [016] + +respawn +respawn limit 10 5 + +# Set the RUNBIN environment variable +env RUNBIN="/usr/local/bin/{{ program_name }}" + +# Change directory to service users home +chdir "{{ service_home }}" + +# Pre start actions +pre-start script + mkdir -p "/var/run/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}" + + mkdir -p "/var/lock/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}" +end script + +# Post stop actions +post-stop script + rm "/var/run/{{ program_name }}/{{ program_name }}.pid" +end script + +# Run the start up job +exec start-stop-daemon --start \ + --chuid {{ system_user }} \ + --make-pidfile \ + --pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \ + --exec "{{ program_override|default('$RUNBIN') }}" \ + -- {{ program_config_options|default('') }} \ + --log-file=/var/log/{{ service_name }}/{{ program_name }}.log diff --git a/playbooks/roles/os_neutron/templates/neutron.conf.j2 b/playbooks/roles/os_neutron/templates/neutron.conf.j2 new file mode 100644 index 0000000000..84279f1a7d --- /dev/null +++ b/playbooks/roles/os_neutron/templates/neutron.conf.j2 @@ -0,0 +1,125 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} +{% set _rpc_threads = api_threads // 2 %} +{% set rpc_threads = _rpc_threads if _rpc_threads > 0 else 1 %} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} + +use_syslog = False + +log_file = /var/log/neutron/neutron.log +auth_strategy = keystone +lock_path = /var/lock/neutron +network_device_mtu = {{ neutron_network_device_mtu }} +allow_overlapping_ips = True + + +## Drivers +network_scheduler_driver = {{ neutron_driver_network_scheduler }} +router_scheduler_driver = {{ neutron_driver_router_scheduler }} +loadbalancer_pool_scheduler_driver = {{ neutron_driver_loadbalancer_pool_scheduler }} +dhcp_driver = {{ neutron_driver_dhcp }} +notification_driver = {{ neutron_driver_notification }} + + +## Schedulers +router_distributed = False +network_auto_schedule = True +router_auto_schedule = True + + +## Agents +agent_down_time = {{ neutron_agent_down_time }} + + +## API +bind_port = 9696 +bind_host = 0.0.0.0 + + +## Workers +api_workers = {{ neutron_api_workers | default(api_threads) }} +rpc_workers = {{ neutron_rpc_workers | default(rpc_threads) }} + + +## Plugins +core_plugin = {{ neutron_plugin_core }} +service_plugins = {{ neutron_plugin_loaded_base }} + + +## MAC Address +base_mac = fa:16:3e:00:00:00 +mac_generation_retries = 16 + + +## DHCP +dhcp_agent_notification = True +dhcp_agents_per_network = {{ groups['neutron_agent'] | length }} +dhcp_delete_namespaces = True +dhcp_lease_duration = 86400 + + +## RabbitMQ +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ rabbitmq_userid }} +rabbit_password = {{ rabbitmq_password }} +rabbit_hosts = {{ rabbitmq_servers }} + + +## Notifications +notify_nova_on_port_status_changes = True +notify_nova_on_port_data_changes = True +send_events_interval = 2 + + +## Nova +nova_url = {{ nova_service_adminurl|replace('/$(tenant_id)s', '') }} +nova_admin_username = {{ nova_service_user_name }} +nova_admin_tenant_id = {{ nova_admin_tenant_id }} +nova_admin_password = {{ nova_service_password }} +nova_admin_auth_url = {{ keystone_service_internalurl }} + + +[quotas] +quota_driver = {{ neutron_driver_quota }} +quota_items = network,subnet,port + + +[agent] +polling_interval = {{ neutron_agent_polling_interval|default(5) }} +report_interval = {{ neutron_report_interval|int }} +root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf + + +[keystone_authtoken] +signing_dir = /var/cache/neutron +identity_uri = {{ keystone_service_internaluri }} +auth_uri = {{ keystone_service_internalurl }} +admin_tenant_name = {{ neutron_service_tenant_name }} +admin_user = {{ neutron_service_user_name }} +admin_password = {{ neutron_service_password }} + +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 +revocation_cache_time = 60 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = False + + +[database] +connection = mysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ galera_address }}/{{ neutron_galera_database }}?charset=utf8 + + +[service_providers] +service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default diff --git a/playbooks/roles/neutron_l3_ha/templates/neutron_ha_tool.sh.j2 b/playbooks/roles/os_neutron/templates/neutron_ha_tool.sh.j2 similarity index 100% rename from playbooks/roles/neutron_l3_ha/templates/neutron_ha_tool.sh.j2 rename to playbooks/roles/os_neutron/templates/neutron_ha_tool.sh.j2 diff --git a/playbooks/roles/neutron_common/templates/plugins/ml2/ml2_conf.ini b/playbooks/roles/os_neutron/templates/plugins/ml2/ml2_conf.ini.j2 similarity index 81% rename from playbooks/roles/neutron_common/templates/plugins/ml2/ml2_conf.ini rename to playbooks/roles/os_neutron/templates/plugins/ml2/ml2_conf.ini.j2 index d136ead06d..321f31ed2e 100644 --- a/playbooks/roles/neutron_common/templates/plugins/ml2/ml2_conf.ini +++ b/playbooks/roles/os_neutron/templates/plugins/ml2/ml2_conf.ini.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} + {%- set network_vlan_ranges = [] %} {%- set network_vxlan_ranges = [] %} {%- set network_flat_networks = [] %} @@ -30,16 +32,21 @@ {%- if network_flat_networks.append(net.network.net_name) %}{%- endif %} {%- endif %} {%- endif %} - {% if net.network.type != 'raw' %} + {% if net.network.type != 'raw' and net.network.type != 'vxlan' %} {%- set map_pair = [] %} {%- if 'net_name' in net.network %} {%- if map_pair.append(net.network.net_name) %}{%- endif %} {%- endif %} - {%- if is_metal == true %} - {%- if map_pair.append(net.network.container_bridge) %}{%- endif %} + {%- if is_metal == true or is_metal == "True" %} + {%- if net.network.host_bind_override is defined %} + {%- if map_pair.append(net.network.host_bind_override) %}{%- endif %} + {%- else %} + {%- if map_pair.append(net.network.container_bridge) %}{%- endif %} + {%- endif %} {%- else %} {%- if map_pair.append(net.network.container_interface) %}{%- endif %} {%- endif %} + {%- if map_pair|join(':') not in network_mappings %} {%- if network_mappings.append(map_pair|join(':')) %}{%- endif %} {%- endif %} @@ -74,18 +81,19 @@ vxlan_group = {{ neutron_vxlan_group|default('') }} vni_ranges = {{ network_vxlan_ranges|join(',') }} -{% if tunnel_address is defined %} +{% if container_networks.tunnel_address is defined %} [vxlan] enable_vxlan = True vxlan_group = {{ neutron_vxlan_group|default('') }} -{% if is_metal == true %} -{% set on_metal_tunnel_bridge = 'ansible_' + tunnel_bridge|replace('-', '_') %} +{% if is_metal == true or is_metal == "True" %} +{% set on_metal_tunnel_bridge = 'ansible_' + container_networks.tunnel_address.bridge|replace('-', '_') %} local_ip = {{ hostvars[inventory_hostname][on_metal_tunnel_bridge]['ipv4']['address'] }} {% else %} -local_ip = {{ tunnel_address }} +local_ip = {{ container_networks.tunnel_address.address }} {% endif %} l2_population = True {% endif %} + {% endif %} @@ -93,7 +101,7 @@ l2_population = True tunnel_types = vxlan ## VXLAN udp port # This is set for the vxlan port and while this -# is being set here it's ignored because +# is being set here it's ignored because # the port is assigned by the kernel vxlan_udp_port = 4789 diff --git a/playbooks/roles/os_neutron/templates/sudoers.j2 b/playbooks/roles/os_neutron/templates/sudoers.j2 new file mode 100644 index 0000000000..9b68d1ba0a --- /dev/null +++ b/playbooks/roles/os_neutron/templates/sudoers.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +# Defaults:{{ neutron_system_user_name }}!requiretty +{{ neutron_system_user_name }} ALL = (root) NOPASSWD: /usr/local/bin/{{ neutron_service_name }}-rootwrap diff --git a/playbooks/roles/os_nova/CONTRIBUTING.rst b/playbooks/roles/os_nova/CONTRIBUTING.rst new file mode 100644 index 0000000000..c856b872c6 --- /dev/null +++ b/playbooks/roles/os_nova/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack nova +############## +:tags: openstack, nova, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/os_nova/LICENSE b/playbooks/roles/os_nova/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/os_nova/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/os_nova/README.rst b/playbooks/roles/os_nova/README.rst new file mode 100644 index 0000000000..7b0317c0b5 --- /dev/null +++ b/playbooks/roles/os_nova/README.rst @@ -0,0 +1,27 @@ +OpenStack nova +############## +:tags: openstack, nova, cloud, ansible +:category: \*nix + +Role for deployment, setup and installation of nova. + +This role will install the following: + * nova-consoleauth + * nova-conductor + * nova-compute + * nova-cert + * nova-api-metadata + * nova-spicehtml5proxy + * nova-api-ec2 + * nova-api-os-compute + * nova-api-ec2 + +.. code-block:: yaml + + - name: Installation and setup of Nova + hosts: nova_all + user: root + roles: + - { role: "os_nova", tags: [ "os-nova" ] } + vars: + galera_address: "{{ internal_lb_vip_address }}" diff --git a/playbooks/roles/os_nova/defaults/main.yml b/playbooks/roles/os_nova/defaults/main.yml new file mode 100644 index 0000000000..da5b3ae968 --- /dev/null +++ b/playbooks/roles/os_nova/defaults/main.yml @@ -0,0 +1,221 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +## Verbosity Options +debug: False +verbose: True + +## System info +nova_system_user_name: nova +nova_system_group_name: nova +nova_system_shell: /bin/bash +nova_system_comment: nova system user +nova_system_home_folder: "/var/lib/{{ nova_system_user_name }}" + +## DB +nova_galera_user: nova +nova_galera_database: nova + +## RPC +nova_rpc_backend: nova.openstack.common.rpc.impl_kombu + +## Nova virtualization Type, set to KVM if supported +nova_virt_type: kvm + +## Nova Auth +nova_service_region: RegionOne +nova_service_tenant_name: "service" +nova_service_user_name: "nova" +nova_service_role_name: "admin" + +## Nova s3 +nova_s3_service_name: s3 +nova_s3_service_type: s3 +nova_s3_service_proto: http +nova_s3_service_port: 3333 +nova_s3_service_description: "S3 Compatibility Layer" +nova_s3_service_publicuri: "{{ nova_s3_service_proto }}://{{ external_lb_vip_address }}:{{ nova_s3_service_port }}" +nova_s3_service_publicurl: "{{ nova_s3_service_publicuri }}" +nova_s3_service_adminuri: "{{ nova_s3_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_s3_service_port }}" +nova_s3_service_adminurl: "{{ nova_s3_service_adminuri }}" +nova_s3_service_internaluri: "{{ nova_s3_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_s3_service_port }}" +nova_s3_service_internalurl: "{{ nova_s3_service_internaluri }}" +nova_s3_program_name: nova-api-ec2 + +## Nova v3 +nova_v3_service_name: novav3 +nova_v3_service_type: computev3 +nova_v3_service_proto: http +nova_v3_service_port: 8774 +nova_v3_service_description: "Nova Compute Service V3" +nova_v3_service_publicuri: "{{ nova_v3_service_proto }}://{{ external_lb_vip_address }}:{{ nova_v3_service_port }}" +nova_v3_service_publicurl: "{{ nova_v3_service_publicuri }}/v3" +nova_v3_service_adminuri: "{{ nova_v3_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_v3_service_port }}" +nova_v3_service_adminurl: "{{ nova_v3_service_adminuri }}/v3" +nova_v3_service_internaluri: "{{ nova_v3_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_v3_service_port }}" +nova_v3_service_internalurl: "{{ nova_v3_service_internaluri }}/v3" + +## Nova v2 +nova_service_name: nova +nova_service_type: compute +nova_service_proto: http +nova_service_port: 8774 +nova_service_description: "Nova Compute Service" +nova_service_publicuri: "{{ nova_service_proto }}://{{ external_lb_vip_address }}:{{ nova_service_port }}" +nova_service_publicurl: "{{ nova_service_publicuri }}/v2/%(tenant_id)s" +nova_service_adminuri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}" +nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s" +nova_service_internaluri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}" +nova_service_internalurl: "{{ nova_service_internaluri }}/v2/%(tenant_id)s" +nova_program_name: nova-api-os-compute + +## Nova ec2 +nova_ec2_service_name: ec2 +nova_ec2_service_type: ec2 +nova_ec2_service_proto: http +nova_ec2_service_port: 8773 +nova_ec2_service_description: "EC2 Compatibility Layer" +nova_ec2_service_publicuri: "{{ nova_ec2_service_proto }}://{{ external_lb_vip_address }}:{{ nova_ec2_service_port }}" +nova_ec2_service_publicurl: "{{ nova_ec2_service_publicuri }}/services/Cloud" +nova_ec2_service_adminuri: "{{ nova_ec2_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_ec2_service_port }}" +nova_ec2_service_adminurl: "{{ nova_ec2_service_adminuri }}/services/Admin" +nova_ec2_service_internaluri: "{{ nova_ec2_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_ec2_service_port }}" +nova_ec2_service_internalurl: "{{ nova_ec2_service_internaluri }}/services/Cloud" +nova_ec2_program_name: nova-api-ec2 + +## Nova spice +nova_spice_html5proxy_base_proto: http +nova_spice_html5proxy_base_port: 6082 +nova_spice_html5proxy_base_uri: "{{ nova_spice_html5proxy_base_proto }}://{{ external_lb_vip_address}}:{{ nova_spice_html5proxy_base_port }}" +nova_spice_html5proxy_base_url: "{{ nova_spice_html5proxy_base_uri }}/spice_auto.html" +nova_spice_console_keymap: en-us +nova_spice_console_agent_enabled: True +nova_spice_program_name: nova-spicehtml5proxy + +## Nova metadata +nova_metadata_proxy_enabled: True +nova_metadata_port: 8775 +nova_metadata_program_name: nova-api-metadata + +## Nova cert +nova_cert_program_name: nova-cert + +## Nova compute +nova_compute_program_name: nova-compute + +## Nova conductor +nova_conductor_program_name: nova-conductor + +## Nova console +nova_console_agent_enabled: True +nova_consoleauth_program_name: nova-consoleauth +nova_console_agent_enabled: True +nova_console_keymap: en-us + +## Nova global config +nova_cpu_mode: host-model +nova_linuxnet_interface_driver: nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver +nova_libvirt_vif_driver: nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver +nova_firewall_driver: nova.virt.firewall.NoopFirewallDriver +nova_compute_driver: libvirt.LibvirtDriver +nova_max_age: 0 + +# Nova quota +nova_quota_injected_file_content_bytes: 10240 +nova_quota_injected_file_path_length: 255 +nova_quota_injected_files: 5 + +# Nova Scheduler +nova_cpu_allocation_ratio: 2.0 +nova_disk_allocation_ratio: 1.0 +nova_max_instances_per_host: 50 +nova_max_io_ops_per_host: 10 +nova_ram_allocation_ratio: 1.0 +nova_ram_weight_multiplier: 5.0 +nova_reserved_host_disk_mb: 2048 +nova_reserved_host_memory_mb: 2048 +nova_scheduler_driver_task_period: 60 +nova_scheduler_host_subset_size: 10 +nova_scheduler_max_attempts: 5 +nova_scheduler_default_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateCoreFilter,AggregateDiskFilter" +nova_scheduler_driver: nova.scheduler.filter_scheduler.FilterScheduler +nova_scheduler_available_filters: nova.scheduler.filters.all_filters +nova_scheduler_host_manager: nova.scheduler.host_manager.HostManager +nova_scheduler_manager: nova.scheduler.manager.SchedulerManager +nova_scheduler_weight_classes: nova.scheduler.weights.all_weighers +nova_scheduler_program_name: nova-scheduler + +## General Neutron configuration +# If ``nova_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# nova_osapi_compute_workers: 16 + +# If ``nova_conductor_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# nova_conductor_workers: 16 + +# If ``nova_ec2_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# nova_ec2_workers: 16 + +# If ``nova_metadata_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# nova_metadata_workers: 16 + + +## Service Names +nova_service_names: + - "{{ nova_metadata_program_name }}" + - "{{ nova_cert_program_name }}" + - "{{ nova_conductor_program_name }}" + - "{{ nova_s3_program_name }}" + - "{{ nova_program_name }}" + - "{{ nova_ec2_program_name }}" + - "{{ nova_scheduler_program_name }}" + - "{{ nova_compute_program_name }}" + - "{{ nova_spice_program_name }}" + - "{{ nova_consoleauth_program_name }}" + +# Common apt packages +nova_apt_packages: + - genisoimage + - git + - libpq-dev + - spice-html5 + +nova_compute_kvm_apt_packages: + - bridge-utils + - genisoimage + - kpartx + - libvirt-bin + - open-iscsi + - python-libvirt + - qemu + - qemu-utils + - sysfsutils + - vlan + +# Common pip packages +nova_pip_packages: + - MySQL-python + - python-memcached + - pycrypto + - python-keystoneclient + - python-novaclient + - keystonemiddleware + - nova diff --git a/playbooks/roles/nova_common/templates/api-paste.ini b/playbooks/roles/os_nova/files/api-paste.ini similarity index 100% rename from playbooks/roles/nova_common/templates/api-paste.ini rename to playbooks/roles/os_nova/files/api-paste.ini diff --git a/playbooks/roles/nova_libvirt/files/libvirt-bin.conf b/playbooks/roles/os_nova/files/libvirt-bin.conf similarity index 100% rename from playbooks/roles/nova_libvirt/files/libvirt-bin.conf rename to playbooks/roles/os_nova/files/libvirt-bin.conf diff --git a/playbooks/roles/nova_libvirt/templates/libvirtd.conf b/playbooks/roles/os_nova/files/libvirtd.conf similarity index 100% rename from playbooks/roles/nova_libvirt/templates/libvirtd.conf rename to playbooks/roles/os_nova/files/libvirtd.conf diff --git a/playbooks/roles/nova_common/templates/policy.json b/playbooks/roles/os_nova/files/policy.json similarity index 100% rename from playbooks/roles/nova_common/templates/policy.json rename to playbooks/roles/os_nova/files/policy.json diff --git a/playbooks/roles/nova_common/templates/rootwrap.conf b/playbooks/roles/os_nova/files/rootwrap.conf similarity index 100% rename from playbooks/roles/nova_common/templates/rootwrap.conf rename to playbooks/roles/os_nova/files/rootwrap.conf diff --git a/playbooks/roles/nova_common/templates/rootwrap.d/api-metadata.filters b/playbooks/roles/os_nova/files/rootwrap.d/api-metadata.filters similarity index 100% rename from playbooks/roles/nova_common/templates/rootwrap.d/api-metadata.filters rename to playbooks/roles/os_nova/files/rootwrap.d/api-metadata.filters diff --git a/playbooks/roles/nova_common/templates/rootwrap.d/baremetal-compute-ipmi.filters b/playbooks/roles/os_nova/files/rootwrap.d/baremetal-compute-ipmi.filters similarity index 100% rename from playbooks/roles/nova_common/templates/rootwrap.d/baremetal-compute-ipmi.filters rename to playbooks/roles/os_nova/files/rootwrap.d/baremetal-compute-ipmi.filters diff --git a/playbooks/roles/nova_common/templates/rootwrap.d/baremetal-deploy-helper.filters b/playbooks/roles/os_nova/files/rootwrap.d/baremetal-deploy-helper.filters similarity index 100% rename from playbooks/roles/nova_common/templates/rootwrap.d/baremetal-deploy-helper.filters rename to playbooks/roles/os_nova/files/rootwrap.d/baremetal-deploy-helper.filters diff --git a/playbooks/roles/nova_common/templates/rootwrap.d/compute.filters b/playbooks/roles/os_nova/files/rootwrap.d/compute.filters similarity index 100% rename from playbooks/roles/nova_common/templates/rootwrap.d/compute.filters rename to playbooks/roles/os_nova/files/rootwrap.d/compute.filters diff --git a/playbooks/roles/nova_common/templates/rootwrap.d/network.filters b/playbooks/roles/os_nova/files/rootwrap.d/network.filters similarity index 100% rename from playbooks/roles/nova_common/templates/rootwrap.d/network.filters rename to playbooks/roles/os_nova/files/rootwrap.d/network.filters diff --git a/playbooks/roles/nova_compute_sshkey_setup/files/ssh_config b/playbooks/roles/os_nova/files/ssh_config similarity index 100% rename from playbooks/roles/nova_compute_sshkey_setup/files/ssh_config rename to playbooks/roles/os_nova/files/ssh_config diff --git a/playbooks/roles/nova_libvirt/handlers/main.yml b/playbooks/roles/os_nova/handlers/main.yml similarity index 71% rename from playbooks/roles/nova_libvirt/handlers/main.yml rename to playbooks/roles/os_nova/handlers/main.yml index 829ab2435c..502604479e 100644 --- a/playbooks/roles/nova_libvirt/handlers/main.yml +++ b/playbooks/roles/os_nova/handlers/main.yml @@ -14,4 +14,15 @@ # limitations under the License. - name: Restart libvirt-bin - service: name=libvirt-bin state=restarted pattern=libvirt-bin + service: + name: "libvirt-bin" + state: "restarted" + pattern: "libvirt-bin" + +- name: Restart nova services + service: + name: "{{ item }}" + state: restarted + pattern: "{{ item }}" + with_items: nova_service_names + failed_when: false diff --git a/playbooks/roles/os_nova/meta/main.yml b/playbooks/roles/os_nova/meta/main.yml new file mode 100644 index 0000000000..f96db97fc8 --- /dev/null +++ b/playbooks/roles/os_nova/meta/main.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of nova + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - nova + - development + - openstack +dependencies: + - galera_client + - openstack_openrc + - pip_lock_down diff --git a/playbooks/roles/os_nova/tasks/main.yml b/playbooks/roles/os_nova/tasks/main.yml new file mode 100644 index 0000000000..327955f18d --- /dev/null +++ b/playbooks/roles/os_nova/tasks/main.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: nova_pre_install.yml +- include: nova_install.yml +- include: nova_post_install.yml +- include: nova_upstart_init.yml + +- include: nova_db_setup.yml + when: > + inventory_hostname == groups['nova_api_os_compute'][0] + +- include: nova_service_setup.yml + when: > + inventory_hostname == groups['nova_api_os_compute'][0] + +- include: nova_compute.yml + when: > + inventory_hostname in groups['nova_compute'] + tags: + - nova-compute \ No newline at end of file diff --git a/playbooks/vars/repo_packages/elasticsearch.yml b/playbooks/roles/os_nova/tasks/nova_compute.yml similarity index 60% rename from playbooks/vars/repo_packages/elasticsearch.yml rename to playbooks/roles/os_nova/tasks/nova_compute.yml index 4f02b06b9c..fd4b343271 100644 --- a/playbooks/vars/repo_packages/elasticsearch.yml +++ b/playbooks/roles/os_nova/tasks/nova_compute.yml @@ -13,19 +13,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -repo_package_name: elasticsearch +- include: nova_compute_kvm.yml + when: nova_virt_type == 'kvm' or nova_virt_type == 'qemu' -apt_container_keys: - - { url: "http://packages.elasticsearch.org/GPG-KEY-elasticsearch", state: "present" } +- include: nova_compute_key_create.yml -apt_container_repos: - - { repo: "deb {{ elasticsearch_repo_url }} stable main", state: "present"} +- include: nova_compute_key_store.yml + when: > + inventory_hostname == groups['nova_compute'][0] -container_packages: - - elasticsearch - - openjdk-7-jre - -service_pip_dependencies: - - requests - - python-memcached - - pycrypto +- include: nova_compute_key_distribute.yml + when: > + inventory_hostname != groups['nova_compute'][0] and + inventory_hostname in groups['nova_compute'] diff --git a/playbooks/roles/os_nova/tasks/nova_compute_key_create.yml b/playbooks/roles/os_nova/tasks/nova_compute_key_create.yml new file mode 100644 index 0000000000..56048ca829 --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_compute_key_create.yml @@ -0,0 +1,74 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Remove old key file(s) if found + file: + path: "{{ item }}" + state: "absent" + with_items: + - "{{ nova_system_home_folder }}/.ssh/authorized_keys" + - "{{ nova_system_home_folder }}/.ssh/id_rsa" + - "{{ nova_system_home_folder }}/.ssh/id_rsa.pub" + tags: + - nova-key + - nova-key-create + +- name: Create the nova SSH key if it doesnt exist + command: | + ssh-keygen -f {{ nova_system_home_folder }}/.ssh/id_rsa -t rsa -q -N "" + sudo: yes + sudo_user: "{{ nova_system_user_name }}" + tags: + - nova-key + - nova-key-create + +- name: Create empty 'authorized_keys' file + file: + path: "{{ nova_system_home_folder }}/.ssh/authorized_keys" + state: "touch" + tags: + - nova-key + - nova-key-create + +- name: Change permissions on the generated keys + file: + path: "{{ item.path }}" + group: "{{ nova_system_user_name }}" + owner: "{{ nova_system_user_name }}" + mode: "{{ item.mode }}" + with_items: + - { path: "{{ nova_system_home_folder }}/.ssh/authorized_keys", mode: "0700" } + - { path: "{{ nova_system_home_folder }}/.ssh/id_rsa", mode: "0600" } + - { path: "{{ nova_system_home_folder }}/.ssh/id_rsa.pub", mode: "0644" } + tags: + - nova-key + - nova-key-create + +- name: Get public key contents + command: | + cat {{ nova_system_home_folder }}/.ssh/id_rsa.pub + register: nova_pub + changed_when: false + tags: + - nova-key + - nova-key-create + +- name: Build authorized keys + shell: | + echo "{{ nova_pub.stdout }}" | tee -a {{ nova_system_home_folder }}/.ssh/authorized_keys + delegate_to: "{{ groups['nova_compute'][0] }}" + tags: + - nova-key + - nova-key-create diff --git a/playbooks/roles/os_nova/tasks/nova_compute_key_distribute.yml b/playbooks/roles/os_nova/tasks/nova_compute_key_distribute.yml new file mode 100644 index 0000000000..764df2a3f4 --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_compute_key_distribute.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Retrieve authorized keys + memcached: + name: "{{ item.name }}" + file_path: "{{ item.src }}" + state: "retrieve" + file_mode: "{{ item.file_mode }}" + dir_mode: "{{ item.dir_mode }}" + server: "{{ memcached_servers.split(',')[0] }}" + encrypt_string: "{{ memcached_encryption_key }}" + with_items: + - { src: "{{ nova_system_home_folder }}/.ssh/authorized_keys", name: "authorized_keys", file_mode: "0640", dir_mode: "0750" } + register: memcache_keys + until: memcache_keys|success + retries: 5 + delay: 2 + tags: + - nova-key + - nova-key-distribute diff --git a/playbooks/roles/os_nova/tasks/nova_compute_key_store.yml b/playbooks/roles/os_nova/tasks/nova_compute_key_store.yml new file mode 100644 index 0000000000..6ed298f64d --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_compute_key_store.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Distribute authorized keys for cluster consumption + memcached: + name: "{{ item.name }}" + file_path: "{{ item.src }}" + state: "present" + server: "{{ memcached_servers.split(',')[0] }}" + encrypt_string: "{{ memcached_encryption_key }}" + with_items: + - { src: "{{ nova_system_home_folder }}/.ssh/authorized_keys", name: "authorized_keys" } + register: memcache_keys + until: memcache_keys|success + retries: 5 + delay: 2 + tags: + - nova-key + - nova-key-store diff --git a/playbooks/roles/rabbit_user/tasks/main.yml b/playbooks/roles/os_nova/tasks/nova_compute_kvm.yml similarity index 64% rename from playbooks/roles/rabbit_user/tasks/main.yml rename to playbooks/roles/os_nova/tasks/nova_compute_kvm.yml index c55e5cb85b..10cf4bb64d 100644 --- a/playbooks/roles/rabbit_user/tasks/main.yml +++ b/playbooks/roles/os_nova/tasks/nova_compute_kvm.yml @@ -13,16 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Ensure rabbitmq user - rabbitmq_user: - user: "{{ rabbit_userid }}" - password: "{{ rabbit_password }}" - vhost: "/" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" +- include: nova_compute_kvm_install.yml + +- name: Add nova user to libvirtd group + user: + name: "{{ nova_system_user_name }}" + groups: "libvirtd" + append: "yes" tags: - - users - - rabbit_config - - rabbit_user + - nova-libvirt + +- name: Ensure kvm permissions + shell: "udevadm trigger" + tags: + - nova-kvm + +- include: nova_compute_kvm_virsh_net_remove.yml diff --git a/playbooks/roles/logging_common/tasks/main.yml b/playbooks/roles/os_nova/tasks/nova_compute_kvm_install.yml similarity index 69% rename from playbooks/roles/logging_common/tasks/main.yml rename to playbooks/roles/os_nova/tasks/nova_compute_kvm_install.yml index bc0f82f734..faad1687f0 100644 --- a/playbooks/roles/logging_common/tasks/main.yml +++ b/playbooks/roles/os_nova/tasks/nova_compute_kvm_install.yml @@ -13,8 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Install OpenJDK +- name: Install apt packages apt: - pkg: openjdk-7-jre + pkg: "{{ item }}" state: latest update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: nova_compute_kvm_apt_packages + tags: + - nova-apt-packages + - nova-compute-kvm-apt-packages diff --git a/playbooks/roles/nova_libvirt/tasks/virsh_net_remove.yml b/playbooks/roles/os_nova/tasks/nova_compute_kvm_virsh_net_remove.yml similarity index 74% rename from playbooks/roles/nova_libvirt/tasks/virsh_net_remove.yml rename to playbooks/roles/os_nova/tasks/nova_compute_kvm_virsh_net_remove.yml index 771d0a936b..cf27033499 100644 --- a/playbooks/roles/nova_libvirt/tasks/virsh_net_remove.yml +++ b/playbooks/roles/os_nova/tasks/nova_compute_kvm_virsh_net_remove.yml @@ -14,16 +14,22 @@ # limitations under the License. - name: Check for libvirt default network - shell: > - virsh net-list | awk '/default/' + shell: "virsh net-list | awk '/default/'" register: default_net + tags: + - nova-kvm + - nova-kvm-virsh-net - name: Disable libvirt default network - shell: > - virsh net-autostart default --disable + command: "virsh net-autostart default --disable" when: default_net.stdout|search('default') + tags: + - nova-kvm + - nova-kvm-virsh-net - name: Destroy libvirt default network - shell: > - virsh net-destroy default + command: "virsh net-destroy default" when: default_net.stdout|search('default') + tags: + - nova-kvm + - nova-kvm-virsh-net diff --git a/playbooks/roles/os_nova/tasks/nova_db_setup.yml b/playbooks/roles/os_nova/tasks/nova_db_setup.yml new file mode 100644 index 0000000000..09d98a2bad --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_db_setup.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ nova_galera_database }}" + state: "present" + tags: + - nova-db-setup + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ galera_address }}" + name: "{{ nova_galera_user }}" + password: "{{ nova_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ nova_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + tags: + - nova-db-setup + +- name: Perform a Nova DB sync + command: nova-manage db sync + sudo: yes + sudo_user: "{{ nova_system_user_name }}" + tags: + - nova-db-setup + - nova-setup diff --git a/playbooks/roles/rabbit_remove/tasks/main.yml b/playbooks/roles/os_nova/tasks/nova_install.yml similarity index 61% rename from playbooks/roles/rabbit_remove/tasks/main.yml rename to playbooks/roles/os_nova/tasks/nova_install.yml index 4909c72edd..f9452408be 100644 --- a/playbooks/roles/rabbit_remove/tasks/main.yml +++ b/playbooks/roles/os_nova/tasks/nova_install.yml @@ -13,29 +13,29 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Stop Rabbit App - shell: rabbitmqctl stop_app - ignore_errors: yes - -- name: Reset Rabbit State - shell: rabbitmqctl force_reset - ignore_errors: yes - -- name: remove rabbit packages +- name: Install apt packages apt: pkg: "{{ item }}" - state: absent - purge: yes + state: latest update_cache: yes cache_valid_time: 600 - ignore_errors: yes - with_items: - - rabbitmq-server - - erlang - ignore_errors: yes + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: nova_apt_packages + tags: + - nova-apt-packages -- name: Remove Mnesia State - file: - path: /var/lib/rabbitmq/mnesia/ - state: absent - ignore_errors: yes +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ nova_pip_packages }}" + tags: + - nova-pip-packages diff --git a/playbooks/roles/os_nova/tasks/nova_post_install.yml b/playbooks/roles/os_nova/tasks/nova_post_install.yml new file mode 100644 index 0000000000..72b1bfcb0e --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_post_install.yml @@ -0,0 +1,47 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Generate nova config + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ nova_system_user_name }}" + group: "{{ nova_system_group_name }}" + with_items: + - { src: "rootwrap.conf", dest: "/etc/nova/rootwrap.conf" } + - { src: "rootwrap.d/api-metadata.filters", dest: "/etc/nova/rootwrap.d/api-metadata.filters" } + - { src: "rootwrap.d/baremetal-compute-ipmi.filters", dest: "/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters" } + - { src: "rootwrap.d/baremetal-deploy-helper.filters", dest: "/etc/nova/rootwrap.d/baremetal-deploy-helper.filters" } + - { src: "rootwrap.d/compute.filters", dest: "/etc/nova/rootwrap.d/compute.filters" } + - { src: "rootwrap.d/network.filters", dest: "/etc/nova/rootwrap.d/network.filters" } + - { src: "policy.json", dest: "/etc/nova/policy.json" } + - { src: "api-paste.ini", dest: "/etc/nova/api-paste.ini" } + notify: Restart nova services + tags: + - nova-config + - nova-post-install + +- name: Copy nova config + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ nova_system_user_name }}" + group: "{{ nova_system_group_name }}" + with_items: + - { src: "nova.conf.j2", dest: "/etc/nova/nova.conf" } + notify: Restart nova services + tags: + - nova-config + - nova-post-install diff --git a/playbooks/roles/os_nova/tasks/nova_pre_install.yml b/playbooks/roles/os_nova/tasks/nova_pre_install.yml new file mode 100644 index 0000000000..046fa61398 --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_pre_install.yml @@ -0,0 +1,95 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ nova_system_group_name }}" + state: "present" + system: "yes" + tags: + - nova-group + +- name: Create the nova system user + user: + name: "{{ nova_system_user_name }}" + group: "{{ nova_system_group_name }}" + comment: "{{ nova_system_comment }}" + shell: "{{ nova_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ nova_system_home_folder }}" + tags: + - nova-user + +- name: Create nova dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(nova_system_user_name) }}" + group: "{{ item.group|default(nova_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/etc/nova" } + - { path: "/etc/nova/rootwrap.d" } + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "/var/cache/nova" } + - { path: "{{ nova_system_home_folder }}" } + - { path: "{{ nova_system_home_folder }}/.ssh", mode: "0700" } + - { path: "{{ nova_system_home_folder }}/cache/api" } + - { path: "{{ nova_system_home_folder }}/instances" } + - { path: "/var/lock/nova" } + - { path: "/var/run/nova" } + tags: + - nova-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/nova" ]; then + chown -h {{ nova_system_user_name }}:{{ nova_system_group_name }} "/var/log/nova" + chown -R {{ nova_system_user_name }}:{{ nova_system_group_name }} "$(readlink /var/log/nova)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - nova-dirs + - nova-logs + +- name: Create nova log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(nova_system_user_name) }}" + group: "{{ item.group|default(nova_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/nova" } + when: log_dir.rc != 0 + tags: + - nova-dirs + - nova-logs + +- name: Drop sudoers file + template: + src: "sudoers.j2" + dest: "/etc/sudoers.d/{{ nova_system_user_name }}_sudoers" + mode: "0440" + owner: "root" + group: "root" + tags: + - sudoers + - nova-sudoers diff --git a/playbooks/roles/os_nova/tasks/nova_service_add.yml b/playbooks/roles/os_nova/tasks/nova_service_add.yml new file mode 100644 index 0000000000..20c4523991 --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_service_add.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create a service +- name: Ensure nova service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + description: "{{ service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 + tags: + - nova-api-setup + - nova-service-add + - nova-setup + +# Create an admin user +- name: Ensure nova user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + password: "{{ service_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - nova-api-setup + - nova-service-add + - nova-setup + +# Add a role to the user +- name: Ensure nova user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + role_name: "{{ role_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - nova-api-setup + - nova-service-add + - nova-setup + +# Create an endpoint +- name: Ensure nova endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ service_region }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + publicurl: "{{ service_publicurl }}" + adminurl: "{{ service_internalurl }}" + internalurl: "{{ service_adminurl }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - nova-api-setup + - nova-service-add + - nova-setup diff --git a/playbooks/roles/os_nova/tasks/nova_service_setup.yml b/playbooks/roles/os_nova/tasks/nova_service_setup.yml new file mode 100644 index 0000000000..899b67e9d8 --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_service_setup.yml @@ -0,0 +1,82 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: nova_service_add.yml + vars: + service_user_name: "{{ nova_service_user_name }}" + service_tenant_name: "{{ nova_service_tenant_name }}" + service_name: "{{ nova_service_name }}" + service_type: "{{ nova_service_type }}" + service_region: "{{ nova_service_region }}" + service_description: "{{ nova_service_description }}" + service_password: "{{ nova_service_password }}" + service_publicurl: "{{ nova_service_publicurl }}" + service_internalurl: "{{ nova_service_internalurl }}" + service_adminurl: "{{ nova_service_adminurl }}" + role_name: "{{ nova_service_role_name }}" + tags: + - nova-api + - nova-api-v2 + +- include: nova_service_add.yml + vars: + service_user_name: "{{ nova_service_user_name }}" + service_tenant_name: "{{ nova_service_tenant_name }}" + service_name: "{{ nova_v3_service_name }}" + service_type: "{{ nova_v3_service_type }}" + service_region: "{{ nova_service_region }}" + service_description: "{{ nova_v3_service_description }}" + service_password: "{{ nova_v3_service_password }}" + service_publicurl: "{{ nova_v3_service_publicurl }}" + service_internalurl: "{{ nova_v3_service_internalurl }}" + service_adminurl: "{{ nova_v3_service_adminurl }}" + role_name: "{{ nova_service_role_name }}" + tags: + - nova-api + - nova-api-v3 + +- include: nova_service_add.yml + vars: + service_user_name: "{{ nova_service_user_name }}" + service_tenant_name: "{{ nova_service_tenant_name }}" + service_name: "{{ nova_s3_service_name }}" + service_type: "{{ nova_s3_service_type }}" + service_region: "{{ nova_service_region }}" + service_description: "{{ nova_s3_service_description }}" + service_password: "{{ nova_s3_service_password }}" + service_publicurl: "{{ nova_s3_service_publicurl }}" + service_internalurl: "{{ nova_s3_service_internalurl }}" + service_adminurl: "{{ nova_s3_service_adminurl }}" + role_name: "{{ nova_service_role_name }}" + tags: + - nova-api + - nova-api-s3 + +- include: nova_service_add.yml + vars: + service_user_name: "{{ nova_service_user_name }}" + service_tenant_name: "{{ nova_service_tenant_name }}" + service_name: "{{ nova_ec2_service_name }}" + service_type: "{{ nova_ec2_service_type }}" + service_region: "{{ nova_service_region }}" + service_description: "{{ nova_ec2_service_description }}" + service_password: "{{ nova_ec2_service_password }}" + service_publicurl: "{{ nova_ec2_service_publicurl }}" + service_internalurl: "{{ nova_ec2_service_internalurl }}" + service_adminurl: "{{ nova_ec2_service_adminurl }}" + role_name: "{{ nova_service_role_name }}" + tags: + - nova-api + - nova-api-ec2 diff --git a/playbooks/roles/os_nova/tasks/nova_upstart_common_init.yml b/playbooks/roles/os_nova/tasks/nova_upstart_common_init.yml new file mode 100644 index 0000000000..dcd1d96973 --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_upstart_common_init.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Place the init script + template: + src: "nova-upstart-init.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart nova services + tags: + - upstart-init + - nova-init + +- name: Reload init scripts + shell: | + initctl reload-configuration + notify: + - Restart nova services + tags: + - upstart-init + - nova-init + +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" + notify: + - Restart nova services + tags: + - upstart-init + - nova-init diff --git a/playbooks/roles/os_nova/tasks/nova_upstart_init.yml b/playbooks/roles/os_nova/tasks/nova_upstart_init.yml new file mode 100644 index 0000000000..2ca917fb85 --- /dev/null +++ b/playbooks/roles/os_nova/tasks/nova_upstart_init.yml @@ -0,0 +1,104 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_metadata_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_api_metadata'] + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_cert_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_cert'] + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_conductor_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_conductor'] + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_api_os_compute'] + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_s3_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_api_ec2'] + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_ec2_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_api_ec2'] + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_scheduler_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_scheduler'] + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_compute_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_compute'] + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_spice_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_spice_console'] + +- include: nova_upstart_common_init.yml + vars: + program_name: "{{ nova_consoleauth_program_name }}" + service_name: "{{ nova_service_name }}" + system_user: "{{ nova_system_user_name }}" + system_group: "{{ nova_system_group_name }}" + service_home: "{{ nova_system_home_folder }}" + when: inventory_hostname in groups['nova_spice_console'] diff --git a/playbooks/roles/os_nova/templates/nova-upstart-init.j2 b/playbooks/roles/os_nova/templates/nova-upstart-init.j2 new file mode 100644 index 0000000000..9ecb77d9be --- /dev/null +++ b/playbooks/roles/os_nova/templates/nova-upstart-init.j2 @@ -0,0 +1,41 @@ +# {{ ansible_managed }} + +# vim:set ft=upstart ts=2 et: + +description "{{ program_name }}" +author "Kevin Carter " + +start on runlevel [2345] +stop on runlelvel [016] + +respawn +respawn limit 10 5 + +# Set the RUNBIN environment variable +env RUNBIN="/usr/local/bin/{{ program_name }}" + +# Change directory to service users home +chdir "{{ service_home }}" + +# Pre start actions +pre-start script + mkdir -p "/var/run/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}" + + mkdir -p "/var/lock/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}" +end script + +# Post stop actions +post-stop script + rm "/var/run/{{ program_name }}/{{ program_name }}.pid" +end script + +# Run the start up job +exec start-stop-daemon --start \ + --chuid {{ system_user }} \ + --make-pidfile \ + --pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \ + --exec "{{ program_override|default('$RUNBIN') }}" \ + -- {{ program_config_options|default('') }} \ + --log-file=/var/log/{{ service_name }}/{{ program_name }}.log diff --git a/playbooks/roles/nova_common/templates/nova.conf b/playbooks/roles/os_nova/templates/nova.conf.j2 similarity index 54% rename from playbooks/roles/nova_common/templates/nova.conf rename to playbooks/roles/os_nova/templates/nova.conf.j2 index e527ed6ba1..8be5040ee6 100644 --- a/playbooks/roles/nova_common/templates/nova.conf +++ b/playbooks/roles/os_nova/templates/nova.conf.j2 @@ -1,13 +1,23 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + [DEFAULT] # Logs / State -debug = {{ debug|default('False') }} -verbose = {{ verbose|default('True') }} +debug = {{ debug }} +verbose = {{ verbose }} log_dir = /var/log/nova -state_path = /var/lib/nova +state_path = {{ nova_system_home_folder }} lock_path = /var/lock/nova rootwrap_config = /etc/nova/rootwrap.conf service_down_time = 120 +# Quota +quota_injected_file_content_bytes = {{ nova_quota_injected_file_content_bytes }} +quota_injected_file_path_length = {{ nova_quota_injected_file_path_length }} +quota_injected_files = {{ nova_quota_injected_files }} + # Scheduler cpu_allocation_ratio = {{ nova_cpu_allocation_ratio }} disk_allocation_ratio = {{ nova_disk_allocation_ratio }} @@ -30,36 +40,38 @@ scheduler_weight_classes = {{ nova_scheduler_weight_classes }} # Compute compute_driver = {{ nova_compute_driver }} instance_name_template = instance-%08x -instances_path = /var/lib/nova/instances +instances_path = {{ nova_system_home_folder }}/instances api_paste_config = /etc/nova/api-paste.ini allow_resize_to_same_host = True # Api's enabled_apis = osapi_compute,metadata,ec2 -ec2_dmz_host = {{ external_vip_address }} -s3_port = 3333 +osapi_compute_workers = {{ nova_osapi_compute_workers | default(api_threads) }} +ec2_workers = {{ nova_ec2_workers | default(api_threads) }} +ec2_dmz_host = {{ external_lb_vip_address }} +s3_port = {{ nova_s3_service_port }} s3_host = {{ ansible_ssh_host }} # Rpc all amqp_auto_delete = False -rpc_backend = {{ rpc_backend }} +rpc_backend = {{ nova_rpc_backend }} # RabbitMQ -rabbit_port = {{ rabbit_port }} -rabbit_userid = {{ rabbit_userid }} -rabbit_password = {{ rabbit_password }} -rabbit_hosts = {{ rabbit_hosts }} - +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ rabbitmq_userid }} +rabbit_password = {{ rabbitmq_password }} +rabbit_hosts = {{ rabbitmq_servers }} # Metadata -metadata_host = {{ internal_vip_address }} -metadata_port = {{ nova_metadata_port|default('8775') }} +metadata_host = {{ internal_lb_vip_address }} +metadata_port = {{ nova_metadata_port }} +metadata_workers = {{ nova_metadata_workers | default(api_threads) }} # Network force_dhcp_release = True dhcpbridge_flagfile = /etc/nova/nova.conf firewall_driver = {{ nova_firewall_driver }} -my_ip = {{ container_address }} +my_ip = {{ ansible_ssh_host }} default_floating_pool = public security_group_api = neutron network_api_class = nova.network.neutronv2.api.API @@ -87,45 +99,48 @@ force_config_drive = always max_age = {{ nova_max_age }} # Common -memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}{% if not loop.last %},{% endif %}{% endfor %} +memcached_servers = {{ memcached_servers }} # Cinder [cinder] catalog_info = volume:cinder:internalURL -{% if nova_html5proxy_base_url is defined%} +{% if nova_spice_html5proxy_base_url is defined %} [spice] -agent_enabled = {{ nova_console_agent_enabled|default('True') }} -enabled = {{ nova_console_agent_enabled|default('True') }} -keymap = {{ nova_console_keymap|default('en-us') }} +agent_enabled = {{ nova_console_agent_enabled }} +enabled = {{ nova_console_agent_enabled }} +keymap = {{ nova_console_keymap }} # Console Url and binds -html5proxy_base_url = {{ nova_html5proxy_base_url }} -server_listen = {{ container_address }} -server_proxyclient_address = {{ container_address }} +html5proxy_base_url = {{ nova_spice_html5proxy_base_url }} +server_listen = {{ ansible_ssh_host }} +server_proxyclient_address = {{ ansible_ssh_host }} {% endif %} + # Glance [glance] -api_servers = {{ glance_service_adminurl }} +api_servers = {{ glance_api_servers }} + # Neutron [neutron] url = {{ neutron_service_adminurl }} -region_name = {{ service_region }} -admin_tenant_name = {{ hostvars[groups['neutron_all'][0]]['service_admin_tenant_name'] }} +region_name = {{ neutron_service_region }} auth_strategy = keystone -admin_auth_url = {{ auth_admin_uri }} +admin_auth_url = {{ keystone_service_adminurl }} admin_password = {{ neutron_service_password }} -admin_username = {{ hostvars[groups['neutron_all'][0]]['service_admin_username'] }} +admin_username = {{ neutron_service_user_name }} +admin_tenant_name = {{ neutron_service_tenant_name }} metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }} -service_metadata_proxy = True +service_metadata_proxy = {{ nova_metadata_proxy_enabled }} [conductor] use_local = false topic = conductor manager = nova.conductor.manager.ConductorManager +workers = {{ nova_conductor_workers | default(api_threads) }} [osapi_v3] @@ -133,27 +148,30 @@ enabled = True [keystone_authtoken] -signing_dir = /var/lib/nova/cache/api -identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} -admin_password = {{ service_admin_password }} -admin_user = {{ service_admin_username }} -admin_tenant_name = {{ service_admin_tenant_name }} +signing_dir = {{ nova_system_home_folder }}/cache/api +identity_uri = {{ keystone_service_internaluri }} +auth_uri = {{ keystone_service_internaluri }} +admin_tenant_name = {{ nova_service_tenant_name }} +admin_user = {{ nova_service_user_name }} +admin_password = {{ nova_service_password }} -memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}{% if not loop.last %},{% endif %}{% endfor %} +memcached_servers = {{ memcached_servers }} token_cache_time = 300 revocation_cache_time = 60 # if your memcached server is shared, use these settings to avoid cache poisoning memcache_security_strategy = ENCRYPT -memcache_secret_key = {{ memcached_secret_key }} +memcache_secret_key = {{ memcached_encryption_key }} # if your keystone deployment uses PKI, and you value security over performance: -check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }} +check_revocations_for_cached = False +{% if inventory_hostname not in groups['nova_compute'] %} [database] -connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8 +connection = mysql://{{ nova_galera_user }}:{{ nova_container_mysql_password }}@{{ galera_address }}/{{ nova_galera_database }}?charset=utf8 +{% endif %} [libvirt] @@ -162,4 +180,4 @@ inject_partition = -2 use_usb_tablet = False use_virtio_for_bridges = True cpu_mode = {{ nova_cpu_mode }} -virt_type = {{ virt_type }} +virt_type = {{ nova_virt_type }} diff --git a/playbooks/roles/os_nova/templates/sudoers.j2 b/playbooks/roles/os_nova/templates/sudoers.j2 new file mode 100644 index 0000000000..c0f5124957 --- /dev/null +++ b/playbooks/roles/os_nova/templates/sudoers.