diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index da1af7dccd..a0adcf4b96 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -14,6 +14,14 @@ scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_server version: master +- name: ceph_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-ceph_client + version: master +- name: haproxy_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server + version: master - name: keepalived scm: git src: https://github.com/evrardjp/ansible-keepalived diff --git a/playbooks/roles/ceph_client/defaults/main.yml b/playbooks/roles/ceph_client/defaults/main.yml deleted file mode 100644 index 6a6a20b8db..0000000000 --- a/playbooks/roles/ceph_client/defaults/main.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- -# Copyright 2015, Serge van Ginderachter -# Copyright 2016 IBM Corp -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Set the package install state for distribution packages -# Options are 'present' and 'latest' -ceph_client_package_state: "latest" - -# to use Ceph in OSA, you need to -# - have the needed pools and a client user (for glance, cinder and/or nova) -# pre-provisioned in your ceph cluster; OSA assumes to have root access to -# the monitor hosts -# - configure / overrules following defaults in osa's user config -# - some ceph specific vars are (also) part of other role defaults: -# * glance -# * nova -# - cinder gets configured with ceph if there are cinder backends defined with -# the rbd driver (see openstack_user_config.yml.example) - -# The ceph_pkg_source variable controls the install source for the Ceph packages. -# Valid values include: -# * ceph This option installs Ceph from a ceph.com repo. Additional variables to -# adjust items such as Ceph release and regional download mirror can be found -# in vars/*.yml -# -# * uca This option installs Ceph from the Ubuntu Cloud Archive. Additional variables -# to adjust items such as the OpenStack/Ceph release can be found in vars/*.yml. -# -# * distro This options installs Ceph from the operating system's default repository and -# unlike the other options does not attempt to manage package keys or add additional -# package repositories. -ceph_pkg_source: ceph -ceph_apt_pinned_packages: [{ package: "*", release: Inktank, priority: 1001 }] - -# Ubuntu Cloud Archive mirror URL -# This is only used if 'uca' is the selected option for ceph_pkg_source -uca_apt_repo_url: "http://ubuntu-cloud.archive.canonical.com/ubuntu" - -# Ceph Authentication -cephx: true - -# Ceph Monitors -# A list of the IP addresses for your Ceph monitors -ceph_mons: [] - -# Path to local ceph.conf file -# Leave this commented to obtain a ceph.conf from one of the monitors defined in ceph_mons -#ceph_conf_file: | -# [global] -# fsid = 4037aa5f-abde-4378-9470-f73dbd6ceaba -# mon_initial_members = mon1.example.local,mon2.example.local,mon3.example.local -# mon_host = 10.16.5.40,10.16.5.41,10.16.5.42 -# auth_cluster_required = cephx -# auth_service_required = cephx -# auth_client_required = cephx - -# Ceph client usernames for glance and cinder+nova -glance_ceph_client: glance -cinder_ceph_client: cinder -cinder_backup_ceph_client: cinder-backup - -# by default we assume you use rbd for both cinder and nova, and as libvirt -# needs to access both volumes (cinder) as boot disks (nova) we default to -# reuse the cinder_ceph_client -# only need to change this if you'd use ceph for boot disks and not for volumes -nova_ceph_client: '{{ cinder_ceph_client }}' - -# overruled in user_secrets: -# TODO(odyssey4me) - the uuid should be removed, there should be no defaults for secrets -nova_ceph_client_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 -cephkeys_access_group: cephkeys - -openstack_service_system_user: null - -ceph_cinder_service_names: - - cinder-volume - - cinder-backup - -ceph_nova_service_names: - - nova-compute - -ceph_glance_service_names: - - glance-api diff --git a/playbooks/roles/ceph_client/handlers/main.yml b/playbooks/roles/ceph_client/handlers/main.yml deleted file mode 100644 index 8e31053edd..0000000000 --- a/playbooks/roles/ceph_client/handlers/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Restart os services - service: - name: "{{ item.1 }}" - state: restarted - pattern: "{{ item.1 }}" - with_subelements: - - "{{ ceph_components }}" - - service - when: inventory_hostname in groups[item.0.component] - failed_when: false - diff --git a/playbooks/roles/ceph_client/meta/main.yml b/playbooks/roles/ceph_client/meta/main.yml deleted file mode 100644 index 59a233d9fe..0000000000 --- a/playbooks/roles/ceph_client/meta/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -dependencies: -- role: apt_package_pinning - apt_pinned_packages: "{{ ceph_apt_pinned_packages }}" - tags: - - ceph-pre-preinstall diff --git a/playbooks/roles/ceph_client/tasks/ceph_all.yml b/playbooks/roles/ceph_client/tasks/ceph_all.yml deleted file mode 100644 index 80a5c53ec0..0000000000 --- a/playbooks/roles/ceph_client/tasks/ceph_all.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Copyright 2015, Serge van Ginderachter -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# if glance, cinder and/or nova use rbd, ceph_conf needs to be defined -- assert: - that: - - ceph_mons != [] - - ceph_mons | list == ceph_mons - tags: - - ceph-config - - ceph-auth - -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - - "{{ ansible_distribution | lower }}.yml" - - "{{ ansible_os_family | lower }}.yml" - tags: - - always - -- include: ceph_preinstall.yml - when: - - ceph_pkg_source != 'distro' - tags: ceph-preinstall - -- include: ceph_install.yml - tags: ceph-install - -- include: ceph_install_python_libs.yml - when: openstack_service_venv_bin != '' - tags: - - ceph-install - -- include: ceph_get_mon_host.yml - tags: - - ceph-config - - ceph-auth - -- include: ceph_config.yml - tags: ceph-config - -- include: ceph_auth.yml - when: > - cephx | bool - tags: ceph-auth - diff --git a/playbooks/roles/ceph_client/tasks/ceph_auth.yml b/playbooks/roles/ceph_client/tasks/ceph_auth.yml deleted file mode 100644 index a291b0792b..0000000000 --- a/playbooks/roles/ceph_client/tasks/ceph_auth.yml +++ /dev/null @@ -1,151 +0,0 @@ ---- -# Copyright 2015, Serge van Ginderachter -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - - -## Ceph client keyrings - -#TODO: also be able to create users, keys and pools on ceph -- name: Retrieve keyrings for openstack clients from ceph cluster - # the first get makes sure the client exists, so the second only runs when it - # exists, the trick is the different output of both, the second has the right - # output to put in a keyring; ceph admin should have already created the user - shell: ceph auth get client.