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +# Defaults:{{ nova_system_user_name }}!requiretty +{{ nova_system_user_name }} ALL = (root) NOPASSWD: /usr/local/bin/{{ nova_service_name }}-rootwrap diff --git a/playbooks/roles/os_swift/CONTRIBUTING.rst b/playbooks/roles/os_swift/CONTRIBUTING.rst new file mode 100644 index 0000000000..0bc98d0e81 --- /dev/null +++ b/playbooks/roles/os_swift/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack swift +############### +:tags: openstack, swift, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/os_swift/LICENSE b/playbooks/roles/os_swift/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/os_swift/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/os_swift/README.rst b/playbooks/roles/os_swift/README.rst new file mode 100644 index 0000000000..cb24ccd935 --- /dev/null +++ b/playbooks/roles/os_swift/README.rst @@ -0,0 +1,21 @@ +OpenStack swift +############### +:tags: openstack, swift, cloud, ansible +:category: \*nix + +Role to install swift and swift registry. + +This role will install the following: + * swift + +.. code-block:: yaml + + - name: Install swift server + hosts: swift_all + user: root + roles: + - { role: "os_swift", tags: [ "os-swift" ] } + vars: + external_lb_vip_address: 172.16.24.1 + internal_lb_vip_address: 192.168.0.1 + galera_address: "{{ internal_lb_vip_address }}" diff --git a/playbooks/roles/os_swift/defaults/main.yml b/playbooks/roles/os_swift/defaults/main.yml new file mode 100644 index 0000000000..10f397f1dc --- /dev/null +++ b/playbooks/roles/os_swift/defaults/main.yml @@ -0,0 +1,147 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +## Verbosity Options +debug: False +verbose: True + +## Swift User / Group +swift_system_user_name: swift +swift_system_group_name: swift +swift_system_shell: /bin/bash +swift_system_comment: swift system user +swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}" + +## Auth token +swift_authtoken_active: True +swift_delay_auth_decision: true + +## Swift default ports +swift_proxy_port: "8080" +swift_object_port: "6000" +swift_container_port: "6001" +swift_account_port: "6002" + +## Swift service defaults +swift_service_name: swift +swift_service_user_name: swift +swift_service_tenant_name: service +swift_service_role_name: "admin" +swift_service_type: object-store +swift_service_proto: http +swift_service_description: "Object Storage Service" +swift_service_publicuri: "{{ swift_service_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}" +swift_service_publicurl: "{{ swift_service_publicuri }}/v1/AUTH_%(tenant_id)s" +swift_service_adminuri: "{{ swift_service_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}" +swift_service_adminurl: "{{ swift_service_adminuri }}/v1/AUTH_%(tenant_id)s" +swift_service_internaluri: "{{ swift_service_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}" +swift_service_internalurl: "{{ swift_service_internaluri }}/v1/AUTH_%(tenant_id)s" +swift_service_region: RegionOne + +## Swift default variables +swift_dispersion_user: dispersion +swift_operator_role: swiftoperator +swift_default_replication_number: 3 +swift_default_min_part_hours: 1 +swift_default_host_zone: 0 +swift_default_host_region: 1 +swift_default_drive_weight: 100 + +## Swift Auth +swift_service_admin_tenant_name: "service" +swift_service_admin_username: "swift" + +swift_account_server_program_config_options: /etc/swift/account-server/account-server.conf +swift_account_server_replicator_program_config_options: /etc/swift/account-server/account-server-replicator.conf + +swift_container_server_program_config_options: /etc/swift/container-server/container-server.conf +swift_container_server_replicator_program_config_options: /etc/swift/container-server/container-server-replicator.conf + +swift_object_server_program_config_options: /etc/swift/object-server/object-server.conf +swift_object_server_replicator_program_config_options: /etc/swift/object-server/object-server-replicator.conf + +swift_proxy_server_program_config_options: /etc/swift/proxy-server/proxy-server.conf + +## General Swift configuration +# If ``swift_account_server_replicator_workers`` is unset the system will use half the number +# of available VCPUS to compute the number of api workers to use. +# swift_account_server_replicator_workers: 16 + +# If ``swift_server_replicator_workers`` is unset the system will use half the number +# of available VCPUS to compute the number of api workers to use. +# swift_server_replicator_workers: 16 + +# If ``swift_object_replicator_workers`` is unset the system will use half the number +# of available VCPUS to compute the number of api workers to use. +# swift_object_replicator_workers: 16 + +# If ``swift_account_server_workers`` is unset the system will use half the number +# of available VCPUS to compute the number of api workers to use. +# swift_account_server_workers: 16 + +# If ``swift_container_server_workers`` is unset the system will use half the number +# of available VCPUS to compute the number of api workers to use. +# swift_container_server_workers: 16 + +# If ``swift_object_server_workers`` is unset the system will use half the number +# of available VCPUS to compute the number of api workers to use. +# swift_object_server_workers: 16 + +# If ``swift_proxy_server_workers`` is unset the system will use half the number +# of available VCPUS to compute the number of api workers to use. +# swift_proxy_server_workers: 16 + +swift_pip_packages: + - dnspython + - ecdsa + - keystonemiddleware + - pycrypto + - python-cinderclient + - python-keystoneclient + - python-memcached + - python-swiftclient + - pywbem + - swift + +swift_apt_packages: + - curl + - gcc + - git-core + - libffi-dev + - openssh-server + - python-dev + - rsync + +swift_program_names: + - swift-proxy-server + - swift-object-server + - swift-object-auditor + - swift-object-replicator + - swift-object-updater + - swift-object-server-replicator + - swift-container-server + - swift-container-auditor + - swift-container-replicator + - swift-container-sync + - swift-container-updater + - swift-container-server-replicator + - swift-account-server + - swift-account-auditor + - swift-account-replicator + - swift-account-reaper + - swift-account-server-replicator diff --git a/playbooks/roles/swift_ring_builder/templates/swift_rings.py b/playbooks/roles/os_swift/files/swift_rings.py similarity index 100% rename from playbooks/roles/swift_ring_builder/templates/swift_rings.py rename to playbooks/roles/os_swift/files/swift_rings.py diff --git a/playbooks/roles/swift_storage_setup/handlers/main.yml b/playbooks/roles/os_swift/handlers/main.yml similarity index 55% rename from playbooks/roles/swift_storage_setup/handlers/main.yml rename to playbooks/roles/os_swift/handlers/main.yml index 3aa0d701cf..30b7dea95f 100644 --- a/playbooks/roles/swift_storage_setup/handlers/main.yml +++ b/playbooks/roles/os_swift/handlers/main.yml @@ -13,11 +13,43 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Restart swift services + service: + name: "{{ item }}" + state: "restarted" + pattern: "{{ item }}" + register: service_restart + with_items: swift_program_names + failed_when: false + +- name: Restart service + service: + name: "{{ item }}" + state: "restarted" + pattern: "{{ item }}" + enabled: "yes" + when: item is defined + +- name: Restart rsyslog + service: + name: "rsyslog" + state: "restarted" + - name: Restart rsync service - service: name=rsync state=restarted pattern=rsync + service: + name: "rsync" + state: "stopped" + pattern: "rsync" register: service_restart failed_when: "'msg' in service_restart and 'FAIL' in service_restart.msg|upper" + register: service_restart + until: add_service|success + retries: 3 + delay: 2 notify: Ensure rsync service running - name: Ensure rsync service running - service: name=rsync state=started pattern=rsync + service: + name: "rsync" + state: "started" + pattern: "rsync" diff --git a/playbooks/roles/os_swift/meta/main.yml b/playbooks/roles/os_swift/meta/main.yml new file mode 100644 index 0000000000..ee9aeac492 --- /dev/null +++ b/playbooks/roles/os_swift/meta/main.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of swift + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - swift + - development + - openstack +dependencies: + - rsyslog_setup + - openstack_openrc + - pip_lock_down diff --git a/playbooks/roles/os_swift/tasks/main.yml b/playbooks/roles/os_swift/tasks/main.yml new file mode 100644 index 0000000000..fec0748224 --- /dev/null +++ b/playbooks/roles/os_swift/tasks/main.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: swift_pre_install.yml +- include: swift_install.yml +- include: swift_post_install.yml + +- include: swift_key_setup.yml + tags: + - swift-key + - swift-key-distribute + +- include: swift_rings.yml + tags: + - swift-rings + +- include: swift_storage_hosts.yml + when: > + inventory_hostname in groups['swift_hosts'] + tags: + - swift-storage-hosts + +- include: swift_proxy_hosts.yml + when: > + inventory_hostname in groups['swift_proxy'] + tags: + - swift-storage-hosts + +- include: swift_service_setup.yml + when: > + inventory_hostname == groups['swift_all'][0] diff --git a/playbooks/roles/os_swift/tasks/swift_install.yml b/playbooks/roles/os_swift/tasks/swift_install.yml new file mode 100644 index 0000000000..5d6c683e37 --- /dev/null +++ b/playbooks/roles/os_swift/tasks/swift_install.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: swift_apt_packages + tags: + - swift-install + - swift-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ swift_pip_packages }}" + tags: + - swift-install + - swift-pip-packages diff --git a/playbooks/roles/os_swift/tasks/swift_key_create.yml b/playbooks/roles/os_swift/tasks/swift_key_create.yml new file mode 100644 index 0000000000..fd8cf34220 --- /dev/null +++ b/playbooks/roles/os_swift/tasks/swift_key_create.yml @@ -0,0 +1,74 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Remove old key file(s) if found + file: + path: "{{ item }}" + state: "absent" + with_items: + - "{{ swift_system_home_folder }}/.ssh/authorized_keys" + - "{{ swift_system_home_folder }}/.ssh/id_rsa" + - "{{ swift_system_home_folder }}/.ssh/id_rsa.pub" + tags: + - swift-key + - swift-key-create + +- name: Create the swift SSH key if it doesnt exist + command: | + ssh-keygen -f {{ swift_system_home_folder }}/.ssh/id_rsa -t rsa -q -N "" + sudo: yes + sudo_user: "{{ swift_system_user_name }}" + tags: + - swift-key + - swift-key-create + +- name: Create empty 'authorized_keys' file + file: + path: "{{ swift_system_home_folder }}/.ssh/authorized_keys" + state: "touch" + tags: + - swift-key + - swift-key-create + +- name: Change permissions on the generated keys + file: + path: "{{ item.path }}" + group: "{{ swift_system_user_name }}" + owner: "{{ swift_system_user_name }}" + mode: "{{ item.mode }}" + with_items: + - { path: "{{ swift_system_home_folder }}/.ssh/authorized_keys", mode: "0700" } + - { path: "{{ swift_system_home_folder }}/.ssh/id_rsa", mode: "0600" } + - { path: "{{ swift_system_home_folder }}/.ssh/id_rsa.pub", mode: "0644" } + tags: + - swift-key + - swift-key-create + +- name: Get public key contents + command: | + cat {{ swift_system_home_folder }}/.ssh/id_rsa.pub + register: swift_pub + changed_when: false + tags: + - swift-key + - swift-key-create + +- name: Build authorized keys + shell: | + echo "{{ swift_pub.stdout }}" | tee -a {{ swift_system_home_folder }}/.ssh/authorized_keys + delegate_to: "{{ groups['swift_hosts'][0] }}" + tags: + - swift-key + - swift-key-create diff --git a/playbooks/roles/os_swift/tasks/swift_key_distribute.yml b/playbooks/roles/os_swift/tasks/swift_key_distribute.yml new file mode 100644 index 0000000000..8fca6f8a6b --- /dev/null +++ b/playbooks/roles/os_swift/tasks/swift_key_distribute.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Retrieve authorized keys + memcached: + name: "{{ item.name }}" + file_path: "{{ item.src }}" + state: "retrieve" + file_mode: "{{ item.file_mode }}" + dir_mode: "{{ item.dir_mode }}" + server: "{{ memcached_servers }}" + encrypt_string: "{{ memcached_encryption_key }}" + with_items: + - { src: "{{ swift_system_home_folder }}/.ssh/authorized_keys", name: "authorized_keys", file_mode: "0640", dir_mode: "0750" } + register: memcache_keys + until: memcache_keys|success + retries: 5 + delay: 2 + tags: + - swift-key + - swift-key-distribute diff --git a/playbooks/roles/rabbit_common/tasks/set_cookie.yml b/playbooks/roles/os_swift/tasks/swift_key_setup.yml similarity index 62% rename from playbooks/roles/rabbit_common/tasks/set_cookie.yml rename to playbooks/roles/os_swift/tasks/swift_key_setup.yml index 9e35521d23..376d40ca7e 100644 --- a/playbooks/roles/rabbit_common/tasks/set_cookie.yml +++ b/playbooks/roles/os_swift/tasks/swift_key_setup.yml @@ -13,23 +13,21 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Stop rabbitmq-server - service: - name: rabbitmq-server - state: stopped +- include: swift_key_create.yml tags: - - rabbit_stop + - swift-key + - swift-key-create -- name: Set rabbit cookie - copy: - content: "{{ rabbit_cookie }}" - dest: /var/lib/rabbitmq/.erlang.cookie - mode: 0400 - owner: rabbitmq - group: rabbitmq - register: cookie_set +- include: swift_key_store.yml + when: > + inventory_hostname == groups['swift_hosts'][0] tags: - - rabbit_config + - swift-key + - swift-key-store -- include: restart_rabbit.yml - when: cookie_set|changed +- include: swift_key_distribute.yml + when: > + inventory_hostname != groups['swift_hosts'][0] + tags: + - swift-key + - swift-key-distribute diff --git a/playbooks/roles/glance_cache_crons/tasks/main.yml b/playbooks/roles/os_swift/tasks/swift_key_store.yml similarity index 59% rename from playbooks/roles/glance_cache_crons/tasks/main.yml rename to playbooks/roles/os_swift/tasks/swift_key_store.yml index f0b4ed7f95..6f847c8706 100644 --- a/playbooks/roles/glance_cache_crons/tasks/main.yml +++ b/playbooks/roles/os_swift/tasks/swift_key_store.yml @@ -13,19 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Create glance cache management cron jobs - cron: +- name: Distribute authorized keys for cluster consumption + memcached: name: "{{ item.name }}" - minute: "{{ 59 |random }}" - day: "*" - hour: "{{ item.hour }}" - month: "*" - state: present - job: "{{ item.name }}" - user: glance + file_path: "{{ item.src }}" + state: "present" + server: "{{ memcached_servers }}" + encrypt_string: "{{ memcached_encryption_key }}" with_items: - - name: /usr/local/bin/glance-cache-pruner - hour: "*" - - name: /usr/local/bin/glance-cache-cleaner - hour: "{{ 23|random }}" - when: flavor | search("cache") + - { src: "{{ swift_system_home_folder }}/.ssh/authorized_keys", name: "authorized_keys" } + register: memcache_keys + until: memcache_keys|success + retries: 5 + delay: 2 + tags: + - swift-key + - swift-key-store diff --git a/playbooks/roles/glance_common/tasks/glance_config.yml b/playbooks/roles/os_swift/tasks/swift_post_install.yml similarity index 56% rename from playbooks/roles/glance_common/tasks/glance_config.yml rename to playbooks/roles/os_swift/tasks/swift_post_install.yml index 162a04e445..e940d83d60 100644 --- a/playbooks/roles/glance_common/tasks/glance_config.yml +++ b/playbooks/roles/os_swift/tasks/swift_post_install.yml @@ -13,20 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Drop Glance Config(s) +- name: Copy swift config template: - src: "{{ item }}" - dest: "/etc/glance/{{ item }}" - owner: "{{ system_user }}" - group: "{{ system_group }}" + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" with_items: - - glance-api-paste.ini - - glance-api.conf - - glance-cache.conf - - glance-registry-paste.ini - - glance-registry.conf - - glance-scrubber.conf - - policy.json - - schema-image.json - - schema.json - notify: Restart os service + - { src: "swift.conf.j2", dest: "/etc/swift/swift.conf" } + - { src: "swift-rsyslog.conf.j2", dest: "/etc/rsyslog.d/49-swift.conf" } + - { src: "swift-dispersion.conf.j2", dest: "/etc/swift/dispersion.conf" } + notify: Restart swift services + tags: + - swift-config + - swift-post-install diff --git a/playbooks/roles/os_swift/tasks/swift_pre_install.yml b/playbooks/roles/os_swift/tasks/swift_pre_install.yml new file mode 100644 index 0000000000..e6681cf7e4 --- /dev/null +++ b/playbooks/roles/os_swift/tasks/swift_pre_install.yml @@ -0,0 +1,85 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ swift_system_group_name }}" + state: "present" + system: "yes" + tags: + - swift-group + +- name: Create the swift system user + user: + name: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" + comment: "{{ swift_system_comment }}" + shell: "{{ swift_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ swift_system_home_folder }}" + tags: + - swift-user + +- name: Create swift dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(swift_system_user_name) }}" + group: "{{ item.group|default(swift_system_group_name) }}" + with_items: + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "/etc/swift" } + - { path: "/etc/swift/account-server" } + - { path: "/etc/swift/container-server" } + - { path: "/etc/swift/object-server" } + - { path: "/etc/swift/proxy-server" } + - { path: "/etc/swift/scripts" } + - { path: "/etc/swift/rings" } + - { path: "/openstack/log/{{ inventory_hostname }}", owner: "syslog", group: "syslog" } + - { path: "/var/cache/swift" } + - { path: "/var/lock/swift" } + - { path: "{{ swift_system_home_folder }}" } + tags: + - swift-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/swift" ]; then + chown -h {{ swift_system_user_name }}:{{ swift_system_group_name }} "/var/log/swift" + chown -R {{ swift_system_user_name }}:{{ swift_system_group_name }} "$(readlink /var/log/swift)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - swift-dirs + - swift-logs + +- name: Create swift log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(swift_system_user_name) }}" + group: "{{ item.group|default(swift_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/swift", owner: "syslog", group: "syslog" } + when: log_dir.rc != 0 + tags: + - swift-dirs + - swift-logs diff --git a/playbooks/roles/swift_proxy/tasks/main.yml b/playbooks/roles/os_swift/tasks/swift_proxy_hosts.yml similarity index 53% rename from playbooks/roles/swift_proxy/tasks/main.yml rename to playbooks/roles/os_swift/tasks/swift_proxy_hosts.yml index f247f74ce3..083db23003 100644 --- a/playbooks/roles/swift_proxy/tasks/main.yml +++ b/playbooks/roles/os_swift/tasks/swift_proxy_hosts.yml @@ -14,9 +14,18 @@ # limitations under the License. - name: swift proxy server configuration - template: > - src="proxy-server.conf.j2" - dest="/etc/swift/proxy-server/proxy-server.conf" - owner={{ service_admin_username }} - mode=0644 - notify: Restart swift service + template: + src: "proxy-server.conf.j2" + dest: "/etc/swift/proxy-server/proxy-server.conf" + owner: "{{ swift_system_user_name }}" + mode: "0644" + notify: Restart swift services + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-proxy-server" + program_config_options: "{{ swift_proxy_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" diff --git a/playbooks/inventory/group_vars/elasticsearch.yml b/playbooks/roles/os_swift/tasks/swift_rings.yml similarity index 69% rename from playbooks/inventory/group_vars/elasticsearch.yml rename to playbooks/roles/os_swift/tasks/swift_rings.yml index 6df8619f69..347b7a5d85 100644 --- a/playbooks/inventory/group_vars/elasticsearch.yml +++ b/playbooks/roles/os_swift/tasks/swift_rings.yml @@ -13,15 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Variables for the logstash containers -service_name: elasticsearch +- include: swift_rings_md5sum.yml -debug: False -verbose: True +- include: swift_rings_check.yml + when: > + inventory_hostname == groups['swift_hosts'][0] -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB +- include: swift_rings_build.yml + when: > + inventory_hostname == groups['swift_hosts'][0] -# Directories to create -container_directories: - - { name: /var/log/elasticsearch, mode: 755 } +- include: swift_rings_distribute.yml diff --git a/playbooks/roles/swift_ring_builder/tasks/main.yml b/playbooks/roles/os_swift/tasks/swift_rings_build.yml similarity index 53% rename from playbooks/roles/swift_ring_builder/tasks/main.yml rename to playbooks/roles/os_swift/tasks/swift_rings_build.yml index 231a9c40c3..a4f0ed037f 100644 --- a/playbooks/roles/swift_ring_builder/tasks/main.yml +++ b/playbooks/roles/os_swift/tasks/swift_rings_build.yml @@ -13,52 +13,64 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: check_ring.yml - -- name: "make sure scripts directory exists" - file: > - state=directory - path={{ item }} - owner=root - group=root - mode=0755 - with_items: - - /etc/swift/rings - - /etc/swift/scripts - - name: "Copy the swift_rings.py file" - template: > - src=swift_rings.py - dest="/etc/swift/scripts/swift_rings.py" - mode=0700 + copy: + src: swift_rings.py + dest: "/etc/swift/scripts/swift_rings.py" + owner: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" + mode: "0700" + tags: + - swift-rings + - swift-rings-scripts - name: "Build ring-contents files" - template: > - src=ring.contents.j2 - dest="/etc/swift/scripts/{{ item.type }}.contents" + template: + src: ring.contents.j2 + dest: "/etc/swift/scripts/{{ item.type }}.contents" + owner: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" with_items: - { item: "{{ swift.account }}", port: "{{ swift_account_port }}", type: "account" } - { item: "{{ swift.container }}", port: "{{ swift_container_port}}", type: "container" } + tags: + - swift-rings + - swift-rings-contents - name: "Build ring-contents files for storage policies" - template: > - src=ring.contents.j2 - dest="/etc/swift/scripts/object-{{ item[0].policy.index }}.contents" + template: + src: ring.contents.j2 + dest: "/etc/swift/scripts/object-{{ item[0].policy.index }}.contents" + owner: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" with_nested: - "{{ swift.storage_policies }}" - [{ type: 'object', port: "{{ swift_object_port }}" }] + tags: + - swift-rings + - swift-rings-contents - name: "build rings for account/container from contents files" - command: /usr/bin/python /etc/swift/scripts/swift_rings.py -f /etc/swift/scripts/{{ item }}.contents + command: "/usr/bin/python /etc/swift/scripts/swift_rings.py -f /etc/swift/scripts/{{ item }}.contents" with_items: - account - container + sudo: yes + sudo_user: "{{ swift_system_user_name }}" args: chdir: /etc/swift/rings/ + tags: + - swift-rings + - swift-rings-build - name: "build rings for storage policies from contents files" - command: /usr/bin/python /etc/swift/scripts/swift_rings.py -f /etc/swift/scripts/object-{{ item.policy.index }}.contents + command: "/usr/bin/python /etc/swift/scripts/swift_rings.py -f /etc/swift/scripts/object-{{ item.policy.index }}.contents" with_items: - "{{ swift.storage_policies }}" + sudo: yes + sudo_user: "{{ swift_system_user_name }}" args: chdir: /etc/swift/rings/ + tags: + - swift-rings + - swift-rings-build diff --git a/playbooks/roles/swift_ring_builder/tasks/check_ring.yml b/playbooks/roles/os_swift/tasks/swift_rings_check.yml similarity index 57% rename from playbooks/roles/swift_ring_builder/tasks/check_ring.yml rename to playbooks/roles/os_swift/tasks/swift_rings_check.yml index a152c5a3da..9caec81446 100644 --- a/playbooks/roles/swift_ring_builder/tasks/check_ring.yml +++ b/playbooks/roles/os_swift/tasks/swift_rings_check.yml @@ -14,17 +14,29 @@ # limitations under the License. - name: Get md5sum of local builder files - shell: cat /etc/swift/rings/*.builder 2>/dev/null | md5sum | cut -d " " -f1 + shell: | + cat /etc/swift/rings/*.builder 2>/dev/null | md5sum | cut -d " " -f1 register: md5sum + tags: + - swift-ring-check - name: Get empty md5sum - shell: echo -n | md5sum | cut -d " " -f1 + shell: | + echo -n | md5sum | cut -d " " -f1 register: empty_md5sum + tags: + - swift-ring-check # Fail if the remote hosts builder files is not empty AND # does not match the md5sum of the local host. -- name: Check md5sum of builder files +- name: Verify md5sum of builder files fail: - msg: "The builder files on the remote host {{ item }} do not match the local host, and are not empty on the remote host" - when: ("{{ hostvars[item]['builder_md5sum'] }}" != "{{ empty_md5sum.stdout }}") and ("{{ hostvars[item]['builder_md5sum'] }}" != "{{ md5sum.stdout }}") - with_items: groups['swift_proxy'] + groups['swift_hosts'] + msg: > + "The builder files on the remote host {{ item }} do not match the {{ md5sum.stdout }}, + and are not empty on the remote host" + when: > + ("{{ hostvars[item]['builder_md5sum'] }}" != "{{ empty_md5sum.stdout }}") and + ("{{ hostvars[item]['builder_md5sum'] }}" != "{{ md5sum.stdout }}") + with_items: groups['swift_all'] + tags: + - swift-ring-check diff --git a/playbooks/roles/rabbit_create_cluster/tasks/main.yml b/playbooks/roles/os_swift/tasks/swift_rings_distribute.yml similarity index 63% rename from playbooks/roles/rabbit_create_cluster/tasks/main.yml rename to playbooks/roles/os_swift/tasks/swift_rings_distribute.yml index c35b5c95cb..a4d9b07038 100644 --- a/playbooks/roles/rabbit_create_cluster/tasks/main.yml +++ b/playbooks/roles/os_swift/tasks/swift_rings_distribute.yml @@ -13,9 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Create cluster +- name: "Get swift rings" shell: | - rabbitmqctl set_cluster_name {{ rabbit_cluster_name }} + rsync -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \ + -avz \ + {{ swift_system_user_name }}@{{ hostvars[groups['swift_hosts'][0]]['ansible_ssh_host'] }}:/etc/swift/rings/ \ + /etc/swift/ + sudo: yes + sudo_user: "{{ swift_system_user_name }}" tags: - - rabbit_cluster - - rabbit_config + - swift-get-rings \ No newline at end of file diff --git a/playbooks/roles/swift_ring_md5sum/tasks/main.yml b/playbooks/roles/os_swift/tasks/swift_rings_md5sum.yml similarity index 84% rename from playbooks/roles/swift_ring_md5sum/tasks/main.yml rename to playbooks/roles/os_swift/tasks/swift_rings_md5sum.yml index 73f371ec4f..10ac699e5a 100644 --- a/playbooks/roles/swift_ring_md5sum/tasks/main.yml +++ b/playbooks/roles/os_swift/tasks/swift_rings_md5sum.yml @@ -14,9 +14,14 @@ # limitations under the License. - name: Get md5sum of builder files - shell: cat /etc/swift/*.builder 2>/dev/null | md5sum | cut -d " " -f1 + shell: | + cat /etc/swift/*.builder 2>/dev/null | md5sum | cut -d " " -f1 register: md5sum + tags: + - swift-md5sum - name: Register a fact for the md5sum set_fact: builder_md5sum: "{{ md5sum.stdout }}" + tags: + - swift-md5sum diff --git a/playbooks/roles/os_swift/tasks/swift_service_setup.yml b/playbooks/roles/os_swift/tasks/swift_service_setup.yml new file mode 100644 index 0000000000..ed68c94226 --- /dev/null +++ b/playbooks/roles/os_swift/tasks/swift_service_setup.yml @@ -0,0 +1,138 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create a service +- name: Ensure swift service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ swift_service_name }}" + service_type: "{{ swift_service_type }}" + description: "{{ swift_service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 + tags: + - swift-api-setup + - swift-service-add + - swift-setup + +# Create an admin user +- name: Ensure swift user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ swift_service_user_name }}" + tenant_name: "{{ swift_service_tenant_name }}" + password: "{{ swift_service_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - swift-api-setup + - swift-service-add + - swift-setup + +# Add a role to the user +- name: Ensure swift user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ swift_service_user_name }}" + tenant_name: "{{ swift_service_tenant_name }}" + role_name: "{{ swift_service_role_name }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - swift-api-setup + - swift-service-add + - swift-setup + +- name: Ensure swiftoperator role + keystone: + command: "ensure_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + role_name: "{{ swift_operator_role }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - swift-api-setup + - swift-service-add + - swift-setup + +- name: "Create keystone user for swift-dispersion" + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ swift_dispersion_user }}" + tenant_name: "{{ swift_service_tenant_name }}" + password: "{{ swift_dispersion_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - swift-api-setup + - swift-service-add + - swift-setup + +- name: "Add swiftoperator role to swift-dispersion user" + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ swift_dispersion_user }}" + tenant_name: "{{ swift_service_tenant_name }}" + role_name: "{{ swift_operator_role }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - swift-api-setup + - swift-service-add + - swift-setup + +# Create an endpoint +- name: Ensure swift endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ swift_service_region }}" + service_name: "{{ swift_service_name }}" + service_type: "{{ swift_service_type }}" + publicurl: "{{ swift_service_publicurl }}" + adminurl: "{{ swift_service_internalurl }}" + internalurl: "{{ swift_service_adminurl }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - swift-api-setup + - swift-service-add + - swift-setup diff --git a/playbooks/cinder-all.yml b/playbooks/roles/os_swift/tasks/swift_storage_hosts.yml similarity index 76% rename from playbooks/cinder-all.yml rename to playbooks/roles/os_swift/tasks/swift_storage_hosts.yml index 828d74802f..8e34b15786 100644 --- a/playbooks/cinder-all.yml +++ b/playbooks/roles/os_swift/tasks/swift_storage_hosts.yml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: cinder-common.yml -- include: cinder-api.yml -- include: cinder-scheduler.yml -- include: cinder-volume.yml +- include: swift_storage_hosts_setup.yml +- include: swift_storage_hosts_object_server.yml +- include: swift_storage_hosts_account.yml +- include: swift_storage_hosts_container.yml diff --git a/playbooks/roles/os_swift/tasks/swift_storage_hosts_account.yml b/playbooks/roles/os_swift/tasks/swift_storage_hosts_account.yml new file mode 100644 index 0000000000..33e56fa3f2 --- /dev/null +++ b/playbooks/roles/os_swift/tasks/swift_storage_hosts_account.yml @@ -0,0 +1,77 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "Swift account server config with replication" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" + mode: "0644" + with_items: + - { src: "account-server.conf.j2", dest: "/etc/swift/account-server/account-server.conf" } + - { src: "account-server-replicator.conf.j2", dest: "/etc/swift/account-server/account-server-replicator.conf" } + notify: Restart swift services + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-account-server-replicator" + program_config_options: "{{ swift_account_server_replicator_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + when: > + swift.replication_network is defined and + swift.replication_network != swift.storage_network + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-account-replicator" + program_config_options: "{{ swift_account_server_replicator_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + when: > + swift.replication_network is defined and + swift.replication_network != swift.storage_network + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-account-server" + program_config_options: "{{ swift_account_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-account-auditor" + program_config_options: "{{ swift_account_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-account-reaper" + program_config_options: "{{ swift_account_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" diff --git a/playbooks/roles/os_swift/tasks/swift_storage_hosts_container.yml b/playbooks/roles/os_swift/tasks/swift_storage_hosts_container.yml new file mode 100644 index 0000000000..9e315b184e --- /dev/null +++ b/playbooks/roles/os_swift/tasks/swift_storage_hosts_container.yml @@ -0,0 +1,86 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "Swift container server configuration" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" + mode: "0644" + with_items: + - { src: "container-server.conf.j2", dest: "/etc/swift/container-server/container-server.conf" } + - { src: "container-server-replicator.conf.j2", dest: "/etc/swift/container-server/container-server-replicator.conf" } + notify: Restart swift services + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-container-server-replicator" + program_config_options: "{{ swift_container_server_replicator_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + when: > + swift.replication_network is defined and + swift.replication_network != swift.storage_network + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-container-replicator" + program_config_options: "{{ swift_container_server_replicator_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + when: > + swift.replication_network is defined and + swift.replication_network != swift.storage_network + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-container-server" + program_config_options: "{{ swift_container_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-container-auditor" + program_config_options: "{{ swift_container_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-container-sync" + program_config_options: "{{ swift_container_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-container-updater" + program_config_options: "{{ swift_container_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" diff --git a/playbooks/roles/os_swift/tasks/swift_storage_hosts_object_server.yml b/playbooks/roles/os_swift/tasks/swift_storage_hosts_object_server.yml new file mode 100644 index 0000000000..6a19c46110 --- /dev/null +++ b/playbooks/roles/os_swift/tasks/swift_storage_hosts_object_server.yml @@ -0,0 +1,77 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "Swift object server configuration" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" + mode: "0644" + with_items: + - { src: "object-server.conf.j2", dest: "/etc/swift/object-server/object-server.conf" } + - { src: "object-server-replicator.conf.j2", dest: "/etc/swift/object-server/object-server-replicator.conf" } + notify: Restart swift services + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-object-server-replicator" + program_config_options: "{{ swift_object_server_replicator_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + when: > + swift.replication_network is defined and + swift.replication_network != swift.storage_network + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-object-replicator" + program_config_options: "{{ swift_object_server_replicator_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + when: > + swift.replication_network is defined and + swift.replication_network != swift.storage_network + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-object-server" + program_config_options: "{{ swift_object_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-object-auditor" + program_config_options: "{{ swift_object_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" + +- include: swift_upstart_common_init.yml + vars: + program_name: "swift-object-updater" + program_config_options: "{{ swift_object_server_program_config_options }}" + service_name: "{{ swift_service_name }}" + system_user: "{{ swift_system_user_name }}" + system_group: "{{ swift_system_group_name }}" + service_home: "{{ swift_system_home_folder }}" diff --git a/playbooks/roles/swift_storage_setup/tasks/main.yml b/playbooks/roles/os_swift/tasks/swift_storage_hosts_setup.yml similarity index 57% rename from playbooks/roles/swift_storage_setup/tasks/main.yml rename to playbooks/roles/os_swift/tasks/swift_storage_hosts_setup.yml index cef271621d..f7a5d8463a 100644 --- a/playbooks/roles/swift_storage_setup/tasks/main.yml +++ b/playbooks/roles/os_swift/tasks/swift_storage_hosts_setup.yml @@ -19,14 +19,40 @@ swift_vars: "{}" when: swift_vars is not defined -- include: rsync_setup.yml -- include: swift_recon_cron.yml +- name: "Put /etc/rsyncd.conf in place" + template: + src: "rsyncd.conf.j2" + dest: "/etc/rsyncd.conf" + owner: "root" + group: "root" + mode: "0644" + notify: Restart rsync service + +- name: "Enable rsync in defaults" + lineinfile: + dest: "/etc/default/rsync" + line: "RSYNC_ENABLE=true" + regexp: "^RSYNC_ENABLE*" + notify: Restart rsync service + +# We need the location of swift-recon-cron +- name: "Get location of swift-recon-cron" + shell: which swift-recon-cron + register: recon_cron_path + +- name: "Setup swift-recon-cron cron job" + cron: + name: "swift-recon-cron run" + minute: "*/5" + user: "swift" + job: "{{ recon_cron_path.stdout }} /etc/swift/object-server/object-server.conf" + cron_file: "swift_recon_cron" - name: "Set ownership on mounted drives" file: dest: "{{ swift_vars.mount_point | default(swift.mount_point) }}/{{ item.name }}" - owner: "{{ system_user }}" - group: "{{ system_group }}" + owner: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" state: "directory" with_items: swift_vars.drives when: swift_vars.drives is defined @@ -34,8 +60,8 @@ - name: "Set ownership on default mounted drives" file: dest: "{{ swift_vars.mount_point | default(swift.mount_point) }}/{{ item.name }}" - owner: "{{ system_user }}" - group: "{{ system_group }}" + owner: "{{ swift_system_user_name }}" + group: "{{ swift_system_group_name }}" state: "directory" with_items: swift.drives when: swift_vars.drives is not defined diff --git a/playbooks/roles/os_swift/tasks/swift_upstart_common_init.yml b/playbooks/roles/os_swift/tasks/swift_upstart_common_init.yml new file mode 100644 index 0000000000..57969fbf19 --- /dev/null +++ b/playbooks/roles/os_swift/tasks/swift_upstart_common_init.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Place the init script + template: + src: "swift-upstart-init.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart swift services + tags: + - upstart-init + - swift-init + +- name: Reload init scripts + shell: | + initctl reload-configuration + notify: + - Restart swift services + tags: + - upstart-init + - swift-init + +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" + notify: + - Restart swift services + tags: + - upstart-init + - swift-init diff --git a/playbooks/roles/os_swift/templates/account-server-replicator.conf.j2 b/playbooks/roles/os_swift/templates/account-server-replicator.conf.j2 new file mode 100644 index 0000000000..5afdb9a3a7 --- /dev/null +++ b/playbooks/roles/os_swift/templates/account-server-replicator.conf.j2 @@ -0,0 +1,23 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +[DEFAULT] +{% set repl_bridge = 'ansible_' + swift.replication_network|replace('-', '_') %} +bind_ip = {{ hostvars[inventory_hostname][repl_bridge]['ipv4']['address'] }} +bind_port = {{ swift_account_port }} +devices = {{ swift_vars.mount_point | default(swift.mount_point) }} +workers = {{ swift_account_server_replicator_workers | default(api_threads) }} +log_facility = LOG_LOCAL2 + +[pipeline:main] +pipeline = account-server + +[app:account-server] +use = egg:swift#account +replication_server = True + +[account-replicator] +log_facility = LOG_LOCAL2 +per_diff = 10000 diff --git a/playbooks/roles/os_swift/templates/account-server.conf.j2 b/playbooks/roles/os_swift/templates/account-server.conf.j2 new file mode 100644 index 0000000000..49f8c9850f --- /dev/null +++ b/playbooks/roles/os_swift/templates/account-server.conf.j2 @@ -0,0 +1,50 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +{% if is_metal == true or is_metal == "True" and swift.storage_network is defined %} +{% set storage_bridge = 'ansible_' + swift.storage_network|replace('-', '_') %} +{% set swift_storage_address = hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] %} +{% endif %} + +[DEFAULT] +bind_ip = {{ swift_storage_address | default(ansible_ssh_host) }} +bind_port = {{ swift_account_port }} +workers = {{ swift_account_server_workers | default(api_threads) }} + +user = {{ swift_system_user_name }} +devices = {{ swift_vars.mount_point | default(swift.mount_point) }} +log_facility = LOG_LOCAL2 + +[pipeline:main] +pipeline = healthcheck recon account-server + +[app:account-server] +use = egg:swift#account +log_facility = LOG_LOCAL2 + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:recon] +use = egg:swift#recon +log_facility = LOG_LOCAL2 +recon_cache_path = /var/cache/swift +recon_lock_path = /var/lock/swift + +{% if swift.replication_network is not defined %} +[account-replicator] +log_facility = LOG_LOCAL2 +per_diff = 10000 +{% endif %} + +[account-auditor] +log_facility = LOG_LOCAL2 + +[account-reaper] +log_facility = LOG_LOCAL2 +delay_reaping = 604800 + +[filter:xprofile] +use = egg:swift#xprofile diff --git a/playbooks/roles/os_swift/templates/container-server-replicator.conf.j2 b/playbooks/roles/os_swift/templates/container-server-replicator.conf.j2 new file mode 100644 index 0000000000..6c7dae393b --- /dev/null +++ b/playbooks/roles/os_swift/templates/container-server-replicator.conf.j2 @@ -0,0 +1,22 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +[DEFAULT] +{% set repl_bridge = 'ansible_' + swift.replication_network|replace('-', '_') %} +bind_ip = {{ hostvars[inventory_hostname][repl_bridge]['ipv4']['address'] }} +bind_port = {{ swift_container_port }} +devices = {{ swift_vars.mount_point | default(swift.mount_point) }} +workers = {{ swift_server_replicator_workers | default(api_threads) }} +log_facility = LOG_LOCAL3 + +[pipeline:main] +pipeline = container-server + +[app:container-server] +use = egg:swift#container +replication_server = True + +[container-replicator] +log_facility = LOG_LOCAL3 diff --git a/playbooks/roles/os_swift/templates/container-server.conf.j2 b/playbooks/roles/os_swift/templates/container-server.conf.j2 new file mode 100644 index 0000000000..dd0621b953 --- /dev/null +++ b/playbooks/roles/os_swift/templates/container-server.conf.j2 @@ -0,0 +1,52 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +{% if is_metal == true or is_metal == "True" and swift.storage_network is defined %} +{% set storage_bridge = 'ansible_' + swift.storage_network|replace('-', '_') %} +{% set swift_storage_address = hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] %} +{% endif %} + +[DEFAULT] +bind_ip = {{ swift_storage_address | default(ansible_ssh_host) }} +bind_port = {{ swift_container_port }} +workers = {{ swift_container_server_workers | default(api_threads) }} + +user = {{ swift_system_user_name }} +devices = {{ swift_vars.mount_point | default(swift.mount_point) }} +log_facility = LOG_LOCAL3 + +[pipeline:main] +pipeline = healthcheck recon container-server + +[app:container-server] +use = egg:swift#container +log_facility = LOG_LOCAL3 + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:recon] +use = egg:swift#recon +log_facility = LOG_LOCAL3 +recon_cache_path = /var/cache/swift +recon_lock_path = /var/lock/swift + +{% if swift.replication_network is not defined %} +[container-replicator] +log_facility = LOG_LOCAL3 +{% endif %} + +[container-updater] +log_facility = LOG_LOCAL3 +node_timeout = 15 +conn_timeout = 5 + +[container-auditor] +log_facility = LOG_LOCAL3 + +[container-sync] + +[filter:xprofile] +use = egg:swift#xprofile diff --git a/playbooks/roles/os_swift/templates/object-server-replicator.conf.j2 b/playbooks/roles/os_swift/templates/object-server-replicator.conf.j2 new file mode 100644 index 0000000000..ef9ead2291 --- /dev/null +++ b/playbooks/roles/os_swift/templates/object-server-replicator.conf.j2 @@ -0,0 +1,23 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +[DEFAULT] +{% set repl_bridge = 'ansible_' + swift.replication_network|replace('-', '_') %} +bind_ip = {{ hostvars[inventory_hostname][repl_bridge]['ipv4']['address'] }} +bind_port = {{ swift_object_port }} +devices = {{ swift_vars.mount_point | default(swift.mount_point) }} +workers = {{ swift_object_replicator_workers | default(api_threads) }} +log_facility = LOG_LOCAL4 + +[pipeline:main] +pipeline = object-server + +[app:object-server] +use = egg:swift#object +replication_server = True + +[object-replicator] +log_facility = LOG_LOCAL4 +concurrency = 6 diff --git a/playbooks/roles/os_swift/templates/object-server.conf.j2 b/playbooks/roles/os_swift/templates/object-server.conf.j2 new file mode 100644 index 0000000000..2cdac80358 --- /dev/null +++ b/playbooks/roles/os_swift/templates/object-server.conf.j2 @@ -0,0 +1,55 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +{% if is_metal == true or is_metal == "True" and swift.storage_network is defined %} +{% set storage_bridge = 'ansible_' + swift.storage_network|replace('-', '_') %} +{% set swift_storage_address = hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] %} +{% endif %} + +[DEFAULT] +bind_ip = {{ swift_storage_address | default(ansible_ssh_host) }} +bind_port = {{ swift_object_port }} +workers = {{ swift_object_server_workers | default(api_threads) }} + +user = {{ swift_system_user_name }} +swift_dir = /etc/swift +devices = {{ swift_vars.mount_point | default(swift.mount_point) }} +log_facility = LOG_LOCAL4 + +[pipeline:main] +pipeline = healthcheck recon object-server + +[app:object-server] +use = egg:swift#object +log_facility = LOG_LOCAL4 +mb_per_sync = 64 + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:recon] +use = egg:swift#recon +log_facility = LOG_LOCAL4 +recon_cache_path = /var/cache/swift +recon_lock_path = /var/lock/swift + +{% if swift.replication_network is not defined %} +[object-replicator] +log_facility = LOG_LOCAL4 +concurrency = 6 +{% endif %} + +[object-updater] +log_facility = LOG_LOCAL4 +concurrency = 3 +concurrency = 3 +node_timeout = 60 +conn_timeout = 5 + +[object-auditor] +log_facility = LOG_LOCAL4 + +[filter:xprofile] +use = egg:swift#xprofile diff --git a/playbooks/roles/os_swift/templates/proxy-server.conf.j2 b/playbooks/roles/os_swift/templates/proxy-server.conf.j2 new file mode 100644 index 0000000000..9fd3a614b6 --- /dev/null +++ b/playbooks/roles/os_swift/templates/proxy-server.conf.j2 @@ -0,0 +1,116 @@ +# {{ ansible_managed }} + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +[DEFAULT] +bind_ip = 0.0.0.0 +bind_port = {{ swift_proxy_port }} +workers = {{ swift_proxy_server_workers | default(api_threads) }} + +user = {{ swift_system_user_name }} +log_facility = LOG_LOCAL1 + +[pipeline:main] +{% if swift_authtoken_active %} +pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo proxy-logging proxy-server +{% else %} +pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo proxy-logging proxy-server +{% endif %} +[app:proxy-server] +use = egg:swift#proxy +log_facility = LOG_LOCAL1 +node_timeout = 60 +conn_timeout = 3.5 +account_autocreate = true + +[filter:tempauth] +use = egg:swift#tempauth +{% if not swift_authtoken_active %} +user_admin_admin = admin .admin .reseller_admin +user_test_tester = testing .admin +user_test2_tester2 = testing2 .admin +user_test_tester3 = testing3 + +{% elif swift_authtoken_active %} +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +identity_uri = {{ keystone_service_internaluri }} +auth_uri = {{ keystone_service_internaluri }} +admin_tenant_name = {{ swift_service_tenant_name }} +admin_user = {{ swift_service_user_name }} +admin_password = {{ swift_service_password }} +delay_auth_decision = {{ swift_delay_auth_decision }} +{% endif %} + +[filter:keystoneauth] +use = egg:swift#keystoneauth +{% if swift_allow_all_users is defined and swift_allow_all_users == True %} +operator_roles = admin, swiftoperator, _member_ +{% else %} +operator_roles = admin, swiftoperator +{% endif %} +# The reseller admin role has the ability to create and delete accounts +reseller_admin_role = reseller_admin + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:cache] +use = egg:swift#memcache +memcache_servers = {{ memcached_servers }} +memcache_serialization_support = 2 + +[filter:ratelimit] +use = egg:swift#ratelimit + +[filter:domain_remap] +use = egg:swift#domain_remap + +[filter:catch_errors] +use = egg:swift#catch_errors + +[filter:cname_lookup] +use = egg:swift#cname_lookup + +[filter:staticweb] +use = egg:swift#staticweb + +[filter:tempurl] +use = egg:swift#tempurl + +[filter:formpost] +use = egg:swift#formpost + +[filter:name_check] +use = egg:swift#name_check + +[filter:list-endpoints] +use = egg:swift#list_endpoints + +[filter:proxy-logging] +use = egg:swift#proxy_logging + +[filter:bulk] +use = egg:swift#bulk + +[filter:container-quotas] +use = egg:swift#container_quotas + +[filter:slo] +use = egg:swift#slo + +[filter:dlo] +use = egg:swift#dlo + +[filter:account-quotas] +use = egg:swift#account_quotas + +[filter:gatekeeper] +use = egg:swift#gatekeeper + +[filter:container_sync] +use = egg:swift#container_sync + +[filter:xprofile] +use = egg:swift#xprofile diff --git a/playbooks/roles/swift_ring_builder/templates/ring.contents.j2 b/playbooks/roles/os_swift/templates/ring.contents.j2 similarity index 97% rename from playbooks/roles/swift_ring_builder/templates/ring.contents.j2 rename to playbooks/roles/os_swift/templates/ring.contents.j2 index 8a2ddfbc2b..4f0e7ae1d9 100644 --- a/playbooks/roles/swift_ring_builder/templates/ring.contents.j2 +++ b/playbooks/roles/os_swift/templates/ring.contents.j2 @@ -43,10 +43,10 @@ {### Loop through the swift_hosts #} {% for host in groups['swift_hosts'] %} {### Set the default storage_ip #} -{% set def_storage_ip = hostvars[host]['container_address'] %} +{% set def_storage_ip = hostvars[host]['ansible_ssh_host'] %} {% if swift.storage_network is defined %} {% set storage_bridge = 'ansible_' + swift.storage_network|replace('-', '_') %} -{% set def_storage_ip = hostvars[host][storage_bridge]['ipv4']['address'] | default(hostvars[host]['container_address']) %} +{% set def_storage_ip = hostvars[host][storage_bridge]['ipv4']['address'] | default(hostvars[host]['ansible_ssh_host']) %} {% endif %} {### Set the default replication_ip #} {% set def_repl_ip = def_storage_ip %} diff --git a/playbooks/roles/swift_storage_setup/templates/rsyncd.conf.j2 b/playbooks/roles/os_swift/templates/rsyncd.conf.j2 similarity index 72% rename from playbooks/roles/swift_storage_setup/templates/rsyncd.conf.j2 rename to playbooks/roles/os_swift/templates/rsyncd.conf.j2 index f87d281e3a..9c3e5171dc 100644 --- a/playbooks/roles/swift_storage_setup/templates/rsyncd.conf.j2 +++ b/playbooks/roles/os_swift/templates/rsyncd.conf.j2 @@ -1,28 +1,32 @@ -{% if is_metal == true and swift.replication_network is defined %} +# {{ ansible_managed }} + +{% if is_metal == true or is_metal == "True" and swift.replication_network is defined %} {% set repl_bridge = 'ansible_' + swift.replication_network|replace('-', '_') %} {% set bind_ip = hostvars[inventory_hostname][repl_bridge]['ipv4']['address'] %} -{% elif is_metal == true and swift.storage_network is defined %} + +{% elif is_metal == true or is_metal == "True" and swift.storage_network is defined %} {% set storage_bridge = 'ansible_' + swift.storage_network|replace('-', '_') %} {% set bind_ip = hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] %} {% endif %} -uid = {{ system_user }} -gid = {{ system_user }} + +uid = {{ swift_system_user_name }} +gid = {{ swift_system_group_name }} log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid -address = {{ bind_ip | default(container_address) }} - +address = {{ bind_ip | default(ansible_ssh_host) }} + [account] max connections = 2 path = {{ swift_vars.mount_point | default(swift.mount_point) }} read only = false lock file = /var/lock/account.lock - + [container] max connections = 2 path = {{ swift_vars.mount_point | default(swift.mount_point) }} read only = false lock file = /var/lock/container.lock - + [object] max connections = 2 path = {{ swift_vars.mount_point | default(swift.mount_point) }} diff --git a/playbooks/roles/os_swift/templates/swift-dispersion.conf.j2 b/playbooks/roles/os_swift/templates/swift-dispersion.conf.j2 new file mode 100644 index 0000000000..0dbbf598ed --- /dev/null +++ b/playbooks/roles/os_swift/templates/swift-dispersion.conf.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +[dispersion] +auth_url = {{ keystone_service_internalurl }} +auth_user = {{ keystone_admin_tenant_name }}:{{ swift_dispersion_user }} +auth_key = {{ swift_dispersion_password }} +auth_version = 2.0 +endpoint_type = internalURL diff --git a/playbooks/roles/swift_common/templates/swift-rsyslog.conf.j2 b/playbooks/roles/os_swift/templates/swift-rsyslog.conf.j2 similarity index 79% rename from playbooks/roles/swift_common/templates/swift-rsyslog.conf.j2 rename to playbooks/roles/os_swift/templates/swift-rsyslog.conf.j2 index 669899e713..ce21fc66f6 100644 --- a/playbooks/roles/swift_common/templates/swift-rsyslog.conf.j2 +++ b/playbooks/roles/os_swift/templates/swift-rsyslog.conf.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} + # Uncomment the following to have a log containing all logs together #local1,local2,local3,local4.* /openstack/log/{{ inventory_hostname }}/all.log @@ -5,11 +7,6 @@ #$template HourlyProxyLog,"/openstack/log/{{ inventory_hostname }}/hourly/%$YEAR%%$MONTH%%$DAY%%$HOUR%" #local1.*;local1.!notice ?HourlyProxyLog -# Even if rsyslog is a member of the adm group, rsyslogd cannot read the -# account/container/object logs. To work around this we need to ensure that -# the logs are readable by all users. -$FileCreateMode 0644 - local1.*;local1.!notice /var/log/swift/proxy.log local1.notice /var/log/swift/proxy-error.log local1.* ~ @@ -25,6 +22,3 @@ local3.* ~ local4.*;local4.!notice /openstack/log/{{ inventory_hostname }}/object.log local4.notice /openstack/log/{{ inventory_hostname }}/object-error.log local4.