{{ item.1 }} >/dev/null && ceph auth get-or-create client.{{ item.1 }} - with_subelements: - - "{{ ceph_components }}" - - client - when: > - inventory_hostname in groups[item.0.component] and - (item.0.component != 'cinder_backup' or - ((cinder_service_backup_program_enabled is defined and cinder_service_backup_program_enabled | bool) and - (cinder_service_backup_driver is defined and cinder_service_backup_driver == 'cinder.backup.drivers.ceph'))) - always_run: true - changed_when: false - delegate_to: '{{ ceph_mon_host }}' - register: ceph_client_keyrings - until: ceph_client_keyrings|success - retries: 3 - tags: - - ceph-auth-client-keyrings - -- name: Create cephkeys_access_group group - group: - name: "{{ cephkeys_access_group }}" - -- name: Add OpenStack service to cephkeys_access_group group - user: - name: "{{ openstack_service_system_user }}" - groups: "{{ cephkeys_access_group }}" - append: yes - notify: - - Restart os services - -- name: Provision ceph client keyrings - # TODO: do we really need a template for this? what's the added value compare to - # ceph get-or-create ... ... -o file? - template: - src: ceph.client.keyring.j2 - dest: /etc/ceph/ceph.client.{{ item.item.1 }}.keyring - backup: true - owner: root - # TODO - group: "{{ cephkeys_access_group }}" - # ideally the permission will be: 0600 and the owner/group will be either - # glance , nova or cinder. For keys that require access by different users - # (the cinder one) we should probably create a group 'cephkeys' and add - # nova/cinder to it. - # If I'm correct, the use case for multiple users is on the computre nodes, - # access needed by users libvirt-qemu and nova - mode: 0640 - with_items: "{{ ceph_client_keyrings.results }}" - when: not item | skipped and inventory_hostname in groups[item.item.0.component] - notify: - - Restart os services - tags: - - ceph-auth-client-keyrings - -## Ceph nova client libvirt secret - -- name: Retrieve nova secret from cephcluster - command: ceph auth get-key client.{{ nova_ceph_client }} - when: inventory_hostname in groups.nova_compute - always_run: true - changed_when: false - failed_when: false - delegate_to: '{{ ceph_mon_host }}' - register: ceph_nova_secret - tags: - - ceph-auth-nova-libvirt-secret - -- name: Check if nova secret is defined in libvirt - shell: virsh secret-list|grep {{ nova_ceph_client_uuid }} - when: inventory_hostname in groups.nova_compute - always_run: true - failed_when: false - changed_when: false - register: libvirt_nova_defined - tags: - - ceph-auth-nova-libvirt-secret - -- name: Provide xml file to create the secret - template: - src: secret.xml.j2 - dest: /tmp/nova-secret.xml - mode: "0600" - when: inventory_hostname in groups.nova_compute and libvirt_nova_defined.rc is defined and libvirt_nova_defined.rc != 0 - tags: - - ceph-auth-nova-libvirt-secret - -- name: Define libvirt nova secret - command: virsh secret-define --file /tmp/nova-secret.xml - when: inventory_hostname in groups.nova_compute and libvirt_nova_defined.rc is defined and libvirt_nova_defined.rc != 0 - notify: - - Restart os services - tags: - - ceph-auth-nova-libvirt-secret - -- name: Check if nova secret value is set in libvirt - command: virsh secret-get-value {{ nova_ceph_client_uuid }} - when: inventory_hostname in groups.nova_compute - always_run: true - failed_when: false - changed_when: false - register: libvirt_nova_set - tags: - - ceph-auth-nova-libvirt-secret - -- name: Set nova secret value in libvirt - shell: virsh secret-set-value --secret {{ nova_ceph_client_uuid }} --base64 {{ ceph_nova_secret.stdout }} - when: > - inventory_hostname in groups.nova_compute and libvirt_nova_set.rc is defined - and - (libvirt_nova_set.rc != 0 - or - (libvirt_nova_set.rc == 0 and libvirt_nova_set.stdout != ceph_nova_secret.stdout) - ) - notify: - - Restart os services - tags: - - ceph-auth-nova-libvirt-secret - -- name: Remove libvirt nova secret file - file: - path: "/tmp/nova-secret.xml" - state: "absent" - always_run: true - ignore_errors: true - when: inventory_hostname in groups.nova_compute and libvirt_nova_set - tags: - - ceph-auth-nova-libvirt-secret diff --git a/playbooks/roles/ceph_client/tasks/ceph_config.yml b/playbooks/roles/ceph_client/tasks/ceph_config.yml deleted file mode 100644 index 0aee5a3ebe..0000000000 --- a/playbooks/roles/ceph_client/tasks/ceph_config.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Copyright 2015, Serge van Ginderachter -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Provide ceph configuration directory - file: - dest: /etc/ceph - state: directory - owner: root - group: root - mode: 0755 - tags: - - ceph-config-create-dir - -- name: Get ceph.conf and store contents when ceph_conf_file is not defined - slurp: - src: /etc/ceph/ceph.conf - register: ceph_conf_content_mon - delegate_to: '{{ ceph_mon_host }}' - changed_when: false - when: ceph_conf_file is not defined - tags: - - ceph-config-get-config - -- name: Register ceph_conf fact when ceph_conf_file is not defined - set_fact: - ceph_conf: "{{ ceph_conf_content_mon.content | b64decode }}" - when: ceph_conf_file is not defined - tags: - - ceph-config-get-config - -- name: Register ceph_conf fact when ceph_conf_file is defined - set_fact: - ceph_conf: "{{ ceph_conf_file }}" - when: ceph_conf_file is defined - tags: - - ceph-config-get-config - -- name: Create ceph.conf from mon host - copy: - content: '{{ ceph_conf }}' - dest: /etc/ceph/ceph.conf - owner: root - group: root - mode: 0644 - notify: - - Restart os services - tags: - - ceph-config-create-config - diff --git a/playbooks/roles/ceph_client/tasks/ceph_get_mon_host.yml b/playbooks/roles/ceph_client/tasks/ceph_get_mon_host.yml deleted file mode 100644 index f8d4b1a720..0000000000 --- a/playbooks/roles/ceph_client/tasks/ceph_get_mon_host.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2015, Serge van Ginderachter -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# look for 1 ceph monitor host that is up -- name: Verify Ceph monitors are up - # using netcat instead of wait_for allows to both check the rc and the - # output, rc not being available using wait_for + failed_when: false - # failed_when: false is needed to not loose any hosts, as this check expects - # some to be down. - local_action: command nc -w 1 {{ item }} 22 - with_items: "{{ ceph_mons }}" - changed_when: false - failed_when: false - register: ceph_mon_upcheck - tags: - - ceph-config-create-config - - ceph-auth-client-keyrings - - ceph-auth-nova-libvirt-secret - -- name: Set ceph_mon_host to an online monitor host - set_fact: - ceph_mon_host: '{{ item.item }}' - when: item.rc == 0 and "OpenSSH" in item.stdout - with_items: "{{ ceph_mon_upcheck.results }}" - tags: - - ceph-config-create-config - - ceph-auth-client-keyrings - - ceph-auth-nova-libvirt-secret diff --git a/playbooks/roles/ceph_client/tasks/ceph_install.yml b/playbooks/roles/ceph_client/tasks/ceph_install.yml deleted file mode 100644 index 48f7debcfb..0000000000 --- a/playbooks/roles/ceph_client/tasks/ceph_install.