* ~ - -# Set the file create mode back to the default -$FileCreateMode 0640 diff --git a/playbooks/roles/os_swift/templates/swift-upstart-init.j2 b/playbooks/roles/os_swift/templates/swift-upstart-init.j2 new file mode 100644 index 0000000000..a9e477ac1a --- /dev/null +++ b/playbooks/roles/os_swift/templates/swift-upstart-init.j2 @@ -0,0 +1,39 @@ +# {{ ansible_managed }} + +# vim:set ft=upstart ts=2 et: + +description "{{ program_name }}" +author "Kevin Carter " + +start on runlevel [2345] +stop on runlelvel [016] + +respawn +respawn limit 10 5 + +# Set the RUNBIN environment variable +env RUNBIN="/usr/local/bin/{{ program_name }}" + +# Change directory to service users home +chdir "{{ service_home }}" + +# Pre start actions +pre-start script + mkdir -p "/var/run/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}" + + mkdir -p "/var/lock/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}" +end script + +# Post stop actions +post-stop script + rm "/var/run/{{ program_name }}/{{ program_name }}.pid" +end script + +# Run the start up job +exec start-stop-daemon --start \ + --chuid {{ system_user }} \ + --make-pidfile \ + --pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \ + --exec "{{ program_override|default('$RUNBIN') }}" "{{ program_config_options|default('') }}" diff --git a/playbooks/roles/os_swift/templates/swift.conf.j2 b/playbooks/roles/os_swift/templates/swift.conf.j2 new file mode 100644 index 0000000000..8940647209 --- /dev/null +++ b/playbooks/roles/os_swift/templates/swift.conf.j2 @@ -0,0 +1,19 @@ +# {{ ansible_managed }} + +[swift-hash] +swift_hash_path_suffix = {{ swift_hash_path_suffix }} +swift_hash_path_prefix = {{ swift_hash_path_prefix }} + +# Storage Policies +{% for policy in swift.storage_policies %} +[storage-policy:{{ policy.policy.index }}] +name = {{ policy.policy.name }} +{% if policy.policy.deprecated is defined %} +deprecated = {{ policy.policy.deprecated }} +{% endif %} +{% if policy.policy.default is defined %} +default = {{ policy.policy.default }} +{% endif %} + +{% endfor %} +[swift-constraints] diff --git a/playbooks/roles/os_tempest/defaults/main.yml b/playbooks/roles/os_tempest/defaults/main.yml new file mode 100644 index 0000000000..bba3e79d79 --- /dev/null +++ b/playbooks/roles/os_tempest/defaults/main.yml @@ -0,0 +1,90 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +## Verbosity Options +debug: False +verbose: True + +tempest_private_subnet_cidr: "192.168.74.0/24" +tempest_public_subnet_cidr: "10.1.13.0/24" + +tempest_compute_image_ssh_user: cirros +tempest_compute_image_alt_ssh_user: cirros +tempest_compute_image_ssh_password: cubswin:) +tempest_compute_image_alt_ssh_password: cubswin:) +tempest_compute_run_ssh: false + +tempest_dashboard_login_url: "http://{{ external_lb_vip_address }}/auth/login/" +tempest_dashboard_url: "http://{{ external_lb_vip_address }}/" + +tempest_service_available_ceilometer: False +tempest_service_available_cinder: True +tempest_service_available_glance: True +tempest_service_available_heat: True +tempest_service_available_horizon: True +tempest_service_available_ironic: False +tempest_service_available_neutron: True +tempest_service_available_nova: True +tempest_service_available_sahara: False +tempest_service_available_swift: True +tempest_service_available_trove: False +tempest_service_available_zaqar: False + +tempest_boto_s3_url: "http://{{ external_lb_vip_address }}:3333" +tempest_boto_ec2_url: "http://{{ external_lb_vip_address }}:8773/services/Cloud" + +tempest_swift_enabled: false + +tempest_git_repo: https://github.com/openstack/tempest +tempest_git_install_branch: master +tempest_git_dest: "/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}" + +tempest_main_group: tempest_all + +tempest_pip_packages: + - nose + - python-barbicanclient + - python-ceilometerclient + - python-cinderclient + - python-designateclient + - python-glanceclient + - python-heatclient + - python-ironicclient + - python-keystoneclient + - python-marconiclient + - python-memcached + - python-neutronclient + - python-novaclient + - python-openstackclient + - python-saharaclient + - python-seamicroclient + - python-swiftclient + - python-troveclient + - python-tuskarclient + - python-memcached + - testrepository + - testtools + +tempest_image_dir: "/opt/images" +tempest_images: + - url: "http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-uec.tar.gz" + sha256: "f462729fc2f071081dbc55932e07437e265263ef2e688306c353a1f152162b03" + name: "cirros-0.3.2-x86_64-uec.tar.gz" + - url: "http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img" + sha256: "f11286e2bd317ee1a1d0469a6b182b33bda4af6f35ba224ca49d75752c81e20a" + name: "cirros-0.3.3-x86_64-disk.img" diff --git a/playbooks/roles/os_tempest/meta/main.yml b/playbooks/roles/os_tempest/meta/main.yml new file mode 100644 index 0000000000..84b70a5a3f --- /dev/null +++ b/playbooks/roles/os_tempest/meta/main.yml @@ -0,0 +1,34 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of tempest + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - tempest + - development + - openstack +dependencies: + - openstack_openrc + - pip_lock_down diff --git a/playbooks/inventory/group_vars/memcached.yml b/playbooks/roles/os_tempest/tasks/main.yml similarity index 63% rename from playbooks/inventory/group_vars/memcached.yml rename to playbooks/roles/os_tempest/tasks/main.yml index bc8e02f565..a2ec6551aa 100644 --- a/playbooks/inventory/group_vars/memcached.yml +++ b/playbooks/roles/os_tempest/tasks/main.yml @@ -13,12 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -service_name: memcached +- include: tempest_resources.yml + when: > + inventory_hostname == groups[tempest_main_group][0] -# only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB +# Called a second time to set facts on the other utility containers. +- include: tempest_resources.yml + when: > + inventory_hostname != groups[tempest_main_group][0] -# Directories to create -container_directories: - - { name: '/var/log/memcached', mode: 755 } +- include: tempest_install.yml +- include: tempest_post_install.yml diff --git a/playbooks/roles/os_tempest/tasks/tempest_install.yml b/playbooks/roles/os_tempest/tasks/tempest_install.yml new file mode 100644 index 0000000000..076e28ab3e --- /dev/null +++ b/playbooks/roles/os_tempest/tasks/tempest_install.yml @@ -0,0 +1,50 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ tempest_pip_packages }}" + tags: + - tempest-pip-packages + +- name: Get tempest from git + git: + repo: "{{ tempest_git_repo }}" + dest: "{{ tempest_git_dest }}" + version: "{{ tempest_git_install_branch }}" + register: git_clone + until: git_clone|success + retries: 5 + delay: 2 + tags: + - tempest-git-clone + +- name: Install local tempest + pip: + name: "{{ tempest_git_dest }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + tags: + - tempest-pip-install diff --git a/playbooks/roles/os_tempest/tasks/tempest_post_install.yml b/playbooks/roles/os_tempest/tasks/tempest_post_install.yml new file mode 100644 index 0000000000..fc2d9198f6 --- /dev/null +++ b/playbooks/roles/os_tempest/tasks/tempest_post_install.yml @@ -0,0 +1,94 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Get admin tenant id + keystone: + command: get_tenant + tenant_name: admin + endpoint: "{{ keystone_service_internalurl }}" + login_tenant_name: "{{ keystone_service_tenant_name }}" + login_user: "{{ keystone_service_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - tempest-config + +- name: Store admin tenant id + set_fact: + tempest_admin_tenant_id: "{{ keystone_facts.id }}" + tags: + - tempest-config + +- name: Create tempest dir + file: + path: "{{ item.path }}" + state: directory + owner: "root" + group: "root" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "{{ tempest_git_dest }}/locks", mode: "0777" } + - { path: "{{ tempest_git_dest }}/etc" } + - { path: "{{ tempest_image_dir }}" } + tags: + - tempest-dirs + - tempest-config + - tempest-image + +- name: Image(s) download + get_url: + url: "{{ item.url }}" + dest: "{{ tempest_image_dir }}" + sha256sum: "{{ item.sha256 }}" + with_items: tempest_images + tags: + - tempest-config + - tempest-image + +- name: Locate archives + shell: | + ls -1 {{ tempest_image_dir }} | grep '.gz' + register: tempest_archives + tags: + - tempest-config + - tempest-image + - tempest-image-unarchive + +- name: Image(s) unarchive + unarchive: + src: "{{ tempest_image_dir }}/{{ item }}" + dest: "{{ tempest_image_dir }}" + copy: "no" + with_items: tempest_archives.stdout + tags: + - tempest-config + - tempest-image + - tempest-image-unarchive + +- name: Generate tempest Config + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "root" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: "tempest.conf.j2", dest: "{{ tempest_git_dest }}/etc/tempest.conf" } + - { src: openstack_tempest_gate.sh.j2, dest: /opt/openstack_tempest_gate.sh, mode: "0755" } + tags: + - tempest-config diff --git a/playbooks/roles/tempest_resources/tasks/main.yml b/playbooks/roles/os_tempest/tasks/tempest_resources.yml similarity index 51% rename from playbooks/roles/tempest_resources/tasks/main.yml rename to playbooks/roles/os_tempest/tasks/tempest_resources.yml index cf6d0530ad..aa67c9b935 100644 --- a/playbooks/roles/tempest_resources/tasks/main.yml +++ b/playbooks/roles/os_tempest/tasks/tempest_resources.yml @@ -22,19 +22,35 @@ image_container_format: bare image_disk_format: qcow2 image_is_public: True + tags: + - tempest-setup + - tempest-config + +- name: Store glance image id + set_fact: + tempest_glance_image_id: "{{ glance_images.cirros.id }}" + tags: + - tempest-setup + - tempest-config - name: Ensure tempest tenants keystone: command: ensure_tenant tenant_name: "{{ item }}" description: "{{ item }} Tenant" - endpoint: "{{ auth_identity_uri }}" - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" + endpoint: "{{ keystone_service_internalurl }}" + login_tenant_name: "{{ keystone_service_tenant_name }}" + login_user: "{{ keystone_service_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 with_items: - demo - alt_demo + tags: + - tempest-setup - name: Ensure tempest users keystone: @@ -43,13 +59,19 @@ user_name: "{{ item }}" password: "{{ item }}" description: "{{ item }} User" - endpoint: "{{ auth_identity_uri }}" - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" + endpoint: "{{ keystone_service_internalurl }}" + login_tenant_name: "{{ keystone_service_tenant_name }}" + login_user: "{{ keystone_service_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 with_items: - demo - alt_demo + tags: + - tempest-setup - name: Ensure tempest users have heat_stack_owners role keystone: @@ -57,44 +79,72 @@ tenant_name: "{{ item }}" user_name: "{{ item }}" role_name: heat_stack_owner - endpoint: "{{ auth_identity_uri }}" - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" + endpoint: "{{ keystone_service_internalurl }}" + login_tenant_name: "{{ keystone_service_tenant_name }}" + login_user: "{{ keystone_service_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 with_items: - demo - alt_demo + tags: + - tempest-setup - name: Ensure reseller_admin role keystone: command: ensure_role - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" - endpoint: "{{ auth_admin_uri }}" + endpoint: "{{ keystone_service_internalurl }}" + login_tenant_name: "{{ keystone_service_tenant_name }}" + login_user: "{{ keystone_service_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" role_name: "reseller_admin" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - tempest-setup - name: Ensure remote_image role exists keystone: command: ensure_role role_name: remote_image - endpoint: "{{ auth_identity_uri }}" - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" + endpoint: "{{ keystone_service_internalurl }}" + login_tenant_name: "{{ keystone_service_tenant_name }}" + login_user: "{{ keystone_service_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - tempest-setup - name: Get demo tenant id keystone: command: get_tenant tenant_name: demo - endpoint: "{{ auth_identity_uri }}" - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" + endpoint: "{{ keystone_service_internalurl }}" + login_tenant_name: "{{ keystone_service_tenant_name }}" + login_user: "{{ keystone_service_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - tempest-setup + - tempest-config - name: Store demo tenant id set_fact: keystone_demo_tenant_id: "{{ keystone_facts.id }}" + tags: + - tempest-setup + - tempest-config - name: Ensure private network exists neutron: @@ -102,6 +152,15 @@ openrc_path: /root/openrc net_name: private tenant_id: "{{ keystone_demo_tenant_id }}" + tags: + - tempest-setup + +- name: Store neutron private network id + set_fact: + tempest_neutron_private_network_id: "{{ neutron_networks.private.id }}" + tags: + - tempest-setup + - tempest-config - name: Ensure public network exists neutron: @@ -109,8 +168,18 @@ openrc_path: /root/openrc net_name: public provider_network_type: flat - provider_physical_network: vlan + provider_physical_network: flat router_external: true + tags: + - tempest-setup + - tempest-config + +- name: Store neutron public network id + set_fact: + tempest_neutron_public_network_id: "{{ neutron_networks.public.id }}" + tags: + - tempest-setup + - tempest-config - name: Ensure private subnet exists neutron: @@ -118,8 +187,10 @@ openrc_path: /root/openrc net_name: private subnet_name: private-subnet - cidr: "192.168.74.0/24" + cidr: "{{ tempest_private_subnet_cidr }}" tenant_id: "{{ keystone_demo_tenant_id }}" + tags: + - tempest-setup - name: Ensure public subnet exists neutron: @@ -127,7 +198,9 @@ openrc_path: /root/openrc net_name: public subnet_name: public-subnet - cidr: "10.1.13.0/24" + cidr: "{{ tempest_public_subnet_cidr }}" + tags: + - tempest-setup - name: Create router neutron: @@ -136,6 +209,15 @@ router_name: router external_gateway_info: public tenant_id: "{{ keystone_demo_tenant_id }}" + tags: + - tempest-setup + +- name: Store neutron router id + set_fact: + tempest_neutron_router_id: "{{ neutron_routers.router.id }}" + tags: + - tempest-setup + - tempest-config - name: Add private subnet to router neutron: @@ -143,39 +225,41 @@ openrc_path: /root/openrc router_name: router subnet_name: private-subnet + tags: + - tempest-setup - name: Check if tempest flavor 201 exists shell: | . /root/openrc nova flavor-show tempest1 register: tempest1 - ignore_errors: True + failed_when: False + changed_when: tempest1.rc != 0 + tags: + - tempest-setup + +- name: Create tempest flavor 201 + shell: | + . /root/openrc + nova flavor-create tempest1 201 256 1 1 + when: tempest1.rc != 0 + tags: + - tempest-setup - name: Check if tempest flavor 202 exists shell: | . /root/openrc nova flavor-show tempest2 register: tempest2 - ignore_errors: True - -- name: Create tempest flavor 201 - shell: | - . /root/openrc - nova flavor-create tempest1 201 256 1 1 - when: tempest1|failed + failed_when: False + changed_when: tempest2.rc != 0 + tags: + - tempest-setup - name: Create tempest flavor 202 shell: | . /root/openrc nova flavor-create tempest2 202 512 1 1 - when: tempest2|failed - -- name: Set tempest_run_swift_tests to True when tempest_swift_enabled is True - set_fact: - tempest_run_swift_tests: True - when: (tempest_swift_enabled is defined and tempest_swift_enabled == True) or groups['swift_all']|length > 0 - -- name: Set tempest_run_swift_tests to False when tempest_swift_enabled == False - set_fact: - tempest_run_swift_tests: False - when: (tempest_swift_enabled is defined and tempest_swift_enabled == False) or groups['swift_all']|length == 0 + when: tempest2.rc != 0 + tags: + - tempest-setup diff --git a/playbooks/roles/tempest/files/openstack_tempest_gate.sh b/playbooks/roles/os_tempest/templates/openstack_tempest_gate.sh.j2 similarity index 93% rename from playbooks/roles/tempest/files/openstack_tempest_gate.sh rename to playbooks/roles/os_tempest/templates/openstack_tempest_gate.sh.j2 index 07265e7c46..2acf70a4d7 100644 --- a/playbooks/roles/tempest/files/openstack_tempest_gate.sh +++ b/playbooks/roles/os_tempest/templates/openstack_tempest_gate.sh.j2 @@ -36,7 +36,7 @@ test_list_name=${1:-commit_multinode} # should be run. Each function takes in the full list of tempest tests and # should output a filtered list. -gen_test_list_commit_multinode(){ +function gen_test_list_commit_multinode() { # filter test list to produce list of tests to use. egrep 'tempest\.api\.(identity|image|volume)'\ |grep -vi xml \ @@ -45,17 +45,17 @@ gen_test_list_commit_multinode(){ } # Run smoke tests -gen_test_list_commit_aio(){ +function gen_test_list_commit_aio() { egrep 'test_minimum_basic|test_swift_basic_ops' } # Run smoke tests -gen_test_list_nightly_heat_multinode(){ +function gen_test_list_nightly_heat_multinode() { grep smoke } # Run all tests -gen_test_list_all(){ +function gen_test_list_all() { cat } @@ -71,7 +71,7 @@ grep $test_list_name <<<$available_test_lists || { } # work in tempest directory -pushd /opt/tempest_* +pushd {{ tempest_git_dest }} # read creds into environment source /root/openrc diff --git a/playbooks/roles/os_tempest/templates/tempest.conf.j2 b/playbooks/roles/os_tempest/templates/tempest.conf.j2 new file mode 100644 index 0000000000..e5e03593fa --- /dev/null +++ b/playbooks/roles/os_tempest/templates/tempest.conf.j2 @@ -0,0 +1,252 @@ +# {{ ansible_managed }} + +[DEFAULT] +disable_process_locking = false +lock_path = {{ tempest_git_dest }}/locks +debug = {{ debug }} +verbose = {{ verbose }} +log_file = {{ tempest_git_dest }}/tempest.log +use_stderr = False +fatal_deprecations = true + + +[auth] +tempest_roles = remote_image +allow_tenant_isolation = True + + +[baremetal] + + +[boto] +aki_manifest = cirros-0.3.2-x86_64-vmlinuz.manifest.xml +ami_manifest = cirros-0.3.2-x86_64-blank.img.manifest.xml +ari_manifest = cirros-0.3.2-x86_64-initrd.manifest.xml +build_timeout = 600 +ec2_url = {{ tempest_boto_ec2_url }} +instance_type = tempest1 +http_socket_timeout = 30 +s3_url = {{ tempest_boto_s3_url }} +s3_materials_path = /opt/images/s3-materials/cirros-0.3.2 + + +[cli] +enabled = true +cli_dir = /usr/local/bin +has_manage = false +timeout = 15 + + +[compute] +build_interval = 1 +build_timeout = 600 +catalog_type = compute +catalog_v3_type = computev3 +endpoint_type = internalURL +fixed_network_name = private +flavor_ref = 201 +flavor_ref_alt = 202 +floating_ip_range = 10.0.0.0/29 +image_alt_ssh_password = {{ tempest_compute_image_alt_ssh_password }} +image_alt_ssh_user = {{ tempest_compute_image_alt_ssh_user }} +image_ref = {{ tempest_glance_image_id }} +image_ref_alt = {{ tempest_glance_image_id }} +image_ssh_password = {{ tempest_compute_image_ssh_password }} +image_ssh_user = {{ tempest_compute_image_ssh_user }} +ip_version_for_ssh = 4 +network_for_ssh = private +ping_timeout = 240 +run_ssh = {{ tempest_compute_run_ssh }} +ssh_auth_method = configured +ssh_connect_method = floating +ssh_timeout = 196 +ssh_user = {{ tempest_compute_image_ssh_user }} +use_floatingip_for_ssh = true +volume_device_name = vdb + + +[compute-admin] +password = {{ keystone_auth_admin_password }} +tenant_name = {{ keystone_service_tenant_name }} +username = {{ keystone_service_user_name }} + + +[compute-feature-enabled] +api_extensions = all +api_v3 = false +api_v3_extensions = all +block_migrate_cinder_iscsi = false +block_migration_for_live_migration = false +change_password = false +console_output = false +disk_config = true +enable_instance_password = false +interface_attach = false +live_migration = false +pause = false +rdp_console = false +rescue = false +resize = false +shelve = false +snapshot = false +spice_console = true +suspend = false +vnc_console = false + + +[dashboard] +login_url = {{ tempest_dashboard_login_url }} +dashboard_url = {{ tempest_dashboard_url }} + + +[data_processing] + + +[database] + + +[debug] +enable = true + + +[identity] +admin_domain_name = Default +admin_password = {{ keystone_auth_admin_password }} +admin_role = admin +admin_tenant_name = {{ keystone_service_tenant_name }} +admin_username = {{ keystone_service_user_name }} +admin_tenant_id = {{ tempest_admin_tenant_id }} +alt_tenant_name = alt_demo +alt_password = alt_demo +alt_username = alt_demo +auth_version = v2 +catalog_type = identity +disable_ssl_certificate_validation = false +endpoint_type = internalURL +password = demo +tenant_name = demo +uri_v3 = {{ keystone_service_internalurl_v3 }} +uri = {{ keystone_service_internalurl }} +username = demo + + +[identity-feature-enabled] +api_v2 = true +api_v3 = false +trust = false + + +[image] +catalog_type = image +endpoint_type = internalURL +http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz + + +[image-feature-enabled] +api_v1 = true +api_v2 = false + + +[input-scenario] + + +[negative] + + +[messaging] + + +[network] +build_interval = 1 +build_timeout = 300 +catalog_type = network +dns_servers = 8.8.8.8,8.8.4.4 +endpoint_type = internalURL +public_router_id = {{ tempest_neutron_router_id }} +public_network_id = {{ tempest_neutron_public_network_id }} +tenant_network_cidr = {{ tempest_private_subnet_cidr }} +tenant_networks_reachable = false + + +[network-feature-enabled] +api_extensions = agent,allowed-address-pairs,binding,dhcp_agent_scheduler,ext-gw-mode,external-net,extra_dhcp_opt,extra_dhcp_optagent,extraroute,l3_agent_scheduler,metering,provider,quotas,router,security-group,service-type +ipv6_subnet_attributes = false +ipv6 = false + + +[object-storage] +catalog_type = object-store +container_sync_interval = 5 +container_sync_timeout = 120 +endpoint_type = internalURL +operator_role = swiftoperator +reseller_admin_role = reseller_admin + + +[object-storage-feature-enabled] +container_sync = false +object_versioning = false +discoverable_apis = all + + +[orchestration] +build_interval = 1 +build_timeout = 900 +catalog_type = orchestration +endpoint_type = internalURL +image_ref = {{ tempest_glance_image_id }} +instance_type = tempest1 + + +[scenario] +large_ops_number = 0 +aki_img_file = cirros-0.3.2-x86_64-vmlinuz +ari_img_file = cirros-0.3.2-x86_64-initrd +ami_img_file = cirros-0.3.2-x86_64-blank.img +img_container_format = bare +img_dir = {{ tempest_image_dir }} +img_disk_format = qcow2 +img_file = cirros-0.3.2-x86_64-disk.img +ssh_user = {{ tempest_compute_image_ssh_user }} + + +[service_available] +ceilometer = {{ tempest_service_available_ceilometer }} +cinder = {{ tempest_service_available_cinder }} +glance = {{ tempest_service_available_glance }} +heat = {{ tempest_service_available_heat }} +horizon = {{ tempest_service_available_horizon }} +ironic = {{ tempest_service_available_ironic }} +neutron = {{ tempest_service_available_neutron }} +nova = {{ tempest_service_available_nova }} +sahara = {{ tempest_service_available_sahara }} +swift = {{ tempest_service_available_swift }} +trove = {{ tempest_service_available_trove }} +zaqar = {{ tempest_service_available_zaqar }} + + +[stress] + + +[telemetry] + + +[volume] +backend1_name = lvm +build_interval = 1 +build_timeout = 600 +catalog_type = volume +disk_format = raw +endpoint_type = internalURL +storage_protocol = iSCSI +vendor_name = Open Source +volume_size = 1 + + +[volume-feature-enabled] +api_extensions = all +api_v1 = true +api_v2 = false +backup = false +multi_backend = false +snapshot = false diff --git a/playbooks/roles/pip_install/CONTRIBUTING.rst b/playbooks/roles/pip_install/CONTRIBUTING.rst new file mode 100644 index 0000000000..f84dc6c576 --- /dev/null +++ b/playbooks/roles/pip_install/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack pip +############# +:tags: openstack, pip, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/pip_install/LICENSE b/playbooks/roles/pip_install/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/pip_install/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/pip_install/README.rst b/playbooks/roles/pip_install/README.rst new file mode 100644 index 0000000000..1c5f40c36e --- /dev/null +++ b/playbooks/roles/pip_install/README.rst @@ -0,0 +1,16 @@ +OpenStack pip +############# +:tags: openstack, pip, cloud, ansible +:category: \*nix + +This role will install pip using the upstream pip. + +.. code-block:: yaml + + - name: Install pip and lock it down + hosts: host_name + user: root + roles: + - { role: "pip_lock_down", tags: [ "pip-lock-down" ] } + vars: + pip_get_pip_url: https://bootstrap.pypa.io/get-pip.py diff --git a/playbooks/roles/container_restart/tasks/main.yml b/playbooks/roles/pip_install/defaults/main.yml similarity index 65% rename from playbooks/roles/container_restart/tasks/main.yml rename to playbooks/roles/pip_install/defaults/main.yml index 3162d35aea..b5a724fc32 100644 --- a/playbooks/roles/container_restart/tasks/main.yml +++ b/playbooks/roles/pip_install/defaults/main.yml @@ -13,5 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: container_restart.yml +## Path to pip download/installation script. +pip_upstream_repo_url: https://bootstrap.pypa.io +pip_get_pip_url: "{{ pip_upstream_repo_url }}/get-pip.py" +# Additional options that you might want to pass to "get-pip.py" when installing pip. +# Default `pip_get_pip_options` is an empty string. +pip_get_pip_options: "" diff --git a/playbooks/roles/pip_install/files/selfcheck.json b/playbooks/roles/pip_install/files/selfcheck.json new file mode 100644 index 0000000000..9e26dfeeb6 --- /dev/null +++ b/playbooks/roles/pip_install/files/selfcheck.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/playbooks/roles/pip_install/meta/main.yml b/playbooks/roles/pip_install/meta/main.yml new file mode 100644 index 0000000000..daf8a7edd7 --- /dev/null +++ b/playbooks/roles/pip_install/meta/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of HAProxy + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - development + - openstack +dependencies: [] diff --git a/playbooks/roles/pip_install/tasks/main.yml b/playbooks/roles/pip_install/tasks/main.yml new file mode 100644 index 0000000000..298d38aad0 --- /dev/null +++ b/playbooks/roles/pip_install/tasks/main.yml @@ -0,0 +1,62 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create pip config directory + file: + path: "{{ item }}" + state: "directory" + group: "{{ ansible_user_id }}" + owner: "{{ ansible_user_id }}" + with_items: + - "/opt" + - "{{ ansible_env.HOME }}/.cache" + - "{{ ansible_env.HOME }}/.cache/pip" + tags: + - pip-directories + +- name: Drop pip file(s) + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: "selfcheck.json", dest: "{{ ansible_env.HOME }}/.cache/pip/selfcheck.json" } + tags: + - pip-files + +- name: Get Modern PIP + get_url: + url: "{{ pip_get_pip_url }}" + dest: "/opt/get-pip.py" + validate_certs: "no" + register: get_pip + until: get_pip|success + retries: 5 + delay: 2 + tags: + - pip-install-script + - pip-install + +- name: Install PIP + shell: "python /opt/get-pip.py {{ pip_get_pip_options }}" + changed_when: false + register: pip_install + until: pip_install|success + retries: 5 + delay: 2 + tags: + - pip-install diff --git a/playbooks/roles/pip_lock_down/CONTRIBUTING.rst b/playbooks/roles/pip_lock_down/CONTRIBUTING.rst new file mode 100644 index 0000000000..9fa8b72266 --- /dev/null +++ b/playbooks/roles/pip_lock_down/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack pip lockdown +###################### +:tags: openstack, pip, lockdown, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/pip_lock_down/LICENSE b/playbooks/roles/pip_lock_down/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/pip_lock_down/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/pip_lock_down/README.rst b/playbooks/roles/pip_lock_down/README.rst new file mode 100644 index 0000000000..eca84c6a8e --- /dev/null +++ b/playbooks/roles/pip_lock_down/README.rst @@ -0,0 +1,21 @@ +OpenStack pip lockdown +###################### +:tags: openstack, pip, lockdown, cloud, ansible +:category: \*nix + +Role to lock pip down to a particular links repo. This will create a ``.pip.conf`` which will ensure that the only python packages installed when using pip are from a known repository of packages. + +.. code-block:: yaml + + - name: Basic lxc host setup + hosts: host_group + user: root + roles: + - { role: "pip_lock_down", tags: [ "pip-lock-down" ] } + vars: + pip_links: + name: openstack-release + link: https://openstack-hostname.something/python_packages/master + + +This was intended for use with a repository built from the repo role. diff --git a/playbooks/inventory/group_vars/utility_all.yml b/playbooks/roles/pip_lock_down/defaults/main.yml similarity index 65% rename from playbooks/inventory/group_vars/utility_all.yml rename to playbooks/roles/pip_lock_down/defaults/main.yml index 68770dcb7d..3149d944b0 100644 --- a/playbooks/inventory/group_vars/utility_all.yml +++ b/playbooks/roles/pip_lock_down/defaults/main.yml @@ -13,12 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -# The variables file used by the playbooks in the utility group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. +# Options for pip global +pip_no_index: true +pip_enable_pre_releases: true +pip_timeout: 120 -## Service Name -service_name: utility -# Only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB +# Options for pip install +pip_upgrade: true +pip_allow_all_external: true + + +# Drop link files to lock down pip +pip_links: + - { name: "openstack_release", link: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/" } diff --git a/playbooks/roles/common/templates/pip/pip-link-build.py b/playbooks/roles/pip_lock_down/files/pip-link-build.py similarity index 91% rename from playbooks/roles/common/templates/pip/pip-link-build.py rename to playbooks/roles/pip_lock_down/files/pip-link-build.py index a892ad4d3d..40bfb83d15 100644 --- a/playbooks/roles/common/templates/pip/pip-link-build.py +++ b/playbooks/roles/pip_lock_down/files/pip-link-build.py @@ -38,6 +38,7 @@ creates: import ConfigParser import os +import urlparse def config_files(config_dir_path, extension='.link'): @@ -47,7 +48,7 @@ def config_files(config_dir_path, extension='.link'): :param extension: ``str`` Extension for files :return: ``list`` """ - link_files = [] + link_files = list() for root_path, _, pip_files in os.walk(config_dir_path): for f in pip_files: if f.endswith(extension): @@ -62,7 +63,7 @@ def pip_links(links_files): :param links_files: ``list`` List of files to read containing links :return: `list`` """ - links = [] + links = list() for link in links_files: with open(link, 'rb') as f: links.extend(f.readlines()) @@ -95,7 +96,7 @@ def set_links(links): :param links: ``list`` List of all raw links :return: ``str`` """ - pip_find_links = [] + pip_find_links = list() for link in links: if link != '\n' or not link: pip_find_links.append(link.rstrip('\n')) @@ -126,11 +127,18 @@ def build_install_section(main_dir_path, main_config): :param main_dir_path: ``str`` Directory path :param main_config: ``object`` ConfigParser object """ - links = [] + links = list() + trusted_host = list() links_dir = os.path.join(main_dir_path, 'links.d') if os.path.isdir(links_dir): _link = config_files(config_dir_path=links_dir, extension='.link') - links.extend(pip_links(_link)) + _links = pip_links(_link) + links.extend(_links) + for _link in _links: + # Make sure that just the hostname/ip is used. + trusted_host.append(urlparse.urlparse(_link).netloc.split(':')[0]) + else: + main_config.set('global', 'trusted-host', set_links(trusted_host)) # Add install section if not already found try: diff --git a/playbooks/roles/cinder_volume/tasks/main.yml b/playbooks/roles/pip_lock_down/meta/main.yml similarity index 66% rename from playbooks/roles/cinder_volume/tasks/main.yml rename to playbooks/roles/pip_lock_down/meta/main.yml index 5ea5ce80e6..5e9394e13c 100644 --- a/playbooks/roles/cinder_volume/tasks/main.yml +++ b/playbooks/roles/pip_lock_down/meta/main.yml @@ -13,9 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Ensure cinder tgt include - lineinfile: - dest: /etc/tgt/targets.conf - line: "include /var/lib/cinder/volumes/*" - state: present - notify: Ensure tgt service restarted +galaxy_info: + author: rcbops + description: Lock pip down + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - development + - openstack +dependencies: + - pip_install diff --git a/playbooks/roles/common/tasks/get_pip.yml b/playbooks/roles/pip_lock_down/tasks/main.yml similarity index 58% rename from playbooks/roles/common/tasks/get_pip.yml rename to playbooks/roles/pip_lock_down/tasks/main.yml index 23c5ff08de..c503a991eb 100644 --- a/playbooks/roles/common/tasks/get_pip.yml +++ b/playbooks/roles/pip_lock_down/tasks/main.yml @@ -13,20 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Create /opt - file: - state: "directory" - path: "/opt" - -- name: Get Modern PIP - get_url: - url: "{{ get_pip_url }}" - dest: "/opt/get-pip.py" - validate_certs: "no" - register: get_pip - until: get_pip|success - retries: 3 - - name: Create pip config directory file: path: "{{ item }}" @@ -37,34 +23,46 @@ - "{{ ansible_env.HOME }}/.pip" - "{{ ansible_env.HOME }}/.pip/base" - "{{ ansible_env.HOME }}/.pip/links.d" + - "{{ ansible_env.HOME }}/.cache" + - "{{ ansible_env.HOME }}/.cache/pip" + tags: + - lock-directories-pip -- name: Drop pip config file(s) +- name: Drop pip lockdown file(s) + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: "pip-link-build.py", dest: "{{ ansible_env.HOME }}/.pip/pip-link-build.py", mode: "0755" } + tags: + - lock-pip-files + +- name: Drop pip global config(s) template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ ansible_user_id }}" group: "{{ ansible_user_id }}" - mode: "{{ item.mode }}" + mode: "{{ item.mode|default('0644') }}" with_items: - - { src: "pip/pip-link-build.py", dest: "{{ ansible_env.HOME }}/.pip/pip-link-build.py", mode: "0755" } - - { src: "pip/base/global.conf.j2", dest: "{{ ansible_env.HOME }}/.pip/base/global.conf", mode: "0644" } + - { src: "global.conf.j2", dest: "{{ ansible_env.HOME }}/.pip/base/global.conf" } + tags: + - lock-pip-files -- name: Drop release pip link - template: - src: "pip/link/openstack_release.j2" - dest: "{{ ansible_env.HOME }}/.pip/links.d/openstack_release.link" - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_id }}" - mode: "0644" - register: pip_link +- name: Drop pip link file(s) + lineinfile: + dest: "{{ ansible_env.HOME }}/.pip/links.d/{{ item.name }}.link" + line: "{{ item.link }}" + create: "yes" + with_items: pip_links + tags: + - lock-pip-files - name: Execute pip config builder command: "{{ ansible_env.HOME }}/.pip/pip-link-build.py" changed_when: false - -- name: Install PIP - shell: "python /opt/get-pip.py" - changed_when: false - register: pip_install - until: pip_install|success - retries: 3 + tags: + - lock-down-pip-conf diff --git a/playbooks/roles/pip_lock_down/templates/global.conf.j2 b/playbooks/roles/pip_lock_down/templates/global.conf.j2 new file mode 100644 index 0000000000..9fe10aa8ea --- /dev/null +++ b/playbooks/roles/pip_lock_down/templates/global.conf.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +[global] +no-index = {{ pip_no_index }} +pre = {{ pip_enable_pre_releases }} +timeout = {{ pip_timeout }} + +[install] +upgrade = {{ pip_upgrade }} +allow_all_external = {{ pip_allow_all_external }} diff --git a/playbooks/roles/py_from_git/CONTRIBUTING.rst b/playbooks/roles/py_from_git/CONTRIBUTING.rst new file mode 100644 index 0000000000..8ae9146928 --- /dev/null +++ b/playbooks/roles/py_from_git/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack install python from git +################################# +:tags: openstack, pip, git, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/py_from_git/LICENSE b/playbooks/roles/py_from_git/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/py_from_git/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/py_from_git/README.rst b/playbooks/roles/py_from_git/README.rst new file mode 100644 index 0000000000..40ac0c82ab --- /dev/null +++ b/playbooks/roles/py_from_git/README.rst @@ -0,0 +1,18 @@ +OpenStack install python package from git +######################################### +:tags: openstack, pip, git, cloud, ansible +:category: \*nix + +Role for installing a python package from a git repository. + +.. code-block:: yaml + + - name: Install python2 lxc + hosts: hosts + user: root + roles: + - { role: "py_from_git", tags: [ "lxc-libs" ] } + vars: + git_repo: "https://github.com/lxc/python2-lxc" + git_dest: "/opt/lxc_python2_{{ git_install_branch|replace('/', '_') }}" + git_install_branch: master diff --git a/playbooks/roles/py_from_git/meta/main.yml b/playbooks/roles/py_from_git/meta/main.yml new file mode 100644 index 0000000000..f77a67a021 --- /dev/null +++ b/playbooks/roles/py_from_git/meta/main.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Install a python package from a git source + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - development + - openstack +dependencies: + - pip_lock_down diff --git a/playbooks/roles/openstack_common/tasks/install_git_source.yml b/playbooks/roles/py_from_git/tasks/main.yml similarity index 74% rename from playbooks/roles/openstack_common/tasks/install_git_source.yml rename to playbooks/roles/py_from_git/tasks/main.yml index 4500cf291e..b296897962 100644 --- a/playbooks/roles/openstack_common/tasks/install_git_source.yml +++ b/playbooks/roles/py_from_git/tasks/main.yml @@ -19,16 +19,19 @@ dest: "{{ git_dest }}" version: "{{ git_install_branch }}" register: git_clone - ignore_errors: yes until: git_clone|success retries: 5 + delay: 2 + tags: + - git-clone -- name: Get package from fallback git repo - git: - repo: "{{ git_fallback_repo }}" - dest: "{{ git_dest }}" - version: "{{ git_install_branch }}" - register: git_fallback_clone - when: git_clone|failed - until: git_fallback_clone|success +- name: Install pip packages + pip: + name: "{{ git_dest }}" + state: present + register: install_packages + until: install_packages|success retries: 5 + delay: 2 + tags: + - pip-install diff --git a/playbooks/roles/rabbit_common/tasks/main.yml b/playbooks/roles/rabbit_common/tasks/main.yml deleted file mode 100644 index bb6d5748fe..0000000000 --- a/playbooks/roles/rabbit_common/tasks/main.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Fix /etc/hosts - lineinfile: - dest: /etc/hosts - state: present - line: "{{ hostvars[item]['container_address'] }} {{ hostvars[item]['container_name'] }} {{ hostvars[item]['container_name'].split('.')[0] }}" - with_items: groups['rabbit'] - tags: - - hosts - - rabbit_config - -- name: Remove RabbitMQ testing apt source (important for upgrades) - shell: | - find /etc/apt/sources.list.d/ -name "*_rabbit_*.list" -exec cat {} \; - changed_when: result.rc != 0 - failed_when: false - register: result - -- name: Update the apt cache after the apt source removal - apt: - update_cache: yes - -- name: Download the RabbitMQ package - get_url: - url: "{{ rabbitmq_package_url }}" - dest: "/tmp/rabbitmq-server.deb" - mode: "0644" - register: package_download - retries: 3 - delay: 10 - until: package_download|success - -- name: Install the RabbitMQ package - apt: - deb: "/tmp/rabbitmq-server.deb" - update_cache: yes - -- name: Remove the RabbitMQ deb file - file: - path: "/tmp/rabbitmq-server.deb" - state: absent - -- name: Create rabbitmq config - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: "rabbitmq.config", dest: "/etc/rabbitmq/rabbitmq.config" } - - { src: "rabbitmq-server", dest: "/etc/default/rabbitmq-server" } - tags: - - rabbit_config - -- name: Read rabbit cookie - shell: | - cat /var/lib/rabbitmq/.erlang.cookie - register: tmp_rabbit_cookie - tags: - - rabbit_config - -- include: set_cookie.yml - when: tmp_rabbit_cookie.stdout != rabbit_cookie - -- name: Enable management plugin - rabbitmq_plugin: - names: rabbitmq_management - state: enabled - when: enable_management_plugin - tags: - - rabbit_config - -- include: restart_rabbit.yml - -- name: Enable queue mirroring - rabbitmq_policy: > - name="HA" - pattern='^(?!amq\.).*' - args: - tags: - "ha-mode": all - tags: - - rabbit_config - - rabbit_cluster diff --git a/playbooks/roles/rabbit_common/templates/rabbitmq-server b/playbooks/roles/rabbit_common/templates/rabbitmq-server deleted file mode 100644 index 1f0e735045..0000000000 --- a/playbooks/roles/rabbit_common/templates/rabbitmq-server +++ /dev/null @@ -1,2 +0,0 @@ -# Sets open file limit for RabbitMQ -ulimit -n 4096 diff --git a/playbooks/roles/rabbit_common/templates/rabbitmq.config b/playbooks/roles/rabbit_common/templates/rabbitmq.config deleted file mode 100644 index 4e514d8294..0000000000 --- a/playbooks/roles/rabbit_common/templates/rabbitmq.config +++ /dev/null @@ -1,8 +0,0 @@ -[ - {rabbit, [ - {loopback_users, []}, - {cluster_nodes, { - [ {% for host in groups['rabbit'] %}'rabbit@{{ hostvars[host]['container_address'] }}'{% if not loop.last %}, {% endif %}{% endfor %}], disc} - } - ]} -]. diff --git a/playbooks/roles/rabbitmq_server/CONTRIBUTING.rst b/playbooks/roles/rabbitmq_server/CONTRIBUTING.rst new file mode 100644 index 0000000000..47411ddfea --- /dev/null +++ b/playbooks/roles/rabbitmq_server/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack rabbitmq server +######################### +:tags: openstack, rabbitmq, server, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/rabbitmq_server/LICENSE b/playbooks/roles/rabbitmq_server/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/rabbitmq_server/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/rabbitmq_server/README.rst b/playbooks/roles/rabbitmq_server/README.rst new file mode 100644 index 0000000000..09f3270f9d --- /dev/null +++ b/playbooks/roles/rabbitmq_server/README.rst @@ -0,0 +1,18 @@ +OpenStack rabbitmq server +######################### +:tags: openstack, rabbitmq, server, cloud, ansible +:category: \*nix + +Role to deploy rabbitmq and cluster it when there are more than one nodes. + +.. code-block:: yaml + + - name: Install rabbitmq server + hosts: rabbitmq_all + max_fail_percentage: 20 + user: root + roles: + - { role: "rabbitmq_server", tags: [ "rabbitmq-server" ] } + vars: + rabbitmq_cookie_token: secrete + container_address: "{{ ansible_ssh_host }}" diff --git a/playbooks/roles/rabbitmq_server/defaults/main.yml b/playbooks/roles/rabbitmq_server/defaults/main.yml new file mode 100644 index 0000000000..8bd139bdc8 --- /dev/null +++ b/playbooks/roles/rabbitmq_server/defaults/main.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Defines that the role will be deployed on a host machine +is_metal: true + +rabbitmq_primary_cluster_node: "{{ groups['rabbitmq_all'][0] }}" + +rabbitmq_package_url: http://www.rabbitmq.com/releases/rabbitmq-server/v3.4.3/rabbitmq-server_3.4.3-1_all.deb +rabbitmq_package_sha256: "e514012a210b4ed5b77d726329ce027c50e8629c396bcde451ac16aaff07d047" +rabbitmq_package_path: "/opt/rabbitmq-server.deb" + +rabbitmq_apt_packages: + - erlang-nox + +rabbitmq_pip_packages: + - python-memcached + - pycrypto + +rabbitmq_userid: rabbitmq + +# Name of the rabbitmq cluster +rabbitmq_cluster_name: rabbitmq_cluster1 + +# Rabbitmq open file limits +rabbitmq_ulimit: 4096 + +# Enable the management plugin in rabbitmq +rabbitmq_plugins: + - names: rabbitmq_management + state: enabled diff --git a/playbooks/roles/cinder_common/tasks/main.yml b/playbooks/roles/rabbitmq_server/meta/main.yml similarity index 65% rename from playbooks/roles/cinder_common/tasks/main.yml rename to playbooks/roles/rabbitmq_server/meta/main.yml index 2e480d5651..93d57f7ed2 100644 --- a/playbooks/roles/cinder_common/tasks/main.yml +++ b/playbooks/roles/rabbitmq_server/meta/main.yml @@ -13,16 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Setup Cinder Config - template: > - src="{{ item }}" - dest="/etc/cinder/{{ item }}" - owner="{{ system_group }}" - group="{{ system_user }}" - with_items: - - cinder.conf - - api-paste.ini - - policy.json - - rootwrap.conf - - rootwrap.d/volume.filters - notify: Restart os service +galaxy_info: + author: rcbops + description: Install rabbitmq server + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - rabbitmq + - development + - openstack +dependencies: + - pip_lock_down diff --git a/playbooks/vars/config_vars/container_config_rsyslog.yml b/playbooks/roles/rabbitmq_server/tasks/main.yml similarity index 63% rename from playbooks/vars/config_vars/container_config_rsyslog.yml rename to playbooks/roles/rabbitmq_server/tasks/main.yml index c1c770d3fe..027664333b 100644 --- a/playbooks/vars/config_vars/container_config_rsyslog.yml +++ b/playbooks/roles/rabbitmq_server/tasks/main.yml @@ -13,12 +13,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -container_config_options: - - "lxc.mount.entry=/openstack/log openstack/log none bind 0 0" - - "lxc.aa_profile=lxc-openstack" -required_inner_dirs: - - "/openstack/log" +- include: rabbitmq_pre_install.yml +- include: rabbitmq_install.yml +- include: rabbitmq_set_cookie.yml +- include: rabbitmq_post_install.yml -required_outer_dirs: - - "/openstack/log" +- include: rabbitmq_cluster_create.yml + when: > + inventory_hostname == groups['rabbitmq_all'][0] + +- include: rabbitmq_cluster_join.yml + when: > + inventory_hostname != groups['rabbitmq_all'][0] diff --git a/playbooks/roles/openstack_common/tasks/main.yml b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_cluster_create.yml similarity index 58% rename from playbooks/roles/openstack_common/tasks/main.yml rename to playbooks/roles/rabbitmq_server/tasks/rabbitmq_cluster_create.yml index 2de4fa221f..3b235c9350 100644 --- a/playbooks/roles/openstack_common/tasks/main.yml +++ b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_cluster_create.yml @@ -13,17 +13,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: install_git_source.yml -- include: pip_install.yml - -# TODO(kevin) This should go away sooner than later -- name: Laydown the example files +- name: Get rabbitmq cluster name shell: | - for i in *; do - if [ ! -f "/etc/{{ service_name }}/$i" ]; then - cp -R $i /etc/{{ service_name }}/ - fi - done - args: - chdir: "/opt/{{ service_name }}_{{ git_install_branch | replace('/', '_') }}/{{ git_etc_example }}" - when: git_etc_example is defined + rabbitmqctl cluster_status | grep -w '<<"{{ rabbitmq_cluster_name }}">>' + register: rabbitmq_cluster_status + failed_when: false + changed_when: rabbitmq_cluster_status.rc != 0 + tags: + - rabbitmq-cluster + +- name: Create rabbitmq cluster + shell: | + rabbitmqctl set_cluster_name {{ rabbitmq_cluster_name }} + when: rabbitmq_cluster_status.rc != 0 + tags: + - rabbitmq-cluster diff --git a/playbooks/roles/rabbit_join_cluster/tasks/main.yml b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml similarity index 70% rename from playbooks/roles/rabbit_join_cluster/tasks/main.yml rename to playbooks/roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml index 80589aa013..1689e5b2da 100644 --- a/playbooks/roles/rabbit_join_cluster/tasks/main.yml +++ b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml @@ -18,33 +18,37 @@ # if node is clustered or not - name: Check cluster status shell: | - rabbitmqctl -q cluster_status | grep '{cluster_name,<<"{{ rabbit_cluster_name }}">>}' + rabbitmqctl -q cluster_status | grep '{cluster_name,<<"{{ rabbitmq_cluster_name }}">>}' changed_when: result.rc != 0 failed_when: false register: result tags: - - rabbit_cluster + - rabbitmq-cluster -- name: Stop rabbit app +- name: Stop rabbitmq app shell: | - rabbitmqctl stop_app && sleep 5 + rabbitmqctl stop_app; sleep 5 failed_when: false when: result.rc != 0 tags: - - rabbit_stop_app - - rabbit_cluster + - rabbitmq-stop-app + - rabbitmq-cluster -- name: Join rabbit cluster +- name: Join rabbitmq cluster shell: | - rabbitmqctl join_cluster "rabbit@{{ hostvars[groups['rabbit'][0]]['container_name'].split('.')[0] }}" + rabbitmqctl join_cluster "rabbit@{{ rabbitmq_primary_cluster_node.split('.')[0] }}" when: result.rc != 0 + register: rabbit_join_cluster + until: rabbit_join_cluster|success + retries: 5 + delay: 2 tags: - - rabbit_cluster + - rabbitmq-cluster -- name: Start rabbit app +- name: Start rabbitmq app shell: | rabbitmqctl start_app when: result.rc != 0 tags: - - rabbit_start_app - - rabbit_cluster + - rabbitmq-start-app + - rabbitmq-cluster diff --git a/playbooks/roles/rabbitmq_server/tasks/rabbitmq_install.yml b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_install.yml new file mode 100644 index 0000000000..7dc1f5daaa --- /dev/null +++ b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_install.yml @@ -0,0 +1,47 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: rabbitmq_apt_packages + tags: + - rabbitmq-apt-packages + +- name: Install the RabbitMQ package + apt: + deb: "{{ rabbitmq_package_path }}" + tags: + - rabbitmq-package-deb + - rabbitmq-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: rabbitmq_pip_packages + tags: + - rabbitmq-pip-packages diff --git a/playbooks/roles/rabbitmq_server/tasks/rabbitmq_post_install.yml b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_post_install.yml new file mode 100644 index 0000000000..9443931757 --- /dev/null +++ b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_post_install.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Enable management plugin + rabbitmq_plugin: + names: rabbitmq_management + state: enabled + with_items: rabbitmq_plugins + register: rabbitmq_plugin + tags: + - rabbitmq-config + +- name: Enable queue mirroring + rabbitmq_policy: + name: "HA" + pattern: '^(?!amq\.).*' + tags: "ha-mode=all" + register: rabbitmq_queue_mirror + tags: + - rabbitmq-config + - rabbitmq-cluster + +- include: rabbitmq_restart.yml + when: rabbitmq_plugin|changed or rabbitmq_queue_mirror|changed + +- name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ rabbitmq_userid }}" + password: "{{ rabbitmq_password }}" + vhost: "/" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + tags: + - rabbitmq-user diff --git a/playbooks/roles/rabbitmq_server/tasks/rabbitmq_pre_install.yml b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_pre_install.yml new file mode 100644 index 0000000000..83e29c144a --- /dev/null +++ b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_pre_install.yml @@ -0,0 +1,60 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Download the RabbitMQ package + get_url: + url: "{{ rabbitmq_package_url }}" + dest: "{{ rabbitmq_package_path }}" + mode: "0644" + sha256sum: "{{ rabbitmq_package_sha256 }}" + register: package_download + retries: 3 + delay: 10 + until: package_download|success + tags: + - rabbitmq-package-deb + - rabbitmq-package-deb-get + +- name: Fix /etc/hosts + lineinfile: + dest: /etc/hosts + state: present + line: "{{ hostvars[item]['ansible_ssh_host'] }} {{ hostvars[item]['ansible_hostname'] }} {{ hostvars[item]['ansible_hostname'].split('.')[0] }}" + with_items: groups['rabbitmq_all'] + tags: + - rabbitmq-config + +- name: Create the local directories + file: + path: "{{ item.path }}" + state: "directory" + group: "{{ item.owner|default('root') }}" + owner: "{{ item.group|default('root') }}" + mode: "{{ item.mode|default('0755') }}" + recurse: "{{ item.recurse|default('false') }}" + with_items: + - { path: "/etc/rabbitmq/" } + tags: + - rabbitmq-config + +- name: Create rabbitmq config + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "rabbitmq.config.j2", dest: "/etc/rabbitmq/rabbitmq.config" } + - { src: "rabbitmq-server.j2", dest: "/etc/default/rabbitmq-server" } + tags: + - rabbitmq-config diff --git a/playbooks/roles/rabbit_common/tasks/restart_rabbit.yml b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_restart.yml similarity index 96% rename from playbooks/roles/rabbit_common/tasks/restart_rabbit.yml rename to playbooks/roles/rabbitmq_server/tasks/rabbitmq_restart.yml index 2f604c5f71..595c3f71ba 100644 --- a/playbooks/roles/rabbit_common/tasks/restart_rabbit.yml +++ b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_restart.yml @@ -19,4 +19,4 @@ enabled: "yes" state: "restarted" tags: - - rabbit_restart + - rabbitmq-restart diff --git a/playbooks/roles/rabbitmq_server/tasks/rabbitmq_set_cookie.yml b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_set_cookie.yml new file mode 100644 index 0000000000..6dcff38ace --- /dev/null +++ b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_set_cookie.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Read rabbit cookie + shell: "cat /var/lib/rabbitmq/.erlang.cookie" + register: tmp_rabbit_cookie + changed_when: tmp_rabbit_cookie.rc != 0 + failed_when: false + tags: + - rabbitmq-config + +- name: Stop rabbitmq-server + service: + name: rabbitmq-server + state: stopped + when: tmp_rabbit_cookie.stdout != rabbitmq_cookie_token + tags: + - rabbitmq-config + - rabbitmq-stop + +- name: Set rabbit cookie + copy: + content: "{{ rabbitmq_cookie_token }}" + dest: /var/lib/rabbitmq/.erlang.cookie + mode: "0400" + owner: rabbitmq + group: rabbitmq + when: tmp_rabbit_cookie.stdout != rabbitmq_cookie_token + register: cookie_set + tags: + - rabbitmq-config + +- include: rabbitmq_restart.yml + when: tmp_rabbit_cookie.stdout != rabbitmq_cookie_token diff --git a/playbooks/roles/rabbitmq_server/templates/rabbitmq-server.j2 b/playbooks/roles/rabbitmq_server/templates/rabbitmq-server.j2 new file mode 100644 index 0000000000..6456aabceb --- /dev/null +++ b/playbooks/roles/rabbitmq_server/templates/rabbitmq-server.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +# Sets open file limit for RabbitMQ +ulimit -n {{ rabbitmq_ulimit }} diff --git a/playbooks/roles/rabbitmq_server/templates/rabbitmq.config.j2 b/playbooks/roles/rabbitmq_server/templates/rabbitmq.config.j2 new file mode 100644 index 0000000000..3a178d89a0 --- /dev/null +++ b/playbooks/roles/rabbitmq_server/templates/rabbitmq.config.j2 @@ -0,0 +1,8 @@ +[ + {rabbit, [ + {loopback_users, []}, + {cluster_nodes, { + [ {% for host in groups['rabbitmq_all'] %}'rabbit@{{ hostvars[host]['ansible_ssh_host'] }}'{% if not loop.last %}, {% endif %}{% endfor %}], disc} + } + ]} +]. diff --git a/playbooks/roles/repo_server/CONTRIBUTING.rst b/playbooks/roles/repo_server/CONTRIBUTING.rst new file mode 100644 index 0000000000..33c1f9ee9b --- /dev/null +++ b/playbooks/roles/repo_server/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack repo server +##################### +:tags: openstack, repo, server, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/repo_server/LICENSE b/playbooks/roles/repo_server/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/repo_server/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/repo_server/README.rst b/playbooks/roles/repo_server/README.rst new file mode 100644 index 0000000000..f07c3e6d1b --- /dev/null +++ b/playbooks/roles/repo_server/README.rst @@ -0,0 +1,17 @@ +OpenStack repo server +##################### +:tags: openstack, repo, server, cloud, ansible +:category: \*nix + +Role to deploy a repository server for both python packages and git sources. + +.. code-block:: yaml + + - name: Setup repo servers + hosts: repo_all + user: root + roles: + - { role: "repo_server", tags: [ "repo-server" ] } + vars: + memcached_servers: 127.0.0.1:11211 + memcached_encryption_key: secrete diff --git a/playbooks/roles/repo_server/defaults/main.yml b/playbooks/roles/repo_server/defaults/main.yml new file mode 100644 index 0000000000..e2c5d73892 --- /dev/null +++ b/playbooks/roles/repo_server/defaults/main.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# If ``repo_nginx_threads`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# repo_nginx_threads: 16 + +# Defines that the role will be deployed on a host machine +is_metal: true + +repo_worker_connections: 1024 +repo_server_name: openstack-slushee + +repo_service_home_folder: /var/www +repo_service_user_name: nginx +repo_service_group_name: www-data + +repo_auto_rebuild: false + +repo_memcached_servers: "{% for host in groups['repo_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}" + +repo_apt_packages: + - aptitude + - bridge-utils + - build-essential + - cgroup-lite + - dmeventd + - fcgiwrap + - git-core + - iptables + - lsyncd + - lynx + - nginx-extras + - rsync + - sshpass + - tmux + - libldap2-dev + - libsasl2-dev + - libssl-dev + - libxslt1.1 + - libpq-dev + - libffi-dev + - libsqlite3-dev + - libxml2-dev + - libxslt1-dev + - libkmod-dev + - libkrb5-dev + - libkmod2 + - libvirt-dev + - libmysqlclient-dev + - lxc-dev + - lvm2 + - python-dev + - python-software-properties + - sqlite3 + - vlan + +repo_pip_packages: + - cloudlib + - PyCrypto + - python-memcached + - PyYAML + - requests + - turbolift + - wheel + - yaprt + +# Main web server port +repo_server_port: 8181 diff --git a/playbooks/roles/repo_server/files/openstack-branch-grabber.py b/playbooks/roles/repo_server/files/openstack-branch-grabber.py new file mode 100644 index 0000000000..e4fcf6da33 --- /dev/null +++ b/playbooks/roles/repo_server/files/openstack-branch-grabber.py @@ -0,0 +1,137 @@ +#!/usr/bin/env python +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +"""Simple input script to return a list of branches in a github repo. + +This script will return a space seperated list of all of the branches available +from within a git repo as found in the github api. When running the script you +can provide a list of branches that you want to exclude from the returned list. +This exclusion list a matched based list and will exclude anything that matches +the list of strings. + +Example Usage: +~$ # Endpoint +~$ GITHUB_API_ENDPOINT="https://api.github.com/repos/stackforge/os-ansible-deployment" +~$ # Exclusions +~$ EXCLUDE_RELEASES="v9.0.0 gh-pages revert" +~$ # Run script +~$ /opt/openstack-branch-grabber.py "${GITHUB_API_ENDPOINT}" "${EXCLUDE_RELEASES}" + +Example Library Usage: +>>> endpoint_url = "https://api.github.com/repos/stackforge/os-ansible-deployment" +>>> exclude_list = ["v9.0.0", "gh-pages", "revert"] +>>> print(main(endpoint_url, exclude_list)) +9.0.0 9.0.1 9.0.2 9.0.3 stable/icehouse proposed/juno master +""" + + +import functools +import requests +import sys +import time + + +def retry(exception_check, tries=3, delay=1, backoff=1): + """Retry calling the decorated function using an exponential backoff. + + original from: http://wiki.python.org/moin/PythonDecoratorLibrary#Retry + + :param exception_check: ``Exception || Tuple`` the exception to check. + may be a tuple of exceptions to check + :param tries: ``int`` number of times to try (not retry) before giving up + :param delay: ``int`` initial delay between retries in seconds + :param backoff: ``int`` backoff multiplier e.g. value of 2 will double the + delay each retry + """ + def deco_retry(f): + @functools.wraps(f) + def f_retry(*args, **kwargs): + mtries, mdelay = tries, delay + while mtries > 1: + try: + return f(*args, **kwargs) + except exception_check: + time.sleep(mdelay) + mtries -= 1 + mdelay *= backoff + return f(*args, **kwargs) + return f_retry # true decorator + return deco_retry + + +@retry(exception_check=Exception) +def get_url(url): + return requests.get(url) + + +@retry(exception_check=(AttributeError, ValueError)) +def return_releases(url, exclude_list=None): + """Return a list of releases found in the github api. + + :param url: ``str`` URL to hit public github api + :param exclude_list: ``str`` Branches to exclude + """ + _releases = get_url(url) + loaded_releases = _releases.json() + releases = list() + + if exclude_list is None: + exclude_list = list() + + for i in loaded_releases: + for k, v in i.iteritems(): + if k == 'name': + # if the name is not excluded append it + if not any([v.startswith(i) for i in exclude_list]): + releases.append(v) + else: + # Return a unique list. + return list(set(releases)) + + +def main(endpoint_url, exclude_list): + """Run the main application.""" + + # Create an array of all releases and branches. + all_releases = list() + all_releases.extend( + return_releases( + url="%s/tags" % endpoint_url, + exclude_list=exclude_list + ) + ) + all_releases.extend( + return_releases( + url="%s/branches" % endpoint_url, + exclude_list=exclude_list + ) + ) + + # Print all of the releases that were found within the github api. + print(' '.join(all_releases)) + + +if __name__ == '__main__': + # git api endpoint to use for searching for releases and branches + endpoint = sys.argv[1] + + # Create an array of excluded items + if len(sys.argv) >= 3: + exclude = sys.argv[2].split() + else: + exclude = list() + + main(endpoint_url=endpoint, exclude_list=exclude) diff --git a/playbooks/roles/repo_server/files/openstack-wheel-builder.py b/playbooks/roles/repo_server/files/openstack-wheel-builder.py new file mode 100755 index 0000000000..5dafc7b665 --- /dev/null +++ b/playbooks/roles/repo_server/files/openstack-wheel-builder.py @@ -0,0 +1,405 @@ +#!/usr/bin/env python +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2015, Kevin Carter + +import os +import traceback + +from distutils import version + +import yaml + +from cloudlib import arguments +from cloudlib import indicator +from cloudlib import shell + + +VERSION_DESCRIPTORS = ['>=', '<=', '==', '!=', '<', '>'] + + +REQUIREMENTS_FILE_TYPES = [ + 'requirements.txt', + 'global-requirements.txt', + 'test-requirements.txt', + 'dev-requirements.txt' +] + + +# List of variable names that could be used within the yaml files that +# represent lists of python packages. +BUILT_IN_PIP_PACKAGE_VARS = [ + 'service_pip_dependencies', + 'pip_common_packages', + 'pip_container_packages', + 'pip_packages' +] + + +class DependencyFileProcessor(object): + def __init__(self, local_path): + """ + + :type local_path: ``str`` + :return: + """ + self.pip = dict() + self.pip['git_package'] = list() + self.pip['py_package'] = list() + self.git_pip_install = 'git+%s@%s' + self.file_names = self._get_files(path=local_path) + + # Process everything simply by calling the method + self._process_files(ext=('yaml', 'yml')) + + def _filter_files(self, file_names, ext): + """Filter the files and return a sorted list. + + :type file_names: + :type ext: ``str`` or ``tuple`` + :returns: ``list`` + """ + _file_names = list() + for file_name in file_names: + if file_name.endswith(ext): + if '/defaults/' in file_name or '/vars/' in file_name: + _file_names.append(file_name) + else: + continue + elif os.path.basename(file_name) in REQUIREMENTS_FILE_TYPES: + with open(file_name, 'rb') as f: + packages = [ + i.split()[0] for i in f.read().splitlines() + if i + if not i.startswith('#') + ] + self.pip['py_package'].extend(packages) + else: + return sorted(_file_names, reverse=True) + + @staticmethod + def _get_files(path): + """Return a list of all files in the vars/repo_packages directory. + + :type path: ``str`` + :returns: ``list`` + """ + paths = os.walk(os.path.abspath(path)) + files = list() + for fpath, _, afiles in paths: + for afile in afiles: + files.append(os.path.join(fpath, afile)) + else: + return files + + def _check_plugins(self, git_repo_plugins, git_data): + """Check if the git url is a plugin type. + + :type git_repo_plugins: ``dict`` + :type git_data: ``dict`` + """ + for repo_plugin in git_repo_plugins: + plugin = '%s/%s' % ( + repo_plugin['path'].strip('/'), + repo_plugin['package'].lstrip('/') + ) + + package = self.git_pip_install % ( + git_data['repo'], + '%s#egg=%s&subdirectory=%s' % ( + git_data['branch'], + repo_plugin['package'].strip('/'), + plugin + ) + ) + + self.pip['git_package'].append(package) + + def _process_git(self, loaded_yaml, git_item): + """Process git repos. + + :type loaded_yaml: ``dict`` + :type git_item: ``str`` + """ + git_data = dict() + if git_item.split('_')[0] == 'git': + var_name = 'git' + else: + var_name = git_item.split('_')[0] + + git_data['repo'] = loaded_yaml.get(git_item) + git_data['branch'] = loaded_yaml.get( + '%s_git_install_branch' % var_name.replace('.', '_') + ) + if not git_data['branch']: + git_data['branch'] = loaded_yaml.get( + 'git_install_branch', + 'master' + ) + + package = self.git_pip_install % ( + git_data['repo'], git_data['branch'] + ) + + self.pip['git_package'].append(package) + + git_repo_plugins = loaded_yaml.get('%s_repo_plugins' % var_name) + if git_repo_plugins: + self._check_plugins( + git_repo_plugins=git_repo_plugins, + git_data=git_data + ) + + def _process_files(self, ext): + """Process files. + + :type ext: ``tuple`` + :type lower_priority: ``bol`` + """ + file_names = self._filter_files( + file_names=self.file_names, + ext=ext + ) + + for file_name in file_names: + with open(file_name, 'rb') as f: + loaded_config = yaml.safe_load(f.read()) + + for key, values in loaded_config.items(): + if key.endswith('git_repo'): + self._process_git( + loaded_yaml=loaded_config, + git_item=key + ) + + if [i for i in BUILT_IN_PIP_PACKAGE_VARS if i in key]: + self.pip['py_package'].extend(values) + + +def _arguments(): + """Return CLI arguments.""" + + arguments_dict = { + 'optional_args': { + 'local_path': { + 'commands': [ + '--local-path' + ], + 'help': 'Local path to cloned code.', + 'metavar': '[PATH]', + 'required': True + }, + 'report_file': { + 'commands': [ + '--report-file' + ], + 'help': 'Full path to write the package report to', + 'metavar': '[FILE_PATH]', + 'required': True + }, + 'storage_pool': { + 'commands': [ + '--storage-pool' + ], + 'help': 'Full path to the directory where you want to store' + ' built wheels.', + 'metavar': '[PATH]', + 'required': True + }, + 'release_directory': { + 'commands': [ + '--release-directory' + ], + 'help': 'Full path to the directory where the releaesed links' + ' will be stored.', + 'metavar': '[PATH]', + 'required': True + }, + 'add_on_repos': { + 'commands': [ + '--add-on-repos' + ], + 'help': 'Full repo path to require as an additional add on' + ' repo. Example:' + ' "git+https://github.com/rcbops/other-repo@master"', + 'metavar': '[REPO_NAME]', + 'nargs': '+' + }, + 'link_pool': { + 'commands': [ + '--link-pool' + ], + 'help': 'Full path to the directory links are stored.', + 'metavar': '[PATH]', + 'required': True + } + } + } + + return arguments.ArgumentParserator( + arguments_dict=arguments_dict, + epilog='Licensed Apache2', + title='Discover all of the requirements within the' + ' os-ansible-deployment project.', + detail='Requirement lookup', + description='Discover all of the requirements within the' + ' os-ansible-deployment project.', + env_name='OS_ANSIBLE' + ).arg_parser() + + +def _abs_path(path): + return os.path.abspath( + os.path.expanduser( + path + ) + ) + + +def _run_command(command): + print('Running "%s"' % command[2]) + run_command = shell.ShellCommands(debug=True) + info, success = run_command.run_command(' '.join(command)) + if not success: + raise SystemExit(info) + else: + print(info) + + +def main(): + """Run the main application.""" + user_vars = _arguments() + return_list = list() + try: + dfp = DependencyFileProcessor( + local_path=_abs_path(user_vars['local_path']) + ) + return_list.extend(dfp.pip['py_package']) + return_list.extend(dfp.pip['git_package']) + except Exception as exp: + raise SystemExit( + 'Execution failure. Path: "%s", Error: "%s", Trace:\n%s' % ( + user_vars['local_path'], + str(exp), + traceback.format_exc() + ) + ) + else: + return_data = { + 'packages': list(), + 'remote_packages': list() + } + for file_name in sorted(set(return_list)): + is_url = file_name.startswith(('http:', 'https:', 'git+')) + if is_url: + if '@' not in file_name: + return_data['packages'].append(file_name) + else: + return_data['remote_packages'].append(file_name) + else: + return_data['packages'].append(file_name) + else: + return_data['packages'] = ' '.join( + ['"%s"' % i for i in set(return_data['packages'])] + ) + + if user_vars['add_on_repos']: + return_data['remote_packages'].extend( + [i.strip() for i in user_vars['add_on_repos']] + ) + + return_data['remote_packages'] = ' '.join( + ['"%s"' % i for i in set(return_data['remote_packages'])] + ) + + # Build report + report_command = [ + 'yaprt', + '--debug', + 'create-report', + '--report-file', + _abs_path(user_vars['report_file']), + '--git-install-repos', + return_data['remote_packages'], + '--packages', + return_data['packages'] + ] + _run_command(report_command) + + # Build requirements wheels + requirements_command = [ + 'yaprt', + '--debug', + 'build-wheels', + '--report-file', + _abs_path(user_vars['report_file']), + '--storage-pool', + _abs_path(user_vars['storage_pool']), + '--link-dir', + _abs_path(user_vars['release_directory']), + '--pip-extra-link-dirs', + _abs_path(user_vars['link_pool']), + '--pip-index', + 'http://rpc-repo.rackspace.com/pools', + '--pip-extra-index', + 'https://pypi.python.org/simple', + '--pip-bulk-operation', + '--build-output', + '/tmp/openstack-wheel-output', + '--build-dir', + '/tmp/openstack-builder', + '--build-requirements', + '--force-clean' + ] + _run_command(requirements_command) + + # Build wheels from git-repos + requirements_command = [ + 'yaprt', + '--debug', + 'build-wheels', + '--report-file', + _abs_path(user_vars['report_file']), + '--storage-pool', + _abs_path(user_vars['storage_pool']), + '--link-dir', + _abs_path(user_vars['release_directory']), + '--pip-extra-link-dirs', + _abs_path(user_vars['link_pool']), + '--pip-no-deps', + '--pip-no-index', + '--build-output', + '/tmp/openstack-wheel-output', + '--build-dir', + '/tmp/openstack-builder', + '--build-branches', + '--build-releases', + '--force-clean' + ] + _run_command(requirements_command) + + + # Create HTML index for all files in the release directory + index_command = [ + 'yaprt', + '--debug', + 'create-html-indexes', + '--repo-dir', + _abs_path(user_vars['release_directory']) + ] + _run_command(index_command) + +if __name__ == '__main__': + main() diff --git a/playbooks/roles/repo_server/files/openstack-wheel-builder.sh b/playbooks/roles/repo_server/files/openstack-wheel-builder.sh new file mode 100644 index 0000000000..34f489abfa --- /dev/null +++ b/playbooks/roles/repo_server/files/openstack-wheel-builder.sh @@ -0,0 +1,175 @@ +#!/usr/bin/env bash +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Notes: +# To use this script you MUST move it to some path that will be called. +# I recommend that the script be stored and executed from +# "/opt/openstack-wheel-builder.sh". This script is a wrapper script that relies +# on the "openstack-wheel-builder.py" and is execute from +# "/opt/openstack-wheel-builder.py". + +# Overrides: +# This script has several things that can be overriden via environment +# variables. +# Git repository that the rcbops ansible lxc source code will be cloned from. +# This repo should be a repo that is available via HTTP. +# GIT_REPO="" + +# The URI for the github api. This is ONLY used when the $RELEASES variable +# is an empty string. Which causes the script to go discover the available +# releases. +# GITHUB_API_ENDPOINT="" + +# Local directory to store the source code while interacting with it. +# WORK_DIR="" + +# Local directory to store the built wheels. +# OUTPUT_WHEEL_PATH="" + +# Space seperated list of all releases to build for. If unset the releases +# will be discovered. +# RELEASES="" + +# Space seperated list of all releases to exclude from building. This is +# ONLY used when the $RELEASES variable is an empty string. +# EXCLUDE_RELEASES="" + +set -e -o -v + +# Trap any errors that might happen in executing the script +trap my_trap_handler ERR + +# Ensure there is a base path loaded +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# Defined variables. +GIT_REPO="${GIT_REPO:-https://github.com/stackforge/os-ansible-deployment}" +GITHUB_API_ENDPOINT="${GITHUB_API_ENDPOINT:-https://api.github.com/repos/stackforge/os-ansible-deployment}" + +# Predefined working directory. +WORK_DIR="${WORK_DIR:-/tmp/openstack-ansible-deployment}" + +# Output directories. +OUTPUT_WHEEL_PATH="${OUTPUT_WHEEL_PATH:-/var/www/repo/os-releases}" +LINK_PATH="${LINK_PATH:-/var/www/repo/links}" +REPORT_DIR="${REPORT_DIR:-/var/www/repo/reports}" +STORAGE_POOL="${STORAGE_POOL:-/var/www/repo/pools}" + +# Additional space separated list of repos to always include in a build. +ADDON_REPOS="git+https://github.com/rcbops/horizon-extensions.git@master " + +# Set the force build option to false +FORCE_BUILD="${FORCE_BUILD:-false}" + +# Default is an empty string which causes the script to go discover the available +# branches from the github API. +RELEASES=${RELEASES:-""} + +# Define branches that you no longer want new wheels built for or checked against. +EXCLUDE_RELEASES="${EXCLUDE_RELEASES:-v9.0.0 gh-pages revert}" + +# Name of the lock file. +LOCKFILE="/tmp/wheel_builder.lock" + +function my_trap_handler() { + kill_job +} + +function lock_file_remove() { + if [ -f "${LOCKFILE}" ]; then + rm "${LOCKFILE}" + fi +} + +function kill_job() { + set +e + # If the job needs killing kill the pid and unlock the file. + if [ -f "${LOCKFILE}" ]; then + PID="$(cat ${LOCKFILE})" + lock_file_remove + kill -9 "${PID}" + fi +} + +function cleanup() { + # Ensure workspaces are cleaned up + rm -rf /tmp/openstack_wheels* + rm -rf /tmp/pip* + rm -rf "${WORK_DIR}" +} + +# Check for system lock file. +if [ ! -f "${LOCKFILE}" ]; then + echo $$ | tee "${LOCKFILE}" +else + if [ "$(find ${LOCKFILE} -mmin +240)" ]; then + logger "Stale pid found for ${LOCKFILE}." + logger "Killing any left over processes and unlocking" + kill_job + else + NOTICE="Active job already in progress. Check pid \"$(cat ${LOCKFILE})\" for status. Lock file: ${LOCKFILE}" + echo $NOTICE + logger ${NOTICE} + exit 1 + fi +fi + +# Grab releases +if [[ ! "${RELEASES}" ]];then + # From the GITHUB API pull a list of all branches/tags + if [ -f "/opt/openstack-branch-grabber.py" ];then + RELEASES=$(/opt/openstack-branch-grabber.py "${GITHUB_API_ENDPOINT}" "${EXCLUDE_RELEASES}") + else + echo "No releases specified and the openstack-branch-grabber.py script was not found." + exit 1 + fi +fi + + +# Iterate through the list of releases and build everything that's needed +logger "Building Python Wheels for ${RELEASES}" +for release in ${RELEASES}; do + + if [ ! -d "${OUTPUT_WHEEL_PATH}/${release}" ] || [[ "${FORCE_BUILD}" == "true" ]]; then + # Perform cleanup + cleanup + + # Git clone repo + git clone "${GIT_REPO}" "${WORK_DIR}" + + # checkout release + pushd "${WORK_DIR}" + git checkout "${release}" + popd + + # Build wheels + OVERRIDE_WHEEL_OUTPUT_PATH="${OVERRIDE_WHEEL_OUTPUT_PATH:-${OUTPUT_WHEEL_PATH}/${release}}" + mkdir -p "${OVERRIDE_WHEEL_OUTPUT_PATH}" + /opt/openstack-wheel-builder.py --report-file "${REPORT_DIR}/${release}.json" \ + --link-pool "${LINK_PATH}" \ + --local-path "${WORK_DIR}" \ + --storage-pool ${STORAGE_POOL} \ + --release-directory "${OVERRIDE_WHEEL_OUTPUT_PATH}" \ + --add-on-repos ${ADDON_REPOS} + + fi + echo "Complete [ ${release} ]" +done + +# Perform cleanup +cleanup + +# Remove lock file on job completion +lock_file_remove diff --git a/playbooks/roles/repo_server/files/rsync.defaults b/playbooks/roles/repo_server/files/rsync.defaults new file mode 100644 index 0000000000..901038ad37 --- /dev/null +++ b/playbooks/roles/repo_server/files/rsync.defaults @@ -0,0 +1,3 @@ +RSYNC_ENABLE=true +RSYNC_CONFIG_FILE=/etc/rsyncd.conf +RSYNC_OPTS='' diff --git a/playbooks/roles/repo_server/files/rsyncd.conf b/playbooks/roles/repo_server/files/rsyncd.conf new file mode 100644 index 0000000000..12a2815c97 --- /dev/null +++ b/playbooks/roles/repo_server/files/rsyncd.conf @@ -0,0 +1,15 @@ +log file = /var/log/rsyncd.log +pid file = /var/run/rsyncd.pid +lock file = /var/run/rsync.lock + +max connections = 15 +timeout = 600 +transfer logging = true + +[openstack_mirror] +path = {{ repo_service_home_folder }}/repo +comment = OpenStack Private Cloud Mirror Server +use chroot = yes +read only = yes +uid = nobody +gid = nogroup diff --git a/playbooks/roles/repo_server/files/sshd_config b/playbooks/roles/repo_server/files/sshd_config new file mode 100644 index 0000000000..78d32b5f12 --- /dev/null +++ b/playbooks/roles/repo_server/files/sshd_config @@ -0,0 +1,43 @@ +Port 22 +Protocol 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +UsePrivilegeSeparation yes + +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +SyslogFacility AUTH +LogLevel INFO + +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes + +IgnoreRhosts yes +RhostsRSAAuthentication no +HostbasedAuthentication no + +PermitEmptyPasswords no + +ChallengeResponseAuthentication no + +PasswordAuthentication no + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes + +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +UsePAM yes +UseDNS no diff --git a/playbooks/roles/galera_stop/tasks/main.yml b/playbooks/roles/repo_server/handlers/main.yml similarity index 56% rename from playbooks/roles/galera_stop/tasks/main.yml rename to playbooks/roles/repo_server/handlers/main.yml index 62678692dd..5aeca10899 100644 --- a/playbooks/roles/galera_stop/tasks/main.yml +++ b/playbooks/roles/repo_server/handlers/main.yml @@ -13,14 +13,32 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Stop MariaDB +- name: reload nginx service: - name: mysql - state: stopped - register: mariadb_stop - ignore_errors: True + name: "nginx" + state: restarted + pattern: "nginx" -- name: Force Stop MariaDB - shell: > - killall -15 mysqld - when: mariadb_stop|failed +- name: reload rsyncd + service: + name: "rsync" + state: restarted + pattern: "rsync" + +- name: reload fcgiwrap + service: + name: "fcgiwrap" + state: restarted + pattern: "fcgiwrap" + +- name: reload ssh + service: + name: "ssh" + state: restarted + pattern: "ssh" + +- name: reload lsyncd + service: + name: "lsyncd" + state: restarted + pattern: "lsyncd" diff --git a/playbooks/roles/repo_server/meta/main.yml b/playbooks/roles/repo_server/meta/main.yml new file mode 100644 index 0000000000..55e298b75a --- /dev/null +++ b/playbooks/roles/repo_server/meta/main.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Install package repo server + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - development + - openstack +dependencies: + - pip_install + - memcached_server diff --git a/playbooks/inventory/group_vars/logstash.yml b/playbooks/roles/repo_server/tasks/main.yml similarity index 55% rename from playbooks/inventory/group_vars/logstash.yml rename to playbooks/roles/repo_server/tasks/main.yml index 4c13441180..50b5ad09da 100644 --- a/playbooks/inventory/group_vars/logstash.yml +++ b/playbooks/roles/repo_server/tasks/main.yml @@ -13,22 +13,22 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Variables for the logstash containers -service_name: logstash +- include: repo_pre_install.yml +- include: repo_install.yml +- include: repo_post_install.yml -debug: False -verbose: True +- include: repo_key_create.yml -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB +- include: repo_key_store.yml + when: > + inventory_hostname == groups['pkg_repo'][0] and + groups.repo_all|length > 1 -# Uncomment this to enable verbose logging for logstash -# logstash_verbose: --verbose +- include: repo_key_distribute.yml + when: > + inventory_hostname != groups['pkg_repo'][0] and + groups.repo_all|length > 1 -# Change this with caution, anything other than 1 will currently -# break multiline filtering -logstash_workers: 1 - -# Directories to create -container_directories: - - { name: /var/log/logstash, mode: 755 } +- include: repo_sync_manager.yml + when: > + inventory_hostname == groups['pkg_repo'][0] diff --git a/playbooks/roles/repo_server/tasks/repo_install.yml b/playbooks/roles/repo_server/tasks/repo_install.yml new file mode 100644 index 0000000000..382264909c --- /dev/null +++ b/playbooks/roles/repo_server/tasks/repo_install.yml @@ -0,0 +1,39 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + register: install_packages + until: install_packages|success + retries: 5 + delay: 5 + with_items: repo_apt_packages + tags: + - repo-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 5 + with_items: repo_pip_packages + tags: + - repo-pip-packages diff --git a/playbooks/roles/repo_server/tasks/repo_key_create.yml b/playbooks/roles/repo_server/tasks/repo_key_create.yml new file mode 100644 index 0000000000..86101ec814 --- /dev/null +++ b/playbooks/roles/repo_server/tasks/repo_key_create.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Remove old key file(s) if found + file: + path: "{{ item }}" + state: "absent" + with_items: + - "{{ repo_service_home_folder }}/.ssh/authorized_keys" + - "{{ repo_service_home_folder }}/.ssh/id_rsa" + - "{{ repo_service_home_folder }}/.ssh/id_rsa.pub" + +- name: Create the nginx SSH key if it doesnt exist + shell: | + su - nginx -c 'ssh-keygen -f {{ repo_service_home_folder }}/.ssh/id_rsa -t rsa -q -N ""' + +- name: Create empty 'authorized_keys' file + file: + path: "{{ repo_service_home_folder }}/.ssh/authorized_keys" + state: "touch" + +- name: Change permissions on the generated keys + file: + path: "{{ item.path }}" + group: "www-data" + owner: "nginx" + mode: "{{ item.mode }}" + with_items: + - { path: "{{ repo_service_home_folder }}/.ssh/authorized_keys", mode: "0700" } + - { path: "{{ repo_service_home_folder }}/.ssh/id_rsa", mode: "0600" } + - { path: "{{ repo_service_home_folder }}/.ssh/id_rsa.pub", mode: "0644" } + +- name: Get public key contents + command: | + cat {{ repo_service_home_folder }}/.ssh/id_rsa.pub + register: nginx_pub + changed_when: false + +- name: Build authorized keys + shell: | + echo "{{ nginx_pub.stdout }}" | tee -a {{ repo_service_home_folder }}/.ssh/authorized_keys + delegate_to: "{{ groups['pkg_repo'][0] }}" diff --git a/playbooks/roles/repo_server/tasks/repo_key_distribute.yml b/playbooks/roles/repo_server/tasks/repo_key_distribute.yml new file mode 100644 index 0000000000..1c9aeafcc5 --- /dev/null +++ b/playbooks/roles/repo_server/tasks/repo_key_distribute.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Retrieve authorized keys + memcached: + name: "{{ item.name }}" + file_path: "{{ item.src }}" + state: "retrieve" + file_mode: "{{ item.file_mode }}" + dir_mode: "{{ item.dir_mode }}" + server: "{{ repo_memcached_servers }}" + encrypt_string: "{{ memcached_encryption_key }}" + with_items: + - { src: "{{ repo_service_home_folder }}/.ssh/authorized_keys", name: "authorized_keys", file_mode: "0640", dir_mode: "0750" } + register: memcache_keys + until: memcache_keys|success + retries: 5 + delay: 2 + tags: + - repo-key + - repo-key-store diff --git a/playbooks/roles/container_common/tasks/container_user_create.yml b/playbooks/roles/repo_server/tasks/repo_key_store.yml similarity index 56% rename from playbooks/roles/container_common/tasks/container_user_create.yml rename to playbooks/roles/repo_server/tasks/repo_key_store.yml index 9a8d3899bc..75a5430a96 100644 --- a/playbooks/roles/container_common/tasks/container_user_create.yml +++ b/playbooks/roles/repo_server/tasks/repo_key_store.yml @@ -13,20 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: create the system group - group: - name: "{{ system_group }}" +- name: Distribute authorized keys for cluster consumption + memcached: + name: "{{ item.name }}" + file_path: "{{ item.src }}" state: "present" - system: "yes" - when: system_group is defined - -- name: create system user - user: - name: "{{ system_user }}" - shell: "/bin/false" - group: "{{ system_group }}" - groups: adm - home: "/var/lib/{{ system_user }}" - system: "yes" - createhome: "yes" - when: system_group is defined and system_user is defined + server: "{{ repo_memcached_servers }}" + encrypt_string: "{{ memcached_encryption_key }}" + with_items: + - { src: "{{ repo_service_home_folder }}/.ssh/authorized_keys", name: "authorized_keys" } + register: memcache_keys + until: memcache_keys|success + retries: 5 + delay: 2 + tags: + - repo-key + - repo-key-distribute diff --git a/playbooks/roles/repo_server/tasks/repo_post_install.yml b/playbooks/roles/repo_server/tasks/repo_post_install.yml new file mode 100644 index 0000000000..6467092139 --- /dev/null +++ b/playbooks/roles/repo_server/tasks/repo_post_install.yml @@ -0,0 +1,99 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ repo_service_group_name }}" + state: "present" + system: "yes" + tags: + - pkg-repo-group + +- name: Create the nova system user + user: + name: "{{ repo_service_user_name }}" + group: "{{ repo_service_group_name }}" + comment: "Nginx repo user" + shell: "/bin/bash" + system: "yes" + createhome: "yes" + home: "{{ repo_service_home_folder }}" + tags: + - pkg-repo-user + +- name: File and directory setup + file: + path: "{{ item.path }}" + state: "{{ item.state }}" + owner: "{{ item.owner|default('root') }}" + group: "{{ item.group|default('root') }}" + mode: "{{ item.mode }}" + with_items: + - { path: "{{ repo_service_home_folder }}", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "{{ repo_service_home_folder }}/.ssh", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2700" } + - { path: "{{ repo_service_home_folder }}/repo", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "{{ repo_service_home_folder }}/repo/links", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "{{ repo_service_home_folder }}/repo/os-releases", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "{{ repo_service_home_folder }}/repo/os-releases/{{ openstack_release }}", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "{{ repo_service_home_folder }}/repo/openstackgit", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "{{ repo_service_home_folder }}/repo/python_packages", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "{{ repo_service_home_folder }}/repo/python_packages/pools", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "{{ repo_service_home_folder }}/repo/pools", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "{{ repo_service_home_folder }}/repo/reports", state: "directory", owner: "{{ repo_service_user_name }}", group: "{{ repo_service_group_name }}", mode: "2755" } + - { path: "/etc/lsyncd", state: "directory", mode: "0755" } + - { path: "/var/log/lsyncd", state: "directory", mode: "0755" } + - { path: "/etc/nginx/sites-enabled/default", state: "absent", mode: "0644" } + tags: + - pkg-repo-dirs + +- name: Drop NGINX configuration files + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "nginx.conf.j2", dest: "/etc/nginx/nginx.conf" } + - { src: "rsyncd.conf.j2", dest: "/etc/rsyncd.conf" } + - { src: "openstack-slushee.vhost.j2", dest: "/etc/nginx/sites-available/openstack-slushee.vhost" } + notify: + - reload nginx + tags: + - pkg-repo-nginx + - pkg-repo-config + +- name: Change fcgiwrap GID/UID + lineinfile: + dest: "/etc/init.d/fcgiwrap" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: "^FCGI_SOCKET_OWNER=", line: 'FCGI_SOCKET_OWNER="{{ repo_service_user_name }}"' } + - { regexp: "^FCGI_SOCKET_GROUP=", line: 'FCGI_SOCKET_GROUP="{{ repo_service_group_name }}"' } + notify: + - reload nginx + - reload fcgiwrap + tags: + - pkg-repo-nginx + - pkg-repo-config + +- name: Enable openstack-slushee site + file: + src: "/etc/nginx/sites-available/openstack-slushee.vhost" + dest: "/etc/nginx/sites-enabled/openstack-slushee.vhost" + state: "link" + notify: + - reload nginx + tags: + - pkg-repo-nginx + - pkg-repo-config diff --git a/playbooks/roles/repo_server/tasks/repo_pre_install.yml b/playbooks/roles/repo_server/tasks/repo_pre_install.yml new file mode 100644 index 0000000000..f807d4f317 --- /dev/null +++ b/playbooks/roles/repo_server/tasks/repo_pre_install.yml @@ -0,0 +1,62 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure ssh config + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "sshd_config", dest: "/etc/ssh/sshd_config" } + notify: + - reload ssh + tags: + - repo-ssh + +- name: Drop rsyncd configuration file(s) + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "rsync.defaults", dest: "/etc/default/rsync" } + notify: + - reload rsyncd + tags: + - repo-config + +- name: Copy wheel builder into place + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "root" + mode: "0755" + with_items: + - { src: "openstack-wheel-builder.sh", dest: "/opt/openstack-wheel-builder.sh" } + - { src: "openstack-wheel-builder.py", dest: "/opt/openstack-wheel-builder.py" } + - { src: "openstack-branch-grabber.py", dest: "/opt/openstack-branch-grabber.py" } + tags: + - repo-wheel-builder + +- name: Drop base config file(s) + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner|default('root') }}" + group: "{{ item.group|default('root') }}" + mode: "{{ item.mode|default('0644') }}" + with_items: + - { src: manual-init.override.j2, dest: "/etc/init/lxc-net.override" } + tags: + - repo-config diff --git a/playbooks/roles/common/tasks/apt_pinning.yml b/playbooks/roles/repo_server/tasks/repo_sync_manager.yml similarity index 67% rename from playbooks/roles/common/tasks/apt_pinning.yml rename to playbooks/roles/repo_server/tasks/repo_sync_manager.yml index f407d130f5..5df47a26ff 100644 --- a/playbooks/roles/common/tasks/apt_pinning.yml +++ b/playbooks/roles/repo_server/tasks/repo_sync_manager.yml @@ -13,12 +13,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Add apt pin preferences +- name: Drop lsyncd configuration file template: - src: apt_pinned_packages.j2 - dest: /etc/apt/preferences.d/openstack_pinned_packages.pref - when: apt_pinned_packages is defined - -- name: Update apt cache - apt: - update_cache: yes + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "lsyncd.lua.j2", dest: "/etc/lsyncd/lsyncd.conf.lua" } + notify: + - reload lsyncd + when: > + groups['pkg_repo']|length > 1 + tags: + - repo-lsyncd + - repo-config diff --git a/playbooks/roles/repo_server/templates/lsyncd.lua.j2 b/playbooks/roles/repo_server/templates/lsyncd.lua.j2 new file mode 100644 index 0000000000..35542b34cc --- /dev/null +++ b/playbooks/roles/repo_server/templates/lsyncd.lua.j2 @@ -0,0 +1,21 @@ +settings { + logfile = "/var/log/lsyncd/lsyncd.log", + statusFile = "/var/log/lsyncd/lsyncd-status.log", + statusInterval = 20 +} + +{% for node in groups['pkg_repo'] %} +{% if groups['pkg_repo'][0] != node %} +sync { + default.rsync, + source = "{{ repo_service_home_folder }}/repo", + target = "{{ hostvars[node]['ansible_ssh_host'] }}:{{ repo_service_home_folder }}/repo", + rsync = { + compress = true, + acls = true, + rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5" + } +} + +{% endif %} +{% endfor %} diff --git a/playbooks/roles/repo_server/templates/manual-init.override.j2 b/playbooks/roles/repo_server/templates/manual-init.override.j2 new file mode 100644 index 0000000000..306c937e51 --- /dev/null +++ b/playbooks/roles/repo_server/templates/manual-init.override.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} + +pre-start script + echo "pass" +end script + +post-stop script + echo "pass" +end script diff --git a/playbooks/roles/repo_server/templates/nginx.conf.j2 b/playbooks/roles/repo_server/templates/nginx.conf.j2 new file mode 100644 index 0000000000..77d7e26dc1 --- /dev/null +++ b/playbooks/roles/repo_server/templates/nginx.conf.j2 @@ -0,0 +1,92 @@ +user {{ repo_service_user_name }} {{ repo_service_group_name }}; +pid /var/run/nginx.pid; + +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} + +worker_processes {{ repo_nginx_threads | default(api_threads) }}; + +events { + worker_connections {{ repo_worker_connections }}; + multi_accept on; +} + +http { + # Basic Settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + sendfile off; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 10m; + client_body_timeout 10m; + send_timeout 10m; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_connect_timeout 600s; + fastcgi_send_timeout 600s; + fastcgi_read_timeout 600s; + + fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=OSGITREPO:100m inactive=60m; + fastcgi_cache_key "$scheme$request_method$host$request_uri"; + fastcgi_cache_use_stale error timeout invalid_header http_500; + fastcgi_ignore_headers Cache-Control Expires Set-Cookie; + + # Added Larger Post Max + client_max_body_size 5M; + + keepalive_timeout 60 15; + types_hash_max_size 2048; + + # Logging Settings + log_format gzip '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" "$gzip_ratio"'; + access_log /var/log/{{ repo_service_user_name }}/access.log gzip buffer=32k; + error_log /var/log/{{ repo_service_user_name }}/error.log notice; + + # Gzip Settings + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + + # Turn on gzip for all content types that should benefit from it. + gzip_types application/ecmascript; + gzip_types application/javascript; + gzip_types application/json; + gzip_types application/pdf; + gzip_types application/postscript; + gzip_types application/x-javascript; + gzip_types image/svg+xml; + gzip_types text/css; + gzip_types text/csv; + + # "gzip_types text/html" is assumed. + gzip_types text/javascript; + gzip_types text/plain; + gzip_types text/xml; + + gzip_http_version 1.0; + + # Path to NGINX Cache + fastcgi_cache_path /var/cache/nginx/ levels=1:2 keys_zone=NGINX_CACHE:10m max_size=32m inactive=5m; + + # Custom Header + add_header X-WHOAMI "OpenStack Private Slushee Repository {{ inventory_hostname }}"; + + # Virtual Host Configs + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + + # Map Mobile + map $http_user_agent $is_mobile { + default 0; + ~*android|ip(hone|od)|windows\s+(?:ce|phone) 1; + ~*symbian|sonyericsson|samsung|lg|blackberry 1; + ~*mobile 1; + } +} diff --git a/playbooks/roles/repo_server/templates/openstack-slushee.vhost.j2 b/playbooks/roles/repo_server/templates/openstack-slushee.vhost.j2 new file mode 100644 index 0000000000..576a4de234 --- /dev/null +++ b/playbooks/roles/repo_server/templates/openstack-slushee.vhost.j2 @@ -0,0 +1,25 @@ +server { + listen {{ repo_server_port }}; + server_name {{ repo_server_name }}; + + # Logging + access_log /var/log/{{ repo_service_user_name }}/{{ repo_server_name }}.access.log gzip buffer=32k; + error_log /var/log/{{ repo_service_user_name }}/{{ repo_server_name }}.error.log notice; + + location / { + root {{ repo_service_home_folder }}/repo/; + autoindex on; + expires 5h; + } + + location ~ /openstackgit(/.*) { + gzip off; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param SCRIPT_NAME git-http-backend; + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT {{ repo_service_home_folder }}/repo/openstackgit; + fastcgi_param PATH_INFO $1; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } +} diff --git a/playbooks/roles/repo_server/templates/rsyncd.conf.j2 b/playbooks/roles/repo_server/templates/rsyncd.conf.j2 new file mode 100644 index 0000000000..12a2815c97 --- /dev/null +++ b/playbooks/roles/repo_server/templates/rsyncd.conf.j2 @@ -0,0 +1,15 @@ +log file = /var/log/rsyncd.log +pid file = /var/run/rsyncd.pid +lock file = /var/run/rsync.lock + +max connections = 15 +timeout = 600 +transfer logging = true + +[openstack_mirror] +path = {{ repo_service_home_folder }}/repo +comment = OpenStack Private Cloud Mirror Server +use chroot = yes +read only = yes +uid = nobody +gid = nogroup diff --git a/playbooks/roles/rsyslog/templates/50-default.conf b/playbooks/roles/rsyslog/templates/50-default.conf deleted file mode 100644 index c9e8c99106..0000000000 --- a/playbooks/roles/rsyslog/templates/50-default.conf +++ /dev/null @@ -1,72 +0,0 @@ -# Default rules for rsyslog. -# -# For more information see rsyslog.conf(5) and /etc/rsyslog.conf - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;local7.none;auth,authpriv.none /var/log/syslog -syslog.* /var/log/rsyslog.log #rsyslog error messages -#cron.* /var/log/cron.log -#daemon.* /var/log/daemon.log -kern.* /var/log/kern.log -#lpr.* /var/log/lpr.log -mail.* /var/log/mail.log -#user.* /var/log/user.log - -# -# Logging for the mail system. Split it up so that -# it is easy to write scripts to parse these files. -# -#mail.info /var/log/mail.info -#mail.warn /var/log/mail.warn -mail.err /var/log/mail.err - -# -# Logging for INN news system. -# -news.crit /var/log/news/news.crit -news.err /var/log/news/news.err -news.notice /var/log/news/news.notice - -# -# Some "catch-all" log files. -# -#*.=debug;\ -# auth,authpriv.none;\ -# news.none;mail.none /var/log/debug -#*.=info;*.=notice;*.=warn;\ -# auth,authpriv.none;\ -# cron,daemon.none;\ -# mail,news.none /var/log/messages - -# -# Emergencies are sent to everybody logged in. -# -*.emerg :omusrmsg:* - -# -# I like to have messages displayed on the console, but only on a virtual -# console I usually leave idle. -# -#daemon,mail.*;\ -# news.=crit;news.=err;news.=notice;\ -# *.=debug;*.=info;\ -# *.=notice;*.=warn /dev/tty8 - -# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, -# you must invoke `xconsole' with the `-file' option: -# -# $ xconsole -file /dev/xconsole [...] -# -# NOTE: adjust the list below, or you'll go crazy if you have a reasonably -# busy site.. -# -# -# As this functionality is almost never needed, it is commented out. If you -# need it, be sure to remove the comment characters below. -#daemon.*;mail.*;\ -# news.err;\ -# *.=debug;*.=info;\ -# *.=notice;*.=warn |/dev/xconsole diff --git a/playbooks/roles/rsyslog_config/templates/genlog.py b/playbooks/roles/rsyslog_config/templates/genlog.py deleted file mode 100644 index 556a0697e5..0000000000 --- a/playbooks/roles/rsyslog_config/templates/genlog.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env python -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import os -import fnmatch - -print "$ModLoad imfile\t\t# Load the imfile input module\n" -print "$ActionQueueType LinkedList\t\t# Use asynchronous processing" -print "$ActionQueueFileName srvrfwd\t\t# Set file name, also enables disk mode" -print "$ActionResumeRetryCount -1\t\t# Infinite retries on insert failure" -print "$ActionQueueSaveOnShutdown on\t\t# Save in-memory data if rsyslog shuts down\n" - -matches = [] -for root, dirnames, filenames in os.walk('/openstack/log'): - for filename in fnmatch.filter(filenames, '*.log'): - matches.append(os.path.join(root, filename)) - -for log in matches: - container = log.split('/')[3] - service = log.split('/')[4].split('.')[0] - if 'horizon' in container: - service = container + '_' + service - - if 'logstash' in container: - continue - - print "$InputFileName {}".format(log) - print "$InputFileTag {}.{}:".format(container, service) - print "$InputFileStateFile state-{}-{}".format(container, service) - print "$InputFileFacility local7" - print "$InputRunFileMonitor\n" - -{% raw %} -print r'''$template ls_json,"{%timestamp:::date-rfc3339,jsonf:@timestamp%,%source:::jsonf:@source_host%,\"@source\":\"syslog://%app-name:::json%\",\"@message\":\"%msg:::json%\",\"@fields\":{%syslogfacility-text:::jsonf:facility%,%syslogseverity-text:::jsonf:severity%,%app-name:::jsonf:program%,%procid:::jsonf:processid%}}"''' -{% endraw %} - -print "*.* @@{{ hostvars[groups['logstash'][0]]['container_address'] }}:{{ logstash_port }};ls_json" diff --git a/playbooks/roles/rsyslog_setup/CONTRIBUTING.rst b/playbooks/roles/rsyslog_setup/CONTRIBUTING.rst new file mode 100644 index 0000000000..b30b38a25f --- /dev/null +++ b/playbooks/roles/rsyslog_setup/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack rsyslog server +######################## +:tags: openstack, rsyslog, server, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/rsyslog_setup/LICENSE b/playbooks/roles/rsyslog_setup/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/rsyslog_setup/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/rsyslog_setup/README.rst b/playbooks/roles/rsyslog_setup/README.rst new file mode 100644 index 0000000000..1171c686e4 --- /dev/null +++ b/playbooks/roles/rsyslog_setup/README.rst @@ -0,0 +1,14 @@ +OpenStack rsyslog server +######################## +:tags: openstack, rsyslog, server, cloud, ansible +:category: \*nix + +Role to deploy rsyslog for use within OpenStack when deploying services using containers. + +.. code-block:: yaml + + - name: Install rsyslog + hosts: rsyslog + user: root + roles: + - { role: "rsyslog_setup", tags: [ "rsyslog-setup" ] } diff --git a/playbooks/vars/repo_packages/rsyslog.yml b/playbooks/roles/rsyslog_setup/defaults/main.yml similarity index 82% rename from playbooks/vars/repo_packages/rsyslog.yml rename to playbooks/roles/rsyslog_setup/defaults/main.yml index a5d1f682a7..802063451b 100644 --- a/playbooks/vars/repo_packages/rsyslog.yml +++ b/playbooks/roles/rsyslog_setup/defaults/main.yml @@ -13,11 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. -repo_package_name: rsyslog +rsyslog_apt_repos: + - { repo: "ppa:adiscon/v8-stable", state: "present" } -apt_container_repos: - - { repo: "{{ rsyslog_repo_url }}", state: "present" } +rsyslog_apt_packages: + - rsyslog -service_pip_dependencies: +rsyslog_pip_packages: - python-memcached - pycrypto diff --git a/playbooks/swift-common.yml b/playbooks/roles/rsyslog_setup/meta/main.yml similarity index 66% rename from playbooks/swift-common.yml rename to playbooks/roles/rsyslog_setup/meta/main.yml index 18dc7c9ad2..45429bab4e 100644 --- a/playbooks/swift-common.yml +++ b/playbooks/roles/rsyslog_setup/meta/main.yml @@ -13,16 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: swift_proxy:swift_hosts - user: root - roles: - - common - - common_sudoers - - container_common - - openstack_common - - openstack_openrc - - galera_client_cnf +galaxy_info: + author: rcbops + description: Rsyslog install and setup for logstash + company: Rackspace + license: Apache2 + min_ansible_version: 1.6.6 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud - rsyslog - vars_files: - - inventory/group_vars/swift_all.yml - - vars/repo_packages/swift.yml + - development + - openstack +dependencies: + - pip_lock_down diff --git a/playbooks/roles/cinder_volume/handlers/main.yml b/playbooks/roles/rsyslog_setup/tasks/main.yml similarity index 85% rename from playbooks/roles/cinder_volume/handlers/main.yml rename to playbooks/roles/rsyslog_setup/tasks/main.yml index 73ff6a3ad0..922731e1d7 100644 --- a/playbooks/roles/cinder_volume/handlers/main.yml +++ b/playbooks/roles/rsyslog_setup/tasks/main.yml @@ -13,5 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Ensure tgt service restarted - service: name=tgt state=restarted pattern=tgtd +- include: rsyslog_pre_install.yml +- include: rsyslog_install.yml +- include: rsyslog_post_install.yml diff --git a/playbooks/roles/rsyslog_setup/tasks/rsyslog_install.yml b/playbooks/roles/rsyslog_setup/tasks/rsyslog_install.yml new file mode 100644 index 0000000000..96baf8735f --- /dev/null +++ b/playbooks/roles/rsyslog_setup/tasks/rsyslog_install.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install rsyslog packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: rsyslog_apt_packages + tags: + - rsyslog-apt-packages + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: rsyslog_pip_packages + tags: + - rsyslog-pip-packages diff --git a/playbooks/roles/galera_config/tasks/main.yml b/playbooks/roles/rsyslog_setup/tasks/rsyslog_post_install.yml similarity index 59% rename from playbooks/roles/galera_config/tasks/main.yml rename to playbooks/roles/rsyslog_setup/tasks/rsyslog_post_install.yml index 16d234c11f..311b284edb 100644 --- a/playbooks/roles/galera_config/tasks/main.yml +++ b/playbooks/roles/rsyslog_setup/tasks/rsyslog_post_install.yml @@ -13,24 +13,33 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Create the local directories - file: - path: "{{ item }}" - state: "directory" - group: "root" - owner: "root" - recurse: "true" - with_items: - - /etc/mysql/conf.d +- name: Stop rsyslog + service: + name: "rsyslog" + state: "stopped" + failed_when: false + tags: + - rsyslog-config -- name: Drop mariadb configs +- name: Rsyslog Setup template: src: "{{ item.src }}" dest: "{{ item.dest }}" - register: mariadb_config + owner: "root" + group: "root" with_items: - - { src: my.cnf, dest: /etc/mysql/my.cnf } - - { src: cluster.cnf, dest: /etc/mysql/conf.d/cluster.cnf } - - { src: debian.cnf, dest: /etc/mysql/debian.cnf } - - { src: mysql_init.sh, dest: /etc/init.d/mysql } - - { src: mysql_defaults, dest: /etc/default/mysql } + - { src: "50-default.conf.j2", dest: "/etc/rsyslog.d/50-default.conf" } + tags: + - rsyslog-config + +- name: Generate Config Files + shell: "/opt/genlog.py > /etc/rsyslog.d/51-openstack.conf" + tags: + - rsyslog-config + +- name: Start rsyslog + service: + name: "rsyslog" + state: "started" + tags: + - rsyslog-config \ No newline at end of file diff --git a/playbooks/roles/rsyslog_config/tasks/main.yml b/playbooks/roles/rsyslog_setup/tasks/rsyslog_pre_install.yml similarity index 72% rename from playbooks/roles/rsyslog_config/tasks/main.yml rename to playbooks/roles/rsyslog_setup/tasks/rsyslog_pre_install.yml index 1127cee15e..500833e045 100644 --- a/playbooks/roles/rsyslog_config/tasks/main.yml +++ b/playbooks/roles/rsyslog_setup/tasks/rsyslog_pre_install.yml @@ -15,20 +15,15 @@ - name: Deploy rsyslog config generator template: - src: "{{ item }}" - dest: "/opt/{{ item }}" + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: "root" group: "root" mode: "0755" with_items: - - genlog.py - -- name: Stop rsyslog - service: name=rsyslog state=stopped pattern=rsyslog - -- name: Generate Config Files - shell: > - /opt/genlog.py > /etc/rsyslog.d/51-openstack.conf + - { src: "genlog.py.j2", dest: "/opt/genlog.py" } + tags: + - rsyslog-config - name: Ensure ownership on /var/spool/rsyslog file: @@ -36,6 +31,5 @@ state: "directory" owner: "syslog" group: "syslog" - -- name: Start rsyslog - service: name=rsyslog state=restarted pattern=rsyslog + tags: + - rsyslog-dirs \ No newline at end of file diff --git a/playbooks/roles/rsyslog_setup/templates/50-default.conf.j2 b/playbooks/roles/rsyslog_setup/templates/50-default.conf.j2 new file mode 100644 index 0000000000..a56d09e2e4 --- /dev/null +++ b/playbooks/roles/rsyslog_setup/templates/50-default.conf.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} + +auth,authpriv.* /var/log/auth.log +*.*;local7.none;auth,authpriv.none /var/log/syslog +syslog.* /var/log/rsyslog.log #rsyslog error messages +kern.* /var/log/kern.log +mail.* /var/log/mail.log +#user.* /var/log/user.log + +mail.err /var/log/mail.err + +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice /var/log/news/news.notice + +*.emerg :omusrmsg:* diff --git a/playbooks/roles/rsyslog_setup/templates/genlog.py.j2 b/playbooks/roles/rsyslog_setup/templates/genlog.py.j2 new file mode 100644 index 0000000000..17d1a6102b --- /dev/null +++ b/playbooks/roles/rsyslog_setup/templates/genlog.py.j2 @@ -0,0 +1,61 @@ +#!/usr/bin/env python +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# {{ ansible_managed }} + +import os +import fnmatch + + +print('$ModLoad imfile\t\t# Load the imfile input module\n') +print('$ActionQueueType LinkedList\t\t# Use asynchronous processing') +print('$ActionQueueFileName srvrfwd\t\t# Set file name, also enables disk' + ' mode') +print('$ActionResumeRetryCount -1\t\t# Infinite retries on insert failure') +print('$ActionQueueSaveOnShutdown on\t\t# Save in-memory data if rsyslog' + ' shuts down\n') + +matches = [] +for root, dirnames, filenames in os.walk('/openstack/log'): + for filename in fnmatch.filter(filenames, '*.log'): + matches.append(os.path.join(root, filename)) + +for log in matches: + container = log.split('/')[3] + service = log.split('/')[4].split('.')[0] + if 'horizon' in container: + service = container + '_' + service + + if 'logstash' in container: + continue + + print('$InputFileName {}'.format(log)) + print('$InputFileTag {}.{}:'.format(container, service)) + print('$InputFileStateFile state-{}-{}'.format(container, service)) + print('$InputFileFacility local7') + print('$InputRunFileMonitor\n') + + +{% raw %} +print(r'$template ls_json,"{%timestamp:::date-rfc3339,jsonf:@timestamp%,' + '%source:::jsonf:@source_host%,\"@source\":\"syslog://%app-name::' + ':json%\",\"@message\":\"%msg:::json%\",\"@fields\":{%syslogfacil' + 'ity-text:::jsonf:facility%,%syslogseverity-text:::jsonf:severity' + '%,%app-name:::jsonf:program%,%procid:::jsonf:processid%}}"') +{% endraw %} + + +group = "{{ hostvars[groups['logstash_all'][0]]['ansible_ssh_host'] }}" +print('*.