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2016 IBM Corp -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: ceph_install_apt.yml - when: - - ansible_pkg_mgr == 'apt' - tags: - - ceph-apt-packages diff --git a/playbooks/roles/ceph_client/tasks/ceph_install_apt.yml b/playbooks/roles/ceph_client/tasks/ceph_install_apt.yml deleted file mode 100644 index ee7ea89907..0000000000 --- a/playbooks/roles/ceph_client/tasks/ceph_install_apt.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2015, Serge van Ginderachter -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache -#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged -#in 1.9.x or we move to 2.0 (if tested working) -- name: Check apt last update file - stat: - path: /var/cache/apt - register: apt_cache_stat - tags: - - ceph-apt-packages - -- name: Update apt if needed - apt: - update_cache: yes - when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}" - tags: - - ceph-apt-packages - -- name: Install ceph packages - apt: - name: '{{ item.1 }}' - state: "{{ ceph_client_package_state }}" - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - with_subelements: - - "{{ ceph_components }}" - - package - when: inventory_hostname in groups[item.0.component] - notify: - - Restart os services diff --git a/playbooks/roles/ceph_client/tasks/ceph_install_python_libs.yml b/playbooks/roles/ceph_client/tasks/ceph_install_python_libs.yml deleted file mode 100644 index 3ef574ec46..0000000000 --- a/playbooks/roles/ceph_client/tasks/ceph_install_python_libs.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Register rados module path - command: python -c 'import rados; print rados.__file__' - register: rados_module_path - tags: - - ceph-python-libs - -- name: Register rbd module path - command: python -c 'import rbd; print rbd.__file__' - register: rbd_module_path - tags: - - ceph-python-libs - -- name: Link rados module into the venv - file: - src: "{{ rados_module_path.stdout }}" - dest: "{{ openstack_service_venv_bin | dirname }}/lib/python2.7/site-packages/{{ rados_module_path.stdout | basename }}" - state: link - force: "yes" - tags: - - ceph-python-libs - -- name: Link rbd module into the venv - file: - src: "{{ rbd_module_path.stdout }}" - dest: "{{ openstack_service_venv_bin | dirname }}/lib/python2.7/site-packages/{{ rbd_module_path.stdout | basename }}" - state: link - force: "yes" - tags: - - ceph-python-libs diff --git a/playbooks/roles/ceph_client/tasks/ceph_preinstall.yml b/playbooks/roles/ceph_client/tasks/ceph_preinstall.yml deleted file mode 100644 index 7fbce34143..0000000000 --- a/playbooks/roles/ceph_client/tasks/ceph_preinstall.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2015, Serge van Ginderachter -# Copyright 2016 IBM Corp -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: ceph_preinstall_apt.yml - when: - - ansible_pkg_mgr == 'apt' - tags: - - ceph-apt-keys diff --git a/playbooks/roles/ceph_client/tasks/ceph_preinstall_apt.yml b/playbooks/roles/ceph_client/tasks/ceph_preinstall_apt.yml deleted file mode 100644 index 03408c9e65..0000000000 --- a/playbooks/roles/ceph_client/tasks/ceph_preinstall_apt.yml +++ /dev/null @@ -1,94 +0,0 @@ ---- -# Copyright 2016 IBM Corp -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Remove revoked ceph apt-keys - apt_key: - id: "{{ item }}" - state: "absent" - register: revoke_keys - with_items: "{{ ceph_revoked_gpg_keys }}" - when: ceph_pkg_source == 'ceph' - tags: - - ceph-apt-keys - -- name: Add ceph apt-keys - apt_key: - id: "{{ item.hash_id }}" - keyserver: "{{ item.keyserver | default(omit) }}" - data: "{{ item.data | default(omit) }}" - url: "{{ item.url | default(omit) }}" - state: "present" - register: add_keys - until: add_keys|success - ignore_errors: True - retries: 5 - delay: 2 - with_items: "{{ ceph_gpg_keys }}" - when: ceph_pkg_source == 'ceph' - tags: - - ceph-apt-keys - -- name: Add ceph apt-keys using fallback keyserver - apt_key: - id: "{{ item.hash_id }}" - keyserver: "{{ item.fallback_keyserver | default(omit) }}" - url: "{{ item.fallback_url | default(omit) }}" - state: "present" - register: add_keys_fallback - until: add_keys_fallback|success - retries: 5 - delay: 2 - with_items: "{{ ceph_gpg_keys }}" - when: ceph_pkg_source == 'ceph' and - add_keys|failed and - (item.fallback_keyserver is defined or - item.fallback_url is defined) - tags: - - ceph-apt-keys - -- name: add ubuntu cloud archive key package - apt: - pkg: ubuntu-cloud-keyring - state: "{{ ceph_client_package_state }}" - register: add_keys - when: ceph_pkg_source == 'uca' - tags: - - ceph-apt-keys - -- name: Add ceph repo(s) - apt_repository: - repo: "{{ ceph_apt_repos[ceph_pkg_source].repo }}" - state: "{{ ceph_apt_repos[ceph_pkg_source].state }}" - register: add_repos - until: add_repos|success - retries: 5 - delay: 2 - tags: - - ceph-repos - -# This is being added specifically for when a key is revoked, but should apply -# to other tasks also. The cache needs updating after changing keys but -# ceph_install.yml (where packages get installed) only does so if cache > 600 -# seconds. -- name: Update apt cache - apt: - update_cache: yes - when: (revoke_keys|changed or - add_keys|changed or - add_keys_fallback|changed or - add_repos|changed) - tags: - - ceph-apt-keys - - ceph-repos diff --git a/playbooks/roles/ceph_client/tasks/main.yml b/playbooks/roles/ceph_client/tasks/main.yml deleted file mode 100644 index 8555455863..0000000000 --- a/playbooks/roles/ceph_client/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2015, Serge van Ginderachter -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: ceph_all.yml - when: > - (inventory_hostname in groups['glance_api'] - and glance_default_store == 'rbd') - or - (inventory_hostname in groups['cinder_volume'] - and cinder_backend_rbd_inuse|bool) - or - (inventory_hostname in groups['nova_compute'] - and (cinder_backends_rbd_inuse|bool or - nova_libvirt_images_rbd_pool is defined)) - tags: - - ceph-client - diff --git a/playbooks/roles/ceph_client/templates/ceph.client.keyring.j2 b/playbooks/roles/ceph_client/templates/ceph.client.keyring.j2 deleted file mode 100644 index 2c04f5653a..0000000000 --- a/playbooks/roles/ceph_client/templates/ceph.client.keyring.