* @@{}:{{ logstash_port }};ls_json'.format(group)) diff --git a/playbooks/roles/swift_account/tasks/main.yml b/playbooks/roles/swift_account/tasks/main.yml deleted file mode 100644 index 8ecd01f3cf..0000000000 --- a/playbooks/roles/swift_account/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "swift account server config with replication" - template: > - src="account-server.conf.j2" - dest="/etc/swift/account-server/account-server.conf" - owner={{ system_user }} - mode=0644 - notify: Restart swift service - -- name: "swift account server replication config" - template: > - src="account-server-replicator.conf.j2" - dest="/etc/swift/account-server/account-server-replicator.conf" - owner={{ system_user }} - mode=0644 - notify: Restart swift service - when: swift.replication_network is defined and swift.replication_network != swift.storage_network diff --git a/playbooks/roles/swift_account/templates/account-server-replicator.conf.j2 b/playbooks/roles/swift_account/templates/account-server-replicator.conf.j2 deleted file mode 100644 index a3413aa466..0000000000 --- a/playbooks/roles/swift_account/templates/account-server-replicator.conf.j2 +++ /dev/null @@ -1,47 +0,0 @@ -[DEFAULT] -{% set repl_bridge = 'ansible_' + swift.replication_network|replace('-', '_') %} -bind_ip = {{ hostvars[inventory_hostname][repl_bridge]['ipv4']['address'] }} -bind_port = {{ swift_account_port }} -devices = {{ swift_vars.mount_point | default(swift.mount_point) }} -workers = 2 -log_facility = LOG_LOCAL2 - -[pipeline:main] -pipeline = account-server - -[app:account-server] -use = egg:swift#account -replication_server = True - -[account-replicator] -# You can override the default log routing for this app here (don't use set!): -# log_name = account-replicator -log_facility = LOG_LOCAL2 -# log_level = INFO -# log_address = /dev/log -# -# vm_test_mode = no -per_diff = 10000 -# max_diffs = 100 -# concurrency = 8 -# interval = 30 -# -# How long without an error before a node's error count is reset. This will -# also be how long before a node is reenabled after suppression is triggered. -# error_suppression_interval = 60 -# -# How many errors can accumulate before a node is temporarily ignored. -# error_suppression_limit = 10 -# -# node_timeout = 10 -# conn_timeout = 0.5 -# -# The replicator also performs reclamation -# reclaim_age = 604800 -# -# Time in seconds to wait between replication passes -# Note: if the parameter 'interval' is defined then it will be used in place -# of run_pause. -# run_pause = 30 -# -# recon_cache_path = /var/cache/swift diff --git a/playbooks/roles/swift_account/templates/account-server.conf.j2 b/playbooks/roles/swift_account/templates/account-server.conf.j2 deleted file mode 100644 index c9d7edf0dc..0000000000 --- a/playbooks/roles/swift_account/templates/account-server.conf.j2 +++ /dev/null @@ -1,200 +0,0 @@ -[DEFAULT] -{% if is_metal == true and swift.storage_network is defined %} -{% set storage_bridge = 'ansible_' + swift.storage_network|replace('-', '_') %} -{% set storage_address = hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] %} -{% endif %} -bind_ip = {{ storage_address | default(container_address) }} -bind_port = {{ swift_account_port }} -# bind_timeout = 30 -# backlog = 4096 -user = {{ system_user }} -# swift_dir = /etc/swift -devices = {{ swift_vars.mount_point | default(swift.mount_point) }} -# mount_check = true -# disable_fallocate = false -# -# Use an integer to override the number of pre-forked processes that will -# accept connections. -# workers = auto -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# You can specify default log routing here if you want: -# log_name = swift -log_facility = LOG_LOCAL2 -# log_level = INFO -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = localhost -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# If you don't mind the extra disk space usage in overhead, you can turn this -# on to preallocate disk space with SQLite databases to decrease fragmentation. -# db_preallocation = off -# -# eventlet_debug = false -# -# You can set fallocate_reserve to the number of bytes you'd like fallocate to -# reserve, whether there is space for the given file size or not. -# fallocate_reserve = 0 - -[pipeline:main] -pipeline = healthcheck recon account-server - -[app:account-server] -use = egg:swift#account -log_facility = LOG_LOCAL2 -# You can override the default log routing for this app here: -# set log_name = account-server -# set log_facility = LOG_LOCAL2 -# set log_level = INFO -# set log_requests = true -# set log_address = /dev/log -# -# auto_create_account_prefix = . -# -# Configure parameter for creating specific server -# To handle all verbs, including replication verbs, do not specify -# "replication_server" (this is the default). To only handle replication, -# set to a True value (e.g. "True" or "1"). To handle only non-replication -# verbs, set to "False". Unless you have a separate replication network, you -# should not specify any value for "replication_server". -# replication_server = false - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE" -# disable_path = - -[filter:recon] -use = egg:swift#recon -log_facility = LOG_LOCAL2 -recon_cache_path = /var/cache/swift -recon_lock_path = /var/lock/swift - -{% if swift.replication_network is not defined %} -[account-replicator] -# You can override the default log routing for this app here (don't use set!): -# log_name = account-replicator -log_facility = LOG_LOCAL2 -# log_level = INFO -# log_address = /dev/log -# -# vm_test_mode = no -per_diff = 10000 -# max_diffs = 100 -# concurrency = 8 -# interval = 30 -# -# How long without an error before a node's error count is reset. This will -# also be how long before a node is reenabled after suppression is triggered. -# error_suppression_interval = 60 -# -# How many errors can accumulate before a node is temporarily ignored. -# error_suppression_limit = 10 -# -# node_timeout = 10 -# conn_timeout = 0.5 -# -# The replicator also performs reclamation -# reclaim_age = 604800 -# -# Time in seconds to wait between replication passes -# Note: if the parameter 'interval' is defined then it will be used in place -# of run_pause. -# run_pause = 30 -# -# recon_cache_path = /var/cache/swift -{% endif %} - -[account-auditor] -# You can override the default log routing for this app here (don't use set!): -# log_name = account-auditor -log_facility = LOG_LOCAL2 -# log_level = INFO -# log_address = /dev/log -# -# Will audit each account at most once per interval -# interval = 1800 -# -# log_facility = LOG_LOCAL2 -# log_level = INFO -# accounts_per_second = 200 -# recon_cache_path = /var/cache/swift - -[account-reaper] -# You can override the default log routing for this app here (don't use set!): -# log_name = account-reaper -log_facility = LOG_LOCAL2 -# log_level = INFO -# log_address = /dev/log -# -# concurrency = 25 -# interval = 3600 -# node_timeout = 10 -# conn_timeout = 0.5 -# -# Normally, the reaper begins deleting account information for deleted accounts -# immediately; you can set this to delay its work however. The value is in -# seconds; 2592000 = 30 days for example. -delay_reaping = 604800 -# -# If the account fails to be be reaped due to a persistent error, the -# account reaper will log a message such as: -# Account has not been reaped since -# You can search logs for this message if space is not being reclaimed -# after you delete account(s). -# Default is 2592000 seconds (30 days). This is in addition to any time -# requested by delay_reaping. -# reap_warn_after = 2592000 - -# Note: Put it at the beginning of the pipleline to profile all middleware. But -# it is safer to put this after healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/account.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false diff --git a/playbooks/roles/swift_common/handlers/main.yml b/playbooks/roles/swift_common/handlers/main.yml deleted file mode 100644 index a302ff2790..0000000000 --- a/playbooks/roles/swift_common/handlers/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: restart rsyslog - service: name=rsyslog state=restarted diff --git a/playbooks/roles/swift_common/tasks/main.yml b/playbooks/roles/swift_common/tasks/main.yml deleted file mode 100644 index 12bb03b407..0000000000 --- a/playbooks/roles/swift_common/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: log_setup.yml -- include: swift_dispersion.yml - -- name: "Drop swift.conf template" - template: - src: "swift.conf.j2" - dest: "/etc/swift/swift.conf" - owner: "{{ system_user }}" - mode: "0644" diff --git a/playbooks/roles/swift_common/tasks/swift_dispersion.yml b/playbooks/roles/swift_common/tasks/swift_dispersion.yml deleted file mode 100644 index fd42d339e2..0000000000 --- a/playbooks/roles/swift_common/tasks/swift_dispersion.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "Place dispersion.conf in swift dir" - template: - src: "swift-dispersion.conf.j2" - dest: "/etc/swift/dispersion.conf" - owner: "{{ system_user }}" - mode: "0644" diff --git a/playbooks/roles/swift_common/templates/swift-dispersion.conf.j2 b/playbooks/roles/swift_common/templates/swift-dispersion.conf.j2 deleted file mode 100644 index 8e6f4a82e4..0000000000 --- a/playbooks/roles/swift_common/templates/swift-dispersion.conf.j2 +++ /dev/null @@ -1,27 +0,0 @@ -[dispersion] -# Please create a new account solely for using dispersion tools, which is -# helpful for keep your own data clean. -# auth_url = http://localhost:8080/auth/v1.0 -# auth_user = test:tester -# auth_key = testing -# auth_version = 1.0 -# -# NOTE: If you want to use keystone (auth version 2.0), then its configuration -# would look something like: -auth_url = {{ auth_identity_uri }} -auth_user = {{ auth_admin_tenant }}:{{ swift_dispersion_user }} -auth_key = {{ swift_dispersion_password }} -auth_version = 2.0 -# -endpoint_type = internalURL -# keystone_api_insecure = no -# -# swift_dir = /etc/swift -# dispersion_coverage = 1.0 -# retries = 5 -# concurrency = 25 -# container_populate = yes -# object_populate = yes -# container_report = yes -# object_report = yes -# dump_json = no diff --git a/playbooks/roles/swift_common/templates/swift.conf.j2 b/playbooks/roles/swift_common/templates/swift.conf.j2 deleted file mode 100644 index 9f4ded08d6..0000000000 --- a/playbooks/roles/swift_common/templates/swift.conf.j2 +++ /dev/null @@ -1,94 +0,0 @@ -[swift-hash] - -# swift_hash_path_suffix and swift_hash_path_prefix are used as part of the -# the hashing algorithm when determining data placement in the cluster. -# These values should remain secret and MUST NOT change -# once a cluster has been deployed. - -swift_hash_path_suffix = {{ swift_hash_path_suffix }} -swift_hash_path_prefix = {{ swift_hash_path_prefix }} - -# Storage Policies -{% for policy in swift.storage_policies %} -[storage-policy:{{ policy.policy.index }}] -name = {{ policy.policy.name }} -{% if policy.policy.deprecated is defined %} -deprecated = {{ policy.policy.deprecated }} -{% endif %} -{% if policy.policy.default is defined %} -default = {{ policy.policy.default }} -{% endif %} - -{% endfor %} -[swift-constraints] - -# max_file_size is the largest "normal" object that can be saved in -# the cluster. This is also the limit on the size of each segment of -# a "large" object when using the large object manifest support. -# This value is set in bytes. Setting it to lower than 1MiB will cause -# some tests to fail. It is STRONGLY recommended to leave this value at -# the default (5 * 2**30 + 2). - -#max_file_size = 5368709122 - - -# max_meta_name_length is the max number of bytes in the utf8 encoding -# of the name portion of a metadata header. - -#max_meta_name_length = 128 - - -# max_meta_value_length is the max number of bytes in the utf8 encoding -# of a metadata value - -#max_meta_value_length = 256 - - -# max_meta_count is the max number of metadata keys that can be stored -# on a single account, container, or object - -#max_meta_count = 90 - - -# max_meta_overall_size is the max number of bytes in the utf8 encoding -# of the metadata (keys + values) - -#max_meta_overall_size = 4096 - -# max_header_size is the max number of bytes in the utf8 encoding of each -# header. Using 8192 as default because eventlet use 8192 as max size of -# header line. This value may need to be increased when using identity -# v3 API tokens including more than 7 catalog entries. -# See also include_service_catalog in proxy-server.conf-sample -# (documented in overview_auth.rst) - -#max_header_size = 8192 - - -# max_object_name_length is the max number of bytes in the utf8 encoding -# of an object name - -#max_object_name_length = 1024 - - -# container_listing_limit is the default (and max) number of items -# returned for a container listing request - -#container_listing_limit = 10000 - - -# account_listing_limit is the default (and max) number of items returned -# for an account listing request -#account_listing_limit = 10000 - - -# max_account_name_length is the max number of bytes in the utf8 encoding -# of an account name - -#max_account_name_length = 256 - - -# max_container_name_length is the max number of bytes in the utf8 encoding -# of a container name - -#max_container_name_length = 256 diff --git a/playbooks/roles/swift_container/tasks/main.yml b/playbooks/roles/swift_container/tasks/main.yml deleted file mode 100644 index 76edcb110b..0000000000 --- a/playbooks/roles/swift_container/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "swift container server configuration" - template: > - src="container-server.conf.j2" - dest="/etc/swift/container-server/container-server.conf" - owner={{ system_user }} - mode=0644 - notify: Restart swift service - -- name: "swift container server replication config" - template: > - src="container-server-replicator.conf.j2" - dest="/etc/swift/container-server/container-server-replicator.conf" - owner={{ system_user }} - mode=0644 - notify: Restart swift service - when: swift.replication_network is defined and swift.replication_network != swift.storage_network diff --git a/playbooks/roles/swift_container/templates/container-server-replicator.conf.j2 b/playbooks/roles/swift_container/templates/container-server-replicator.conf.j2 deleted file mode 100644 index 9d9d6c8554..0000000000 --- a/playbooks/roles/swift_container/templates/container-server-replicator.conf.j2 +++ /dev/null @@ -1,39 +0,0 @@ -[DEFAULT] -{% set repl_bridge = 'ansible_' + swift.replication_network|replace('-', '_') %} -bind_ip = {{ hostvars[inventory_hostname][repl_bridge]['ipv4']['address'] }} -bind_port = {{ swift_container_port }} -devices = {{ swift_vars.mount_point | default(swift.mount_point) }} -workers = 2 -log_facility = LOG_LOCAL3 - -[pipeline:main] -pipeline = container-server - -[app:container-server] -use = egg:swift#container -replication_server = True - -[container-replicator] -# You can override the default log routing for this app here (don't use set!): -# log_name = container-replicator -log_facility = LOG_LOCAL3 -# log_level = INFO -# log_address = /dev/log -# -# vm_test_mode = no -# per_diff = 1000 -# max_diffs = 100 -# concurrency = 8 -# interval = 30 -# node_timeout = 10 -# conn_timeout = 0.5 -# -# The replicator also performs reclamation -# reclaim_age = 604800 -# -# Time in seconds to wait between replication passes -# Note: if the parameter 'interval' is defined then it will be used in place -# of run_pause. -# run_pause = 30 -# -# recon_cache_path = /var/cache/swift diff --git a/playbooks/roles/swift_container/templates/container-server.conf.j2 b/playbooks/roles/swift_container/templates/container-server.conf.j2 deleted file mode 100644 index 397667167b..0000000000 --- a/playbooks/roles/swift_container/templates/container-server.conf.j2 +++ /dev/null @@ -1,211 +0,0 @@ -[DEFAULT] -{% if is_metal == true and swift.storage_network is defined %} -{% set storage_bridge = 'ansible_' + swift.storage_network|replace('-', '_') %} -{% set storage_address = hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] %} -{% endif %} -bind_ip = {{ storage_address | default(container_address) }} -bind_port = {{ swift_container_port }} -# bind_timeout = 30 -# backlog = 4096 -user = {{ system_user }} -# swift_dir = /etc/swift -devices = {{ swift_vars.mount_point | default(swift.mount_point) }} -# mount_check = true -# disable_fallocate = false -# -# Use an integer to override the number of pre-forked processes that will -# accept connections. -# workers = auto -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# This is a comma separated list of hosts allowed in the X-Container-Sync-To -# field for containers. This is the old-style of using container sync. It is -# strongly recommended to use the new style of a separate -# container-sync-realms.conf -- see container-sync-realms.conf-sample -# allowed_sync_hosts = 127.0.0.1 -# -# You can specify default log routing here if you want: -# log_name = swift -log_facility = LOG_LOCAL3 -# log_level = INFO -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = localhost -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# If you don't mind the extra disk space usage in overhead, you can turn this -# on to preallocate disk space with SQLite databases to decrease fragmentation. -# db_preallocation = off -# -# eventlet_debug = false -# -# You can set fallocate_reserve to the number of bytes you'd like fallocate to -# reserve, whether there is space for the given file size or not. -# fallocate_reserve = 0 - -[pipeline:main] -pipeline = healthcheck recon container-server - -[app:container-server] -use = egg:swift#container -log_facility = LOG_LOCAL3 -# You can override the default log routing for this app here: -# set log_name = container-server -# set log_facility = LOG_LOCAL3 -# set log_level = INFO -# set log_requests = true -# set log_address = /dev/log -# -# node_timeout = 3 -# conn_timeout = 0.5 -# allow_versions = false -# auto_create_account_prefix = . -# -# Configure parameter for creating specific server -# To handle all verbs, including replication verbs, do not specify -# "replication_server" (this is the default). To only handle replication, -# set to a True value (e.g. "True" or "1"). To handle only non-replication -# verbs, set to "False". Unless you have a separate replication network, you -# should not specify any value for "replication_server". -# replication_server = false - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE" -# disable_path = - -[filter:recon] -use = egg:swift#recon -log_facility = LOG_LOCAL3 -recon_cache_path = /var/cache/swift -recon_lock_path = /var/lock/swift - -{% if swift.replication_network is not defined %} -[container-replicator] -# You can override the default log routing for this app here (don't use set!): -# log_name = container-replicator -log_facility = LOG_LOCAL3 -# log_level = INFO -# log_address = /dev/log -# -# vm_test_mode = no -# per_diff = 1000 -# max_diffs = 100 -# concurrency = 8 -# interval = 30 -# node_timeout = 10 -# conn_timeout = 0.5 -# -# The replicator also performs reclamation -# reclaim_age = 604800 -# -# Time in seconds to wait between replication passes -# Note: if the parameter 'interval' is defined then it will be used in place -# of run_pause. -# run_pause = 30 -# -# recon_cache_path = /var/cache/swift -{% endif %} - -[container-updater] -# You can override the default log routing for this app here (don't use set!): -# log_name = container-updater -log_facility = LOG_LOCAL3 -# log_level = INFO -# log_address = /dev/log -# -# interval = 300 -# concurrency = 4 -node_timeout = 15 -conn_timeout = 5 -# -# slowdown will sleep that amount between containers -# slowdown = 0.01 -# -# Seconds to suppress updating an account that has generated an error -# account_suppression_time = 60 -# -# recon_cache_path = /var/cache/swift - -[container-auditor] -# You can override the default log routing for this app here (don't use set!): -# log_name = container-auditor -log_facility = LOG_LOCAL3 -# log_level = INFO -# log_address = /dev/log -# -# Will audit each container at most once per interval -# interval = 1800 -# -# containers_per_second = 200 -# recon_cache_path = /var/cache/swift - -[container-sync] -# You can override the default log routing for this app here (don't use set!): -# log_name = container-sync -# log_facility = LOG_LOCAL3 -# log_level = INFO -# log_address = /dev/log -# -# If you need to use an HTTP Proxy, set it here; defaults to no proxy. -# You can also set this to a comma separated list of HTTP Proxies and they will -# be randomly used (simple load balancing). -# sync_proxy = http://10.1.1.1:8888,http://10.1.1.2:8888 -# -# Will sync each container at most once per interval -# interval = 300 -# -# Maximum amount of time to spend syncing each container per pass -# container_time = 60 - -# Note: Put it at the beginning of the pipleline to profile all middleware. But -# it is safer to put this after healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/container.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false diff --git a/playbooks/roles/swift_dispersion_user/tasks/main.yml b/playbooks/roles/swift_dispersion_user/tasks/main.yml deleted file mode 100644 index cba3103207..0000000000 --- a/playbooks/roles/swift_dispersion_user/tasks/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "Create keystone user for swift-dispersion" - keystone: - command: "ensure_user" - token: "{{ auth_admin_token }}" - endpoint: "{{ auth_admin_uri }}" - user_name: "{{ swift_dispersion_user }}" - tenant_name: "{{ auth_admin_tenant }}" - password: "{{ swift_dispersion_password }}" - -- name: "Add swiftoperator role to swift-dispersion user" - keystone: - command: "ensure_user_role" - token: "{{ auth_admin_token }}" - endpoint: "{{ auth_admin_uri }}" - user_name: "{{ swift_dispersion_user }}" - tenant_name: "{{ auth_admin_tenant }}" - role_name: "swiftoperator" diff --git a/playbooks/roles/swift_init_scripts/handlers/main.yml b/playbooks/roles/swift_init_scripts/handlers/main.yml deleted file mode 100644 index a5fdc1f823..0000000000 --- a/playbooks/roles/swift_init_scripts/handlers/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Restart service - service: name={{ item }} state=restarted pattern={{ item }} enabled=yes - when: item is defined diff --git a/playbooks/roles/swift_init_scripts/tasks/main.yml b/playbooks/roles/swift_init_scripts/tasks/main.yml deleted file mode 100644 index 1411d0e51f..0000000000 --- a/playbooks/roles/swift_init_scripts/tasks/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Place the init script - template: > - src=init-config - dest=/etc/init/{{ item }}.conf - mode=0644 - owner=root - group=root - with_items: program_names - notify: Restart service - -- name: Ensure init scripts are loaded - shell: > - initctl list | grep -w "{{ item }}" - with_items: program_names - register: init_loaded - -- name: Reload init scripts - shell: > - initctl reload-configuration - when: item.rc != 0 - with_items: init_loaded.results - -- name: Load service - service: name={{ item }} enabled=yes - when: item is defined - with_items: program_names - -- name: Ensure service started - service: name={{ item }} state=started pattern={{ item }} enabled=yes - when: item is defined - with_items: program_names diff --git a/playbooks/roles/swift_init_scripts/templates/init-config b/playbooks/roles/swift_init_scripts/templates/init-config deleted file mode 100644 index 1ec8b38414..0000000000 --- a/playbooks/roles/swift_init_scripts/templates/init-config +++ /dev/null @@ -1,49 +0,0 @@ -# {{ ansible_managed }} -# vim:set ft=upstart ts=2 et: - -description "{{ item }}" -author "Kevin Carter " - -start on runlevel [2345] -stop on runlelvel [016] - -respawn - -# If this is a replicator service and we have a repl network adjust the conf -{% if swift.replication_network is defined and 'replicator' in item %} -{% set repl_conf = '-replicator' %} -{% endif %} -# If this is a server-replicator and we have a repl network adjust the name/conf -{% if swift.replication_network is defined and 'server-replicator' in item %} -{% set repl_conf = '-replicator' %} -{% set item = 'swift-' + service_conf_loc %} -{% endif %} - -# Set the RUNBIN environment variable -env RUNBIN="/usr/local/bin/{{ item }}" - -# Change directory to service users home -chdir "/var/lib/{{ service_name }}" - -# Pre start actions -pre-start script - mkdir -p "/var/run/{{ item }}" - chown {{ system_user }}:{{ system_group }} "/var/run/{{ item }}" - - mkdir -p "/var/lock/{{ item }}" - chown {{ system_user }}:{{ system_group }} "/var/lock/{{ item }}" -end script - -# Post stop actions -post-stop script - rm "/var/run/{{ item }}/{{ item }}{{ repl_conf | default('') }}.pid" -end script - -# Run the start up job -exec start-stop-daemon --start \ - --chuid {{ system_user }} \ - --make-pidfile \ - --pidfile /var/run/{{ item }}/{{ item }}{{ repl_conf | default('') }}.pid \ - --exec "{{ program_override|default('$RUNBIN') }}" \ - /etc/{{ service_name }}/{{ service_conf_loc }}/{{ service_conf_loc }}{{ repl_conf | default('') }}.conf \ - -- {{ program_config_options|default('') }} diff --git a/playbooks/roles/swift_object/tasks/main.yml b/playbooks/roles/swift_object/tasks/main.yml deleted file mode 100644 index 15eb50cbcf..0000000000 --- a/playbooks/roles/swift_object/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "swift object server configuration" - template: > - src="object-server.conf.j2" - dest="/etc/swift/object-server/object-server.conf" - owner={{ system_user }} - mode=0644 - notify: Restart swift service - -- name: "swift object server replication config" - template: > - src="object-server-replicator.conf.j2" - dest="/etc/swift/object-server/object-server-replicator.conf" - owner={{ system_user }} - mode=0644 - notify: Restart swift service - when: swift.replication_network is defined and swift.replication_network != swift.storage_network diff --git a/playbooks/roles/swift_object/templates/object-server-replicator.conf.j2 b/playbooks/roles/swift_object/templates/object-server-replicator.conf.j2 deleted file mode 100644 index e3016ebb40..0000000000 --- a/playbooks/roles/swift_object/templates/object-server-replicator.conf.j2 +++ /dev/null @@ -1,79 +0,0 @@ -[DEFAULT] -{% set repl_bridge = 'ansible_' + swift.replication_network|replace('-', '_') %} -bind_ip = {{ hostvars[inventory_hostname][repl_bridge]['ipv4']['address'] }} -bind_port = {{ swift_object_port }} -devices = {{ swift_vars.mount_point | default(swift.mount_point) }} -workers = 2 -log_facility = LOG_LOCAL4 - -[pipeline:main] -pipeline = object-server - -[app:object-server] -use = egg:swift#object -replication_server = True - -[object-replicator] -# You can override the default log routing for this app here (don't use set!): -# log_name = object-replicator -log_facility = LOG_LOCAL4 -# log_level = INFO -# log_address = /dev/log -# -# vm_test_mode = no -# daemonize = on -# run_pause = 30 -concurrency = 6 -# stats_interval = 300 -# -# The sync method to use; default is rsync but you can use ssync to try the -# EXPERIMENTAL all-swift-code-no-rsync-callouts method. Once ssync is verified -# as having performance comparable to, or better than, rsync, we plan to -# deprecate rsync so we can move on with more features for replication. -# sync_method = rsync -# -# max duration of a partition rsync -# rsync_timeout = 900 -# -# bandwidth limit for rsync in kB/s. 0 means unlimited -# rsync_bwlimit = 0 -# -# passed to rsync for io op timeout -# rsync_io_timeout = 30 -# -# node_timeout = -# max duration of an http request; this is for REPLICATE finalization calls and -# so should be longer than node_timeout -# http_timeout = 60 -# -# attempts to kill all workers if nothing replicates for lockup_timeout seconds -# lockup_timeout = 1800 -# -# The replicator also performs reclamation -# reclaim_age = 604800 -# -# ring_check_interval = 15 -# recon_cache_path = /var/cache/swift -# -# limits how long rsync error log lines are -# 0 means to log the entire line -# rsync_error_log_line_length = 0 -# -# handoffs_first and handoff_delete are options for a special case -# such as disk full in the cluster. These two options SHOULD NOT BE -# CHANGED, except for such an extreme situations. (e.g. disks filled up -# or are about to fill up. Anyway, DO NOT let your drives fill up) -# handoffs_first is the flag to replicate handoffs prior to canonical -# partitions. It allows to force syncing and deleting handoffs quickly. -# If set to a True value(e.g. "True" or "1"), partitions -# that are not supposed to be on the node will be replicated first. -# handoffs_first = False -# -# handoff_delete is the number of replicas which are ensured in swift. -# If the number less than the number of replicas is set, object-replicator -# could delete local handoffs even if all replicas are not ensured in the -# cluster. Object-replicator would remove local handoff partition directories -# after syncing partition when the number of successful responses is greater -# than or equal to this number. By default(auto), handoff partitions will be -# removed when it has successfully replicated to all the canonical nodes. -# handoff_delete = auto diff --git a/playbooks/roles/swift_object/templates/object-server.conf.j2 b/playbooks/roles/swift_object/templates/object-server.conf.j2 deleted file mode 100644 index 3cd249ae7a..0000000000 --- a/playbooks/roles/swift_object/templates/object-server.conf.j2 +++ /dev/null @@ -1,287 +0,0 @@ -[DEFAULT] -{% if is_metal == true and swift.storage_network is defined %} -{% set storage_bridge = 'ansible_' + swift.storage_network|replace('-', '_') %} -{% set storage_address = hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] %} -{% endif %} -bind_ip = {{ storage_address | default(container_address) }} -bind_port = {{ swift_object_port }} -# bind_timeout = 30 -# backlog = 4096 -user = {{ system_user }} -swift_dir = /etc/swift -devices = {{ swift_vars.mount_point | default(swift.mount_point) }} -# mount_check = true -# disable_fallocate = false -# expiring_objects_container_divisor = 86400 -# expiring_objects_account_name = expiring_objects -# -# Use an integer to override the number of pre-forked processes that will -# accept connections. -# workers = auto -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# You can specify default log routing here if you want: -# log_name = swift -log_facility = LOG_LOCAL4 -# log_level = INFO -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = localhost -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# eventlet_debug = false -# -# You can set fallocate_reserve to the number of bytes you'd like fallocate to -# reserve, whether there is space for the given file size or not. -# fallocate_reserve = 0 -# -# Time to wait while attempting to connect to another backend node. -# conn_timeout = 0.5 -# Time to wait while sending each chunk of data to another backend node. -# node_timeout = 3 -# Time to wait while receiving each chunk of data from a client or another -# backend node. -# client_timeout = 60 -# -# network_chunk_size = 65536 -# disk_chunk_size = 65536 - -[pipeline:main] -pipeline = healthcheck recon object-server - -[app:object-server] -use = egg:swift#object -log_facility = LOG_LOCAL4 -# You can override the default log routing for this app here: -# set log_name = object-server -# set log_facility = LOG_LOCAL4 -# set log_level = INFO -# set log_requests = true -# set log_address = /dev/log -# -# max_upload_time = 86400 -# slow = 0 -# -# Objects smaller than this are not evicted from the buffercache once read -# keep_cache_size = 5424880 -# -# If true, objects for authenticated GET requests may be kept in buffer cache -# if small enough -# keep_cache_private = false -# -# on PUTs, sync data every n MB -# mb_per_sync = 512 -mb_per_sync = 64 -# -# Comma separated list of headers that can be set in metadata on an object. -# This list is in addition to X-Object-Meta-* headers and cannot include -# Content-Type, etag, Content-Length, or deleted -# allowed_headers = Content-Disposition, Content-Encoding, X-Delete-At, X-Object-Manifest, X-Static-Large-Object -# -# auto_create_account_prefix = . -# -# A value of 0 means "don't use thread pools". A reasonable starting point is -# 4. -# threads_per_disk = 0 -# -# Configure parameter for creating specific server -# To handle all verbs, including replication verbs, do not specify -# "replication_server" (this is the default). To only handle replication, -# set to a True value (e.g. "True" or "1"). To handle only non-replication -# verbs, set to "False". Unless you have a separate replication network, you -# should not specify any value for "replication_server". -# replication_server = false -# -# Set to restrict the number of concurrent incoming REPLICATION requests -# Set to 0 for unlimited -# Note that REPLICATION is currently an ssync only item -# replication_concurrency = 4 -# -# Restricts incoming REPLICATION requests to one per device, -# replication_currency above allowing. This can help control I/O to each -# device, but you may wish to set this to False to allow multiple REPLICATION -# requests (up to the above replication_concurrency setting) per device. -# replication_one_per_device = True -# -# Number of seconds to wait for an existing replication device lock before -# giving up. -# replication_lock_timeout = 15 -# -# These next two settings control when the REPLICATION subrequest handler will -# abort an incoming REPLICATION attempt. An abort will occur if there are at -# least threshold number of failures and the value of failures / successes -# exceeds the ratio. The defaults of 100 and 1.0 means that at least 100 -# failures have to occur and there have to be more failures than successes for -# an abort to occur. -# replication_failure_threshold = 100 -# replication_failure_ratio = 1.0 - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE" -# disable_path = - -[filter:recon] -use = egg:swift#recon -log_facility = LOG_LOCAL4 -recon_cache_path = /var/cache/swift -recon_lock_path = /var/lock/swift - -{% if swift.replication_network is not defined %} -[object-replicator] -# You can override the default log routing for this app here (don't use set!): -# log_name = object-replicator -log_facility = LOG_LOCAL4 -# log_level = INFO -# log_address = /dev/log -# -# vm_test_mode = no -# daemonize = on -# run_pause = 30 -concurrency = 6 -# stats_interval = 300 -# -# The sync method to use; default is rsync but you can use ssync to try the -# EXPERIMENTAL all-swift-code-no-rsync-callouts method. Once ssync is verified -# as having performance comparable to, or better than, rsync, we plan to -# deprecate rsync so we can move on with more features for replication. -# sync_method = rsync -# -# max duration of a partition rsync -# rsync_timeout = 900 -# -# bandwidth limit for rsync in kB/s. 0 means unlimited -# rsync_bwlimit = 0 -# -# passed to rsync for io op timeout -# rsync_io_timeout = 30 -# -# node_timeout = -# max duration of an http request; this is for REPLICATE finalization calls and -# so should be longer than node_timeout -# http_timeout = 60 -# -# attempts to kill all workers if nothing replicates for lockup_timeout seconds -# lockup_timeout = 1800 -# -# The replicator also performs reclamation -# reclaim_age = 604800 -# -# ring_check_interval = 15 -# recon_cache_path = /var/cache/swift -# -# limits how long rsync error log lines are -# 0 means to log the entire line -# rsync_error_log_line_length = 0 -# -# handoffs_first and handoff_delete are options for a special case -# such as disk full in the cluster. These two options SHOULD NOT BE -# CHANGED, except for such an extreme situations. (e.g. disks filled up -# or are about to fill up. Anyway, DO NOT let your drives fill up) -# handoffs_first is the flag to replicate handoffs prior to canonical -# partitions. It allows to force syncing and deleting handoffs quickly. -# If set to a True value(e.g. "True" or "1"), partitions -# that are not supposed to be on the node will be replicated first. -# handoffs_first = False -# -# handoff_delete is the number of replicas which are ensured in swift. -# If the number less than the number of replicas is set, object-replicator -# could delete local handoffs even if all replicas are not ensured in the -# cluster. Object-replicator would remove local handoff partition directories -# after syncing partition when the number of successful responses is greater -# than or equal to this number. By default(auto), handoff partitions will be -# removed when it has successfully replicated to all the canonical nodes. -# handoff_delete = auto -{% endif %} - -[object-updater] -# You can override the default log routing for this app here (don't use set!): -# log_name = object-updater -log_facility = LOG_LOCAL4 -# log_level = INFO -# log_address = /dev/log -# -# interval = 300 -concurrency = 3 -# node_timeout = -# slowdown will sleep that amount between objects -# slowdown = 0.01 -# -# recon_cache_path = /var/cache/swift -concurrency = 3 -node_timeout = 60 -conn_timeout = 5 - -[object-auditor] -# You can override the default log routing for this app here (don't use set!): -# log_name = object-auditor -log_facility = LOG_LOCAL4 -# log_level = INFO -# log_address = /dev/log -# -# You can set the disk chunk size that the auditor uses making it larger if -# you like for more efficient local auditing of larger objects -# disk_chunk_size = 65536 -# files_per_second = 20 -# concurrency = 1 -# bytes_per_second = 10000000 -# log_time = 3600 -# zero_byte_files_per_second = 50 -# recon_cache_path = /var/cache/swift - -# Takes a comma separated list of ints. If set, the object auditor will -# increment a counter for every object whose size is <= to the given break -# points and report the result after a full scan. -# object_size_stats = - -# Note: Put it at the beginning of the pipleline to profile all middleware. But -# it is safer to put this after healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/object.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false diff --git a/playbooks/roles/swift_proxy/templates/proxy-server.conf.j2 b/playbooks/roles/swift_proxy/templates/proxy-server.conf.j2 deleted file mode 100644 index 8e37f2430f..0000000000 --- a/playbooks/roles/swift_proxy/templates/proxy-server.conf.j2 +++ /dev/null @@ -1,625 +0,0 @@ -[DEFAULT] -bind_ip = 0.0.0.0 -bind_port = {{ swift_proxy_port }} -# bind_timeout = 30 -# backlog = 4096 -# swift_dir = /etc/swift -user = {{ system_user }} - -# Enables exposing configuration settings via HTTP GET /info. -# expose_info = true - -# Key to use for admin calls that are HMAC signed. Default is empty, -# which will disable admin calls to /info. -# admin_key = secret_admin_key -# -# Allows the ability to withhold sections from showing up in the public calls -# to /info. You can withhold subsections by separating the dict level with a -# ".". The following would cause the sections 'container_quotas' and 'tempurl' -# to not be listed, and the key max_failed_deletes would be removed from -# bulk_delete. Default is empty, allowing all registered fetures to be listed -# via HTTP GET /info. -# disallowed_sections = container_quotas, tempurl, bulk_delete.max_failed_deletes - -# Use an integer to override the number of pre-forked processes that will -# accept connections. Should default to the number of effective cpu -# cores in the system. It's worth noting that individual workers will -# use many eventlet co-routines to service multiple concurrent requests. -# workers = auto -# -# Maximum concurrent requests per worker -# max_clients = 1024 -# -# Set the following two lines to enable SSL. This is for testing only. -# cert_file = /etc/swift/proxy.crt -# key_file = /etc/swift/proxy.key -# -# expiring_objects_container_divisor = 86400 -# expiring_objects_account_name = expiring_objects -# -# You can specify default log routing here if you want: -# log_name = swift -log_facility = LOG_LOCAL1 -# log_level = INFO -# log_headers = false -# log_address = /dev/log -# The following caps the length of log lines to the value given; no limit if -# set to 0, the default. -# log_max_line_length = 0 -# -# This optional suffix (default is empty) that would be appended to the swift transaction -# id allows one to easily figure out from which cluster that X-Trans-Id belongs to. -# This is very useful when one is managing more than one swift cluster. -# trans_id_suffix = -# -# comma separated list of functions to call to setup custom log handlers. -# functions get passed: conf, name, log_to_console, log_route, fmt, logger, -# adapted_logger -# log_custom_handlers = -# -# If set, log_udp_host will override log_address -# log_udp_host = -# log_udp_port = 514 -# -# You can enable StatsD logging here: -# log_statsd_host = localhost -# log_statsd_port = 8125 -# log_statsd_default_sample_rate = 1.0 -# log_statsd_sample_rate_factor = 1.0 -# log_statsd_metric_prefix = -# -# Use a comma separated list of full url (http://foo.bar:1234,https://foo.bar) -# cors_allow_origin = -# strict_cors_mode = True -# -# client_timeout = 60 -# eventlet_debug = false - -[pipeline:main] -{% if authtoken_active %} -pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo proxy-logging proxy-server -{% else %} -pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo proxy-logging proxy-server -{% endif %} -[app:proxy-server] -use = egg:swift#proxy -log_facility = LOG_LOCAL1 -# You can override the default log routing for this app here: -# set log_name = proxy-server -# set log_facility = LOG_LOCAL1 -# set log_level = INFO -# set log_address = /dev/log -# -# log_handoffs = true -# recheck_account_existence = 60 -# recheck_container_existence = 60 -# object_chunk_size = 65536 -# client_chunk_size = 65536 -# -# How long the proxy server will wait on responses from the a/c/o servers. -node_timeout = 60 -# -# How long the proxy server will wait for an initial response and to read a -# chunk of data from the object servers while serving GET / HEAD requests. -# Timeouts from these requests can be recovered from so setting this to -# something lower than node_timeout would provide quicker error recovery -# while allowing for a longer timeout for non-recoverable requests (PUTs). -# Defaults to node_timeout, should be overriden if node_timeout is set to a -# high number to prevent client timeouts from firing before the proxy server -# has a chance to retry. -# recoverable_node_timeout = node_timeout -# -conn_timeout = 3.5 -# -# How long to wait for requests to finish after a quorum has been established. -# post_quorum_timeout = 0.5 -# -# How long without an error before a node's error count is reset. This will -# also be how long before a node is reenabled after suppression is triggered. -# error_suppression_interval = 60 -# -# How many errors can accumulate before a node is temporarily ignored. -# error_suppression_limit = 10 -# -# If set to 'true' any authorized user may create and delete accounts; if -# 'false' no one, even authorized, can. -# allow_account_management = false -# -# Set object_post_as_copy = false to turn on fast posts where only the metadata -# changes are stored anew and the original data file is kept in place. This -# makes for quicker posts; but since the container metadata isn't updated in -# this mode, features like container sync won't be able to sync posts. -# object_post_as_copy = true -# -# If set to 'true' authorized accounts that do not yet exist within the Swift -# cluster will be automatically created. -account_autocreate = true -# -# If set to a positive value, trying to create a container when the account -# already has at least this maximum containers will result in a 403 Forbidden. -# Note: This is a soft limit, meaning a user might exceed the cap for -# recheck_account_existence before the 403s kick in. -# max_containers_per_account = 0 -# -# This is a comma separated list of account hashes that ignore the -# max_containers_per_account cap. -# max_containers_whitelist = -# -# Comma separated list of Host headers to which the proxy will deny requests. -# deny_host_headers = -# -# Prefix used when automatically creating accounts. -# auto_create_account_prefix = . -# -# Depth of the proxy put queue. -# put_queue_depth = 10 -# -# Storage nodes can be chosen at random (shuffle), by using timing -# measurements (timing), or by using an explicit match (affinity). -# Using timing measurements may allow for lower overall latency, while -# using affinity allows for finer control. In both the timing and -# affinity cases, equally-sorting nodes are still randomly chosen to -# spread load. -# The valid values for sorting_method are "affinity", "shuffle", and "timing". -# sorting_method = shuffle -# -# If the "timing" sorting_method is used, the timings will only be valid for -# the number of seconds configured by timing_expiry. -# timing_expiry = 300 -# -# The maximum time (seconds) that a large object connection is allowed to last. -# max_large_object_get_time = 86400 -# -# Set to the number of nodes to contact for a normal request. You can use -# '* replicas' at the end to have it use the number given times the number of -# replicas for the ring being used for the request. -# request_node_count = 2 * replicas -# -# Which backend servers to prefer on reads. Format is r for region -# N or rz for region N, zone M. The value after the equals is -# the priority; lower numbers are higher priority. -# -# Example: first read from region 1 zone 1, then region 1 zone 2, then -# anything in region 2, then everything else: -# read_affinity = r1z1=100, r1z2=200, r2=300 -# Default is empty, meaning no preference. -# read_affinity = -# -# Which backend servers to prefer on writes. Format is r for region -# N or rz for region N, zone M. If this is set, then when -# handling an object PUT request, some number (see setting -# write_affinity_node_count) of local backend servers will be tried -# before any nonlocal ones. -# -# Example: try to write to regions 1 and 2 before writing to any other -# nodes: -# write_affinity = r1, r2 -# Default is empty, meaning no preference. -# write_affinity = -# -# The number of local (as governed by the write_affinity setting) -# nodes to attempt to contact first, before any non-local ones. You -# can use '* replicas' at the end to have it use the number given -# times the number of replicas for the ring being used for the -# request. -# write_affinity_node_count = 2 * replicas -# -# These are the headers whose values will only be shown to swift_owners. The -# exact definition of a swift_owner is up to the auth system in use, but -# usually indicates administrative responsibilities. -# swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-account-access-control - -[filter:tempauth] -use = egg:swift#tempauth -# You can override the default log routing for this filter here: -# set log_name = tempauth -# set log_facility = LOG_LOCAL1 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# The reseller prefix will verify a token begins with this prefix before even -# attempting to validate it. Also, with authorization, only Swift storage -# accounts with this prefix will be authorized by this middleware. Useful if -# multiple auth systems are in use for one Swift cluster. -# reseller_prefix = AUTH -# -# The auth prefix will cause requests beginning with this prefix to be routed -# to the auth subsystem, for granting tokens, etc. -# auth_prefix = /auth/ -# token_life = 86400 -# -# This allows middleware higher in the WSGI pipeline to override auth -# processing, useful for middleware such as tempurl and formpost. If you know -# you're not going to use such middleware and you want a bit of extra security, -# you can set this to false. -# allow_overrides = true -# -# This specifies what scheme to return with storage urls: -# http, https, or default (chooses based on what the server is running as) -# This can be useful with an SSL load balancer in front of a non-SSL server. -# storage_url_scheme = default -# -# Lastly, you need to list all the accounts/users you want here. The format is: -# user__ = [group] [group] [...] [storage_url] -# or if you want underscores in or , you can base64 encode them -# (with no equal signs) and use this format: -# user64__ = [group] [group] [...] [storage_url] -# There are special groups of: -# .reseller_admin = can do anything to any account for this auth -# .admin = can do anything within the account -# If neither of these groups are specified, the user can only access containers -# that have been explicitly allowed for them by a .admin or .reseller_admin. -# The trailing optional storage_url allows you to specify an alternate url to -# hand back to the user upon authentication. If not specified, this defaults to -# $HOST/v1/_ where $HOST will do its best to resolve -# to what the requester would need to use to reach this host. -# Here are example entries, required for running the tests: -{% if not authtoken_active %} -user_admin_admin = admin .admin .reseller_admin -user_test_tester = testing .admin -user_test2_tester2 = testing2 .admin -user_test_tester3 = testing3 -{% endif %} - -# To enable Keystone authentication you need to have the auth token -# middleware first to be configured. Here is an example below, please -# refer to the keystone's documentation for details about the -# different settings. -# -# You'll need to have as well the keystoneauth middleware enabled -# and have it in your main pipeline so instead of having tempauth in -# there you can change it to: authtoken keystoneauth -# -{% if authtoken_active %} -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} -auth_uri = {{ auth_identity_uri }} -admin_tenant_name = {{ service_admin_tenant_name }} -admin_user = {{ service_admin_username }} -admin_password = {{ service_admin_password }} -delay_auth_decision = {{ delay_auth_decision }} -# cache = swift.cache -# include_service_catalog = False -{% endif %} -# -[filter:keystoneauth] -use = egg:swift#keystoneauth -# Operator roles is the role which user would be allowed to manage a -# tenant and be able to create container or give ACL to others. -{% if swift_allow_all_users is defined and swift_allow_all_users == True %} -operator_roles = admin, swiftoperator, _member_ -{% else %} -operator_roles = admin, swiftoperator -{% endif %} -# The reseller admin role has the ability to create and delete accounts -reseller_admin_role = reseller_admin - -[filter:healthcheck] -use = egg:swift#healthcheck -# An optional filesystem path, which if present, will cause the healthcheck -# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE". -# This facility may be used to temporarily remove a Swift node from a load -# balancer pool during maintenance or upgrade (remove the file to allow the -# node back into the load balancer pool). -# disable_path = - -[filter:cache] -use = egg:swift#memcache -# You can override the default log routing for this filter here: -# set log_name = cache -# set log_facility = LOG_LOCAL1 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# If not set here, the value for memcache_servers will be read from -# memcache.conf (see memcache.conf-sample) or lacking that file, it will -# default to the value below. You can specify multiple servers separated with -# commas, as in: 10.1.2.3:11211,10.1.2.4:11211 -memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port|default('11211') }}{% if not loop.last %},{% endif %}{% endfor %} - -# Sets how memcache values are serialized and deserialized: -# 0 = older, insecure pickle serialization -# 1 = json serialization but pickles can still be read (still insecure) -# 2 = json serialization only (secure and the default) -# If not set here, the value for memcache_serialization_support will be read -# from /etc/swift/memcache.conf (see memcache.conf-sample). -# To avoid an instant full cache flush, existing installations should -# upgrade with 0, then set to 1 and reload, then after some time (24 hours) -# set to 2 and reload. -# In the future, the ability to use pickle serialization will be removed. -memcache_serialization_support = 2 -# -# Sets the maximum number of connections to each memcached server per worker -# memcache_max_connections = 2 - -[filter:ratelimit] -use = egg:swift#ratelimit -# You can override the default log routing for this filter here: -# set log_name = ratelimit -# set log_facility = LOG_LOCAL1 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# clock_accuracy should represent how accurate the proxy servers' system clocks -# are with each other. 1000 means that all the proxies' clock are accurate to -# each other within 1 millisecond. No ratelimit should be higher than the -# clock accuracy. -# clock_accuracy = 1000 -# -# max_sleep_time_seconds = 60 -# -# log_sleep_time_seconds of 0 means disabled -# log_sleep_time_seconds = 0 -# -# allows for slow rates (e.g. running up to 5 sec's behind) to catch up. -# rate_buffer_seconds = 5 -# -# account_ratelimit of 0 means disabled -# account_ratelimit = 0 - -# these are comma separated lists of account names -# account_whitelist = a,b -# account_blacklist = c,d - -# with container_limit_x = r -# for containers of size x limit write requests per second to r. The container -# rate will be linearly interpolated from the values given. With the values -# below, a container of size 5 will get a rate of 75. -# container_ratelimit_0 = 100 -# container_ratelimit_10 = 50 -# container_ratelimit_50 = 20 - -# Similarly to the above container-level write limits, the following will limit -# container GET (listing) requests. -# container_listing_ratelimit_0 = 100 -# container_listing_ratelimit_10 = 50 -# container_listing_ratelimit_50 = 20 - -[filter:domain_remap] -use = egg:swift#domain_remap -# You can override the default log routing for this filter here: -# set log_name = domain_remap -# set log_facility = LOG_LOCAL1 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# storage_domain = example.com -# path_root = v1 -# reseller_prefixes = AUTH - -[filter:catch_errors] -use = egg:swift#catch_errors -# You can override the default log routing for this filter here: -# set log_name = catch_errors -# set log_facility = LOG_LOCAL1 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -[filter:cname_lookup] -# Note: this middleware requires python-dnspython -use = egg:swift#cname_lookup -# You can override the default log routing for this filter here: -# set log_name = cname_lookup -# set log_facility = LOG_LOCAL1 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log -# -# Specify the storage_domain that match your cloud, multiple domains -# can be specified separated by a comma -# storage_domain = example.com -# -# lookup_depth = 1 - -# Note: Put staticweb just after your auth filter(s) in the pipeline -[filter:staticweb] -use = egg:swift#staticweb - -# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline -[filter:tempurl] -use = egg:swift#tempurl -# The methods allowed with Temp URLs. -# methods = GET HEAD PUT POST DELETE -# -# The headers to remove from incoming requests. Simply a whitespace delimited -# list of header names and names can optionally end with '*' to indicate a -# prefix match. incoming_allow_headers is a list of exceptions to these -# removals. -# incoming_remove_headers = x-timestamp -# -# The headers allowed as exceptions to incoming_remove_headers. Simply a -# whitespace delimited list of header names and names can optionally end with -# '*' to indicate a prefix match. -# incoming_allow_headers = -# -# The headers to remove from outgoing responses. Simply a whitespace delimited -# list of header names and names can optionally end with '*' to indicate a -# prefix match. outgoing_allow_headers is a list of exceptions to these -# removals. -# outgoing_remove_headers = x-object-meta-* -# -# The headers allowed as exceptions to outgoing_remove_headers. Simply a -# whitespace delimited list of header names and names can optionally end with -# '*' to indicate a prefix match. -# outgoing_allow_headers = x-object-meta-public-* - -# Note: Put formpost just before your auth filter(s) in the pipeline -[filter:formpost] -use = egg:swift#formpost - -# Note: Just needs to be placed before the proxy-server in the pipeline. -[filter:name_check] -use = egg:swift#name_check -# forbidden_chars = '"`<> -# maximum_length = 255 -# forbidden_regexp = /\./|/\.\./|/\.$|/\.\.$ - -[filter:list-endpoints] -use = egg:swift#list_endpoints -# list_endpoints_path = /endpoints/ - -[filter:proxy-logging] -use = egg:swift#proxy_logging -# If not set, logging directives from [DEFAULT] without "access_" will be used -# access_log_name = swift -# access_log_facility = LOG_LOCAL1 -# access_log_level = INFO -# access_log_address = /dev/log -# -# If set, access_log_udp_host will override access_log_address -# access_log_udp_host = -# access_log_udp_port = 514 -# -# You can use log_statsd_* from [DEFAULT] or override them here: -# access_log_statsd_host = localhost -# access_log_statsd_port = 8125 -# access_log_statsd_default_sample_rate = 1.0 -# access_log_statsd_sample_rate_factor = 1.0 -# access_log_statsd_metric_prefix = -# access_log_headers = false -# -# If access_log_headers is True and access_log_headers_only is set only -# these headers are logged. Multiple headers can be defined as comma separated -# list like this: access_log_headers_only = Host, X-Object-Meta-Mtime -# access_log_headers_only = -# -# By default, the X-Auth-Token is logged. To obscure the value, -# set reveal_sensitive_prefix to the number of characters to log. -# For example, if set to 12, only the first 12 characters of the -# token appear in the log. An unauthorized access of the log file -# won't allow unauthorized usage of the token. However, the first -# 12 or so characters is unique enough that you can trace/debug -# token usage. Set to 0 to suppress the token completely (replaced -# by '...' in the log). -# Note: reveal_sensitive_prefix will not affect the value -# logged with access_log_headers=True. -# reveal_sensitive_prefix = 16 -# -# What HTTP methods are allowed for StatsD logging (comma-sep); request methods -# not in this list will have "BAD_METHOD" for the portion of the metric. -# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS -# -# Note: The double proxy-logging in the pipeline is not a mistake. The -# left-most proxy-logging is there to log requests that were handled in -# middleware and never made it through to the right-most middleware (and -# proxy server). Double logging is prevented for normal requests. See -# proxy-logging docs. - -# Note: Put before both ratelimit and auth in the pipeline. -[filter:bulk] -use = egg:swift#bulk -# max_containers_per_extraction = 10000 -# max_failed_extractions = 1000 -# max_deletes_per_request = 10000 -# max_failed_deletes = 1000 - -# In order to keep a connection active during a potentially long bulk request, -# Swift may return whitespace prepended to the actual response body. This -# whitespace will be yielded no more than every yield_frequency seconds. -# yield_frequency = 10 - -# Note: The following parameter is used during a bulk delete of objects and -# their container. This would frequently fail because it is very likely -# that all replicated objects have not been deleted by the time the middleware got a -# successful response. It can be configured the number of retries. And the -# number of seconds to wait between each retry will be 1.5**retry - -# delete_container_retry_count = 0 - -# Note: Put after auth in the pipeline. -[filter:container-quotas] -use = egg:swift#container_quotas - -# Note: Put after auth and staticweb in the pipeline. -[filter:slo] -use = egg:swift#slo -# max_manifest_segments = 1000 -# max_manifest_size = 2097152 -# min_segment_size = 1048576 -# Start rate-limiting SLO segment serving after the Nth segment of a -# segmented object. -# rate_limit_after_segment = 10 -# -# Once segment rate-limiting kicks in for an object, limit segments served -# to N per second. 0 means no rate-limiting. -# rate_limit_segments_per_sec = 0 -# -# Time limit on GET requests (seconds) -# max_get_time = 86400 - -# Note: Put after auth and staticweb in the pipeline. -# If you don't put it in the pipeline, it will be inserted for you. -[filter:dlo] -use = egg:swift#dlo -# Start rate-limiting DLO segment serving after the Nth segment of a -# segmented object. -# rate_limit_after_segment = 10 -# -# Once segment rate-limiting kicks in for an object, limit segments served -# to N per second. 0 means no rate-limiting. -# rate_limit_segments_per_sec = 1 -# -# Time limit on GET requests (seconds) -# max_get_time = 86400 - -[filter:account-quotas] -use = egg:swift#account_quotas - -[filter:gatekeeper] -use = egg:swift#gatekeeper -# You can override the default log routing for this filter here: -# set log_name = gatekeeper -# set log_facility = LOG_LOCAL1 -# set log_level = INFO -# set log_headers = false -# set log_address = /dev/log - -[filter:container_sync] -use = egg:swift#container_sync -# Set this to false if you want to disallow any full url values to be set for -# any new X-Container-Sync-To headers. This will keep any new full urls from -# coming in, but won't change any existing values already in the cluster. -# Updating those will have to be done manually, as knowing what the true realm -# endpoint should be cannot always be guessed. -# allow_full_urls = true -# Set this to specify this clusters //realm/cluster as "current" in /info -# current = //REALM/CLUSTER - -# Note: Put it at the beginning of the pipleline to profile all middleware. But -# it is safer to put this after catch_errors, gatekeeper and healthcheck. -[filter:xprofile] -use = egg:swift#xprofile -# This option enable you to switch profilers which should inherit from python -# standard profiler. Currently the supported value can be 'cProfile', -# 'eventlet.green.profile' etc. -# profile_module = eventlet.green.profile -# -# This prefix will be used to combine process ID and timestamp to name the -# profile data file. Make sure the executing user has permission to write -# into this path (missing path segments will be created, if necessary). -# If you enable profiling in more than one type of daemon, you must override -# it with an unique value like: /var/log/swift/profile/proxy.profile -# log_filename_prefix = /tmp/log/swift/profile/default.profile -# -# the profile data will be dumped to local disk based on above naming rule -# in this interval. -# dump_interval = 5.0 -# -# Be careful, this option will enable profiler to dump data into the file with -# time stamp which means there will be lots of files piled up in the directory. -# dump_timestamp = false -# -# This is the path of the URL to access the mini web UI. -# path = /__profile__ -# -# Clear the data when the wsgi server shutdown. -# flush_at_shutdown = false -# -# unwind the iterator of applications -# unwind = false diff --git a/playbooks/roles/swift_ring_distribute/tasks/main.yml b/playbooks/roles/swift_ring_distribute/tasks/main.yml deleted file mode 100644 index 9e5ad8fc66..0000000000 --- a/playbooks/roles/swift_ring_distribute/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "Copy the rings over" - copy: > - src={{ item }} - dest=/etc/swift/ - mode=0644 - owner={{ system_user }} - group={{ system_group }} - with_fileglob: - - /etc/swift/rings/*.ring.gz - - /etc/swift/rings/*.builder diff --git a/playbooks/roles/swift_set_program_names/tasks/main.yml b/playbooks/roles/swift_set_program_names/tasks/main.yml deleted file mode 100644 index 0e83f00b7f..0000000000 --- a/playbooks/roles/swift_set_program_names/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Add server-replicator to program_names - set_fact: - program_names:"{{ program_names }} + [ 'swift-{{ service_conf_loc }}-replicator' ]" - when: swift.replication_network is defined and swift.replication_network != swift.storage_network diff --git a/playbooks/roles/swift_storage_setup/tasks/rsync_setup.yml b/playbooks/roles/swift_storage_setup/tasks/rsync_setup.yml deleted file mode 100644 index 6ef217c3ba..0000000000 --- a/playbooks/roles/swift_storage_setup/tasks/rsync_setup.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "Put /etc/rsyncd.conf in place" - template: > - src=rsyncd.conf.j2 - dest=/etc/rsyncd.conf - owner=root - mode=0644 - notify: Restart rsync service - -- name: "Enable rsync in defaults" - lineinfile: > - dest=/etc/default/rsync - line="RSYNC_ENABLE=true" - regexp="^RSYNC_ENABLE*" - notify: Restart rsync service diff --git a/playbooks/roles/swift_storage_setup/tasks/swift_recon_cron.yml b/playbooks/roles/swift_storage_setup/tasks/swift_recon_cron.yml deleted file mode 100644 index 9c5e899a28..0000000000 --- a/playbooks/roles/swift_storage_setup/tasks/swift_recon_cron.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# We need the location of swift-recon-cron -- name: "Get location of swift-recon-cron" - shell: which swift-recon-cron - register: recon_cron_path - -- name: "Setup swift-recon-cron cron job" - cron: > - name="swift-recon-cron run" - minute=*/5 - user="swift" - job="{{ recon_cron_path.stdout }} /etc/swift/object-server/object-server.conf" - cron_file="swift_recon_cron" diff --git a/playbooks/roles/swiftoperator_role_create/tasks/main.yml b/playbooks/roles/swiftoperator_role_create/tasks/main.yml deleted file mode 100644 index 13eafe4c6a..0000000000 --- a/playbooks/roles/swiftoperator_role_create/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Create the swiftoperator role -- name: Ensure swiftoperator role - keystone: > - command=ensure_role - login_tenant_name="{{ auth_admin_tenant }}" - login_user="{{ auth_admin_username }}" - login_password="{{ auth_admin_password }}" - endpoint="{{ auth_admin_uri }}" - role_name="swiftoperator" diff --git a/playbooks/roles/tempest/tasks/main.yml b/playbooks/roles/tempest/tasks/main.yml deleted file mode 100644 index 31576bdeb6..0000000000 --- a/playbooks/roles/tempest/tasks/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Get admin tenant id - keystone: - command: get_tenant - tenant_name: admin - endpoint: "{{ auth_identity_uri }}" - login_tenant_name: "{{ auth_admin_tenant }}" - login_user: "{{ auth_admin_username }}" - login_password: "{{ auth_admin_password }}" - -- name: Store admin tenant id - set_fact: - keystone_admin_tenant_id: "{{ keystone_facts.id }}" - -- name: Create tempest lock dir - file: - path: "/opt/{{ repo_path }}/locks" - state: directory - -- name: Template tempest config - template: - src: tempest.conf.j2 - dest: "/opt/{{ repo_path }}/etc/tempest.conf" - -- name: Drop tempest script - copy: - src: openstack_tempest_gate.sh - dest: /root/openstack_tempest_gate.sh - -- name: Set attributes for tempest script - file: - path: /root/openstack_tempest_gate.sh - mode: 0755 diff --git a/playbooks/roles/tempest/templates/tempest.conf.j2 b/playbooks/roles/tempest/templates/tempest.conf.j2 deleted file mode 100644 index 0dfabcb344..0000000000 --- a/playbooks/roles/tempest/templates/tempest.conf.j2 +++ /dev/null @@ -1,157 +0,0 @@ -[DEFAULT] -debug = True -log_file = tempest.log -use_stderr = False -lock_path = /opt/{{ repo_path }}/locks - -[auth] -tempest_roles = remote_image - -[boto] -ssh_user = cirros -instance_type = tempest1 -aki_manifest = cirros-0.3.2-x86_64-vmlinuz.manifest.xml -ami_manifest = cirros-0.3.2-x86_64-blank.img.manifest.xml -ari_manifest = cirros-0.3.2-x86_64-initrd.manifest.xml -s3_materials_path = /opt/stack/devstack/files/images/s3-materials/cirros-0.3.2 -s3_url = http://134.213.136.181:3333 -ec2_url = http://134.213.136.181:8773/services/Cloud -http_socket_timeout = 30 -build_timeout = 600 - -[cli] -cli_dir = /usr/local/bin -has_manage=false - - - -[compute] -ssh_connect_method = floating -flavor_ref_alt = 202 -flavor_ref = 201 -image_alt_ssh_user = cirros -image_ref_alt = {{ hostvars[groups['utility_all'][0]]['glance_images']['cirros']['id'] }} -image_ssh_user = cirros -image_ref = {{ hostvars[groups['utility_all'][0]]['glance_images']['cirros']['id'] }} -ssh_timeout = 196 -ip_version_for_ssh = 4 -network_for_ssh = private -ssh_user = cirros -allow_tenant_isolation = True -build_timeout = 600 - -[compute-admin] -tenant_name = {{ auth_admin_tenant }} -password = {{ auth_admin_password }} -username = {{ auth_admin_username }} - -[compute-feature-enabled] -api_v3_extensions = all -api_extensions = all -block_migration_for_live_migration = False -change_password = False -live_migration = False -resize = True -api_v3 = False -xml_api_v2 = False - - -[dashboard] -login_url = http://{{ external_vip_address }}/auth/login/ -dashboard_url = http://{{ external_vip_address }}/ - - -[identity] -auth_version = v2 -admin_domain_name = Default -admin_tenant_id = {{ keystone_admin_tenant_id }} -admin_tenant_name = {{ auth_admin_tenant }} -admin_password = {{ auth_admin_password }} -admin_username = {{ auth_admin_username }} -alt_tenant_name = alt_demo -alt_password = alt_demo -alt_username = alt_demo -tenant_name = demo -password = demo -username = demo -uri_v3 = http://{{ external_vip_address }}:5000/v3/ -uri = http://{{ external_vip_address }}:5000/v2.0/ - - -[identity-feature-enabled] -xml_api = False - -[image] - - -[image-feature-enabled] -[input-scenario] -[negative] - -[network] -default_network = 192.168.74.0/24 -public_router_id = -public_network_id = {{ hostvars[groups['utility_all'][0]]['neutron_networks']['public']['id'] }} -tenant_networks_reachable = false -api_version = 2.0 - -[network-feature-enabled] -api_extensions = agent, allowed-address-pairs, binding, dhcp_agent_scheduler, ext-gw-mode, external-net, extra_dhcp_opt, extra_dhcp_optagent, extraroute, l3_agent_scheduler, metering, provider, quotas, router, security-group, service-type -ipv6_subnet_attributes = True -ipv6 = True -xml_api = False - -[object-storage] -operator_role = swiftoperator -reseller_admin_role = reseller_admin - - - -[object-storage-feature-enabled] -discoverable_apis = all -object_versioning = false - - -[orchestration] -build_timeout = 900 -instance_type = m1.heat -image_ref = Fedora-x86_64-20-20140618-sda - -[queuing] -[scenario] -large_ops_number = 0 -aki_img_file = cirros-0.3.2-x86_64-vmlinuz -ari_img_file = cirros-0.3.2-x86_64-initrd -ami_img_file = cirros-0.3.2-x86_64-blank.img -img_dir = /opt/stack/devstack/files/images/cirros-0.3.2-x86_64-uec - -[service_available] -neutron = True -heat = True -ceilometer = False -{% if hostvars[groups['utility_all'][0]]['tempest_run_swift_tests'] == True %} -swift = True -{% else %} -swift = False -{% endif %} -cinder = True -nova = True -glance = True -horizon = True -sahara = False -ironic = False - -[stress] - - -[telemetry] -too_slow_to_test = False - - -[volume] -build_timeout = 600 - - -[volume-feature-enabled] -backup = False -api_extensions = all diff --git a/playbooks/roles/utility_common/files/Rakefile b/playbooks/roles/utility_common/files/Rakefile deleted file mode 100644 index b6a9881353..0000000000 --- a/playbooks/roles/utility_common/files/Rakefile +++ /dev/null @@ -1,8 +0,0 @@ -require 'rake' -require 'rspec/core/rake_task' - -RSpec::Core::RakeTask.new(:spec) do |t| - t.pattern = 'spec/*/*_spec.rb' -end - -task :default => :spec diff --git a/playbooks/roles/utility_common/files/spec_helper.rb b/playbooks/roles/utility_common/files/spec_helper.rb deleted file mode 100644 index a243a582ca..0000000000 --- a/playbooks/roles/utility_common/files/spec_helper.rb +++ /dev/null @@ -1,31 +0,0 @@ -require 'serverspec' -require 'pathname' -require 'net/ssh' - -include SpecInfra::Helper::Ssh -include SpecInfra::Helper::DetectOS - -RSpec.configure do |c| - if ENV['ASK_SUDO_PASSWORD'] - require 'highline/import' - c.sudo_password = ask("Enter sudo password: ") { |q| q.echo = false } - else - c.sudo_password = ENV['SUDO_PASSWORD'] - end - c.before :all do - block = self.class.metadata[:example_group_block] - if RUBY_VERSION.start_with?('1.8') - file = block.to_s.match(/.*@(.*):[0-9]+>/)[1] - else - file = block.source_location.first - end - host = File.basename(Pathname.new(file).dirname) - if c.host != host - c.ssh.close if c.ssh - c.host = host - options = Net::SSH::Config.for(c.host) - user = options[:user] || Etc.getlogin - c.ssh = Net::SSH.start(host, user, options) - end - end -end diff --git a/playbooks/roles/utility_common/tasks/main.yml b/playbooks/roles/utility_common/tasks/main.yml deleted file mode 100644 index 95031abc9e..0000000000 --- a/playbooks/roles/utility_common/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Grab private ssh key - set_fact: - private_ssh_key: "{{ lookup('file', '~/.ssh/id_rsa') }}" - -- name: Drop in private ssh key - copy: - content: "{{ private_ssh_key }}" - dest: ~/.ssh/id_rsa - mode: 0600 - owner: root - group: root diff --git a/playbooks/rsyslog-config.yml b/playbooks/rsyslog-config.yml deleted file mode 100644 index 5858daa064..0000000000 --- a/playbooks/rsyslog-config.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Setup supporting services -- hosts: rsyslog - user: root - roles: - - rsyslog_config diff --git a/playbooks/rsyslog-install.yml b/playbooks/rsyslog-install.yml index 3c52295ea9..7a26b93f80 100644 --- a/playbooks/rsyslog-install.yml +++ b/playbooks/rsyslog-install.yml @@ -13,14 +13,36 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: rsyslog +- name: Install rsyslog + hosts: rsyslog + max_fail_percentage: 20 user: root + pre_tasks: + - name: Rsyslog extra lxc config + lxc-container: + name: "{{ container_name }}" + container_command: | + [[ ! -d "/openstack/log" ]] && mkdir -p "/openstack/log" + container_config: + - "lxc.mount.entry=/openstack/log openstack/log none bind 0 0" + delegate_to: "{{ physical_host }}" + when: is_metal == false or is_metal == "False" + tags: + - rsyslog-dir + - name: Flush net cache + command: /usr/local/bin/lxc-system-manage flush-net-cache + delegate_to: "{{ physical_host }}" + tags: + - flush-net-cache + - name: Wait for container ssh + wait_for: + port: "22" + delay: 5 + host: "{{ ansible_ssh_host }}" + tags: + - rsyslog-ssh-wait roles: - - container_extra_setup - - common - - container_common - - safe_upgrade - - rsyslog - vars_files: - - vars/config_vars/container_config_rsyslog.yml - - vars/repo_packages/rsyslog.yml + - { role: "rsyslog_setup", tags: [ "rsyslog-setup" ] } + vars: + ansible_hostname: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/rsyslog-stop.yml b/playbooks/rsyslog-stop.yml deleted file mode 100644 index 972b6ef280..0000000000 --- a/playbooks/rsyslog-stop.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Setup supporting services -- hosts: rsyslog - user: root - roles: - - rsyslog_stop diff --git a/playbooks/setup-common.yml b/playbooks/setup-common.yml deleted file mode 100644 index f518763a63..0000000000 --- a/playbooks/setup-common.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This playbook deploys All Containers. -- hosts: "{{ host_group|default('hosts') }}" - user: root - roles: - - safe_upgrade - - common - - host_common - - lxc_common - diff --git a/playbooks/setup-everything.yml b/playbooks/setup-everything.yml index b5fc00ea9f..da1e956a32 100644 --- a/playbooks/setup-everything.yml +++ b/playbooks/setup-everything.yml @@ -13,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: host-setup.yml -- include: infrastructure-setup.yml -- include: openstack-setup.yml - +- include: setup-hosts.yml +- include: setup-infrastructure.yml +- include: setup-openstack.yml diff --git a/playbooks/containers-common.yml b/playbooks/setup-hosts.yml similarity index 84% rename from playbooks/containers-common.yml rename to playbooks/setup-hosts.yml index eef04e4560..e90d5d0923 100644 --- a/playbooks/containers-common.yml +++ b/playbooks/setup-hosts.yml @@ -13,9 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: all_containers - user: root - roles: - - common - - common_sudoers - - rsyslog +- include: openstack-hosts-setup.yml +- include: lxc-hosts-setup.yml +- include: lxc-containers-create.yml diff --git a/playbooks/infrastructure-setup.yml b/playbooks/setup-infrastructure.yml similarity index 78% rename from playbooks/infrastructure-setup.yml rename to playbooks/setup-infrastructure.yml index 5bfdd4b7ea..c711a44cc0 100644 --- a/playbooks/infrastructure-setup.yml +++ b/playbooks/setup-infrastructure.yml @@ -14,11 +14,8 @@ # limitations under the License. - include: memcached-install.yml +- include: repo-install.yml - include: galera-install.yml -- include: rabbit-install.yml +- include: rabbitmq-install.yml - include: rsyslog-install.yml -- include: elasticsearch-install.yml -- include: logstash-install.yml -- include: kibana-install.yml -- include: es2unix-install.yml -- include: rsyslog-config.yml +- include: utility-install.yml diff --git a/playbooks/cinder-scheduler.yml b/playbooks/setup-openstack.yml similarity index 71% rename from playbooks/cinder-scheduler.yml rename to playbooks/setup-openstack.yml index a032ae624b..53eed310e4 100644 --- a/playbooks/cinder-scheduler.yml +++ b/playbooks/setup-openstack.yml @@ -13,12 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: cinder_scheduler - user: root - roles: - - cinder_common - - init_script - vars_files: - - vars/openstack_service_vars/cinder_scheduler.yml - handlers: - - include: handlers/services.yml +- include: os-keystone-install.yml +- include: os-glance-install.yml +- include: os-cinder-install.yml +- include: os-nova-install.yml +- include: os-neutron-install.yml +- include: os-heat-install.yml +- include: os-horizon-install.yml diff --git a/playbooks/swift-account.yml b/playbooks/swift-account.yml deleted file mode 100644 index a6136720ab..0000000000 --- a/playbooks/swift-account.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: swift_hosts - user: root - roles: - - swift_set_program_names - - swift_init_scripts - - swift_account - vars_files: - - inventory/group_vars/swift_all.yml - - vars/openstack_service_vars/swift_account.yml - handlers: - - include: handlers/swift_services.yml diff --git a/playbooks/swift-all.yml b/playbooks/swift-all.yml deleted file mode 100644 index 995d2a0bbe..0000000000 --- a/playbooks/swift-all.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: swift-common.yml -- include: swift-build-rings.yml -- include: swift-proxy.yml -- include: swift-storage.yml -- include: rsyslog-config.yml diff --git a/playbooks/swift-build-rings.yml b/playbooks/swift-build-rings.yml deleted file mode 100644 index ed3086fab7..0000000000 --- a/playbooks/swift-build-rings.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: swift_hosts:swift_proxy - user: root - roles: - - swift_ring_md5sum - -- hosts: local - user: root - roles: - - { role: container_common, tags: [ 'directories' ] } - - openstack_common - - swift_common - - swift_ring_builder - vars_files: - - inventory/group_vars/swift_all.yml - - vars/repo_packages/swift.yml - -- hosts: swift_hosts:swift_proxy - user: root - roles: - - swift_ring_distribute - vars_files: - - inventory/group_vars/swift_all.yml diff --git a/playbooks/swift-container.yml b/playbooks/swift-container.yml deleted file mode 100644 index db3caddb4a..0000000000 --- a/playbooks/swift-container.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: swift_hosts - user: root - roles: - - swift_set_program_names - - swift_init_scripts - - swift_container - vars_files: - - inventory/group_vars/swift_all.yml - - vars/openstack_service_vars/swift_container.yml - handlers: - - include: handlers/swift_services.yml diff --git a/playbooks/swift-object.yml b/playbooks/swift-object.yml deleted file mode 100644 index b2dc3d797b..0000000000 --- a/playbooks/swift-object.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: swift_hosts - user: root - roles: - - swift_set_program_names - - swift_init_scripts - - swift_object - vars_files: - - inventory/group_vars/swift_all.yml - - vars/openstack_service_vars/swift_object.yml - handlers: - - include: handlers/swift_services.yml diff --git a/playbooks/swift-proxy.yml b/playbooks/swift-proxy.yml deleted file mode 100644 index d3e9ef5b65..0000000000 --- a/playbooks/swift-proxy.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: swift_proxy - user: root - roles: - - swift_common - - swift_init_scripts - - swift_proxy - vars_files: - - inventory/group_vars/swift_all.yml - - vars/openstack_service_vars/swift_proxy.yml - handlers: - - include: handlers/swift_services.yml - -- hosts: swift_proxy[0] - user: root - roles: - - keystone_add_service - - swiftoperator_role_create - - swift_dispersion_user - vars_files: - - vars/openstack_service_vars/swift_proxy_endpoint.yml diff --git a/playbooks/swift-storage.yml b/playbooks/swift-storage.yml deleted file mode 100644 index 6ac30656f3..0000000000 --- a/playbooks/swift-storage.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: swift_hosts - user: root - roles: - - swift_common - - swift_storage_setup - - rsyslog_config - vars_files: - - inventory/group_vars/swift_all.yml - -- include: swift-object.yml -- include: swift-account.yml -- include: swift-container.yml diff --git a/playbooks/tempest.yml b/playbooks/tempest.yml deleted file mode 100644 index 97d1b64efe..0000000000 --- a/playbooks/tempest.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Configure tempest on the utility containers - -- hosts: utility_all - user: root - roles: - - common - - openstack_common - - openstack_openrc - vars_files: - - vars/repo_packages/tempest.yml - - inventory/group_vars/tempest_all.yml - -# OpenStack resources only need to be created once -- hosts: utility_all[0] - user: root - roles: - - tempest_resources - vars_files: - - inventory/group_vars/tempest_all.yml - -# Tempest is installed and configured in all utility containers -- hosts: utility_all - user: root - vars_files: - - vars/repo_packages/tempest.yml - roles: - - tempest diff --git a/playbooks/upgrade-safe.yml b/playbooks/upgrade-safe.yml deleted file mode 100644 index 9d81012f7a..0000000000 --- a/playbooks/upgrade-safe.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: "{{ host_group|default('hosts') }}" - user: root - roles: - - safe_upgrade diff --git a/playbooks/utility-all.yml b/playbooks/utility-all.yml deleted file mode 100644 index 6aa0f338b5..0000000000 --- a/playbooks/utility-all.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: utility-common.yml diff --git a/playbooks/utility-common.yml b/playbooks/utility-common.yml deleted file mode 100644 index 8f497cb418..0000000000 --- a/playbooks/utility-common.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: utility_all - user: root - roles: - - common - - container_common - - utility_common - - openstack_openrc - - galera_client_cnf - vars_files: - - vars/config_vars/utility_config.yml - - vars/repo_packages/utility.yml diff --git a/playbooks/utility-install.yml b/playbooks/utility-install.yml new file mode 100644 index 0000000000..f0ac0bf3d5 --- /dev/null +++ b/playbooks/utility-install.yml @@ -0,0 +1,76 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Setup the utility location(s) + hosts: utility_all + max_fail_percentage: 20 + user: root + roles: + - { role: "galera_client", tags: [ "utility-galera-client" ] } + - { role: "pip_lock_down", tags: [ "utility-pip-lock-down" ] } + - { role: "openstack_openrc", tags: [ "utility-openstack-openrc" ] } + post_tasks: + - name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: utility_apt_packages + tags: + - utility-apt-packages + - name: Install pip packages + pip: + name: "{{ item }}" + state: present + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: utility_pip_packages + tags: + - utility-pip-packages + - name: Grab private ssh key + set_fact: + private_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa') }}" + - name: Drop in private ssh key + copy: + content: "{{ private_ssh_key }}" + dest: /root/.ssh/id_rsa + mode: 0600 + owner: root + group: root + vars: + galera_address: "{{ internal_lb_vip_address }}" + ansible_hostname: "{{ container_name }}" + ansible_ssh_host: "{{ container_address }}" + utility_apt_packages: + - openjdk-7-jre + utility_pip_packages: + - python-openstackclient + - python-cinderclient + - python-glanceclient + - python-heatclient + - python-keystoneclient + - python-neutronclient + - python-novaclient + - python-swiftclient + - python-memcached + - pycrypto + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/vars/config_vars/container_config.yml b/playbooks/vars/config_vars/container_config.yml deleted file mode 100644 index f23ae6edea..0000000000 --- a/playbooks/vars/config_vars/container_config.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Container Template Config -container_template: openstack -container_release: trusty - -# only used when the lxc vg is present on the target -container_lvm_fstype: ext4 -container_lvm_fssize: 5GB - -# Parameters on what the conatiner will be built with -container_config: /etc/lxc/lxc-openstack.conf - -# Baseline container configuration options. -container_config_options: - - "lxc.aa_profile=lxc-openstack" diff --git a/playbooks/vars/config_vars/container_config_cinder_volume.yml b/playbooks/vars/config_vars/container_config_cinder_volume.yml deleted file mode 100644 index ac8f0b2d99..0000000000 --- a/playbooks/vars/config_vars/container_config_cinder_volume.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Set the options that we want for the container, these are config options. -# The option is set as a YAML list which translates into "key = value" in config -container_config_options: - - "lxc.aa_profile=lxc-openstack" - - "lxc.cgroup.devices.allow=a *:* rmw" - -kernel_modules: - - iscsi_tcp - -sysctl_options: - - { key: 'net.ipv4.conf.all.rp_filter', value: 0 } - - { key: 'net.ipv4.conf.default.rp_filter', value: 0 } - - { key: 'net.ipv4.ip_forward', value: 1 } diff --git a/playbooks/vars/config_vars/container_config_elasticsearch.yml b/playbooks/vars/config_vars/container_config_elasticsearch.yml deleted file mode 100644 index 4ee09ba997..0000000000 --- a/playbooks/vars/config_vars/container_config_elasticsearch.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -container_config_options: - - "lxc.mount.entry=/openstack/{{ container_name }}/var/lib/elasticsearch var/lib/elasticsearch none bind 0 0" - - "lxc.aa_profile=unconfined" - -required_inner_dirs: - - "/var/lib/elasticsearch" - -required_outer_dirs: - - "/openstack/{{ container_name }}/var/lib/elasticsearch" diff --git a/playbooks/vars/config_vars/container_config_galera.yml b/playbooks/vars/config_vars/container_config_galera.yml deleted file mode 100644 index 511e833508..0000000000 --- a/playbooks/vars/config_vars/container_config_galera.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -container_config_options: - - "lxc.mount.entry=/openstack/{{ container_name }} var/lib/mysql none bind 0 0" - - "lxc.aa_profile=lxc-openstack" - -required_inner_dirs: - - "/var/lib/mysql" - -required_outer_dirs: - - "/openstack/{{ container_name }}" diff --git a/playbooks/vars/config_vars/container_config_logstash.yml b/playbooks/vars/config_vars/container_config_logstash.yml deleted file mode 100644 index e7c5adcb52..0000000000 --- a/playbooks/vars/config_vars/container_config_logstash.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -container_config_options: - - "lxc.aa_profile=unconfined" diff --git a/playbooks/vars/config_vars/container_config_memcached.yml b/playbooks/vars/config_vars/container_config_memcached.yml deleted file mode 100644 index 33b349d962..0000000000 --- a/playbooks/vars/config_vars/container_config_memcached.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -memcached_listen: "{{ container_address }}" - -container_config_options: - - "lxc.aa_profile=lxc-openstack" diff --git a/playbooks/vars/config_vars/container_config_neutron.yml b/playbooks/vars/config_vars/container_config_neutron.yml deleted file mode 100644 index d7a1b29c07..0000000000 --- a/playbooks/vars/config_vars/container_config_neutron.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Set the options that we want for the container, these are config options. -# The option is set as a YAML list which translates into "key = value" in config -container_config_options: - - "lxc.aa_profile=unconfined" - - "lxc.cgroup.devices.allow=a *:* rmw" - - "lxc.mount.entry=/lib/modules lib/modules none bind 0 0" - -required_inner_dirs: - - "/lib/modules" - -required_outer_dirs: - - "/lib/modules" - -kernel_modules: - - 8021q - - ip6table_filter - - ip6_tables - - ipt_REJECT - - iptable_mangle - - ipt_MASQUERADE - - iptable_nat - - nf_conntrack_ipv4 - - nf_defrag_ipv4 - - nf_nat_ipv4 - - nf_nat - - nf_conntrack - - iptable_filter - - ip_tables - - x_tables - -sysctl_options: - - { key: 'net.ipv4.conf.all.rp_filter', value: 0 } - - { key: 'net.ipv4.conf.default.rp_filter', value: 0 } - - { key: 'net.ipv4.ip_forward', value: 1 } - - { key: 'net.netfilter.nf_conntrack_max', value: 262144 } diff --git a/playbooks/vars/config_vars/container_config_rabbitmq.yml b/playbooks/vars/config_vars/container_config_rabbitmq.yml deleted file mode 100644 index cef6fa3723..0000000000 --- a/playbooks/vars/config_vars/container_config_rabbitmq.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Set the options that we want for the container, these are config options. -# The option is set as a YAML list which translates into "key = value" in config - -container_config_options: - - "lxc.aa_profile=lxc-openstack" \ No newline at end of file diff --git a/playbooks/vars/config_vars/container_interfaces.yml b/playbooks/vars/config_vars/container_interfaces.yml deleted file mode 100644 index d5cab6a909..0000000000 --- a/playbooks/vars/config_vars/container_interfaces.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -default_interfaces: | - # The loopback network interface - auto lo - iface lo inet loopback - # LXC interface - auto eth0 - iface eth0 inet dhcp - # Load any additional configs - source /etc/network/interfaces.d/*.cfg - -management_interface: | - auto {{ container_network['container_interface'] }} - iface {{ container_network['container_interface'] }} inet static - address {{ container_address }} - netmask {{ container_network['container_netmask']|default(container_netmask) }} diff --git a/playbooks/vars/config_vars/haproxy_config.yml b/playbooks/vars/config_vars/haproxy_config.yml deleted file mode 100644 index 7e18909c26..0000000000 --- a/playbooks/vars/config_vars/haproxy_config.yml +++ /dev/null @@ -1,178 +0,0 @@ -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -haproxy_config: - - service: - hap_service_name: galera - hap_backend_nodes: "{{ [groups['galera'][0]] }}" # list expected - hap_backup_nodes: "{{ groups['galera'][1:] }}" - hap_port: 3306 - hap_balance_type: tcp - hap_timeout_client: 5000s - hap_timeout_server: 5000s - hap_backend_options: - - "mysql-check user haproxy" - - service: - hap_service_name: glance_api - hap_backend_nodes: "{{ groups['glance_api'] }}" - hap_port: 9292 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: glance_registry - hap_backend_nodes: "{{ groups['glance_registry'] }}" - hap_port: 9191 - hap_balance_type: http - - service: - hap_service_name: heat_api_cfn - hap_backend_nodes: "{{ groups['heat_api_cfn'] }}" - hap_port: 8000 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: heat_api_cloudwatch - hap_backend_nodes: "{{ groups['heat_api_cloudwatch'] }}" - hap_port: 8003 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: heat_api - hap_backend_nodes: "{{ groups['heat_api'] }}" - hap_port: 8004 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: keystone_admin - hap_backend_nodes: "{{ groups['keystone'] }}" - hap_port: 35357 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: keystone_service - hap_backend_nodes: "{{ groups['keystone'] }}" - hap_port: 5000 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: neutron_server - hap_backend_nodes: "{{ groups['neutron_server'] }}" - hap_port: 9696 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: nova_api_ec2 - hap_backend_nodes: "{{ groups['nova_api_ec2'] }}" - hap_port: 8773 - hap_balance_type: http - - service: - hap_service_name: nova_api_metadata - hap_backend_nodes: "{{ groups['nova_api_metadata'] }}" - hap_port: 8775 - hap_balance_type: http - hap_backend_options: - - "httpchk" - - "httplog" - - service: - hap_service_name: nova_api_os_compute - hap_backend_nodes: "{{ groups['nova_api_os_compute'] }}" - hap_port: 8774 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: nova_spice_console - hap_backend_nodes: "{{ groups['nova_spice_console'] }}" - hap_port: 6082 - hap_balance_type: tcp - hap_timeout_client: 60m - hap_timeout_server: 60m - hap_balance_alg: source - - service: - hap_service_name: cinder_api - hap_backend_nodes: "{{ groups['cinder_api'] }}" - hap_port: 8776 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: horizon - hap_backend_nodes: "{{ groups['horizon'] }}" - hap_port: 80 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: horizon_ssl - hap_backend_nodes: "{{ groups['horizon'] }}" - hap_port: 443 - hap_balance_type: tcp - hap_backend_alg: source - hap_backend_options: - - "ssl-hello-chk" - - service: - hap_service_name: elasticsearch - hap_backend_nodes: "{{ [groups['elasticsearch'][0]] }}" - hap_port: 9200 - hap_balance_type: tcp - - service: - hap_service_name: kibana - hap_backend_nodes: "{{ [groups['kibana'][0]] }}" - hap_port: 8888 - hap_backend_port: 80 - hap_balance_type: http - hap_backend_alg: source - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" - - service: - hap_service_name: kibana_ssl - hap_backend_nodes: "{{ [groups['kibana'][0]] }}" - hap_port: 8443 - hap_balance_type: tcp - hap_backend_alg: source - hap_backend_options: - - "ssl-hello-chk" - - service: - hap_service_name: swift_proxy - hap_backend_nodes: "{{ groups['swift_proxy'] }}" - hap_port: 8080 - hap_balance_type: http diff --git a/playbooks/vars/config_vars/utility_config.yml b/playbooks/vars/config_vars/utility_config.yml deleted file mode 100644 index a3c3d6f820..0000000000 --- a/playbooks/vars/config_vars/utility_config.yml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -openstack_service_types: - - cinder_all - - cinder_api - - cinder_scheduler - - cinder_volume - - glance_all - - glance_api - - glance_registry - - heat_all - - heat_api_cfn - - heat_api_cloudwatch - - heat_api - - heat_engine - - horizon - - keystone_all - - keystone - - neutron_all - - neutron_dhcp_agent - - neutron_linuxbridge_agent - - neutron_metadata_agent - - neutron_server - - nova_all - - nova_api_ec2 - - nova_api_metadata - - nova_api_os_compute - - nova_compute - - nova_conductor - - nova_scheduler diff --git a/playbooks/vars/configs/haproxy_config.yml b/playbooks/vars/configs/haproxy_config.yml new file mode 100644 index 0000000000..1d5c7f6f87 --- /dev/null +++ b/playbooks/vars/configs/haproxy_config.yml @@ -0,0 +1,184 @@ +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +haproxy_service_configs: + - service: + haproxy_service_name: galera + haproxy_backend_nodes: "{{ [groups['galera_all'][0]] }}" # list expected + haproxy_backup_nodes: "{{ groups['galera_all'][1:] }}" + haproxy_port: 3306 + haproxy_balance_type: tcp + haproxy_timeout_client: 5000s + haproxy_timeout_server: 5000s + haproxy_backend_options: + - "mysql-check user {{ galera_monitoring_user }}" + - service: + haproxy_service_name: glance_api + haproxy_backend_nodes: "{{ groups['glance_api'] }}" + haproxy_port: 9292 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: glance_registry + haproxy_backend_nodes: "{{ groups['glance_registry'] }}" + haproxy_port: 9191 + haproxy_balance_type: http + - service: + haproxy_service_name: heat_api_cfn + haproxy_backend_nodes: "{{ groups['heat_api_cfn'] }}" + haproxy_port: 8000 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: heat_api_cloudwatch + haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] }}" + haproxy_port: 8003 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: heat_api + haproxy_backend_nodes: "{{ groups['heat_api'] }}" + haproxy_port: 8004 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: keystone_admin + haproxy_backend_nodes: "{{ groups['keystone_all'] }}" + haproxy_port: 35357 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: keystone_service + haproxy_backend_nodes: "{{ groups['keystone_all'] }}" + haproxy_port: 5000 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: neutron_server + haproxy_backend_nodes: "{{ groups['neutron_server'] }}" + haproxy_port: 9696 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: nova_api_ec2 + haproxy_backend_nodes: "{{ groups['nova_api_ec2'] }}" + haproxy_port: 8773 + haproxy_balance_type: http + - service: + haproxy_service_name: nova_api_metadata + haproxy_backend_nodes: "{{ groups['nova_api_metadata'] }}" + haproxy_port: 8775 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk" + - "httplog" + - service: + haproxy_service_name: nova_api_os_compute + haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] }}" + haproxy_port: 8774 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: nova_spice_console + haproxy_backend_nodes: "{{ groups['nova_spice_console'] }}" + haproxy_port: 6082 + haproxy_balance_type: tcp + haproxy_timeout_client: 60m + haproxy_timeout_server: 60m + haproxy_balance_alg: source + - service: + haproxy_service_name: cinder_api + haproxy_backend_nodes: "{{ groups['cinder_api'] }}" + haproxy_port: 8776 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: horizon + haproxy_backend_nodes: "{{ groups['horizon_all'] }}" + haproxy_port: 80 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: horizon_ssl + haproxy_backend_nodes: "{{ groups['horizon_all'] }}" + haproxy_port: 443 + haproxy_balance_type: tcp + haproxy_backend_alg: source + haproxy_backend_options: + - "ssl-hello-chk" + - service: + haproxy_service_name: elasticsearch + haproxy_backend_nodes: "{{ [groups['elasticsearch'][0]] }}" + haproxy_port: 9200 + haproxy_balance_type: tcp + - service: + haproxy_service_name: kibana + haproxy_backend_nodes: "{{ [groups['kibana'][0]] }}" + haproxy_port: 8888 + haproxy_backend_port: 80 + haproxy_balance_type: http + haproxy_backend_alg: source + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" + - service: + haproxy_service_name: kibana_ssl + haproxy_backend_nodes: "{{ [groups['kibana'][0]] }}" + haproxy_port: 8443 + haproxy_balance_type: tcp + haproxy_backend_alg: source + haproxy_backend_options: + - "ssl-hello-chk" + - service: + haproxy_service_name: swift_proxy + haproxy_backend_nodes: "{{ groups['swift_proxy'] }}" + haproxy_port: 8080 + haproxy_balance_type: http + - service: + haproxy_service_name: repo_all + haproxy_backend_nodes: "{{ groups['pkg_repo'] }}" + haproxy_port: 8181 + haproxy_backend_port: 8181 + haproxy_balance_type: http diff --git a/playbooks/vars/openstack_service_vars/cinder_api.yml b/playbooks/vars/openstack_service_vars/cinder_api.yml deleted file mode 100644 index af9fd5de38..0000000000 --- a/playbooks/vars/openstack_service_vars/cinder_api.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Cinder-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Type and Data -program_name: cinder-api diff --git a/playbooks/vars/openstack_service_vars/cinder_api_endpoint.yml b/playbooks/vars/openstack_service_vars/cinder_api_endpoint.yml deleted file mode 100644 index adce9a064e..0000000000 --- a/playbooks/vars/openstack_service_vars/cinder_api_endpoint.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -service_type: volume -service_description: "Cinder volume service" -service_password: "{{ cinder_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:{{ cinder_service_port }}/v1/%(tenant_id)s" -service_adminurl: "http://{{ internal_vip_address }}:{{ cinder_service_port }}/v1/%(tenant_id)s" -service_internalurl: "http://{{ internal_vip_address }}:{{ cinder_service_port }}/v1/%(tenant_id)s" diff --git a/playbooks/vars/openstack_service_vars/cinder_apiv2_endpoint.yml b/playbooks/vars/openstack_service_vars/cinder_apiv2_endpoint.yml deleted file mode 100644 index 13bb36742a..0000000000 --- a/playbooks/vars/openstack_service_vars/cinder_apiv2_endpoint.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Cinder-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Type and Data -service_type: volumev2 -service_description: "Cinder Volume Service V2" -service_password: "{{ cinder_v2_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:{{ cinder_service_port }}/v2/%(tenant_id)s" -service_adminurl: "http://{{ internal_vip_address }}:{{ cinder_service_port }}/v2/%(tenant_id)s" -service_internalurl: "http://{{ internal_vip_address }}:{{ cinder_service_port }}/v2/%(tenant_id)s" - -service_name: cinderv2 -program_name: cinder-api diff --git a/playbooks/vars/openstack_service_vars/cinder_scheduler.yml b/playbooks/vars/openstack_service_vars/cinder_scheduler.yml deleted file mode 100644 index 04f83c358f..0000000000 --- a/playbooks/vars/openstack_service_vars/cinder_scheduler.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Cinder-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: cinder-scheduler diff --git a/playbooks/vars/openstack_service_vars/cinder_volume.yml b/playbooks/vars/openstack_service_vars/cinder_volume.yml deleted file mode 100644 index cc95278b18..0000000000 --- a/playbooks/vars/openstack_service_vars/cinder_volume.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Cinder-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: cinder-volume -apt_common_packages: - - tgt - - parted - - qemu-utils diff --git a/playbooks/vars/openstack_service_vars/glance_api.yml b/playbooks/vars/openstack_service_vars/glance_api.yml deleted file mode 100644 index 0325e4f4e0..0000000000 --- a/playbooks/vars/openstack_service_vars/glance_api.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Glance-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. -program_name: glance-api diff --git a/playbooks/vars/openstack_service_vars/glance_api_endpoint.yml b/playbooks/vars/openstack_service_vars/glance_api_endpoint.yml deleted file mode 100644 index 07852c27bc..0000000000 --- a/playbooks/vars/openstack_service_vars/glance_api_endpoint.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Service Type and Data -service_type: image -service_description: "Glance Image Service" -service_password: "{{ glance_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:9292" -service_adminurl: "http://{{ internal_vip_address }}:9292" -service_internalurl: "http://{{ internal_vip_address }}:9292" diff --git a/playbooks/vars/openstack_service_vars/glance_registry.yml b/playbooks/vars/openstack_service_vars/glance_registry.yml deleted file mode 100644 index b4c0082441..0000000000 --- a/playbooks/vars/openstack_service_vars/glance_registry.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Glance-registry group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: glance-registry diff --git a/playbooks/vars/openstack_service_vars/heat_api.yml b/playbooks/vars/openstack_service_vars/heat_api.yml deleted file mode 100644 index f1780f62b1..0000000000 --- a/playbooks/vars/openstack_service_vars/heat_api.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Heat-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: heat-api diff --git a/playbooks/vars/openstack_service_vars/heat_api_cfn.yml b/playbooks/vars/openstack_service_vars/heat_api_cfn.yml deleted file mode 100644 index b05fcc38b7..0000000000 --- a/playbooks/vars/openstack_service_vars/heat_api_cfn.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Heat-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: heat-api-cfn diff --git a/playbooks/vars/openstack_service_vars/heat_api_cfn_endpoint.yml b/playbooks/vars/openstack_service_vars/heat_api_cfn_endpoint.yml deleted file mode 100644 index 760f96115a..0000000000 --- a/playbooks/vars/openstack_service_vars/heat_api_cfn_endpoint.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Service Type and Data -service_type: cloudformation -service_description: "Heat CloudFormation Service" -service_password: "{{ heat_cfn_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:8000/v1" -service_adminurl: "http://{{ internal_vip_address }}:8000/v1" -service_internalurl: "http://{{ internal_vip_address }}:8000/v1" diff --git a/playbooks/vars/openstack_service_vars/heat_api_cloudwatch.yml b/playbooks/vars/openstack_service_vars/heat_api_cloudwatch.yml deleted file mode 100644 index e9eda630d7..0000000000 --- a/playbooks/vars/openstack_service_vars/heat_api_cloudwatch.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Heat-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: heat-api-cloudwatch diff --git a/playbooks/vars/openstack_service_vars/heat_api_endpoint.yml b/playbooks/vars/openstack_service_vars/heat_api_endpoint.yml deleted file mode 100644 index 8ce632e09d..0000000000 --- a/playbooks/vars/openstack_service_vars/heat_api_endpoint.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Service Type and Data -service_type: orchestration -service_description: "Heat Orchestration Service" -service_password: "{{ heat_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:8004/v1/%(tenant_id)s" -service_adminurl: "http://{{ internal_vip_address }}:8004/v1/%(tenant_id)s" -service_internalurl: "http://{{ internal_vip_address }}:8004/v1/%(tenant_id)s" diff --git a/playbooks/vars/openstack_service_vars/heat_engine.yml b/playbooks/vars/openstack_service_vars/heat_engine.yml deleted file mode 100644 index 70f1a668ed..0000000000 --- a/playbooks/vars/openstack_service_vars/heat_engine.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Heat-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: heat-engine diff --git a/playbooks/vars/openstack_service_vars/horizon.yml b/playbooks/vars/openstack_service_vars/horizon.yml deleted file mode 100644 index 8c371a832c..0000000000 --- a/playbooks/vars/openstack_service_vars/horizon.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-ec2 group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -horizon_endpoint_type: internalURL diff --git a/playbooks/vars/openstack_service_vars/keystone.yml b/playbooks/vars/openstack_service_vars/keystone.yml deleted file mode 100644 index 8d4215030c..0000000000 --- a/playbooks/vars/openstack_service_vars/keystone.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Keystone-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: apache2 diff --git a/playbooks/vars/openstack_service_vars/keystone_endpoint.yml b/playbooks/vars/openstack_service_vars/keystone_endpoint.yml deleted file mode 100644 index 9716eec1a6..0000000000 --- a/playbooks/vars/openstack_service_vars/keystone_endpoint.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Service Type and Data -service_type: identity -service_description: "Keystone Identity Service" -service_password: "{{ keystone_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:{{ service_port }}/v2.0" -service_adminurl: "http://{{ internal_vip_address }}:{{ admin_port }}/v2.0" -service_internalurl: "http://{{ internal_vip_address }}:{{ service_port }}/v2.0" diff --git a/playbooks/vars/openstack_service_vars/neutron_dhcp_agent.yml b/playbooks/vars/openstack_service_vars/neutron_dhcp_agent.yml deleted file mode 100644 index 0d38ff4977..0000000000 --- a/playbooks/vars/openstack_service_vars/neutron_dhcp_agent.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-ec2 group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: neutron-dhcp-agent -program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini diff --git a/playbooks/vars/openstack_service_vars/neutron_l3_agent.yml b/playbooks/vars/openstack_service_vars/neutron_l3_agent.yml deleted file mode 100644 index aa1a1cc601..0000000000 --- a/playbooks/vars/openstack_service_vars/neutron_l3_agent.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-ec2 group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: neutron-l3-agent -program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini diff --git a/playbooks/vars/openstack_service_vars/neutron_linuxbridge_agent.yml b/playbooks/vars/openstack_service_vars/neutron_linuxbridge_agent.yml deleted file mode 100644 index 4a8afbb9c7..0000000000 --- a/playbooks/vars/openstack_service_vars/neutron_linuxbridge_agent.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-ec2 group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: neutron-linuxbridge-agent -program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini diff --git a/playbooks/vars/openstack_service_vars/neutron_metadata_agent.yml b/playbooks/vars/openstack_service_vars/neutron_metadata_agent.yml deleted file mode 100644 index 2abfc4bbaf..0000000000 --- a/playbooks/vars/openstack_service_vars/neutron_metadata_agent.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-ec2 group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: neutron-metadata-agent -program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini diff --git a/playbooks/vars/openstack_service_vars/neutron_metering_agent.yml b/playbooks/vars/openstack_service_vars/neutron_metering_agent.yml deleted file mode 100644 index 6a956840b5..0000000000 --- a/playbooks/vars/openstack_service_vars/neutron_metering_agent.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-ec2 group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: neutron-metering-agent -program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metering_agent.ini diff --git a/playbooks/vars/openstack_service_vars/neutron_server.yml b/playbooks/vars/openstack_service_vars/neutron_server.yml deleted file mode 100644 index 2e72e6d507..0000000000 --- a/playbooks/vars/openstack_service_vars/neutron_server.