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# {{ ansible_managed }} -{{ item.stdout }} diff --git a/playbooks/roles/ceph_client/templates/ceph.conf.j2 b/playbooks/roles/ceph_client/templates/ceph.conf.j2 deleted file mode 100644 index d61b0276c9..0000000000 --- a/playbooks/roles/ceph_client/templates/ceph.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# {{ ansible_managed }} -{% for section in ceph_conf %} -[{{ section }}] -{% for key, value in ceph_conf[section]|dictsort %} -{{ key }} = {{ value }} -{% endfor %} -{% endfor %} diff --git a/playbooks/roles/ceph_client/templates/ceph_pin.pref.j2 b/playbooks/roles/ceph_client/templates/ceph_pin.pref.j2 deleted file mode 100644 index 5290edcd96..0000000000 --- a/playbooks/roles/ceph_client/templates/ceph_pin.pref.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -Package: * -Pin: release o=Inktank -Pin-Priority: 1001 diff --git a/playbooks/roles/ceph_client/templates/secret.xml.j2 b/playbooks/roles/ceph_client/templates/secret.xml.j2 deleted file mode 100644 index 3c25cd7d11..0000000000 --- a/playbooks/roles/ceph_client/templates/secret.xml.j2 +++ /dev/null @@ -1,7 +0,0 @@ - - - {{ nova_ceph_client_uuid}} - - client.{{ nova_ceph_client }} secret - - diff --git a/playbooks/roles/ceph_client/vars/main.yml b/playbooks/roles/ceph_client/vars/main.yml deleted file mode 100644 index 16095c63cd..0000000000 --- a/playbooks/roles/ceph_client/vars/main.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Copyright 2015, Serge van Ginderachter -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# http://ceph.com/docs/master/rbd/rbd-openstack/ - -ceph_components: - - component: glance_api - package: - - python-ceph - client: - - '{{ glance_ceph_client }}' - service: '{{ ceph_glance_service_names }}' - - component: cinder_volume - package: - - ceph # TODO: remove this once http://tracker.ceph.com/issues/11388 is resolved - - ceph-common - - python-ceph - client: - - '{{ cinder_ceph_client }}' - service: '{{ ceph_cinder_service_names }}' - - component: cinder_backup - package: - - ceph # TODO: remove this once http://tracker.ceph.com/issues/11388 is resolved - - ceph-common - - python-ceph - client: - - '{{ cinder_backup_ceph_client }}' - service: '{{ ceph_cinder_service_names }}' - - component: nova_compute - package: - - libvirt-bin - - ceph # TODO: remove this once http://tracker.ceph.com/issues/11388 is resolved - - ceph-common - - python-ceph - client: - - '{{ nova_ceph_client }}' - service: '{{ ceph_nova_service_names }}' - diff --git a/playbooks/roles/ceph_client/vars/ubuntu-14.04.yml b/playbooks/roles/ceph_client/vars/ubuntu-14.04.yml deleted file mode 100644 index 190c34adb8..0000000000 --- a/playbooks/roles/ceph_client/vars/ubuntu-14.04.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2016 IBM Corp -# Copyright 2015, Serge van Ginderachter -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## APT Cache Options -cache_timeout: 600 - -# Ceph GPG Keys -ceph_gpg_keys: - - key_name: 'ceph' - keyserver: 'hkp://keyserver.ubuntu.com:80' - fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80' - hash_id: '0xe84ac2c0460f3994' - -# The apt-key command won't del a key when you give it the hash_id, so we have -# to use the short key ID here instead. -ceph_revoked_gpg_keys: - - '17ED316D' - -# Ceph.com repository variables -ceph_apt_repo_url_region: "download" # or "eu" for Netherlands based mirror -ceph_stable_release: hammer -ceph_apt_repo_url: "http://{{ ceph_apt_repo_url_region }}.ceph.com/debian-{{ ceph_stable_release }}/" - -# Ubuntu Cloud Archive variables -# There are no UCA packages for Trusty beyond Mitaka, so the selected -# release here has to remain at Mitaka. -uca_openstack_release: mitaka -uca_repo_dist: "{{ ansible_lsb.codename }}-updates/{{ uca_openstack_release }}" - -# Apt repositories -ceph_apt_repos: - ceph: - repo: "deb {{ ceph_apt_repo_url }} {{ ansible_lsb.codename }} main" - state: "present" - uca: - repo: "deb {{ uca_apt_repo_url }} {{ uca_repo_dist }} main" - state: "present" diff --git a/playbooks/roles/ceph_client/vars/ubuntu-16.04.yml b/playbooks/roles/ceph_client/vars/ubuntu-16.04.yml deleted file mode 100644 index 04ce7f53aa..0000000000 --- a/playbooks/roles/ceph_client/vars/ubuntu-16.04.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2016 IBM Corp -# Copyright 2015, Serge van Ginderachter -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## APT Cache Options -cache_timeout: 600 - -# Ceph GPG Keys -ceph_gpg_keys: - - key_name: 'ceph' - keyserver: 'hkp://keyserver.ubuntu.com:80' - fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80' - hash_id: '0xe84ac2c0460f3994' - -# The apt-key command won't del a key when you give it the hash_id, so we have -# to use the short key ID here instead. -ceph_revoked_gpg_keys: - - '17ED316D' - -# Ceph.com repository variables -ceph_apt_repo_url_region: "download" # or "eu" for Netherlands based mirror -ceph_stable_release: hammer -ceph_apt_repo_url: "http://{{ ceph_apt_repo_url_region }}.ceph.com/debian-{{ ceph_stable_release }}/" - -# Ubuntu Cloud Archive variables -uca_openstack_release: newton -uca_repo_dist: "{{ ansible_lsb.codename }}-updates/{{ uca_openstack_release }}" - -# Apt repositories -ceph_apt_repos: - ceph: - repo: "deb {{ ceph_apt_repo_url }} {{ ansible_lsb.codename }} main" - state: "present" - uca: - repo: "deb {{ uca_apt_repo_url }} {{ uca_repo_dist }} main" - state: "present" diff --git a/playbooks/roles/haproxy_server/CONTRIBUTING.rst b/playbooks/roles/haproxy_server/CONTRIBUTING.rst deleted file mode 100644 index 9685c09d8f..0000000000 --- a/playbooks/roles/haproxy_server/CONTRIBUTING.rst +++ /dev/null @@ -1,85 +0,0 @@ -OpenStack Haproxy Server -######################## -:tags: openstack, galera, haproxy, cloud, ansible -:category: \*nix - -contributor guidelines -^^^^^^^^^^^^^^^^^^^^^^ - -Filing Bugs ------------ - -Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" - - -When submitting a bug, or working on a bug, please ensure the following criteria are met: - * The description clearly states or describes the original problem or root cause of the problem. - * Include historical information on how the problem was identified. - * Any relevant logs are included. - * The provided information should be totally self-contained. External access to web services/sites should not be needed. - * Steps to reproduce the problem if possible. - - -Submitting Code ---------------- - -Changes to the project should be submitted for review via the Gerrit tool, following -the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" - -Pull requests submitted through GitHub will be ignored and closed without regard. - - -Extra ------ - -Tags: - If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. - -Status: - Please leave this alone, it should be New till someone triages the issue. - -Importance: - Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. - - -Style guide ------------ - -When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. - -Example YAML dictionary format: - .. code-block:: yaml - - - name: The name of the tasks - module_name: - thing1: "some-stuff" - thing2: "some-other-stuff" - tags: - - some-tag - - some-other-tag - - -Example **NOT** in YAML dictionary format: - .. code-block:: yaml - - - name: The name of the tasks - module_name: thing1="some-stuff" thing2="some-other-stuff" - tags: - - some-tag - - some-other-tag - - -Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. - - -Issues ------- - -When submitting an issue, or working on an issue please ensure the following criteria are met: - * The description clearly states or describes the original problem or root cause of the problem. - * Include historical information on how the problem was identified. - * Any relevant logs are included. - * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). - * The provided information should be totally self-contained. External access to web services/sites should not be needed. - * If the issue is needed for a hotfix release, add the 'expedite' label. - * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/haproxy_server/LICENSE b/playbooks/roles/haproxy_server/LICENSE deleted file mode 100644 index e06d208186..0000000000 --- a/playbooks/roles/haproxy_server/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ -Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/playbooks/roles/haproxy_server/README.rst b/playbooks/roles/haproxy_server/README.rst deleted file mode 100644 index fe68567b50..0000000000 --- a/playbooks/roles/haproxy_server/README.rst +++ /dev/null @@ -1,26 +0,0 @@ -OpenStack Haproxy Server -######################## -:tags: openstack, galera, haproxy, cloud, ansible -:category: \*nix - -Role for the installation and setup of haproxy - -.. code-block:: yaml - - - name: Install haproxy - hosts: haproxy - user: root - roles: - - { role: "haproxy_server", tags: [ "haproxy-server" ] } - vars: - haproxy_service_configs: - - service: - hap_service_name: group_name - hap_backend_nodes: "{{ groups['group_name'][0] }}" - hap_backup_nodes: "{{ groups['group_name'][1:] }}" - hap_port: 80 - hap_balance_type: http - hap_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" diff --git a/playbooks/roles/haproxy_server/defaults/main.yml b/playbooks/roles/haproxy_server/defaults/main.yml deleted file mode 100644 index 96dcc6a79e..0000000000 --- a/playbooks/roles/haproxy_server/defaults/main.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Set the package install state for distribution packages -# Options are 'present' and 'latest' -haproxy_package_state: "latest" - -## Haproxy Configuration -haproxy_rise: 3 -haproxy_fall: 3 -haproxy_interval: 12000 - -## Haproxy standard API -haproxy_repo: {} -haproxy_gpg_keys: [] -haproxy_pre_packages: [] -haproxy_packages: [] -haproxy_pinned_packages: [] - -## Haproxy Stats -haproxy_stats_enabled: False -haproxy_stats_bind_address: 127.0.0.1 -haproxy_stats_port: 1936 -haproxy_username: admin -haproxy_stats_password: secrete - -# Default haproxy backup nodes to empty list so this doesn't have to be -# defined for each service. -haproxy_backup_nodes: [] - -# haproxy_service_configs: -# - service: -# hap_service_name: haproxy_all -# hap_backend_nodes: "{{ groups['haproxy_all'][0] }}" -# # hap_backup_nodes: "{{ groups['haproxy_all'][1:] }}" -# hap_port: 80 -# hap_balance_type: http -# hap_backend_options: -# - "forwardfor" -# - "httpchk" -# - "httplog" - -galera_monitoring_user: monitoring -haproxy_bind_on_non_local: False - -## haproxy SSL -haproxy_ssl: true -haproxy_ssl_dh_param: 2048 -haproxy_ssl_self_signed_regen: no -haproxy_ssl_cert: /etc/ssl/certs/haproxy.cert -haproxy_ssl_key: /etc/ssl/private/haproxy.key -haproxy_ssl_pem: /etc/ssl/private/haproxy.pem -haproxy_ssl_ca_cert: /etc/ssl/certs/haproxy-ca.pem -haproxy_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ external_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}" -haproxy_ssl_cipher_suite: "{{ ssl_cipher_suite }}" - -haproxy_hatop_download_url: "http://hatop.googlecode.com/files/hatop-0.7.7.tar.gz" diff --git a/playbooks/roles/haproxy_server/files/haproxy-logging.cfg b/playbooks/roles/haproxy_server/files/haproxy-logging.cfg deleted file mode 100644 index 0d38670519..0000000000 --- a/playbooks/roles/haproxy_server/files/haproxy-logging.cfg +++ /dev/null @@ -1,6 +0,0 @@ -$ModLoad imudp -$UDPServerRun 514 -$template Haproxy,"%msg%\n" -local0.=info -/var/log/haproxy/haproxy.log -local1.notice -/var/log/haproxy/haproxy-status.log -local0.* ~ diff --git a/playbooks/roles/haproxy_server/files/haproxy.default b/playbooks/roles/haproxy_server/files/haproxy.default deleted file mode 100644 index 88c7e49c81..0000000000 --- a/playbooks/roles/haproxy_server/files/haproxy.default +++ /dev/null @@ -1,2 +0,0 @@ -# Set ENABLED to 1 if you want the init script to start haproxy. -ENABLED=1 diff --git a/playbooks/roles/haproxy_server/handlers/main.yml b/playbooks/roles/haproxy_server/handlers/main.yml deleted file mode 100644 index 56aca1bd3a..0000000000 --- a/playbooks/roles/haproxy_server/handlers/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: regen pem - shell: > - cat {{ haproxy_ssl_cert }} {{ haproxy_user_ssl_ca_cert is defined | ternary(haproxy_ssl_ca_cert,'') }} {{ haproxy_ssl_key }} > {{ haproxy_ssl_pem }} - notify: Restart haproxy - -- name: Restart haproxy - service: - name: "haproxy" - state: "restarted" - pattern: "haproxy" - enabled: "yes" - -- name: Restart rsyslog - service: - name: "rsyslog" - state: "restarted" - pattern: "rsyslog" - enabled: "yes" diff --git a/playbooks/roles/haproxy_server/meta/main.yml b/playbooks/roles/haproxy_server/meta/main.yml deleted file mode 100644 index decbedb082..0000000000 --- a/playbooks/roles/haproxy_server/meta/main.