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-ec2 group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: neutron-server -program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini diff --git a/playbooks/vars/openstack_service_vars/neutron_server_endpoint.yml b/playbooks/vars/openstack_service_vars/neutron_server_endpoint.yml deleted file mode 100644 index b6fa169c6c..0000000000 --- a/playbooks/vars/openstack_service_vars/neutron_server_endpoint.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Service Type and Data -service_type: network -service_description: "OpenStack Networking" -service_password: "{{ neutron_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:9696" -service_adminurl: "http://{{ internal_vip_address }}:9696" -service_internalurl: "http://{{ internal_vip_address }}:9696" diff --git a/playbooks/vars/openstack_service_vars/nova_api_ec2.yml b/playbooks/vars/openstack_service_vars/nova_api_ec2.yml deleted file mode 100644 index 85e2691cd8..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_api_ec2.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-ec2 group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: nova-api-ec2 diff --git a/playbooks/vars/openstack_service_vars/nova_api_ec2_endpoint.yml b/playbooks/vars/openstack_service_vars/nova_api_ec2_endpoint.yml deleted file mode 100644 index 72558619eb..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_api_ec2_endpoint.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Service Type and Data -service_name: ec2 -service_type: ec2 -service_description: "EC2 Compatibility Layer" -service_password: "{{ nova_ec2_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:8773/services/Cloud" -service_adminurl: "http://{{ internal_vip_address }}:8773/services/Admin" -service_internalurl: "http://{{ internal_vip_address }}:8773/services/Cloud" diff --git a/playbooks/vars/openstack_service_vars/nova_api_metadata.yml b/playbooks/vars/openstack_service_vars/nova_api_metadata.yml deleted file mode 100644 index 4e9bf10b84..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_api_metadata.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-metadata group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: nova-api-metadata diff --git a/playbooks/vars/openstack_service_vars/nova_api_os_compute.yml b/playbooks/vars/openstack_service_vars/nova_api_os_compute.yml deleted file mode 100644 index b2be7dc7a4..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_api_os_compute.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -program_name: nova-api-os-compute diff --git a/playbooks/vars/openstack_service_vars/nova_api_os_compute_endpoint.yml b/playbooks/vars/openstack_service_vars/nova_api_os_compute_endpoint.yml deleted file mode 100644 index 9016bfdabc..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_api_os_compute_endpoint.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-os-compute group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## Service Type and Data -service_type: compute -service_description: "Nova Compute Service" -service_password: "{{ nova_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:8774/v2/%(tenant_id)s" -service_adminurl: "http://{{ internal_vip_address }}:8774/v2/%(tenant_id)s" -service_internalurl: "http://{{ internal_vip_address }}:8774/v2/%(tenant_id)s" diff --git a/playbooks/vars/openstack_service_vars/nova_api_os_computev3_endpoint.yml b/playbooks/vars/openstack_service_vars/nova_api_os_computev3_endpoint.yml deleted file mode 100644 index 07a53f03f5..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_api_os_computev3_endpoint.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-api-os-compute group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -## V3 API services -service_name: novav3 -service_type: computev3 -service_description: "Nova Compute Service V3" -service_password: "{{ nova_v3_service_password }}" - -## V3 API Endpoints -service_publicurl: "http://{{ external_vip_address }}:8774/v3" -service_adminurl: "http://{{ internal_vip_address }}:8774/v3" -service_internalurl: "http://{{ internal_vip_address }}:8774/v3" diff --git a/playbooks/vars/openstack_service_vars/nova_api_s3_endpoint.yml b/playbooks/vars/openstack_service_vars/nova_api_s3_endpoint.yml deleted file mode 100644 index 67127f2902..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_api_s3_endpoint.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## S3 API services -service_name: s3 -service_type: s3 -service_description: "S3 Compatibility Layer" -service_password: "{{ nova_s3_service_password }}" - -## S3 API Endpoints -service_publicurl: "http://{{ external_vip_address }}:3333" -service_adminurl: "http://{{ internal_vip_address }}:3333" -service_internalurl: "http://{{ internal_vip_address }}:3333" - -program_name: nova-api-ec2 diff --git a/playbooks/vars/openstack_service_vars/nova_cert.yml b/playbooks/vars/openstack_service_vars/nova_cert.yml deleted file mode 100644 index bb207b2b72..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_cert.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-conductor group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: nova-cert diff --git a/playbooks/vars/openstack_service_vars/nova_conductor.yml b/playbooks/vars/openstack_service_vars/nova_conductor.yml deleted file mode 100644 index 19d2520df3..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_conductor.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-conductor group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: nova-conductor diff --git a/playbooks/vars/openstack_service_vars/nova_console_auth.yml b/playbooks/vars/openstack_service_vars/nova_console_auth.yml deleted file mode 100644 index 97c144d763..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_console_auth.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-conductor group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: nova-consoleauth diff --git a/playbooks/vars/openstack_service_vars/nova_scheduler.yml b/playbooks/vars/openstack_service_vars/nova_scheduler.yml deleted file mode 100644 index 6075a63e4f..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_scheduler.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-scheduler group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: nova-scheduler diff --git a/playbooks/vars/openstack_service_vars/nova_spice_console.yml b/playbooks/vars/openstack_service_vars/nova_spice_console.yml deleted file mode 100644 index 574e56532f..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_spice_console.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the nova-conductor group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_name: nova-spicehtml5proxy - -container_packages: - - spice-html5 diff --git a/playbooks/vars/openstack_service_vars/nova_spice_console_endpoint.yml b/playbooks/vars/openstack_service_vars/nova_spice_console_endpoint.yml deleted file mode 100644 index 1a4912464e..0000000000 --- a/playbooks/vars/openstack_service_vars/nova_spice_console_endpoint.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nova_html5proxy_base_url: "http://{{ nova_console_endpoint|default(external_vip_address) }}:6082/spice_auto.html" -nova_console_keymap: en-us -nova_console_agent_enabled: True diff --git a/playbooks/vars/openstack_service_vars/swift_account.yml b/playbooks/vars/openstack_service_vars/swift_account.yml deleted file mode 100644 index bbf9e48d01..0000000000 --- a/playbooks/vars/openstack_service_vars/swift_account.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Heat-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_names: - - swift-account-server - - swift-account-auditor - - swift-account-replicator - - swift-account-reaper - -service_conf_loc: account-server diff --git a/playbooks/vars/openstack_service_vars/swift_container.yml b/playbooks/vars/openstack_service_vars/swift_container.yml deleted file mode 100644 index 4220cbc47d..0000000000 --- a/playbooks/vars/openstack_service_vars/swift_container.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Heat-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_names: - - swift-container-server - - swift-container-auditor - - swift-container-replicator - - swift-container-sync - - swift-container-updater - -service_conf_loc: container-server diff --git a/playbooks/vars/openstack_service_vars/swift_object.yml b/playbooks/vars/openstack_service_vars/swift_object.yml deleted file mode 100644 index c8c7906dae..0000000000 --- a/playbooks/vars/openstack_service_vars/swift_object.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Heat-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_names: - - swift-object-server - - swift-object-auditor - - swift-object-replicator - - swift-object-updater - -service_conf_loc: object-server diff --git a/playbooks/vars/openstack_service_vars/swift_proxy.yml b/playbooks/vars/openstack_service_vars/swift_proxy.yml deleted file mode 100644 index 0a0de5321a..0000000000 --- a/playbooks/vars/openstack_service_vars/swift_proxy.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The variables file used by the playbooks in the Heat-API group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -program_names: - - swift-proxy-server - -service_conf_loc: proxy-server diff --git a/playbooks/vars/openstack_service_vars/swift_proxy_endpoint.yml b/playbooks/vars/openstack_service_vars/swift_proxy_endpoint.yml deleted file mode 100644 index a2ddcf9510..0000000000 --- a/playbooks/vars/openstack_service_vars/swift_proxy_endpoint.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -service_type: object-store -service_description: "Object Storage Service" -service_password: "{{ swift_service_password }}" - -service_publicurl: "http://{{ external_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_%(tenant_id)s" -service_adminurl: "http://{{ internal_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_%(tenant_id)s" -service_internalurl: "http://{{ internal_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_%(tenant_id)s" diff --git a/playbooks/vars/repo_packages/all_common.yml b/playbooks/vars/repo_packages/all_common.yml deleted file mode 100644 index 39a185b1ab..0000000000 --- a/playbooks/vars/repo_packages/all_common.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Python pip -get_pip_url: "{{ openstack_repo_url }}/downloads/get-pip.py" -get_pip_sha256sum: "d43dc33a5670d69dd14a9be1f2b2fa27ebf124ec1b212a47425331040f742a9b" - -## Base Packages -apt_common_packages: - - aptitude - - vlan - - python-software-properties - - python-dev - - build-essential - - git-core - - rsyslog - - lvm2 - - dmeventd - - libkmod-dev - - libkmod2 - - libssl-dev - - bridge-utils - - cgroup-lite - - sqlite3 - - iptables - - sshpass - - libffi-dev - - libxml2-dev - - libxslt1-dev - - mariadb-client - - libmariadbclient-dev - -# Util packages that are installed when repos are put in place -common_util_packages: - - curl - - wget - - time - - rsync diff --git a/playbooks/vars/repo_packages/cinder.yml b/playbooks/vars/repo_packages/cinder.yml deleted file mode 100644 index 0f8024427d..0000000000 --- a/playbooks/vars/repo_packages/cinder.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: cinder - -repo_path: "{{ repo_package_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/cinder -git_fallback_repo: https://git.openstack.org/openstack/cinder -git_dest: "/opt/{{ repo_path }}" -git_install_branch: stable/juno - -pip_wheel_name: cinder - -service_pip_dependencies: - - pywbem - - ecdsa - - MySQL-python - - python-memcached - - pycrypto - - python-cinderclient - - python-keystoneclient - - keystonemiddleware - - httplib2 - -container_packages: - - libpq-dev - - libkmod-dev - - libkmod2 - - dmeventd - - tgt - - parted - - qemu-utils - - nfs-common diff --git a/playbooks/vars/repo_packages/galera.yml b/playbooks/vars/repo_packages/galera.yml deleted file mode 100644 index 055bfa3202..0000000000 --- a/playbooks/vars/repo_packages/galera.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: galera - -# The package name for mariaDB is set as a variable -# so that it can be used in debconf later in the -# "galera_common" role. -mariadb_server_package: "mariadb-galera-server-5.5" - -# NB This is specifically galera_packages as these packages only get installed -# during the galera play - this is because of the preseed task and the service -# startup control used when installing mariadb-galera-server and galera. -galera_packages: - - mariadb-client - - "{{ mariadb_server_package }}" - - galera - - python-software-properties - - software-properties-common - - debconf-utils - - rsync - - xtrabackup - - socat - -service_pip_dependencies: - - MySQL-python - -# When installing container packages this bol will drop a -# run level policy to ensure that no services are started -# upon installation. -run_policy_deny: true - -debconf_items: - - question: "mysql-server/root_password" - name: "{{ mariadb_server_package }}" - value: "{{ mysql_password }}" - vtype: "string" - - question: "mysql-server/root_password_again" - name: "{{ mariadb_server_package }}" - value: "{{ mysql_password }}" - vtype: "string" diff --git a/playbooks/vars/repo_packages/glance.yml b/playbooks/vars/repo_packages/glance.yml deleted file mode 100644 index 0a8506b7ec..0000000000 --- a/playbooks/vars/repo_packages/glance.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: glance - -repo_path: "{{ repo_package_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/glance -git_fallback_repo: https://git.openstack.org/openstack/glance -git_dest: "/opt/{{ repo_path }}" -git_install_branch: stable/juno -git_etc_example: etc/ - -pip_wheel_name: glance - -container_packages: - - rsync - -service_pip_dependencies: - - warlock - - MySQL-python - - python-memcached - - pycrypto - - python-glanceclient - - python-swiftclient - - python-cinderclient - - python-keystoneclient - - keystonemiddleware diff --git a/playbooks/vars/repo_packages/haproxy.yml b/playbooks/vars/repo_packages/haproxy.yml deleted file mode 100644 index dfd69e6f79..0000000000 --- a/playbooks/vars/repo_packages/haproxy.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: haproxy - -container_packages: - - haproxy - - hatop - - vim-haproxy diff --git a/playbooks/vars/repo_packages/heat.yml b/playbooks/vars/repo_packages/heat.yml deleted file mode 100644 index cbeef9098c..0000000000 --- a/playbooks/vars/repo_packages/heat.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: heat - -repo_path: "{{ repo_package_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/heat -git_fallback_repo: https://git.openstack.org/openstack/heat -git_dest: "/opt/{{ repo_path }}" -git_etc_example: etc/heat -git_install_branch: stable/juno - -pip_wheel_name: heat - -container_packages: - - rsync - - libxslt1.1 - -service_pip_dependencies: - - MySQL-python - - python-memcached - - pycrypto - - python-heatclient - - python-keystoneclient - - python-troveclient - - python-ceilometerclient - - python-openstackclient - - keystonemiddleware diff --git a/playbooks/heat-api-cfn.yml b/playbooks/vars/repo_packages/holland.yml similarity index 56% rename from playbooks/heat-api-cfn.yml rename to playbooks/vars/repo_packages/holland.yml index cbd675b0df..bbb8fd359d 100644 --- a/playbooks/heat-api-cfn.yml +++ b/playbooks/vars/repo_packages/holland.yml @@ -13,19 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: heat_api_cfn - user: root - roles: - - heat_common - - init_script - vars_files: - - vars/openstack_service_vars/heat_api_cfn.yml - handlers: - - include: handlers/services.yml +## Git source for holland client +git_repo: https://github.com/holland-backup/holland +git_install_branch: "v1.0.10" +git_dest: "/opt/holland_{{ git_install_branch | replace('/', '_') }}" -- hosts: heat_api_cfn[0] - user: root - roles: - - keystone_add_service - vars_files: - - vars/openstack_service_vars/heat_api_cfn_endpoint.yml +# git_repo_plugins are other installable packages contained within the same git repo +git_repo_plugins: + - { path: "plugins", package: "holland.lib.common" } + - { path: "plugins", package: "holland.lib.mysql" } + - { path: "plugins", package: "holland.backup.xtrabackup" } diff --git a/playbooks/vars/repo_packages/horizon.yml b/playbooks/vars/repo_packages/horizon.yml deleted file mode 100644 index 99f5f4a5aa..0000000000 --- a/playbooks/vars/repo_packages/horizon.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: horizon - -repo_path: "{{ repo_package_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/horizon -git_fallback_repo: https://git.openstack.org/openstack/horizon -git_dest: "/opt/{{ repo_path }}" -git_install_branch: stable/juno - -pip_wheel_name: horizon - -container_packages: - - apache2 - - apache2-utils - - libapache2-mod-wsgi - - libssl-dev - - libxslt1.1 - - openssl - -service_pip_dependencies: - - oslo.config - - MySQL-python - - python-memcached - - django-appconf - - pycrypto - - ply - - greenlet - - python-keystoneclient - - keystonemiddleware diff --git a/playbooks/vars/repo_packages/hosts.yml b/playbooks/vars/repo_packages/hosts.yml deleted file mode 100644 index 66e1b88551..0000000000 --- a/playbooks/vars/repo_packages/hosts.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -host_packages: - - sysstat - - vlan - - python3-lxc - - lxc-templates - - liblxc1 - - libssl-dev - - libffi-dev - -container_cache_tarball: "{{ openstack_repo_url }}/downloads/rpc-trusty-container.tgz" -container_tarball_sha256sum: 12dd6de0d17948cfe0a38e945fb083a58a12e4c395cd4391ed2dcf75085c1303 diff --git a/playbooks/vars/repo_packages/keystone.yml b/playbooks/vars/repo_packages/keystone.yml deleted file mode 100644 index 58cde6671b..0000000000 --- a/playbooks/vars/repo_packages/keystone.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: keystone - -repo_path: "{{ repo_package_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/keystone -git_fallback_repo: https://git.openstack.org/openstack/keystone -git_dest: "/opt/{{ repo_path }}" -git_etc_example: etc/ -git_install_branch: stable/juno - -pip_wheel_name: keystone - -container_packages: - - libsasl2-dev - - debhelper - - dh-apparmor - - docutils-common - - libjs-sphinxdoc - - libjs-underscore - - libxslt1.1 - - libldap2-dev - - apache2 - - apache2-utils - - libapache2-mod-wsgi - -# Common PIP Packages -service_pip_dependencies: - - repoze.lru - - pbr - - MySQL-python - - pycrypto - - python-memcached - - python-keystoneclient - - keystonemiddleware - - lxml diff --git a/playbooks/vars/repo_packages/keystonemiddleware.yml b/playbooks/vars/repo_packages/keystonemiddleware.yml deleted file mode 100644 index 06cf6b2b61..0000000000 --- a/playbooks/vars/repo_packages/keystonemiddleware.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/keystonemiddleware -git_fallback_repo: https://git.openstack.org/openstack/keystonemiddleware -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 1.3.1 - -pip_wheel_name: keystonemiddleware diff --git a/playbooks/vars/repo_packages/neutron.yml b/playbooks/vars/repo_packages/neutron.yml deleted file mode 100644 index ccf5fb7f6d..0000000000 --- a/playbooks/vars/repo_packages/neutron.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: neutron - -repo_path: "{{ repo_package_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/neutron -git_fallback_repo: https://git.openstack.org/openstack/neutron -git_dest: "/opt/{{ repo_path }}" -git_etc_example: etc/ -git_install_branch: stable/juno -pip_wheel_name: neutron - -container_packages: - - libpq-dev - - dnsmasq-base - - dnsmasq-utils - - keepalived - - conntrackd - - conntrack - - ipset - - iputils-arping - -service_pip_dependencies: - - MySQL-python - - python-memcached - - pycrypto - - repoze.lru - - configobj - - cliff - - python-novaclient - - python-glanceclient - - python-neutronclient - - python-keystoneclient - - keystonemiddleware diff --git a/playbooks/vars/repo_packages/nova_libvirt.yml b/playbooks/vars/repo_packages/nova_libvirt.yml deleted file mode 100644 index 2d2a272103..0000000000 --- a/playbooks/vars/repo_packages/nova_libvirt.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -container_packages: - - libvirt-bin - - python-libvirt - - qemu - - qemu-utils - - genisoimage - - sysfsutils diff --git a/playbooks/vars/repo_packages/nova_spice_console.yml b/playbooks/vars/repo_packages/nova_spice_console.yml deleted file mode 100644 index 8e4540d7b1..0000000000 --- a/playbooks/vars/repo_packages/nova_spice_console.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -container_packages: - - spice-html5 diff --git a/playbooks/vars/repo_packages/openstack_clients.yml b/playbooks/vars/repo_packages/openstack_clients.yml new file mode 100644 index 0000000000..cc754613fa --- /dev/null +++ b/playbooks/vars/repo_packages/openstack_clients.yml @@ -0,0 +1,121 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## NOTICE on items in this file: +## * If you use anything in the *._git_install_branch field that is not a TAG +## make sure to leave an in-line comment as to "why". + +## For the sake of anyone else editing this file: +## * If you add clients to this file please do so in alphabetical order. +## * Every entry should be name spaced with the name of the client followed by an "_" +## * All items with this file should be separated by `name_` note that the name of the +## package should be one long name with no additional `_` separating it. + + +## Barbican client +barbicanclient_git_repo: https://github.com/openstack/python-barbicanclient +barbicanclient_git_install_branch: 2.2.1 +barbicanclient_git_dest: "/opt/barbicanclient_{{ barbicanclient_git_install_branch | replace('/', '_') }}" + + +## Ceilometer client +ceilometerclient_git_repo: https://github.com/openstack/python-ceilometerclient +ceilometerclient_git_install_branch: 1.0.9 +ceilometerclient_git_dest: "/opt/ceilometerclient_{{ ceilometerclient_git_install_branch | replace('/', '_') }}" + + +## Cinder client +cinderclient_git_repo: https://github.com/openstack/python-cinderclient +cinderclient_git_install_branch: 1.1.1 +cinderclient_git_dest: "/opt/cinderclient_{{ cinderclient_git_install_branch | replace('/', '_') }}" + + +## Designate client +designateclient_git_repo: https://github.com/openstack/python-designateclient +designateclient_git_install_branch: 1.0.3 +designateclient_git_dest: "/opt/designateclient_{{ designateclient_git_install_branch | replace('/', '_') }}" + + +## Glance client +glanceclient_git_repo: https://github.com/openstack/python-glanceclient +glanceclient_git_install_branch: 0.15.0 +glanceclient_git_dest: "/opt/glanceclient_{{ glanceclient_git_install_branch | replace('/', '_') }}" + + +## Heat client +heatclient_git_repo: https://github.com/openstack/python-heatclient +heatclient_git_install_branch: 0.2.12 +heatclient_git_dest: "/opt/heatclient_{{ heatclient_git_install_branch | replace('/', '_') }}" + + +# Ironic client +ironicclient_git_repo: https://github.com/openstack/python-ironicclient +ironicclient_git_install_branch: 0.2.1 +ironicclient_git_dest: "/opt/ironicclient_{{ ironicclient_git_install_branch | replace('/', '_') }}" + + +# Keystone client +keystoneclient_git_repo: https://github.com/openstack/python-keystoneclient +keystoneclient_git_install_branch: 1.0.0 +keystoneclient_git_dest: "/opt/keystoneclient_{{ keystoneclient_git_install_branch | replace('/', '_') }}" + + +## Neutron client +neutronclient_git_repo: https://github.com/openstack/python-neutronclient +neutronclient_git_install_branch: 2.3.10 +neutronclient_git_dest: "/opt/neutronclient_{{ neutronclient_git_install_branch | replace('/', '_') }}" + + +## Nova client +novaclient_git_repo: https://github.com/openstack/python-novaclient +novaclient_git_install_branch: 2.20.0 +novaclient_git_dest: "/opt/novaclient_{{ novaclient_git_install_branch | replace('/', '_') }}" + + +## OpenStack client +openstackclient_git_repo: https://github.com/openstack/python-openstackclient +openstackclient_git_install_branch: 1.0.1 +openstackclient_git_dest: "/opt/openstackclient_{{ openstackclient_git_install_branch | replace('/', '_') }}" + + +## Sahara client +saharaclient_git_repo: https://github.com/openstack/python-saharaclient +saharaclient_git_install_branch: 0.7.6 +saharaclient_git_dest: "/opt/saharaclient_{{ saharaclient_git_install_branch | replace('/', '_') }}" + + +## Swift client +swiftclient_git_repo: https://github.com/openstack/python-swiftclient +swiftclient_git_install_branch: 2.3.1 +swiftclient_git_dest: "/opt/swiftclient_{{ swiftclient_git_install_branch | replace('/', '_') }}" + + +## Trove client +troveclient_git_repo: https://github.com/openstack/python-troveclient +troveclient_git_install_branch: 1.0.8 +troveclient_git_dest: "/opt/troveclient_{{ troveclient_git_install_branch | replace('/', '_') }}" + + +## Tuskar client +tuskarclient_git_repo: https://github.com/openstack/python-tuskarclient +tuskarclient_git_install_branch: 0.1.8 +tuskarclient_git_dest: "/opt/tuskarclient_{{ tuskarclient_git_install_branch | replace('/', '_') }}" + + +## Zaqar client +zaqarclient_git_repo: https://github.com/openstack/python-zaqarclient +zaqarclient_git_install_branch: 0.1.0 +zaqarclient_git_dest: "/opt/zaqarclient_{{ zaqarclient_git_install_branch | replace('/', '_') }}" diff --git a/playbooks/vars/repo_packages/openstack_global_requirements.yml b/playbooks/vars/repo_packages/openstack_global_requirements.yml deleted file mode 100644 index 542dd9b606..0000000000 --- a/playbooks/vars/repo_packages/openstack_global_requirements.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/requirements -git_fallback_repo: https://git.openstack.org/openstack/requirements -git_dest: "/opt/{{ repo_path }}" -git_install_branch: stable/juno -requirements_file: global-requirements.txt - -pip_wheel_name: requirements - -pip_requirements_file: "{{ git_dest }}/global-requirements.txt" diff --git a/playbooks/vars/repo_packages/openstack_other.yml b/playbooks/vars/repo_packages/openstack_other.yml new file mode 100644 index 0000000000..a05db6b7c2 --- /dev/null +++ b/playbooks/vars/repo_packages/openstack_other.yml @@ -0,0 +1,55 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## NOTICE on items in this file: +## * If you use anything in the *._git_install_branch field that is not a TAG +## make sure to leave an in-line comment as to "why". + +## For the sake of anyone else editing this file: +## * If you add clients to this file please do so in alphabetical order. +## * Every entry should be name spaced with the name of the client followed by an "_" +## * All items with this file should be separated by `name_` note that the name of the +## package should be one long name with no additional `_` separating it. + + +## Keystone middleware service +keystonemiddleware_git_repo: https://github.com/openstack/keystonemiddleware +keystonemiddleware_git_install_branch: 1.3.1 +keystonemiddleware_git_dest: "/opt/keystonemiddleware_{{ keystonemiddleware_git_install_branch | replace('/', '_') }}" + + +## Glance store library +glancestore_git_repo: https://github.com/openstack/glance_store +glancestore_git_install_branch: 0.1.10 +glancestore_git_dest: "/opt/glancestore_{{ glancestore_git_repo | replace('/', '_') }}" + + +## Oslo Messaging +oslomessaging_git_repo: https://github.com/openstack/oslo.messaging +oslomessaging_git_install_branch: 1.4.1 +oslomessaging_git_dest: "/opt/oslo_messaging{{ oslo_messaging_git_install_branch | replace('/', '_') }}" + + +## Oslo Middleware +oslomiddleware_git_repo: https://github.com/openstack/oslo.middleware +oslomiddleware_git_install_branch: 0.4.0 +oslomiddleware_git_dest: "/opt/oslo_middleware{{ oslomiddleware_git_install_branch | replace('/', '_') }}" + + +## Global Requirements +requirements_git_repo: https://github.com/openstack/requirements +requirements_git_install_branch: stable/juno ## Uses a branch because there are no stable tags +requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}" diff --git a/playbooks/vars/repo_packages/openstack_services.yml b/playbooks/vars/repo_packages/openstack_services.yml new file mode 100644 index 0000000000..cded5676ae --- /dev/null +++ b/playbooks/vars/repo_packages/openstack_services.yml @@ -0,0 +1,82 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## NOTICE on items in this file: +## * If you use anything in the *._git_install_branch field that is not a TAG +## make sure to leave an in-line comment as to "why". + +## For the sake of anyone else editing this file: +## * If you add services to this file please do so in alphabetical order. +## * Every entry should be name spaced with the name of the client followed by an "_" +## * All items with this file should be separated by `name_` note that the name of the +## package should be one long name with no additional `_` separating it. + + +### Before this is shipped all of these services should have a tag set as the branch, +### or have a comment / reason attached to them as to why a tag can not work. + +## Cinder service +cinder_git_repo: https://github.com/openstack/cinder +cinder_git_install_branch: 2014.2.2 +cinder_git_dest: "/opt/cinder_{{ cinder_git_install_branch | replace('/', '_') }}" + + +## Glance service +glance_git_repo: https://github.com/openstack/glance +glance_git_install_branch: 2014.2.2 +glance_git_dest: "/opt/glance_{{ glance_git_install_branch | replace('/', '_') }}" + + +## Heat service +heat_git_repo: https://github.com/openstack/heat +heat_git_install_branch: 2014.2.2 +heat_git_dest: "/opt/heat_{{ heat_git_install_branch | replace('/', '_') }}" + + +## Horizon service +horizon_git_repo: https://github.com/openstack/horizon +horizon_git_install_branch: 2014.2.2 +horizon_git_dest: "/opt/horizon_{{ horizon_git_install_branch | replace('/', '_') }}" + + +## Keystone service +keystone_git_repo: https://github.com/openstack/keystone +keystone_git_install_branch: 2014.2.2 +keystone_git_dest: "/opt/keystone_{{ keystone_git_install_branch | replace('/', '_') }}" + + +## Neutron service +neutron_git_repo: https://github.com/openstack/neutron +neutron_git_install_branch: 2014.2.2 +neutron_git_dest: "/opt/neutron_{{ neutron_git_install_branch | replace('/', '_') }}" + + +## Nova service +nova_git_repo: https://github.com/openstack/nova +nova_git_install_branch: 2014.2.2 +nova_git_dest: "/opt/nova_{{ nova_git_install_branch | replace('/', '_') }}" + + +## Swift service +swift_git_repo: https://github.com/openstack/swift +swift_git_install_branch: 2.2.1 +swift_git_dest: "/opt/swift_{{ swift_git_install_branch | replace('/', '_') }}" + + +## Tempest service +tempest_git_repo: https://github.com/openstack/tempest +tempest_git_install_branch: 3 +tempest_git_dest: "/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}" diff --git a/playbooks/vars/repo_packages/os_ansible_deployment.yml b/playbooks/vars/repo_packages/os_ansible_deployment.yml deleted file mode 100644 index b55b2205c9..0000000000 --- a/playbooks/vars/repo_packages/os_ansible_deployment.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: "https://github.com/stackforge/os-ansible-deployment" -git_dest: "/opt/{{ repo_path }}" -git_install_branch: master - -pip_wheel_name: os-ansible-deployment diff --git a/playbooks/vars/repo_packages/oslo_messaging.yml b/playbooks/vars/repo_packages/oslo_messaging.yml deleted file mode 100644 index f352b20169..0000000000 --- a/playbooks/vars/repo_packages/oslo_messaging.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: oslo.messaging - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/oslo.messaging -git_fallback_repo: https://git.openstack.org/openstack/oslo.messaging -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 1.4.1 - -pip_wheel_name: oslo.messaging diff --git a/playbooks/add_host.yml b/playbooks/vars/repo_packages/python2_lxc.yml similarity index 76% rename from playbooks/add_host.yml rename to playbooks/vars/repo_packages/python2_lxc.yml index c8821144f0..2b5c16f273 100644 --- a/playbooks/add_host.yml +++ b/playbooks/vars/repo_packages/python2_lxc.yml @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: setup/host-setup.yml -- include: setup/build-containers.yml - +## Git Source for python2-lxc library +git_repo: "https://github.com/lxc/python2-lxc" +git_install_branch: master +git_dest: "/opt/lxc_python2_{{ git_install_branch|replace('/', '_') }}" diff --git a/playbooks/vars/repo_packages/python_barbicanclient.yml b/playbooks/vars/repo_packages/python_barbicanclient.yml deleted file mode 100644 index 6cf14713aa..0000000000 --- a/playbooks/vars/repo_packages/python_barbicanclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-barbicanclient -git_fallback_repo: https://git.openstack.org/openstack/python-barbicanclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 2.2.1 - -pip_wheel_name: python-barbicanclient diff --git a/playbooks/vars/repo_packages/python_ceilometerclient.yml b/playbooks/vars/repo_packages/python_ceilometerclient.yml deleted file mode 100644 index bccfc48b61..0000000000 --- a/playbooks/vars/repo_packages/python_ceilometerclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-ceilometerclient -git_fallback_repo: https://git.openstack.org/openstack/python-ceilometerclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 1.0.9 - -pip_wheel_name: python-ceilometerclient diff --git a/playbooks/vars/repo_packages/python_cinderclient.yml b/playbooks/vars/repo_packages/python_cinderclient.yml deleted file mode 100644 index dd0c9ff9fe..0000000000 --- a/playbooks/vars/repo_packages/python_cinderclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-cinderclient -git_fallback_repo: https://git.openstack.org/openstack/python-cinderclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 1.1.1 - -pip_wheel_name: python-cinderclient diff --git a/playbooks/vars/repo_packages/python_designateclient.yml b/playbooks/vars/repo_packages/python_designateclient.yml deleted file mode 100644 index dfc35bb091..0000000000 --- a/playbooks/vars/repo_packages/python_designateclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-designateclient -git_fallback_repo: https://git.openstack.org/openstack/python-designateclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 1.0.3 - -pip_wheel_name: python-designateclient diff --git a/playbooks/vars/repo_packages/python_glanceclient.yml b/playbooks/vars/repo_packages/python_glanceclient.yml deleted file mode 100644 index 342e4eea70..0000000000 --- a/playbooks/vars/repo_packages/python_glanceclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-glanceclient -git_fallback_repo: https://git.openstack.org/openstack/python-glanceclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 0.15.0 - -pip_wheel_name: python-glanceclient diff --git a/playbooks/vars/repo_packages/python_heatclient.yml b/playbooks/vars/repo_packages/python_heatclient.yml deleted file mode 100644 index 5fd4355dda..0000000000 --- a/playbooks/vars/repo_packages/python_heatclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-heatclient -git_fallback_repo: https://git.openstack.org/openstack/python-heatclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 0.2.10 - -pip_wheel_name: python-heatclient diff --git a/playbooks/vars/repo_packages/python_ironicclient.yml b/playbooks/vars/repo_packages/python_ironicclient.yml deleted file mode 100644 index 447ee0283d..0000000000 --- a/playbooks/vars/repo_packages/python_ironicclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-ironicclient -git_fallback_repo: https://git.openstack.org/openstack/python-ironicclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 0.2.1 - -pip_wheel_name: python-ironicclient diff --git a/playbooks/vars/repo_packages/python_keystoneclient.yml b/playbooks/vars/repo_packages/python_keystoneclient.yml deleted file mode 100644 index f0144ad2be..0000000000 --- a/playbooks/vars/repo_packages/python_keystoneclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-keystoneclient -git_fallback_repo: https://git.openstack.org/openstack/python-keystoneclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 1.0.0 - -pip_wheel_name: python-keystoneclient diff --git a/playbooks/vars/repo_packages/python_neutronclient.yml b/playbooks/vars/repo_packages/python_neutronclient.yml deleted file mode 100644 index 8d027949c3..0000000000 --- a/playbooks/vars/repo_packages/python_neutronclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-neutronclient -git_fallback_repo: https://git.openstack.org/openstack/python-neutronclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 72c1473f111846a026cb5f9eb97d68b435eba194 - -pip_wheel_name: python-neutronclient diff --git a/playbooks/vars/repo_packages/python_novaclient.yml b/playbooks/vars/repo_packages/python_novaclient.yml deleted file mode 100644 index 800144b00b..0000000000 --- a/playbooks/vars/repo_packages/python_novaclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-novaclient -git_fallback_repo: https://git.openstack.org/openstack/python-novaclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 2.18.1 - -pip_wheel_name: python-novaclient diff --git a/playbooks/vars/repo_packages/python_openstackclient.yml b/playbooks/vars/repo_packages/python_openstackclient.yml deleted file mode 100644 index c9f16a66b8..0000000000 --- a/playbooks/vars/repo_packages/python_openstackclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-openstackclient -git_fallback_repo: https://git.openstack.org/openstack/python-openstackclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 0.4.0 - -pip_wheel_name: python-openstackclient diff --git a/playbooks/vars/repo_packages/python_saharaclient.yml b/playbooks/vars/repo_packages/python_saharaclient.yml deleted file mode 100644 index d920770c64..0000000000 --- a/playbooks/vars/repo_packages/python_saharaclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-saharaclient -git_fallback_repo: https://git.openstack.org/openstack/python-saharaclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 0.7.6 - -pip_wheel_name: python-saharaclient diff --git a/playbooks/vars/repo_packages/python_swiftclient.yml b/playbooks/vars/repo_packages/python_swiftclient.yml deleted file mode 100644 index 1037393558..0000000000 --- a/playbooks/vars/repo_packages/python_swiftclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-swiftclient -git_fallback_repo: https://git.openstack.org/openstack/python-swiftclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 2.2.0 - -pip_wheel_name: python-swiftclient diff --git a/playbooks/vars/repo_packages/python_troveclient.yml b/playbooks/vars/repo_packages/python_troveclient.yml deleted file mode 100644 index 1b7b3a930f..0000000000 --- a/playbooks/vars/repo_packages/python_troveclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-troveclient -git_fallback_repo: https://git.openstack.org/openstack/python-troveclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 1.0.5 - -pip_wheel_name: python-troveclient diff --git a/playbooks/vars/repo_packages/python_tuskarclient.yml b/playbooks/vars/repo_packages/python_tuskarclient.yml deleted file mode 100644 index 59b3388bf5..0000000000 --- a/playbooks/vars/repo_packages/python_tuskarclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-tuskarclient -git_fallback_repo: https://git.openstack.org/openstack/python-tuskarclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 0.1.8 - -pip_wheel_name: python-tuskarclient diff --git a/playbooks/vars/repo_packages/python_zaqarclient.yml b/playbooks/vars/repo_packages/python_zaqarclient.yml deleted file mode 100644 index 0aa3638d71..0000000000 --- a/playbooks/vars/repo_packages/python_zaqarclient.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_path: "{{ pip_wheel_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/python-zaqarclient -git_fallback_repo: https://git.openstack.org/openstack/python-zaqarclient -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 0.1.0 - -pip_wheel_name: python-zaqarclient diff --git a/playbooks/vars/repo_packages/rabbitmq.yml b/playbooks/vars/repo_packages/rabbitmq.yml deleted file mode 100644 index 234644a280..0000000000 --- a/playbooks/vars/repo_packages/rabbitmq.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -container_packages: - - erlang - -service_pip_dependencies: - - python-memcached - - pycrypto diff --git a/playbooks/vars/repo_packages/readme.rst b/playbooks/vars/repo_packages/readme.rst index f05e871dbf..f487dd48d8 100644 --- a/playbooks/vars/repo_packages/readme.rst +++ b/playbooks/vars/repo_packages/readme.rst @@ -1,38 +1,27 @@ -Ansible OpenStack LXC Packages -############################## +Packages built by python from git +################################# :date: 2014-09-01 09:57 -:tags: lxc, openstack, cloud, ansible +:tags: python, pip, wheel, lxc, openstack, cloud, ansible :category: \*nix -Packages Downloads and Installables -=================================== +Packages Downloads and Installable +================================== -Any and all packages that need to be installed for this repository to work -should be specified here in the, ``repo_packages`` directory. The files in -this directory are given to plays as additional options. The options have -several default actions which are all processed by the following roles: -**package_source_archive**, **package_source_install**, -**package_system_install**. Inside these files all download-able objects -such as tar-balls and random files should also be specified. While the packaging -roles may not be used to process these links the stated purpose of this -directory is to have anything that is "installable" in a single location with -the goal to allow for easily manipulation of requirements as they change. +Any and all packages that need to be installed for this repository to work should be specified here in the, ``repo_packages`` directory. The files in this directory are given to the python wheel builder for construction. -Defaults processed by the **package_source_archive**, -**package_source_install**, **package_system_install** roles: - * gpg_keys: ``list`` of ``hashes`` with keys: key_name, keyserver, hash_id. - * apt_container_keys: ``list`` of ``hashes`` with keys: url, state - * apt_container_repos: ``list`` of ``hashes`` with keys: repo, state - * debconf_items: ``list`` of ``hashes`` with keys: question, name, value, vtype - * run_policy_deny: ``boolean`` true or false: When installing container packages this ``boolean`` will drop a run level policy to ensure that no services are started upon installation. - * repo_path: ``string`` used to set the "relative path" to an online repository without the domain name. also used as the target directory when downloading a given git repository. - * git_repo: ``string`` URI to the git repo to clone from. - * git_fallback_repo: ``string`` URI to an alternative git repo to clone from when **git_repo** fails. +Inside these files all download-able objects such as tar-balls and random files should also be specified. While the packaging roles may not be used to process these links the stated purpose of this directory is to have anything that is "installable" in a single location with the goal to allow for easily manipulation of requirements as they change. + +NOTICE on items in this file: + * If you use anything in the "*._git_install_branch" field that is not a TAG + make sure to leave an in-line comment as to "why". + +For the sake of anyone else editing this file: + * If you add clients to this file please do so in alphabetical order. + * Every entry should be name spaced with the name of the client followed by an "_" + +The basic structure of all of these files: + * git_repo: ``string`` URI to the git repository to clone from. + * git_fallback_repo: ``string`` URI to an alternative git repository to clone from when **git_repo** fails. * git_dest: ``string`` full path to place a cloned git repository. This will normally incorporate the **repo_path** variable for consistency purposes. - * git_install_branch: ``string`` branch, tag or SHA of a git repo to clone into. - * git_repo_plugins: ``list`` of ``hashes`` with keys: path, package | This is used to install additional packages which may be installable from the same base repo. - * pip_wheel_name: ``string`` pip package name to FIRST attempt installation of. - * service_pip_dependencies: ``list`` of ``strings``. - * container_packages: ``list`` of ``strings``. - * apt_common_packages: ``list`` of ``strings``. - * common_util_packages: ``list`` of ``strings``. + * git_install_branch: ``string`` branch, tag or SHA of a git repository to clone into. + * git_repo_plugins: ``list`` of ``hashes`` with keys: path, package | This is used to install additional packages which may be installable from the same base repository. diff --git a/playbooks/vars/repo_packages/swift.yml b/playbooks/vars/repo_packages/swift.yml deleted file mode 100644 index 3193e8713e..0000000000 --- a/playbooks/vars/repo_packages/swift.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: swift - -repo_path: "{{ repo_package_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/swift -git_fallback_repo: https://git.openstack.org/openstack/swift -git_dest: "/opt/{{ repo_path }}" -git_etc_example: etc/ -git_install_branch: stable/juno - -service_pip_dependencies: - - pywbem - - ecdsa - - MySQL-python - - python-memcached - - pycrypto - - python-cinderclient - - python-keystoneclient - - python-swiftclient - - keystonemiddleware - -container_packages: - - curl - - rsync - - openssh-server - - git-core - - python-dev - - gcc - - libffi-dev - -pip_wheel_name: swift diff --git a/playbooks/vars/repo_packages/tempest.yml b/playbooks/vars/repo_packages/tempest.yml deleted file mode 100644 index 1028d7788e..0000000000 --- a/playbooks/vars/repo_packages/tempest.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: tempest - -repo_path: "{{ repo_package_name }}_{{ git_install_branch | replace('/', '_') }}" - -## Git Source -git_repo: https://github.com/openstack/tempest -git_fallback_repo: https://git.openstack.org/openstack/tempest -git_dest: "/opt/{{ repo_path }}" -git_install_branch: 7c73dd5b18d29f0f3f3be0088514121dade53c8f - -pip_wheel_name: tempest - -service_pip_dependencies: - - nose - - testrepository - - testtools diff --git a/playbooks/build-containers.yml b/playbooks/vars/repo_packages/turbolift.yml similarity index 75% rename from playbooks/build-containers.yml rename to playbooks/vars/repo_packages/turbolift.yml index 2ce3815db7..75a6558ac2 100644 --- a/playbooks/build-containers.yml +++ b/playbooks/vars/repo_packages/turbolift.yml @@ -13,10 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -- hosts: "{{ host_group|default('all_containers') }}" - gather_facts: False - user: root - roles: - - container_create - -- include: containers-setup.yml +## Git source for turbolift client +git_repo: "https://github.com/cloudnull/turbolift" +git_install_branch: v2.1.3 +git_dest: "/opt/turbolift_{{ git_install_branch | replace('/', '_') }}" diff --git a/playbooks/vars/repo_packages/utility.yml b/playbooks/vars/repo_packages/utility.yml deleted file mode 100644 index e5e64fc3b8..0000000000 --- a/playbooks/vars/repo_packages/utility.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -repo_package_name: utility - -container_packages: - - openjdk-7-jre - -service_pip_dependencies: - - python-openstackclient - - python-cinderclient - - python-glanceclient - - python-heatclient - - python-keystoneclient - - python-neutronclient - - python-novaclient - - python-swiftclient - - python-memcached - - pycrypto diff --git a/requirements.txt b/requirements.txt index 3ad146fa8f..20d544ca18 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,18 +1,14 @@ -Jinja2==2.7.3 -MarkupSafe==0.23 -PyYAML==3.11 -click==2.5 -colorize==1.0.2 -ecdsa==0.11 -netaddr==0.7.12 -paramiko==1.14.0 -prettytable==0.7.2 -pycrypto==2.6.1 -wsgiref==0.1.2 -pexpect==3.3 -requests==2.4.1 -cloudlib==0.0.8 -pip==1.5.6 -wheel==0.24.0 -setuptools==7.0 -https://mirror.rackspace.com/rackspaceprivatecloud/downloads/ansible-1.6.10.tar.gz +cloudlib>=0.3.0 +ecdsa>=0.11 +Jinja2<=2.7.2 +MarkupSafe>=0.23 +netaddr>=0.7.12,<=0.7.13 +paramiko>=1.13.0,<=1.15.2 +pexpect>=3.1,<=3.3 +pip>=1.5.6 +PrettyTable>=0.7,<0.8 +pycrypto>=2.6,<=2.6.1 +PyYAML>=3.1.0,<=3.10 +requests>=1.2.1,<=2.2.1,!=2.4.0 +wheel +wsgiref>=0.1.2 diff --git a/rpc_deployment/README.rst b/rpc_deployment/README.rst new file mode 100644 index 0000000000..04b785401f --- /dev/null +++ b/rpc_deployment/README.rst @@ -0,0 +1,8 @@ +OpenStack Ansible Deployment +############################ +:date: 2015-02-02 22:00 +:tags: lxc, openstack, cloud, ansible +:category: \*nix + + +This directory is **DEPRECATED**, please change to the standard playbooks directory. diff --git a/scripts/bootstrap-aio.sh b/scripts/bootstrap-aio.sh index 7943526381..e5e76b3545 100755 --- a/scripts/bootstrap-aio.sh +++ b/scripts/bootstrap-aio.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash + # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -13,26 +14,43 @@ # See the License for the specific language governing permissions and # limitations under the License. - ## Shell Opts ---------------------------------------------------------------- -set -e -u -v +x +set -e -u -v -x -## Vars -DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} -FLUSH_IPTABLES=${FLUSH_IPTABLES:-"yes"} -## Functions ----------------------------------------------------------------- +## Vars ---------------------------------------------------------------------- +export ADMIN_PASSWORD=${ADMIN_PASSWORD:-"secrete"} +export SERVICE_REGION=${SERVICE_REGION:-"RegionOne"} +export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} +export GET_PIP_URL=${GET_PIP_URL:-"https://bootstrap.pypa.io/get-pip.py"} +export PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-"eth0"} +export PUBLIC_ADDRESS=${PUBLIC_ADDRESS:-$(ip -o -4 addr show dev ${PUBLIC_INTERFACE} | awk -F '[ /]+' '/global/ {print $4}')} +export NOVA_VIRT_TYPE=${NOVA_VIRT_TYPE:-"qemu"} +export TEMPEST_FLAT_CIDR=${TEMPEST_FLAT_CIDR:-"172.29.248.0/22"} +export FLUSH_IPTABLES=${FLUSH_IPTABLES:-"yes"} + + +## Library Check ------------------------------------------------------------- +info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh -info_block "Checking for required libraries." || source $(dirname ${0})/scripts-library.sh ## Main ---------------------------------------------------------------------- +# Ensure that the current kernel can support vxlan +if ! modprobe vxlan; then + MINIMUM_KERNEL_VERSION=$(awk '/openstack_host_required_kernel/ {print $2}' playbooks/inventory/group_vars/all.yml) + echo "A minimum kernel version of ${MINIMUM_KERNEL_VERSION} is required for vxlan support." + echo "This build will not work without it." + exit_fail +fi -# Enable logging of all commands executed -set -x +info_block "Running AIO Setup" -# update the package cache and install required packages -apt-get update && apt-get install -y \ - python-dev \ +# Set base DNS to google, ensuring consistent DNS in different environments +echo -e 'nameserver 8.8.8.8\nnameserver 8.8.4.4' | tee /etc/resolv.conf + +# Update the package cache and install required packages +apt-get update +apt-get install -y python-dev \ python2.7 \ build-essential \ curl \ @@ -46,9 +64,7 @@ apt-get update && apt-get install -y \ xfsprogs \ linux-image-extra-$(uname -r) -# output diagnostic information -get_instance_info && set -x - +# Flush all the iptables rules set by openstack-infra if [ "${FLUSH_IPTABLES}" == "yes" ]; then # Flush all the iptables rules set by openstack-infra iptables -F @@ -68,81 +84,163 @@ if ! cat -E /etc/ssh/sshd_config | tail -1 | grep -q "\$$"; then fi # Ensure that sshd permits root login, or ansible won't be able to connect -if grep -q "^PermitRootLogin" /etc/ssh/sshd_config; then +if grep "^PermitRootLogin" /etc/ssh/sshd_config > /dev/null; then sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config else echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config fi -# create /opt if it doesn't already exist +# Create /opt if it doesn't already exist if [ ! -d "/opt" ];then mkdir /opt fi -# create /etc/rc.local if it doesn't already exist +# Remove the pip directory if its found +if [ -d "${HOME}/.pip" ];then + rm -rf "${HOME}/.pip" +fi + +# Install pip +if [ ! "$(which pip)" ];then + curl ${GET_PIP_URL} > /opt/get-pip.py + python2 /opt/get-pip.py || python /opt/get-pip.py +fi + +# Install requirements if there are any +if [ -f "requirements.txt" ];then + pip2 install -r requirements.txt || pip install -r requirements.txt +fi + +# Configure all disk space +configure_diskspace + +# Create /etc/rc.local if it doesn't already exist if [ ! -f "/etc/rc.local" ];then touch /etc/rc.local chmod +x /etc/rc.local fi -# ensure that the ssh key exists and is an authorized_key +# Make the system key used for bootstrapping self +if [ ! -d /root/.ssh ];then + mkdir -p /root/.ssh + chmod 700 /root/.ssh +fi + ssh_key_create -# prepare the storage appropriately -configure_diskspace +# Make sure everything is mounted. +mount -a || true -# build the loopback drive for swap to use -loopback_create /opt/swap.img 1024M thick swap +# Build the loopback drive for swap to use +if [ ! "$(swapon -s | grep -v Filename)" ]; then + loopback_create "/opt/swap.img" 1024M thick swap + # Ensure swap will be used on the host + if [ ! $(sysctl vm.swappiness | awk '{print $3}') == "10" ];then + sysctl -w vm.swappiness=10 | tee -a /etc/sysctl.conf + fi + swapon -a +fi -# Ensure swap will be used on the host -sysctl -w vm.swappiness=10 | tee -a /etc/sysctl.conf - -# build the loopback drive for cinder to use -# but only if the cinder-volumes vg doesn't already exist -if ! vgs cinder-volumes > /dev/null 2>&1; then - CINDER="cinder.img" - loopback_create /opt/${CINDER} 10G thin rc +# Build the loopback drive for cinder to use +CINDER="cinder.img" +if ! vgs cinder-volumes; then + loopback_create "/opt/${CINDER}" 1000G thin rc CINDER_DEVICE=$(losetup -a | awk -F: "/${CINDER}/ {print \$1}") pvcreate ${CINDER_DEVICE} pvscan - vgcreate cinder-volumes ${CINDER_DEVICE} + # Check for the volume group + if ! vgs cinder-volumes; then + vgcreate cinder-volumes ${CINDER_DEVICE} + fi + # Ensure that the cinder loopback is enabled after reboot + if ! grep ${CINDER} /etc/rc.local && ! vgs cinder-volumes; then + sed -i "\$i losetup \$(losetup -f) /opt/${CINDER}" /etc/rc.local + fi fi -# build the loopback drives for swift to use +# Enable swift deployment if [ "${DEPLOY_SWIFT}" == "yes" ]; then - for SWIFT in swift1.img swift2.img swift3.img; do - loopback_create /opt/${SWIFT} 10G thin none - if ! grep -q "^/opt/${SWIFT}" /etc/fstab; then - echo "/opt/${SWIFT} /srv/${SWIFT} xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab - fi - if ! mount | grep -q "^/opt/${SWIFT}"; then - mkfs.xfs -f /opt/${SWIFT} - mkdir -p /srv/${SWIFT} - mount /srv/${SWIFT} + # build the loopback drives for swift to use + for SWIFT in swift1 swift2 swift3; do + if ! grep "${SWIFT}" /proc/mounts > /dev/null; then + loopback_create "/opt/${SWIFT}.img" 1000G thin none + if ! grep -w "^/opt/${SWIFT}.img" /etc/fstab > /dev/null; then + echo "/opt/${SWIFT}.img /srv/${SWIFT}.img xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab + fi + # Format the lo devices + mkfs.xfs -f "/opt/${SWIFT}.img" + mkdir -p "/srv/${SWIFT}.img" + mount "/opt/${SWIFT}.img" "/srv/${SWIFT}.img" fi done fi -# copy the required interfaces configuration file into place -IFACE_CFG_SOURCE="etc/network/interfaces.d/aio_interfaces.cfg" -IFACE_CFG_TARGET="/${IFACE_CFG_SOURCE}" -cp ${IFACE_CFG_SOURCE} ${IFACE_CFG_TARGET} - -# Ensure the network source is in place -if ! grep -q "^source /etc/network/interfaces.d/\*.cfg$" /etc/network/interfaces; then - echo -e "\nsource /etc/network/interfaces.d/*.cfg" | tee -a /etc/network/interfaces +# Copy aio network config into place. +if [ ! -d "/etc/network/interfaces.d" ];then + mkdir -p /etc/network/interfaces.d/ fi -# Set base DNS to google, ensuring consistent DNS in different environments -echo -e 'nameserver 8.8.8.8\nnameserver 8.8.4.4' | tee /etc/resolv.conf +# Copy the basic aio network interfaces over +cp -R etc/network/interfaces.d/aio_interfaces.cfg /etc/network/interfaces.d/ + +# Ensure the network source is in place +if [ ! "$(grep -Rni '^source\ /etc/network/interfaces.d/\*.cfg' /etc/network/interfaces)" ]; then + echo "source /etc/network/interfaces.d/*.cfg" | tee -a /etc/network/interfaces +fi # Bring up the new interfaces -for iface in $(awk '/^iface/ {print $2}' ${IFACE_CFG_TARGET}); do - /sbin/ifup $iface || true +for i in $(awk '/^iface/ {print $2}' /etc/network/interfaces.d/aio_interfaces.cfg); do + if grep "^$i\:" /proc/net/dev > /dev/null;then + /sbin/ifdown $i || true + fi + /sbin/ifup $i || true done -# output an updated set of diagnostic information -get_instance_info +# Remove an existing etc directory if already found +if [ -d "/etc/openstack_deploy" ];then + rm -rf "/etc/openstack_deploy" +fi -# Final message +# Copy the base etc files +cp -R etc/openstack_deploy /etc/ + +# Ensure the conf.d directory exists +if [ ! -d "/etc/openstack_deploy/conf.d" ];then + mkdir -p "/etc/openstack_deploy/conf.d" +fi + +# Generate the passwords +scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml + +# change the generated passwords for the OpenStack (admin) and Kibana (kibana) accounts +sed -i "s/keystone_auth_admin_password:.