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -galaxy_info: - author: rcbops - description: Installation and setup of HAProxy - company: Rackspace - license: Apache2 - min_ansible_version: 1.9.0 - platforms: - - name: Ubuntu - versions: - - trusty - - xenial - - name: EL - versions: - - 7 - categories: - - cloud - - python - - development - - openstack -dependencies: - - role: apt_package_pinning - apt_pinned_packages: [{ package: "*", release: LP-PPA-vbernat-haproxy-1.5, priority: "1001" }] - apt_package_pinning_file_name: "haproxy_pin.pref" - when: - - ansible_pkg_mgr == 'apt' - - haproxy_ssl | bool - - ansible_distribution_version | version_compare('16.04', '<') diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_add_ppa_repo.yml b/playbooks/roles/haproxy_server/tasks/haproxy_add_ppa_repo.yml deleted file mode 100644 index 246f1765de..0000000000 --- a/playbooks/roles/haproxy_server/tasks/haproxy_add_ppa_repo.yml +++ /dev/null @@ -1,98 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE(cloudnull) This file can be removed when we drop 14.04 support - -#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache -#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged -#in 1.9.x or we move to 2.0 (if tested working) -- name: Check apt last update file - stat: - path: /var/cache/apt - register: apt_cache_stat - tags: - - haproxy-apt-packages - -- name: Update apt if needed - apt: - update_cache: yes - when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}" - tags: - - haproxy-apt-packages - -- name: Install haproxy pre packages - apt: - pkg: "{{ item }}" - state: "{{ haproxy_package_state }}" - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - with_items: "{{ haproxy_pre_packages }}" - tags: - - haproxy-pre-apt-packages - -- name: Add haproxy apt-keys - apt_key: - id: "{{ item.hash_id }}" - keyserver: "{{ item.keyserver | default(omit) }}" - data: "{{ item.data | default(omit) }}" - url: "{{ item.url | default(omit) }}" - state: "present" - register: add_keys - until: add_keys|success - ignore_errors: True - retries: 5 - delay: 2 - with_items: "{{ haproxy_gpg_keys }}" - tags: - - haproxy-apt-keys - -- name: Add haproxy apt-keys using fallback keyserver - apt_key: - id: "{{ item.hash_id }}" - keyserver: "{{ item.fallback_keyserver | default(omit) }}" - url: "{{ item.fallback_url | default(omit) }}" - state: "present" - register: add_keys_fallback - until: add_keys_fallback|success - retries: 5 - delay: 2 - with_items: "{{ haproxy_gpg_keys }}" - when: add_keys|failed and (item.fallback_keyserver is defined or item.fallback_url is defined) - tags: - - haproxy-apt-keys - -- name: Add haproxy repo(s) - apt_repository: - repo: "{{ haproxy_repo.repo }}" - state: "{{ haproxy_repo.state }}" - when: - - haproxy_repo.repo is defined - - haproxy_repo.state is defined - register: add_repos - until: add_repos|success - retries: 5 - delay: 2 - tags: - - haproxy-repos - -- name: Update apt if necessary - apt: - update_cache: yes - when: add_repos|changed - tags: - - haproxy-repos - diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_install.yml b/playbooks/roles/haproxy_server/tasks/haproxy_install.yml deleted file mode 100644 index 68773bae72..0000000000 --- a/playbooks/roles/haproxy_server/tasks/haproxy_install.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: haproxy_install_apt.yml - when: - - ansible_pkg_mgr == 'apt' - tags: - - install-apt - -- include: haproxy_install_yum.yml - when: - - ansible_pkg_mgr == 'yum' - tags: - - install-yum - -- include: haproxy_install_hatop.yml - -- name: Create haproxy conf.d dir - file: - path: "{{ item.path }}" - state: directory - mode: "0755" - with_items: - - { path: "/etc/haproxy" } - - { path: "/etc/haproxy/conf.d" } - tags: - - haproxy-config diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_install_apt.yml b/playbooks/roles/haproxy_server/tasks/haproxy_install_apt.yml deleted file mode 100644 index 55b83fdcc0..0000000000 --- a/playbooks/roles/haproxy_server/tasks/haproxy_install_apt.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE(cloudnull) This can be removed when we drop 14.04 support -- include: haproxy_add_ppa_repo.yml - when: - - ansible_distribution_version | version_compare('16.04', '<') - -#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache -#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged -#in 1.9.x or we move to 2.0 (if tested working) -- name: Check apt last update file - stat: - path: /var/cache/apt - register: apt_cache_stat - tags: - - haproxy-apt-packages - -- name: Update apt if needed - apt: - update_cache: yes - when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}" - tags: - - haproxy-apt-packages - -- name: Install HAProxy Packages - apt: - pkg: "{{ item }}" - state: "{{ haproxy_package_state }}" - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - with_items: "{{ haproxy_packages }}" - tags: - - haproxy-apt-packages - -# NOTE(cloudnull) This can be removed when we drop 14.04 support -- name: Replace haproxy DEFAULT file - copy: - src: haproxy.default - dest: /etc/default/haproxy - when: - - ansible_distribution_version | version_compare('16.04', '<') - tags: - - haproxy-config diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_install_hatop.yml b/playbooks/roles/haproxy_server/tasks/haproxy_install_hatop.yml deleted file mode 100644 index 813826cb96..0000000000 --- a/playbooks/roles/haproxy_server/tasks/haproxy_install_hatop.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Download HATop - get_url: - url: "{{ haproxy_hatop_download_url }}" - dest: "/var/cache/{{ haproxy_hatop_download_url | basename }}" - force: yes - -- name: Create HATop directory - file: - path: "/opt/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}" - state: directory - -- name: Unarchive HATop - unarchive: - src: "/var/cache/{{ haproxy_hatop_download_url | basename }}" - dest: "/opt" - copy: "no" - -- name: Install HATop - command: "install -m 755 bin/hatop /usr/local/bin" - args: - chdir: "/opt/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}" diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_install_yum.yml b/playbooks/roles/haproxy_server/tasks/haproxy_install_yum.yml deleted file mode 100644 index 810fde8005..0000000000 --- a/playbooks/roles/haproxy_server/tasks/haproxy_install_yum.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Install yum packages - yum: - pkg: "{{ item }}" - state: "{{ haproxy_package_state }}" - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - with_items: "{{ haproxy_packages }}" - tags: - - haproxy-yum-packages diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml b/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml deleted file mode 100644 index 6b16301cf4..0000000000 --- a/playbooks/roles/haproxy_server/tasks/haproxy_post_install.