*/keystone_auth_admin_password: ${ADMIN_PASSWORD}/" /etc/openstack_deploy/user_secrets.yml +sed -i "s/kibana_password:.*/kibana_password: ${ADMIN_PASSWORD}/" /etc/openstack_deploy/user_secrets.yml +ENV_VERSION="$(md5sum /etc/openstack_deploy/openstack_environment.yml | awk '{print $1}')" +sed -i "s/environment_version:.*/environment_version: ${ENV_VERSION}/" /etc/openstack_deploy/openstack_user_config.yml +sed -i "s/external_lb_vip_address:.*/external_lb_vip_address: ${PUBLIC_ADDRESS}/" /etc/openstack_deploy/openstack_user_config.yml + +# Service region set +echo "keystone_service_region: ${SERVICE_REGION}" | tee -a /etc/openstack_deploy/user_variables.yml + +# Virt type set +echo "nova_virt_type: ${NOVA_VIRT_TYPE}" | tee -a /etc/openstack_deploy/user_variables.yml + +# Set network for tempest +echo "tempest_public_subnet_cidr: ${TEMPEST_FLAT_CIDR}" | tee -a /etc/openstack_deploy/user_variables.yml + +# Minimize galera cache +echo 'galera_gcache_size: 50M' | tee -a /etc/openstack_deploy/user_variables.yml + +# Add in swift vars if needed +if [ "${DEPLOY_SWIFT}" == "yes" ]; then + # ensure that glance is configured to use swift + sed -i "s/glance_default_store:.*/glance_default_store: swift/" /etc/openstack_deploy/user_variables.yml + sed -i "s/glance_swift_store_auth_address:.*/glance_swift_store_auth_address: '{{ keystone_service_internalurl }}'/" /etc/openstack_deploy/user_secrets.yml + sed -i "s/glance_swift_store_container:.*/glance_swift_store_container: glance_images/" /etc/openstack_deploy/user_secrets.yml + sed -i "s/glance_swift_store_key:.*/glance_swift_store_key: '{{ keystone_auth_admin_password }}'/" /etc/openstack_deploy/user_secrets.yml + sed -i "s/glance_swift_store_region:.*/glance_swift_store_region: ${SERVICE_REGION}/" /etc/openstack_deploy/user_secrets.yml + sed -i "s/glance_swift_store_user:.*/glance_swift_store_user: '{{ keystone_admin_user_name }}:{{ keystone_admin_tenant_name }}'/" /etc/openstack_deploy/user_secrets.yml +fi + +set +x +v info_block "The system has been prepared for an all-in-one build." diff --git a/scripts/bootstrap-ansible.sh b/scripts/bootstrap-ansible.sh index 8e786bea2c..f46d8d78b8 100755 --- a/scripts/bootstrap-ansible.sh +++ b/scripts/bootstrap-ansible.sh @@ -15,27 +15,45 @@ # # (c) 2014, Kevin Carter -set -e -u -v +x +## Shell Opts ---------------------------------------------------------------- +set -e -u -v -x -## Variables ----------------------------------------------------------------- -ANSIBLE_DEPLOY_METHOD="pip" -ANSIBLE_GIT_REPO="https://github.com/ansible/ansible" -ANSIBLE_GIT_RELEASE="${ANSIBLE_GIT_RELEASE:-1.6.10}" -ANSIBLE_WORKING_DIR="/opt/ansible_v${ANSIBLE_GIT_RELEASE}" -GET_PIP_URL="${GET_PIP_URL:-https://mirror.rackspace.com/rackspaceprivatecloud/downloads/get-pip.py}" +## Vars ---------------------------------------------------------------------- +export ANSIBLE_GIT_RELEASE=${ANSIBLE_GIT_RELEASE:-"v1.8.2"} +export ANSIBLE_GIT_REPO=${ANSIBLE_GIT_REPO:-"https://github.com/ansible/ansible"} +export ANSIBLE_ROLE_FILE=${ANSIBLE_ROLE_FILE:-"ansible-role-requirements.yml"} +export ANSIBLE_WORKING_DIR=${ANSIBLE_WORKING_DIR:-/opt/ansible_${ANSIBLE_GIT_RELEASE}} +export GET_PIP_URL=${GET_PIP_URL:-"https://bootstrap.pypa.io/get-pip.py"} +export SSH_DIR=${SSH_DIR:-"/root/.ssh"} +export UPDATE_ANSIBLE_REQUIREMENTS=${UPDATE_ANSIBLE_REQUIREMENTS:-"yes"} + ## Functions ----------------------------------------------------------------- +info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh -info_block "Checking for required libraries." || source $(dirname ${0})/scripts-library.sh ## Main ---------------------------------------------------------------------- +info_block "Bootstrapping System with Ansible" -# Enable logging of all commands executed -set -x +# Create the ssh dir if needed +ssh_key_create # Install the base packages -apt-get update && apt-get -y install git python-all python-dev curl +apt-get update && apt-get -y install git python-all python-dev curl autoconf g++ python2.7-dev + +# If the working directory exists remove it +if [ -d "${ANSIBLE_WORKING_DIR}" ];then + rm -rf "${ANSIBLE_WORKING_DIR}" +fi + +# Clone down the base ansible source +git clone "${ANSIBLE_GIT_REPO}" "${ANSIBLE_WORKING_DIR}" +pushd "${ANSIBLE_WORKING_DIR}" + git checkout "${ANSIBLE_GIT_RELEASE}" + git submodule update --init --recursive +popd + # Install pip if [ ! "$(which pip)" ];then @@ -43,30 +61,26 @@ if [ ! "$(which pip)" ];then python2 /opt/get-pip.py || python /opt/get-pip.py fi -if [ "${ANSIBLE_DEPLOY_METHOD}" == "git" ]; then - # If the working directory exists remove it - if [ -d "${ANSIBLE_WORKING_DIR}" ];then - rm -rf "${ANSIBLE_WORKING_DIR}" - fi - # Clone down the base ansible source - git clone "${ANSIBLE_GIT_REPO}" "${ANSIBLE_WORKING_DIR}" - pushd "${ANSIBLE_WORKING_DIR}" - git checkout "v${ANSIBLE_GIT_RELEASE}" - git submodule update --init --recursive - popd - # Install requirements if there are any - if [ -f "${ANSIBLE_WORKING_DIR}/requirements.txt" ];then - pip2 install -r "${ANSIBLE_WORKING_DIR}/requirements.txt" || pip install -r "${ANSIBLE_WORKING_DIR}/requirements.txt" - fi - # Install ansible - pip2 install "${ANSIBLE_WORKING_DIR}" || pip install "${ANSIBLE_WORKING_DIR}" -else - # Use pip to install ansible - pip install ansible==${ANSIBLE_GIT_RELEASE} +# Install requirements if there are any +if [ -f "requirements.txt" ];then + pip2 install -r requirements.txt || pip install -r requirements.txt fi -set +x -info_block "Ansible is now bootstrapped and ready for use." +# Install ansible +pip2 install "${ANSIBLE_WORKING_DIR}" || pip install "${ANSIBLE_WORKING_DIR}" + +# Update dependent roles +if [ -f "ansible-role-requirements.yml" ];then + # Update or create the roles manifest + if [ "${UPDATE_ANSIBLE_REQUIREMENTS}" == "yes" ];then + ./scripts/os-ansible-role-requirements.py --requirement-file ${ANSIBLE_ROLE_FILE} update + fi + # Pull all required roles. + ansible-galaxy install --role-file=${ANSIBLE_ROLE_FILE} \ + --roles-path=playbooks/roles/ \ + --ignore-errors \ + --force +fi # Create openstack ansible wrapper tool cat > /usr/local/bin/openstack-ansible < /usr/local/bin/openstack-ansible < /dev/null || source $(dirname ${0})/scripts-library.sh -info_block "Checking for required libraries." || source $(dirname ${0})/scripts-library.sh ## Main ---------------------------------------------------------------------- - -# ensure that the current kernel can support vxlan -if ! modprobe vxlan; then - MINIMUM_KERNEL_VERSION=$(awk '/required_kernel/ {print $2}' ${PLAYBOOK_DIRECTORY}/inventory/group_vars/all.yml) - info_block "A minimum kernel version of ${MINIMUM_KERNEL_VERSION} is required for vxlan support." - exit 1 -fi - # Get initial host information and reset verbosity set +x && get_instance_info && set -x -# Bootstrap ansible if required -if [ "${BOOTSTRAP_ANSIBLE}" == "yes" ]; then - source $(dirname ${0})/bootstrap-ansible.sh +# Remove color options +if [ "${ANSIBLE_DISABLE_COLOR}" == "yes" ]; then + pushd $(dirname ${0})/../playbooks + sed -i 's/nocolor.*/nocolor = 1/' ansible.cfg + popd fi # Bootstrap an AIO setup if required @@ -56,55 +61,14 @@ if [ "${BOOTSTRAP_AIO}" == "yes" ]; then source $(dirname ${0})/bootstrap-aio.sh fi +# Bootstrap ansible if required +if [ "${BOOTSTRAP_ANSIBLE}" == "yes" ]; then + source $(dirname ${0})/bootstrap-ansible.sh +fi + # Get initial host information and reset verbosity set +x && get_instance_info && set -x -# Install requirements -pip2 install -r requirements.txt || pip install -r requirements.txt - -# Copy the base etc files -if [ ! -d "/etc/${CONFIG_PREFIX}_deploy" ];then - cp -R etc/${CONFIG_PREFIX}_deploy /etc/ - - # Generate the passwords - USER_VARS_PATH="/etc/${CONFIG_PREFIX}_deploy/user_variables.yml" - - # Adjust any defaults to suit the AIO - # commented lines are removed by pw-token gen, so this substitution must - # happen prior. - sed -i "s/# nova_virt_type:.*/nova_virt_type: qemu/" ${USER_VARS_PATH} - - # generate random passwords and tokens - ./scripts/pw-token-gen.py --file ${USER_VARS_PATH} - - # change the generated passwords for the OpenStack (admin) and Kibana (kibana) accounts - sed -i "s/keystone_auth_admin_password:.*/keystone_auth_admin_password: ${ADMIN_PASSWORD}/" ${USER_VARS_PATH} - sed -i "s/kibana_password:.*/kibana_password: ${ADMIN_PASSWORD}/" ${USER_VARS_PATH} - - if [ "${DEPLOY_SWIFT}" == "yes" ]; then - # ensure that glance is configured to use swift - sed -i "s/glance_default_store:.*/glance_default_store: swift/" ${USER_VARS_PATH} - sed -i "s/glance_swift_store_auth_address:.*/glance_swift_store_auth_address: '{{ auth_identity_uri }}'/" ${USER_VARS_PATH} - sed -i "s/glance_swift_store_container:.*/glance_swift_store_container: glance_images/" ${USER_VARS_PATH} - sed -i "s/glance_swift_store_key:.*/glance_swift_store_key: '{{ glance_service_password }}'/" ${USER_VARS_PATH} - sed -i "s/glance_swift_store_region:.*/glance_swift_store_region: RegionOne/" ${USER_VARS_PATH} - sed -i "s/glance_swift_store_user:.*/glance_swift_store_user: 'service:glance'/" ${USER_VARS_PATH} - fi - - if [ "${BOOTSTRAP_AIO}" == "yes" ]; then - # adjust the default user configuration for the AIO - USER_CONFIG_PATH="/etc/${CONFIG_PREFIX}_deploy/${CONFIG_PREFIX}_user_config.yml" - ENV_CONFIG_PATH="/etc/${CONFIG_PREFIX}_deploy/${CONFIG_PREFIX}_environment.yml" - sed -i "s/environment_version: .*/environment_version: $(md5sum ${ENV_CONFIG_PATH} | awk '{print $1}')/" ${USER_CONFIG_PATH} - SERVER_IP_ADDRESS="$(ip -o -4 addr show dev eth0 | awk -F '[ /]+' '/global/ {print $4}')" - sed -i "s/external_lb_vip_address: .*/external_lb_vip_address: ${SERVER_IP_ADDRESS}/" ${USER_CONFIG_PATH} - if [ "${DEPLOY_SWIFT}" == "yes" ]; then - # add the swift proxy host network provider map - sed -i 's/# - swift_proxy/- swift_proxy/' ${USER_CONFIG_PATH} - fi - fi -fi - # Run the ansible playbooks if required if [ "${RUN_PLAYBOOKS}" == "yes" ]; then source $(dirname ${0})/run-playbooks.sh @@ -114,3 +78,5 @@ fi if [ "${RUN_TEMPEST}" == "yes" ]; then source $(dirname ${0})/run-tempest.sh fi + +exit_success diff --git a/scripts/gate-check-lint.sh b/scripts/gate-check-lint.sh index 9def9cdfe0..718bd6e199 100755 --- a/scripts/gate-check-lint.sh +++ b/scripts/gate-check-lint.sh @@ -14,58 +14,35 @@ # limitations under the License. ## Shell Opts ---------------------------------------------------------------- +set -e -u -v -x -set -e -u -v +x -## Variables ----------------------------------------------------------------- +## Library Check ------------------------------------------------------------- +info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh -BOOTSTRAP_ANSIBLE=${BOOTSTRAP_ANSIBLE:-"yes"} -PLAYBOOK_PATH=${PLAYBOOK_PATH:-"playbooks"} - -## Functions ----------------------------------------------------------------- - -info_block "Checking for required libraries." || source $(dirname ${0})/scripts-library.sh ## Main ---------------------------------------------------------------------- +info_block "Running Basic Ansible Lint Check" -# Enable logging of all commands executed -set -x - -# Bootstrap ansible if required -if [ "${BOOTSTRAP_ANSIBLE}" == "yes" ]; then - source $(dirname ${0})/bootstrap-ansible.sh -fi - -# Check whether pip or pip2 is available -if ! ( which pip > /dev/null && which pip2 > /dev/null ); then - info_block "ERROR: Please install pip before proceeding." - exit 1 -fi - -# Check whether ansible-playbook is available -if ! which ansible-playbook > /dev/null; then - info_block "ERROR: Please install ansible before proceeding." - exit 1 -fi # Install the development requirements -if [ -f dev-requirements.txt ]; then +if [ -f "dev-requirements.txt" ]; then pip2 install -r dev-requirements.txt || pip install -r dev-requirements.txt else pip2 install ansible-lint || pip install ansible-lint fi # Perform our simple sanity checks -echo -e '[all]\nlocalhost ansible_connection=local' | tee local_only_inventory +pushd playbooks + echo -e '[all]\nlocalhost ansible_connection=local' | tee local_only_inventory -# Do a basic syntax check on all playbooks and roles -info_block "Running Syntax Check" -ansible-playbook -i local_only_inventory --syntax-check \ - $(find ${PLAYBOOK_PATH} -maxdepth 1 -type f \ - -name "*.yml" ! -name "os-service-config-update.yml") + # Do a basic syntax check on all playbooks and roles + info_block "Running Syntax Check" + ansible-playbook -i local_only_inventory --syntax-check *.yml --list-tasks + + # Perform a lint check on all playbooks and roles + info_block "Running Lint Check" + ansible-lint --version + ansible-lint *.yml +popd -# Perform a lint check on all playbooks and roles -info_block "Running Lint Check" -ansible-lint --version -ansible-lint $(find ${PLAYBOOK_PATH} -maxdepth 1 -type f \ - -name "*.yml" ! -name "os-service-config-update.yml") diff --git a/scripts/os-ansible-role-requirements.py b/scripts/os-ansible-role-requirements.py new file mode 100755 index 0000000000..d19a94195d --- /dev/null +++ b/scripts/os-ansible-role-requirements.py @@ -0,0 +1,304 @@ +#!/usr/bin/env python +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2014, Kevin Carter + +import json +import os +import requests +import yaml + +from cloudlib import arguments + + +def _arguments(): + """Return CLI arguments.""" + + arguments_dict = { + 'shared_args': { + 'filter': { + 'commands': [ + '--filter' + ], + 'help': 'filter the git api repo returns to the string' + ' type that begins with the string provided.' + ' Filtering is ONLY ever used with pulling' + ' from the upstream github API.' + ' Default: %(default)s', + 'metavar': '[STR]', + 'default': 'openstack_role-' + } + }, + 'optional_args': { + 'requirement_file': { + 'commands': [ + '--requirement-file' + ], + 'help': 'Path to a dictionary file. The file should contain' + ' one word per line. Default: %(default)s', + 'metavar': '[PATH]', + 'default': os.path.join( + os.getcwd(), + 'ansible-role-requirements.yml' + ) + }, + 'repo': { + 'commands': [ + '--repo' + ], + 'help': 'Full path the git repo api path that the script will' + ' scan through.', + 'metavar': '[URL]', + 'default': 'https://api.github.com/orgs/os-cloud/repos' + }, + 'git_username': { + 'commands': [ + '-u', + '--git-username' + ], + 'help': 'Username for a github account.', + 'metavar': '[STR]', + 'default': None + }, + 'git_password': { + 'commands': [ + '-p', + '--git-password' + ], + 'help': 'Passowrd for a github account.', + 'metavar': '[STR]', + 'default': None + } + }, + 'subparsed_args': { + 'update': { + 'help': 'Run an update on an existing inventory. This will' + ' attempt to update all of your role, that have a' + ' defined `github_api` key to the latest tag. If a tag' + ' is not available the default branch will be used.', + 'shared_args': ['filter'] + }, + 'create': { + 'help': 'Create a new ansible requirements file based on the' + ' discovered repositories using a defined filter on' + ' the repo name.', + 'shared_args': ['filter'] + } + } + } + + return arguments.ArgumentParserator( + arguments_dict=arguments_dict, + epilog='Licensed Apache2', + title='Create/Update an ansible galaxy repository file', + detail='Ansible Galaxy repository generator that will parse an' + ' existing requirements file and update it the latest stable' + ' release or create a new one if one was not passed into the' + ' generator or discovered.', + description='Generate an ansible galaxy requirements file.', + env_name='OpenStack' + ).arg_parser() + + +def process_request(url, auth): + """Perform an http request. + + :param url: full url to query + :type url: ``str`` + :param auth: username, password credentials + :type auth: ``tuple`` || ``None`` + :returns: ``dict`` + """ + content = requests.get(url, auth=auth) + if content.status_code >= 300: + raise SystemExit(content.content) + return content.json() + + +def _get_repos(repo_access, auth): + """Return a list of repositories from the provided github api. + + :param repo_access: requests head object. + :type repo_access: ``str`` + :param auth: username, password credentials + :type auth: ``tuple`` || ``None`` + :return: ``list`` + """ + if 'link' in repo_access.__dict__: + repo_content = list() + links = repo_access.__dict__['link'].split(',') + pages = [i.replace(' ', '') for i in links if 'last' in i] + page_link = pages[0].split(';')[0] + page_link = page_link.strip('>').strip('<') + page_link = page_link.split('=') + for page in range(0, int(page_link[-1])): + page_number = page + 1 + content = requests.get( + '%s=%s' % (page_link, page_number), + auth=auth + ) + for repo in content.json(): + repo_content.append(repo) + else: + return json.loads(repo_content) + else: + return process_request(url=repo_access.__dict__['url'], auth=auth) + + +def get_repos(url, auth=None): + """Return json from a request URL. + + This method assumes that you are hitting the github API. + + :param url: Full url to the git api user / org / or repo. + :type url: ``str`` + :param auth: username, password credentials + :type auth: ``tuple`` || ``None`` + :returns: ``dict`` + """ + return _get_repos( + repo_access=requests.head(url, auth=auth), + auth=auth + ) + + +def process_tags(git_repo, repo, auth): + """Itentify and set the highest tag from a git repo. + + :param git_repo: github repo item + :type git_repo: ``dict`` + :param repo: anisble repo manifest item + :type repo: ``dict`` + :param auth: username, password credentials + :type auth: ``tuple`` || ``None`` + """ + try: + tags = process_request(url=git_repo['tags_url'], auth=auth) + if tags: + latest_release = max([i['name'] for i in tags]) + else: + latest_release = git_repo['default_branch'] + except (IndexError, KeyError): + repo['version'] = git_repo['default_branch'] + else: + repo['version'] = latest_release + + +def create_from_github_repos(args, auth): + """Return a list of dicts used for creating an ansible role manifest. + + :param args: user defined arguments + :type args: ``dict`` + :param auth: username, password credentials + :type auth: ``tuple`` || ``None`` + :return: ``list`` + """ + requirements = list() + filter_name = args['filter'] + + for repo in get_repos(url=args['repo'], auth=auth): + if filter_name and not repo['name'].startswith(filter_name): + continue + + print('* Repo created: [ %s ]' % repo['name']) + item = dict() + item['src'] = repo['html_url'] + item['name'] = repo['name'].split('-')[-1] + item['github_api'] = repo['url'] + process_tags(git_repo=repo, repo=item, auth=auth) + requirements.append(item) + else: + return requirements + + +def update_existing_repos(repos, auth): + """Update existing repos for new tags. + + For this method to work the entry in the manifest must have an entry + for ``github_api``. If this item is not found, the repo entry will be + skipped. + + :param repos: list of items in an existing manifest. + :type repos: ``list`` + :param auth: username, password credentials + :type auth: ``tuple`` || ``None`` + :return: + """ + for repo in repos: + github_api = repo.get('github_api') + if github_api: + print('* Repo checking for update: [ %s ]' % repo['name']) + git_repo = process_request(url=github_api, auth=auth) + process_tags(git_repo=git_repo, repo=repo, auth=auth) + else: + return repos + + +def requirements_file(args): + requirement_file = os.path.abspath( + os.path.expanduser( + args['requirement_file'] + ) + ) + + if not os.path.isdir(os.path.dirname(args['requirement_file'])): + os.makedirs(os.path.dirname(args['requirement_file'])) + + return requirement_file + + +def build_requirements(args): + args['requirement_file'] = requirements_file(args) + + if args['git_username']: + _auth = (args['git_username'], args['git_password']) + else: + _auth = None + + if args['parsed_command'] == 'create': + requirements = create_from_github_repos(args=args, auth=_auth) + elif args['parsed_command'] == 'update': + if os.path.isfile(args['requirement_file']): + with open(args['requirement_file'], 'rb') as f: + requirements = update_existing_repos( + repos=yaml.safe_load(f.read()), + auth=_auth + ) + else: + requirements = create_from_github_repos(args=args, auth=_auth) + else: + raise SystemExit( + '"parsed_command: %s" not found.' % args['parsed_command'] + ) + + with open(args['requirement_file'], 'wb') as f: + f.write( + yaml.safe_dump( + sorted(requirements, key=lambda k: k['name']), + default_flow_style=False, + width=1000 + ) + ) + + print('File Ready: [ %s ]' % args['requirement_file']) + + +def main(): + user_args = _arguments() + build_requirements(args=user_args) + + +if __name__ == '__main__': + main() diff --git a/scripts/osad-aio-heat-template.yml b/scripts/osad-aio-heat-template.yml new file mode 100644 index 0000000000..e7c13880ac --- /dev/null +++ b/scripts/osad-aio-heat-template.yml @@ -0,0 +1,92 @@ +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +heat_template_version: 2013-05-23 +description: Heat template to deploy OS-Ansible-Deployment +parameters: + ssh_key_name: + type: string + description: Name of a Key Pair to enable SSH access to the instance + image_name: + type: string + description: Name of image to use for server + flavor_name: + type: string + description: Name Flavor to use for server + server_name: + type: string + default: OSAD-AIO + description: The Instance Name + install_script_url: + type: string + default: https://raw.githubusercontent.com/stackforge/os-ansible-deployment/master/scripts/run-aio-build.sh + description: The aio script installation URL + frozen_repo_url: + type: string + default: http://rpc-repo.rackspace.com + description: URL to the frozen + repo_url: + type: string + default: https://github.com/stackforge/os-ansible-deployment.git + description: The repository URL + repo_branch: + type: string + default: master + description: The repository branch + net_id: + type: string + description: ID of Neutron network into which servers get deployed + sec_group: + type: string + description: Name of the security group +outputs: + OSADAIO_public_ip: + description: The public IP address of the newly configured Server. + value: { get_attr: [ OSADAIO, first_address ] } + OSADAIO_password: + description: The password for all the things. + value: secrete +resources: + OSADAIO_port: + type: OS::Neutron::Port + properties: + network_id: { get_param: net_id } + security_groups: [{ get_param: sec_group }] + OSADAIO: + type: OS::Nova::Server + properties: + flavor: { get_param: flavor_name } + image: { get_param: image_name } + name: { get_param: server_name } + key_name: { get_param: ssh_key_name } + networks: + - port: { get_resource: OSADAIO_port } + user_data: + str_replace: + params: + "%install_script_url%": { get_param: install_script_url } + "%repo_url%": { get_param: repo_url } + "%repo_branch%": { get_param: repo_branch } + "%frozen_repo_url%": { get_param: frozen_repo_url } + template: | + #!/usr/bin/env bash + export REPO_URL="%repo_url%" + export REPO_BRANCH="%repo_branch%" + export FROZEN_REPO_URL="%frozen_repo_url%" + apt-get update + apt-get -y install wget + pushd /opt + bash <(wget -O- "%install_script_url%") + popd + diff --git a/scripts/run-aio-build.sh b/scripts/run-aio-build.sh index 27b32773dc..e5f8ba88f4 100755 --- a/scripts/run-aio-build.sh +++ b/scripts/run-aio-build.sh @@ -18,11 +18,12 @@ set -e -u -v +x ## Variables ----------------------------------------------------------------- - export REPO_URL=${REPO_URL:-"https://github.com/stackforge/os-ansible-deployment.git"} export REPO_BRANCH=${REPO_BRANCH:-"master"} export WORKING_FOLDER=${WORKING_FOLDER:-"/opt/stackforge/os-ansible-deployment"} -export ANSIBLE_PARAMETERS=${ANSIBLE_ANSIBLE_PARAMETERS:-"--forks 10"} +# On normal AIO build the script should do everything possible to try for success +export MAX_RETRIES=${MAX_RETRIES:-"5"} + ## Main ---------------------------------------------------------------------- @@ -33,7 +34,7 @@ set -x apt-get update && apt-get install -y git # fetch the repo -git clone -b ${REPO_BRANCH} ${REPO_URL} ${WORKING_FOLDER}/ +git clone -b ${REPO_BRANCH} ${REPO_URL} ${WORKING_FOLDER} # run the same aio build script that is used in the OpenStack CI pipeline cd ${WORKING_FOLDER} @@ -59,7 +60,7 @@ echo "If this server has been rebooted, you will need to re-bootstrap" echo "Galera to get the cluster operational. To do this execute:" echo "" echo "cd $(pwd)/playbooks" -echo "ansible-playbook -e @/etc/openstack_deploy/user_variables.yml galera-startup.yml" +echo "openstack-ansible galera-install --tags galera-bootstrap" echo "" EOF chmod +x /etc/update-motd.d/21-galera diff --git a/scripts/run-playbooks.sh b/scripts/run-playbooks.sh index 8c9427ec5e..70bf726d29 100755 --- a/scripts/run-playbooks.sh +++ b/scripts/run-playbooks.sh @@ -14,11 +14,10 @@ # limitations under the License. ## Shell Opts ---------------------------------------------------------------- +set -e -u -v -x -set -e -u -v +x ## Variables ----------------------------------------------------------------- - DEPLOY_HOST=${DEPLOY_HOST:-"yes"} DEPLOY_LB=${DEPLOY_LB:-"yes"} DEPLOY_INFRASTRUCTURE=${DEPLOY_INFRASTRUCTURE:-"yes"} @@ -26,81 +25,103 @@ DEPLOY_LOGGING=${DEPLOY_LOGGING:-"yes"} DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"} DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"no"} -ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-"--forks 10"} -PLAYBOOK_DIRECTORY=${PLAYBOOK_DIRECTORY:-"playbooks"} + ## Functions ----------------------------------------------------------------- +info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh -info_block "Checking for required libraries." || source $(dirname ${0})/scripts-library.sh - -function install_bits() { - successerator openstack-ansible ${ANSIBLE_PARAMETERS} $@ -} ## Main ---------------------------------------------------------------------- - # Initiate the deployment -pushd ${PLAYBOOK_DIRECTORY} +pushd "playbooks" if [ "${DEPLOY_HOST}" == "yes" ]; then # Install all host bits - install_bits host-setup.yml + install_bits openstack-hosts-setup.yml + install_bits lxc-hosts-setup.yml + + # Bring the lxc bridge down and back up to ensures the iptables rules are in-place + # This also will ensure that the lxc dnsmasq rules are active. + ansible hosts -m shell -a '(ifdown lxcbr0 || true); ifup lxcbr0' + + # Restart any containers that may already exist + ansible hosts -m shell -a 'for i in $(lxc-ls); do lxc-stop -n $i; lxc-start -d -n $i; done' + + # Create the containers. + install_bits lxc-containers-create.yml + + # Make sure there are no dead veth(s) + # This is good when using a host with multiple times, IE: Rebuilding. + ansible hosts -m shell -a 'lxc-system-manage veth-cleanup' + + # Flush the net cache + # This is good when using a host with multiple times, IE: Rebuilding. + ansible hosts -m shell -a 'lxc-system-manage flush-net-cache' + + # Get host information post initial setup and reset verbosity + set +x && get_instance_info && set -x fi if [ "${DEPLOY_LB}" == "yes" ]; then # Install haproxy for dev purposes only install_bits haproxy-install.yml fi + if [ "${DEPLOY_INFRASTRUCTURE}" == "yes" ]; then # Install all of the infra bits install_bits memcached-install.yml + + # For the purposes of gating the repository of python wheels are built within + # the environment. Normal installation would simply clone the upstream mirror. + install_bits repo-server.yml + install_bits repo-build.yml + install_bits galera-install.yml - install_bits rabbit-install.yml + install_bits rabbitmq-install.yml + install_bits utility-install.yml + if [ "${DEPLOY_LOGGING}" == "yes" ]; then - install_bits rsyslog-install.yml - install_bits elasticsearch-install.yml - install_bits logstash-install.yml - install_bits kibana-install.yml - install_bits es2unix-install.yml + info_block "Logging has not been galaxified yet..." fi fi - if [ "${DEPLOY_OPENSTACK}" == "yes" ]; then - # install all of the OpenStack Bits - if [ -f openstack-common.yml ]; then - # cater for 9.x.x release (icehouse) - install_bits openstack-common.yml - fi - if [ -f keystone-all.yml ]; then - # cater for 10.x.x release (juno) onwards - install_bits keystone-all.yml - else - # cater for 9.x.x release (icehouse) - install_bits keystone.yml - install_bits keystone-add-all-services.yml - fi - if [ "${DEPLOY_SWIFT}" == "yes" ]; then - install_bits swift-all.yml - fi - install_bits glance-all.yml - install_bits heat-all.yml - install_bits nova-all.yml - install_bits neutron-all.yml - install_bits cinder-all.yml - install_bits horizon-all.yml - if [ -f utility-all.yml ]; then - # cater for 10.x.x release (juno) onwards - install_bits utility-all.yml - elif [ -f utility.yml ]; then - # cater for 9.x.x release (icehouse) - install_bits utility.yml - fi - if [ "${DEPLOY_TEMPEST}" == "yes" ]; then - # Deploy tempest - install_bits tempest.yml - fi + if [ "${DEPLOY_SWIFT}" == "yes" ] || [ "${DEPLOY_OPENSTACK}" == "yes" ]; then + # Install all of rsyslog + install_bits rsyslog-install.yml + + # Hard restart the rsyslog container(s) + ansible hosts -m shell -a 'for i in $(lxc-ls | grep "rsyslog"); do lxc-stop -kn $i; lxc-start -d -n $i; done' fi + + if [ "${DEPLOY_OPENSTACK}" == "yes" ]; then + # install all of the compute Bits + install_bits os-keystone-install.yml + install_bits os-glance-install.yml + install_bits os-cinder-install.yml + install_bits os-nova-install.yml + install_bits os-neutron-install.yml + install_bits os-heat-install.yml + install_bits os-horizon-install.yml + fi + + if [ "${DEPLOY_SWIFT}" == "yes" ]; then + if [ "${DEPLOY_OPENSTACK}" == "no" ]; then + # When os install is no, make sure we still have keystone for use in swift. + install_bits os-keystone-install.yml + fi + # install all of the swift Bits + install_bits os-swift-install.yml + fi + + if [ "${DEPLOY_TEMPEST}" == "yes" ]; then + # Deploy tempest + install_bits os-tempest-install.yml + fi + if [ "${DEPLOY_INFRASTRUCTURE}" == "yes" ] && [ "${DEPLOY_LOGGING}" == "yes" ]; then - # Configure Rsyslog - install_bits rsyslog-config.yml + # Reconfigure Rsyslog + install_bits rsyslog-install.yml fi popd + +# print the report data +set +x && print_report diff --git a/scripts/run-tempest.sh b/scripts/run-tempest.sh index 404554732b..8adb5b6387 100755 --- a/scripts/run-tempest.sh +++ b/scripts/run-tempest.sh @@ -14,48 +14,34 @@ # limitations under the License. ## Shell Opts ---------------------------------------------------------------- - set -e -u -v +x -## Variables ----------------------------------------------------------------- -CONFIG_PREFIX=${CONFIG_PREFIX:-"openstack"} -TEMPEST_SCRIPT_PATH=${TEMPEST_SCRIPT_PATH:-/root/${CONFIG_PREFIX}_tempest_gate.sh} -TEMPEST_SCRIPT_PARAMETERS=${TEMPEST_SCRIPT_PARAMETERS:-commit_aio} -PLAYBOOK_DIRECTORY=${PLAYBOOK_DIRECTORY:-"playbooks"} +## Vars ---------------------------------------------------------------------- +export TEMPEST_SCRIPT_PATH=${TEMPEST_SCRIPT_PATH:-/opt/openstack_tempest_gate.sh} +export TEMPEST_SCRIPT_PARAMETERS=${TEMPEST_SCRIPT_PARAMETERS:-""} -## Functions ----------------------------------------------------------------- -info_block "Checking for required libraries." || source $(dirname ${0})/scripts-library.sh +## Library Check ------------------------------------------------------------- +info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh + ## Main ---------------------------------------------------------------------- +info_block "Running OpenStack Smoke Tests" -# Check that ansible has been installed -if ! which ansible > /dev/null 2>&1; then - info_block "ERROR: Please ensure that ansible is installed." - exit 1 -fi - -# Check that we are in the root path of the cloned repo -if [ ! -d "etc" -a ! -d "scripts" -a ! -f "requirements.txt" ]; then - info_block "ERROR: Please execute this script from the root directory of the cloned source code." - exit 1 -fi - -pushd ${PLAYBOOK_DIRECTORY} +pushd playbooks # Check that there are utility containers - if ! ansible 'utility[0]' --list-hosts; then - info_block "ERROR: No utility containers have been deployed in your environment." - exit 99 + if ! ansible 'utility[0]' --list-hosts;then + echo -e "\nERROR: No utility containers have been deployed in your environment\n" + exit_state 99 fi # Check that the utility container already has the required tempest script deployed - if ! ansible 'utility[0]' -m shell -a "ls -al ${TEMPEST_SCRIPT_PATH}"; then - info_block "ERROR: Please execute the 'os-tempest-install.yml' playbook prior to this script." - exit 99 + if ! ansible 'utility[0]' -m shell -a "ls -al ${TEMPEST_SCRIPT_PATH}";then + echo -e "\nERROR: Please execute the 'os-tempest-install.yml' playbook prior to this script.\n" + exit_state 99 fi # Execute the tempest tests - info_block "Executing tempest tests" ansible 'utility[0]' -m shell -a "${TEMPEST_SCRIPT_PATH} ${TEMPEST_SCRIPT_PARAMETERS}" popd diff --git a/scripts/scripts-library.sh b/scripts/scripts-library.sh index c54505a5f4..767f4e014c 100755 --- a/scripts/scripts-library.sh +++ b/scripts/scripts-library.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash + # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -13,137 +14,102 @@ # See the License for the specific language governing permissions and # limitations under the License. -## Variables ----------------------------------------------------------------- -LINE='-----------------------------------------------------------------------' -STARTTIME=${STARTTIME:-"$(date +%s)"} -REPORT_DATA="" -MAX_RETRIES=${MAX_RETRIES:-0} -# Export known paths -export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +## Vars ---------------------------------------------------------------------- +LINE='----------------------------------------------------------------------' +MAX_RETRIES=${MAX_RETRIES:-5} +MIN_LXC_VG_SIZE_GB=${MIN_LXC_VG_SIZE_GB:-250} +REPORT_DATA=${REPORT_DATA:-""} +FORKS=${FORKS:-25} +ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-""} +STARTTIME="${STARTTIME:-$(date +%s)}" -# Override the current HOME directory -export HOME="/root" ## Functions ----------------------------------------------------------------- - -# Output details provided as parameters -function print_info() { - set +x - PROC_NAME="- [ $@ ] -" - printf "\n%s%s\n" "$PROC_NAME" "${LINE:${#PROC_NAME}}" -} - -# Output a formatted block around a message -function info_block(){ - set +x - echo "${LINE}" - print_info "$@" - echo "${LINE}" -} - -# Output a formatted block of information about the run on exit -function exit_state() { - set +x - info_block "Run time reports" - echo -e "${REPORT_DATA}" - TOTALSECONDS="$[$(date +%s) - $STARTTIME]" - info_block "Run Time = ${TOTALSECONDS} seconds || $(($TOTALSECONDS / 60)) minutes" - if [ "${1}" == 0 ];then - info_block "Status: Build Success" - else - info_block "Status: Build Failure" - fi - exit ${1} -} - -# Exit with error details -function exit_fail() { - set +x - get_instance_info - info_block "Error Info - $@" - exit_state 1 -} - -# Output diagnostic information -function get_instance_info() { - set +x - info_block 'Path' - echo ${PATH} - info_block 'Current User' - whoami - info_block 'Home Directory' - echo ${HOME} - info_block 'Available Memory' - free -mt - info_block 'Available Disk Space' - df -h - info_block 'Mounted Devices' - mount - info_block 'Block Devices' - lsblk -i - info_block 'Block Devices Information' - blkid - info_block 'Block Device Partitions' - for blk_dev in $(lsblk -nrdo NAME,TYPE | awk '/disk/ {print $1}'); do - # Ignoring errors for the below command is important as sometimes - # the block device in question is unpartitioned or has an invalid - # partition. In this case, parted returns 'unrecognised disk label' - # and the bash script exits due to the -e environment setting. - parted /dev/$blk_dev print || true - done - info_block 'PV Information' - pvs - info_block 'VG Information' - vgs - info_block 'LV Information' - lvs - info_block 'Contents of /etc/fstab' - cat /etc/fstab - info_block 'CPU Information' - which lscpu && lscpu - info_block 'Kernel Information' - uname -a - info_block 'Container Information' - which lxc-ls && lxc-ls --fancy - info_block 'Firewall Information' - iptables -vnL - iptables -t nat -vnL - iptables -t mangle -vnL - info_block 'Network Devices' - ip a - info_block 'Network Routes' - ip r - info_block 'Trace Path from google' - tracepath 8.8.8.8 -m 5 - info_block 'XEN Server Information' - which xenstore-read && xenstore-read vm-data/provider_data/provider ||: -} - -# Used to retry a process that may fail due to transient issues +# Used to retry a process that may fail due to random issues. function successerator() { - set +e +x + set +e # Get the time that the method was started. OP_START_TIME="$(date +%s)" - MAX_ATTEMPTS=$((${MAX_RETRIES}+1)) - - for ATTEMPT in $(seq ${MAX_ATTEMPTS}); do - $@ && { report_success; return 0; } + RETRY=0 + # Set the initial return value to failure. + false + while [ $? -ne 0 -a ${RETRY} -lt ${MAX_RETRIES} ];do + RETRY=$((${RETRY}+1)) + if [ ${RETRY} -gt 1 ];then + $@ -vvvv + else + $@ + fi done - - exit_fail "Hit maximum number of retries, giving up..." - set -e -x -} - -# Report success -function report_success() { + # If max retires were hit, fail. + if [ $? -ne 0 ] && [ ${RETRY} -eq ${MAX_RETRIES} ];then + echo -e "\nHit maximum number of retries, giving up...\n" + exit_fail + fi + # Print the time that the method completed. OP_TOTAL_SECONDS="$[$(date +%s) - $OP_START_TIME]" REPORT_OUTPUT="${OP_TOTAL_SECONDS} seconds" - REPORT_DATA+="- Operation: [ $@ ]\t${REPORT_OUTPUT}\tNumber of Attempts [ ${ATTEMPT} ]\n" - print_info "Run Time = ${REPORT_OUTPUT}" + REPORT_DATA+="- Operation: [ $@ ]\t${REPORT_OUTPUT}\tNumber of Attempts [ ${RETRY} ]\n" + echo -e "Run Time = ${REPORT_OUTPUT}" + set -e } -function ssh_key_create(){ +function install_bits() { + # The number of forks has been limited to 10 by default (2x ansible default) + # This will also run ansible in 3x verbose mode + successerator openstack-ansible ${ANSIBLE_PARAMETERS} --forks ${FORKS} $@ +} + +function configure_diskspace() { + # If there are any block devices available other than the one + # used for the root disk, repurpose it for our needs. + MIN_LXC_VG_SIZE_B=$((${MIN_LXC_VG_SIZE_GB} * 1024 * 1024 * 1024)) + + # only do this if the lxc vg doesn't already exist + if ! vgs lxc > /dev/null 2>&1; then + blk_devices=$(lsblk -nrdo NAME,TYPE | awk '/d[b-z]+ disk/ {print $1}') + for blk_dev in ${blk_devices}; do + # dismount any mount points on the device + mount_points=$(awk "/^\/dev\/${blk_dev}[0-9]* / {print \$2}" /proc/mounts) + for mount_point in ${mount_points}; do + umount ${mount_point} + sed -i ":${mount_point}:d" /etc/fstab + done + + # add a vg for lxc + blk_dev_size_b=$(lsblk -nrdbo NAME,TYPE,SIZE | awk "/^${blk_dev} disk/ {print \$3}") + if [ "${blk_dev_size_b}" -gt "${MIN_LXC_VG_SIZE_B}" ]; then + if ! vgs lxc > /dev/null 2>&1; then + parted --script /dev/${blk_dev} mklabel gpt + parted --align optimal --script /dev/${blk_dev} mkpart lxc 0% 80% + part_num=$(parted /dev/${blk_dev} print --machine | awk -F':' '/lxc/ {print $1}') + pvcreate -ff -y /dev/${blk_dev}${part_num} + vgcreate lxc /dev/${blk_dev}${part_num} + fi + # add a vg for cinder volumes, but only if it doesn't already exist + if ! vgs cinder-volumes > /dev/null 2>&1; then + parted --align optimal --script /dev/${blk_dev} mkpart cinder 80% 100% + part_num=$(parted /dev/${blk_dev} print --machine | awk -F':' '/cinder/ {print $1}') + pvcreate -ff -y /dev/${blk_dev}${part_num} + vgcreate cinder-volumes /dev/${blk_dev}${part_num} + fi + else + if ! grep '/var/lib/lxc' /proc/mounts 2>&1; then + parted --script /dev/${blk_dev} mklabel gpt + parted --script /dev/${blk_dev} mkpart lxc ext4 0% 100% + part_num=$(parted /dev/${blk_dev} print --machine | awk -F':' '/lxc/ {print $1}') + # Format, Create, and Mount it all up. + mkfs.ext4 /dev/${blk_dev}${part_num} + mkdir -p /var/lib/lxc + mount /dev/${blk_dev}${part_num} /var/lib/lxc + fi + fi + done + fi +} + +function ssh_key_create() { # Ensure that the ssh key exists and is an authorized_key key_path="${HOME}/.ssh" key_file="${key_path}/id_rsa" @@ -153,7 +119,7 @@ function ssh_key_create(){ mkdir -p ${key_path} chmod 700 ${key_path} fi - if [ ! -f "${key_file}" ] || [ ! -f "${key_file}.pub" ]; then + if [ ! -f "${key_file}" -a ! -f "${key_file}.pub" ]; then rm -f ${key_file}* ssh-keygen -t rsa -f ${key_file} -N '' fi @@ -166,59 +132,19 @@ function ssh_key_create(){ fi } -function configure_diskspace(){ - # If there are any block devices available other than the one - # used for the root disk, repurpose it for our needs. - - # the disk we use needs to have at least 60GB of space - min_disk_size_b=$((60 * 1024 * 1024 * 1024)) - - blk_devices=$(lsblk -nrdo NAME,TYPE | awk '/d[b-z]+ disk/ {print $1}') - for blk_dev in ${blk_devices}; do - # only do this if the cinder-volumes vg doesn't already exist - if ! vgs cinder-volumes > /dev/null 2>&1; then - - blk_dev_size_b=$(lsblk -nrdbo NAME,TYPE,SIZE | awk "/^${blk_dev} disk/ {print \$3}") - if [ "${blk_dev_size_b}" -gt "${min_disk_size_b}" ]; then - # dismount any mount points on the device - mount_points=$(awk "/^\/dev\/${blk_dev}[0-9]* / {print \$2}" /proc/mounts) - for mount_point in ${mount_points}; do - umount ${mount_point} - done - - #add a vg for cinder volumes - parted --script /dev/${blk_dev} mklabel gpt - parted --align optimal --script /dev/${blk_dev} mkpart cinder 0% 100% - pvcreate -ff -y /dev/${blk_dev}1 - vgcreate cinder-volumes /dev/${blk_dev}1 - - # add an lv for lxc to use - # it does not use it's own vg to ensure that the container disk usage - # is thin-provisioned in the simplest way as openstack-infra instances - # do not have enough disk space to handle thick-provisioned containers - lvcreate -n lxc -L50g cinder-volumes - - # prepare the file system and mount it - mkfs.ext4 /dev/cinder-volumes/lxc - mkdir -p /var/lib/lxc - mount /dev/cinder-volumes/lxc /var/lib/lxc - fi - - fi - done -} - function loopback_create() { LOOP_FILENAME=${1} LOOP_FILESIZE=${2} - LOOP_FILE_TYPE=${3} # thin, thick - LOOP_MOUNT_METHOD=${4} # swap, rc, none + LOOP_FILE_TYPE=${3} # thin, thick + LOOP_MOUNT_METHOD=${4} # swap, rc, none if [ ! -f "${LOOP_FILENAME}" ]; then if [ "${LOOP_FILE_TYPE}" = "thin" ]; then truncate -s ${LOOP_FILESIZE} ${LOOP_FILENAME} elif [ "${LOOP_FILE_TYPE}" = "thick" ]; then dd if=/dev/zero of=${LOOP_FILENAME} bs=${LOOP_FILESIZE} count=1 + else + exit_fail 'No valid option ${LOOP_FILE_TYPE} found.' fi fi @@ -243,18 +169,121 @@ function loopback_create() { fi } -# Exit if the script is not being run as root -if [ ! "$(whoami)" == "root" ]; then - info_block "This script must be run as root." - exit 1 -fi +function exit_state() { + set +x + TOTALSECONDS="$[$(date +%s) - $STARTTIME]" + info_block "Run Time = ${TOTALSECONDS} seconds || $(($TOTALSECONDS / 60)) minutes" + if [ "${1}" == 0 ];then + info_block "Status: Success" + else + info_block "Status: Failure" + fi + exit ${1} +} -# Check that we are in the root path of the cloned repo -if [ ! -d "etc" -a ! -d "scripts" -a ! -f "requirements.txt" ]; then - info_block "ERROR: Please execute this script from the root directory of the cloned source code." - exit 1 -fi +function exit_success() { + set +x + exit_state 0 +} +function exit_fail() { + set +x + get_instance_info + info_block "Error Info - $@" + exit_state 1 +} + +function print_info() { + PROC_NAME="- [ $@ ] -" + printf "\n%s%s\n" "$PROC_NAME" "${LINE:${#PROC_NAME}}" +} + +function info_block(){ + echo "${LINE}" + print_info "$@" + echo "${LINE}" +} + +# Get instance info +function get_instance_info() { + set +x + info_block 'Available Memory' + free -mt + info_block 'Available Disk Space' + df -h + info_block 'Mounted Devices' + mount + info_block 'Block Devices' + lsblk + info_block 'Block Devices Information' + blkid + info_block 'Block Device Partitions' + for i in /dev/xv* /dev/sd* /dev/vd*; do + if [ -b "$i" ];then + parted --script $i print || true + fi + done + info_block 'PV Information' + pvs + info_block 'VG Information' + vgs + info_block 'LV Information' + lvs + info_block 'CPU Information' + which lscpu && lscpu + info_block 'Kernel Information' + uname -a + info_block 'Container Information' + which lxc-ls && lxc-ls --fancy + info_block 'Firewall Information' + iptables -vnL + iptables -t nat -vnL + iptables -t mangle -vnL + info_block 'Network Devices' + ip a + info_block 'Network Routes' + ip r + info_block 'Trace Path from google' + tracepath 8.8.8.8 -m 5 + info_block 'XEN Server Information' + if (which xenstore-read);then + xenstore-read vm-data/provider_data/provider || echo "\nxenstore Read Failed - Skipping\n" + else + echo -e "\nNo xenstore Information\n" + fi +} + +function print_report() { + # Print the stored report data + echo -e "${REPORT_DATA}" +} + + +## Signal traps -------------------------------------------------------------- # Trap all Death Signals and Errors trap "exit_fail ${LINENO} $? 'Received STOP Signal'" SIGHUP SIGINT SIGTERM trap "exit_fail ${LINENO} $?" ERR + + +## Pre-flight check ---------------------------------------------------------- +# Make sure only root can run our script +if [ "$(id -u)" != "0" ]; then + info_block "This script must be run as root" + exit_state 1 +fi + +# Check that we are in the root path of the cloned repo +if [ ! -d "etc" -a ! -d "scripts" -a ! -d "playbooks" ]; then + info_block "** ERROR **" + echo "Please execute this script from the root directory of the cloned source code." + echo -e "Example: /opt/os-ansible-deployment/\n" + exit_state 1 +fi + + +## Exports ------------------------------------------------------------------- +# Export known paths +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# Export the home directory just in case it's not set +export HOME="/root" diff --git a/scripts/teardown.sh b/scripts/teardown.sh new file mode 100755 index 0000000000..dd9864d34a --- /dev/null +++ b/scripts/teardown.sh @@ -0,0 +1,247 @@ +#!/usr/bin/env bash +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## Shell Opts ---------------------------------------------------------------- +set -e -u + + +## Library Check ------------------------------------------------------------- +info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh + + +## Main ---------------------------------------------------------------------- +info_block "Running Teardown" + +pushd playbooks + KNOWN_HOSTS=$(ansible hosts --list-hosts) || true + if [ -z "${KNOWN_HOSTS}" ];then + ANSIBLE_DESTROY_HOSTS="localhost" + else + ANSIBLE_DESTROY_HOSTS="hosts" + fi + # Create the destroy play + cat > /tmp/destroy_play.yml < + lvs | awk '/lxc/ || /cinder/ || /swift/ {print \$1","\$2}' + register: lvstorage + failed_when: false + - name: Remove all logical volumes + lvol: + vg: "{{ item.split(',')[1] }}" + lv: "{{ item.split(',')[0] }}" + state: "absent" + force: "yes" + with_items: lvstorage.stdout_lines + failed_when: false + when: lvstorage.stdout + + - name: Get all dm storage devices + shell: > + dmsetup info | awk '/lxc/ || /cinder/ || /swift/ {print \$2}' + register: dmstorage + failed_when: false + - name: Remove dm storage entries + command: dmsetup remove "{{ item }}" + with_items: dmstorage.stdout_lines + when: dmstorage.stdout + + - name: Get all loopback storage devices + shell: > + losetup -a | awk -F':' '{print \$1}' + register: lostorage + failed_when: false + - name: Unmount loopback storage + shell: | + umount {{ item }} || true + losetup -d {{ item }} || true + with_items: lostorage.stdout_lines + when: lostorage.stdout + failed_when: false + + - name: Remove known AIO mount points (fstab) + lineinfile: + dest: "/etc/fstab" + state: "absent" + regexp: "{{ item }}.*.img" + with_items: aio_mount_points + + - name: Remove known AIO mount points (rc.local) + lineinfile: + dest: "/etc/rc.local" + state: "absent" + regexp: "{{ item }}.*.img" + with_items: aio_mount_points + + - name: Stop all swap + command: "swapoff -a" + failed_when: false + + - name: Remove known files and folders. + shell: | + rm -rf {{ item }} + failed_when: false + with_items: remove_files + vars: + aio_mount_points: + - cinder + - swap + - swift + shut_interfaces_down: + - lxcbr0 + remove_files: + - /etc/haproxy + - /etc/nova + - /etc/network/interfaces.d/aio_interfaces.cfg + - /etc/neutron + - /etc/openstack_deploy + - /etc/swift + - /openstack + - /opt/*.img + - /opt/*lxc* + - /opt/*neutron* + - /opt/*nova* + - /opt/*pip* + - /opt/*repo* + - /opt/*stackforge* + - /root/.pip + - /var/lib/neutron + - /var/lib/nova + - /var/log/swift + - /var/log/neutron + - /var/log/nova + remove_packages: + - haproxy + - hatop + - liblxc1 + - libvirt0 + - libvirt-bin + - lxc + - lxc-dev + - vim-haproxy + remote_pip_pacakges: + - cinder + - eventlet + - euca2ools + - glance + - heat + - keystone + - kombu + - lxc + - lxml + - mysql + - neutron + - nova + - oslo + - Paste + - pbr + - repoze + - six + - sql + - swift + - turbolift + - warlock +EOF + + # Destroy all of the known stuff. + if [ "${ANSIBLE_DESTROY_HOSTS}" == "localhost" ];then + echo -e '[all]\nlocalhost ansible_connection=local' | tee /tmp/localhost + openstack-ansible -i /tmp/localhost /tmp/destroy_play.yml --forks 5 || true + else + openstack-ansible lxc-containers-destroy.yml --forks 5 || true + openstack-ansible /tmp/destroy_play.yml --forks 5 || true + fi +popd + +# Remove the temp destruction play +rm /tmp/destroy_play.yml || true +rm /tmp/localhost || true + +# Final message +get_instance_info +info_block "* NOTICE *" +echo -e "The system has been torn down." +echo -e "Make sure you update and/or review the file '/etc/fstab'." +if [ ! -z "${KNOWN_HOSTS}" ];then + echo -e "The following hosts has been touched: \"${KNOWN_HOSTS}\"" +fi +echo -e "Entries may need to be updated."