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Make haproxy bindable on non local addresses - sysctl: - name: net.ipv4.ip_nonlocal_bind - value: 1 - sysctl_set: yes - state: present - when: haproxy_bind_on_non_local | bool - tags: - - haproxy-base-config - - haproxy-config - -- name: Drop base haproxy config - template: - src: "haproxy.cfg.j2" - dest: "/etc/haproxy/conf.d/00-haproxy" - notify: Restart haproxy - tags: - - haproxy-base-config - - haproxy-config - -- name: Drop haproxy logging config - copy: - src: "haproxy-logging.cfg" - dest: "/etc/rsyslog.d/99-haproxy-local-logging.conf" - notify: Restart rsyslog - tags: - - haproxy-base-config - - haproxy-config - -- include: haproxy_service_config.yml - -- name: Regenerate haproxy configuration - assemble: - src: "/etc/haproxy/conf.d" - dest: "/etc/haproxy/haproxy.cfg" - notify: Restart haproxy - tags: - - haproxy-base-config - - haproxy-config - -- name: Enable haproxy services - service: - name: "haproxy" - enabled: "yes" - tags: - - haproxy-config diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_pre_install.yml b/playbooks/roles/haproxy_server/tasks/haproxy_pre_install.yml deleted file mode 100644 index 41a33e3ae1..0000000000 --- a/playbooks/roles/haproxy_server/tasks/haproxy_pre_install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Copyright 2015, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE(cloudnull): -# While the haproxy distro packages provide for an haproxy -# group this group is being created upfront to support -# log aggregation links as well as ensure common user -# functionality across various distros that we support. -- name: Create the haproxy system group - group: - name: "haproxy" - state: "present" - system: "yes" - tags: - - haproxy-group - -# NOTE(cloudnull): -# While the haproxy distro packages provide for an haproxy -# user this user is being created upfront to support -# log aggregation links as well as ensure common user -# functionality across various distros that we support. -- name: Create the haproxy system user - user: - name: "haproxy" - group: "haproxy" - comment: "haproxy user" - shell: "/bin/false" - system: "yes" - createhome: "yes" - home: "/var/lib/haproxy" - tags: - - haproxy-user - -- name: Test for log directory or link - shell: | - if [ -h "/var/log/haproxy" ]; then - chown -h haproxy:adm "/var/log/haproxy" - chown -R haproxy:adm "$(readlink /var/log/haproxy)" - else - exit 1 - fi - register: log_dir - failed_when: false - changed_when: log_dir.rc != 0 - tags: - - haproxy-dirs - - haproxy-logs - -- name: Create haproxy log dir - file: - path: "/var/log/haproxy" - state: directory - mode: "0755" - when: log_dir | changed - tags: - - haproxy-dirs - - haproxy-logs diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_service_config.yml b/playbooks/roles/haproxy_server/tasks/haproxy_service_config.yml deleted file mode 100644 index 0afa280552..0000000000 --- a/playbooks/roles/haproxy_server/tasks/haproxy_service_config.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "Create haproxy service config files" - template: - src: service.j2 - dest: "/etc/haproxy/conf.d/{{ item.service.haproxy_service_name }}" - with_items: "{{ haproxy_service_configs }}" - when: - - (item.service.haproxy_backend_nodes is defined and - item.service.haproxy_backend_nodes | length > 0) or - (item.service.haproxy_backup_nodes is defined and - item.service.haproxy_backup_nodes | length > 0) - - item.service.haproxy_service_enabled | default('True') | bool - notify: Restart haproxy - tags: - - haproxy-service-config diff --git a/playbooks/roles/haproxy_server/tasks/haproxy_ssl_configuration.yml b/playbooks/roles/haproxy_server/tasks/haproxy_ssl_configuration.yml deleted file mode 100644 index 3c8728ecfa..0000000000 --- a/playbooks/roles/haproxy_server/tasks/haproxy_ssl_configuration.yml +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Copyright 2015, Jean-Philippe Evrard -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Deploy user provided ssl cert - copy: - src: "{{ haproxy_user_ssl_cert }}" - dest: "{{ haproxy_ssl_cert }}" - owner: "root" - group: "root" - mode: "0644" - when: haproxy_user_ssl_cert is defined - notify: - - regen pem - tags: - - haproxy-ssl - -- name: Deploy user provided ssl key - copy: - src: "{{ haproxy_user_ssl_key }}" - dest: "{{ haproxy_ssl_key }}" - owner: "root" - group: "root" - mode: "0600" - when: haproxy_user_ssl_key is defined - notify: - - regen pem - tags: - - haproxy-ssl - -- name: Drop user provided ssl CA cert - copy: - src: "{{ haproxy_user_ssl_ca_cert }}" - dest: "{{ haproxy_ssl_ca_cert }}" - owner: "root" - group: "root" - mode: "0644" - when: haproxy_user_ssl_ca_cert is defined - notify: - - regen pem - tags: - - haproxy-ssl - -- name: Ensure the private ssl directory exists - file: - dest: "/etc/ssl/private" - state: "directory" - tags: - - haproxy-ssl - -- name: Remove signed certs and keys for regen - file: - dest: "{{ haproxy_ssl_cert }}" - state: "absent" - with_items: - - "{{ haproxy_ssl_pem }}" - - "{{ haproxy_ssl_key }}" - - "{{ haproxy_ssl_cert }}" - when: haproxy_ssl_self_signed_regen | bool - tags: - - haproxy-ssl - -- name: Create self-signed ssl cert if no certificate exists - command: > - openssl req -new -nodes -sha256 -x509 -subj - "{{ haproxy_ssl_self_signed_subject }}" - -days 3650 - -keyout {{ haproxy_ssl_key }} - -out {{ haproxy_ssl_cert }} - -extensions v3_ca - creates={{ haproxy_ssl_cert }} - notify: - - regen pem - tags: - - haproxy-ssl diff --git a/playbooks/roles/haproxy_server/tasks/main.yml b/playbooks/roles/haproxy_server/tasks/main.yml deleted file mode 100644 index 7403ef8c28..0000000000 --- a/playbooks/roles/haproxy_server/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" - - "{{ ansible_distribution | lower }}.yml" - - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml" - - "{{ ansible_os_family | lower }}.yml" - tags: - - always - -- include: haproxy_pre_install.yml - -- include: haproxy_install.yml - -- include: haproxy_ssl_configuration.yml - when: haproxy_ssl | bool - -- include: haproxy_post_install.yml diff --git a/playbooks/roles/haproxy_server/templates/haproxy.cfg.j2 b/playbooks/roles/haproxy_server/templates/haproxy.cfg.j2 deleted file mode 100644 index 51727671d0..0000000000 --- a/playbooks/roles/haproxy_server/templates/haproxy.cfg.j2 +++ /dev/null @@ -1,36 +0,0 @@ -# {{ ansible_managed }} - -global - log 127.0.0.1 local0 - log 127.0.0.1 local1 notice - chroot /var/lib/haproxy - user haproxy - group haproxy - daemon - maxconn 4096 - tune.bufsize 384000 - stats socket /var/run/haproxy.stat level admin mode 600 - {% if haproxy_ssl | bool %}tune.ssl.default-dh-param {{haproxy_ssl_dh_param}}{% endif %} - -defaults - log global - option dontlognull - option redispatch - retries 3 - timeout client 50s - timeout connect 10s - timeout server 50s - maxconn 4096 - -{% if haproxy_stats_enabled | bool %} -listen stats {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} - mode http - stats enable - stats hide-version - stats realm Haproxy\ Statistics - stats uri / - stats show-node - stats show-legends - stats auth {{ haproxy_username }}:{{ haproxy_stats_password }} - stats admin if TRUE -{% endif %} diff --git a/playbooks/roles/haproxy_server/templates/service.j2 b/playbooks/roles/haproxy_server/templates/service.j2 deleted file mode 100644 index e799bb3b11..0000000000 --- a/playbooks/roles/haproxy_server/templates/service.j2 +++ /dev/null @@ -1,116 +0,0 @@ -# {{ ansible_managed }} - -{% set request_option = item.service.haproxy_balance_type | default("http") -%} -{% if item.service.haproxy_backend_port is not defined %} - {% set haproxy_backend_port = item.service.haproxy_port %} -{% else %} - {% set haproxy_backend_port = item.service.haproxy_backend_port %} -{% endif -%} - -{% set vip_binds = [external_lb_vip_address] -%} -{%- if internal_lb_vip_address not in vip_binds %} - {% set _ = vip_binds.append(internal_lb_vip_address) %} -{% endif -%} - -{%- if extra_lb_vip_addresses is defined %} -{% for vip_address in extra_lb_vip_addresses %} - {% set _ = vip_binds.append(vip_address) %} -{% endfor %} -{% endif -%} - -{%- if item.service.haproxy_bind is defined %} - {% if item.service.haproxy_bind not in vip_binds %} - {% set _ = vip_binds.append(item.service.haproxy_bind) %} - {% endif %} -{% endif -%} - -{% for vip_bind in vip_binds %} -{% if item.service.haproxy_redirect_http_port is defined and item.service.haproxy_ssl %} -{% if (loop.index == 1 or item.service.haproxy_ssl_all_vips | default(false) | bool) %} - -frontend {{ item.service.haproxy_service_name }}-redirect-front-{{ loop.index }} -bind {{ vip_bind }}:{{ item.service.haproxy_redirect_http_port }} - mode http - redirect scheme https if !{ ssl_fc } -{% endif %} -{% endif %} - -frontend {{ item.service.haproxy_service_name }}-front-{{ loop.index }} - bind {{ vip_bind }}:{{ item.service.haproxy_port }} {% if (item.service.haproxy_ssl | default(false) | bool) and (loop.index == 1 or item.service.haproxy_ssl_all_vips | default(false) | bool) %}ssl crt {{ haproxy_ssl_pem }} ciphers {{ haproxy_ssl_cipher_suite }}{% endif %} - -{% if request_option == "http" %} - option httplog - option forwardfor except 127.0.0.0/8 - option http-server-close -{% elif request_option == "tcp" %} - option tcplog -{% endif %} -{% if item.service.haproxy_timeout_client is defined %} - timeout client {{ item.service.haproxy_timeout_client }} -{% endif %} -{% if item.service.haproxy_whitelist_networks is defined %} - acl white_list src 127.0.0.1/8 {{ item.service.haproxy_whitelist_networks | join(' ') }} - tcp-request content accept if white_list - tcp-request content reject -{% endif %} -{% if (item.service.haproxy_ssl | default(false) | bool) and request_option == 'http' and (loop.index == 1 or item.service.haproxy_ssl_all_vips | default(false) | bool) %} - reqadd X-Forwarded-Proto:\ https -{% endif %} - mode {{ item.service.haproxy_balance_type }} - default_backend {{ item.service.haproxy_service_name }}-back -{% endfor %} - -{% set backend_options = item.service.haproxy_backend_options|default([]) %} - -backend {{ item.service.haproxy_service_name }}-back - mode {{ item.service.haproxy_balance_type }} - balance {{ item.service.haproxy_balance_alg|default("leastconn") }} -{% if item.service.haproxy_timeout_server is defined %} - timeout server {{ item.service.haproxy_timeout_server }} -{% endif %} - stick store-request src - stick-table type ip size 256k expire 30m -{% if request_option == "http" %} - option forwardfor - option httplog -{% elif request_option == "tcp" %} - option tcplog -{% endif %} -{% for option in backend_options %} - option {{ option }} -{% endfor %} - -{% for host_name in item.service.haproxy_backend_nodes %} -{% set entry = [] %} -{% set _ = entry.append("server") %} -{% set _ = entry.append(host_name | string) %} -{% set _ = entry.append(hostvars[host_name]['ansible_ssh_host'] + ":" + haproxy_backend_port | string) %} -{% set _ = entry.append("check") %} -{% set _ = entry.append("port") %} -{% set _ = entry.append(haproxy_backend_port | string) %} -{% set _ = entry.append("inter") %} -{% set _ = entry.append(haproxy_interval | string) %} -{% set _ = entry.append("rise") %} -{% set _ = entry.append(item.service.haproxy_backend_nodes | count | string) %} -{% set _ = entry.append("fall") %} -{% set _ = entry.append(item.service.haproxy_backend_nodes | count | string) %} - {{ entry | join(' ') }} -{% endfor %} - -{% for host_name in item.service.haproxy_backup_nodes|default([]) %} -{% set entry = [] %} -{% set _ = entry.append("server") %} -{% set _ = entry.append(host_name | string) %} -{% set _ = entry.append(hostvars[host_name]['ansible_ssh_host'] + ":" + haproxy_backend_port | string) %} -{% set _ = entry.append("check") %} -{% set _ = entry.append("port") %} -{% set _ = entry.append(haproxy_backend_port | string) %} -{% set _ = entry.append("inter") %} -{% set _ = entry.append(haproxy_interval | string) %} -{% set _ = entry.append("rise") %} -{% set _ = entry.append(item.service.haproxy_backup_nodes | count | string) %} -{% set _ = entry.append("fall") %} -{% set _ = entry.append(item.service.haproxy_backup_nodes | count | string) %} -{% set _ = entry.append("backup") %} - {{ entry | join(' ') }} -{% endfor %} diff --git a/playbooks/roles/haproxy_server/vars/redhat-7.yml b/playbooks/roles/haproxy_server/vars/redhat-7.yml deleted file mode 100644 index 30cff80f42..0000000000 --- a/playbooks/roles/haproxy_server/vars/redhat-7.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -haproxy_packages: - - haproxy - - rsyslog # Used for local logging diff --git a/playbooks/roles/haproxy_server/vars/ubuntu-14.04.yml b/playbooks/roles/haproxy_server/vars/ubuntu-14.04.yml deleted file mode 100644 index 27cea2bee2..0000000000 --- a/playbooks/roles/haproxy_server/vars/ubuntu-14.04.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## APT Cache options -cache_timeout: 600 - -haproxy_apt_repo_url: "http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu" -haproxy_repo: - repo: "deb {{ haproxy_apt_repo_url }} {{ ansible_distribution_release }} main" - state: "present" - -# Haproxy GPG Keys -haproxy_gpg_keys: - - key_name: 'haproxy' - keyserver: 'hkp://keyserver.ubuntu.com:80' - fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80' - hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd' - -haproxy_pre_packages: - - python-software-properties - - software-properties-common - - debconf-utils - -haproxy_packages: - - haproxy - - rsyslog # Used for local logging - - vim-haproxy - - psmisc diff --git a/playbooks/roles/haproxy_server/vars/ubuntu-16.04.yml b/playbooks/roles/haproxy_server/vars/ubuntu-16.04.yml deleted file mode 100644 index ae85e07171..0000000000 --- a/playbooks/roles/haproxy_server/vars/ubuntu-16.04.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## APT Cache options -cache_timeout: 600 - -haproxy_pre_packages: - - python-software-properties - - software-properties-common - - debconf-utils - -haproxy_packages: - - haproxy - - rsyslog # Used for local logging - - vim-haproxy - - psmisc