62 Commits

Author SHA1 Message Date
cloudnull
de92efc0f9 Add the manila service to OSA
This change adds manila to our playbook lineup and will allow deployers
to use the shared filesystem as a service solution in their deployments.

Depends-On: I4d95bfc15d09b7b7c0b997d7eab91509b0c63885
Change-Id: I63ee785d3241d92ea94c07f89882000cae7a0ff6
Signed-off-by: cloudnull <kevin@cloudnull.com>
2019-03-29 14:42:13 +00:00
Jesse Pretorius
48266cefb5 Add panko to integrated build
In order to enable the testing of the complete telemetry
stack, we add panko to the integrated build.

Change-Id: Ica12e3c0a586609bf5a3e5b50905922932a0bbce
2019-03-29 16:34:28 +02:00
Dmitriy Rabotjagov
4f9e923ee6 Added Openstack Masakari role for the deployment
This commit adds experimental deployment of Masakari role.
It requires existing corosync/pacemaker cluster on compute nodes
for hostmonitors to operate correctly.
Corosync/pacemaker deployment stays out of OSA scope for now.

Depends-On: Ib33d7bc83f1428763f873e1155fd9e3eb4c937e4
Change-Id: Ie543885a52f013635b9f553982c3d6448e3cc3aa
2019-03-26 22:25:26 +02:00
Guilherme Steinmüller
5b9b6d4b76 Add support to deploy mistral
In additin to adding mistral role we also
include os-mistral-install.yml to deploy
mistral to the appropriate hosts.

Change-Id: I9c93e82ec655459c45baf91ed6e6130f2735f61f
2019-03-09 21:54:32 +00:00
Taseer Ahmed
df54583ca7 Integrate Blazar with OpenStack Ansible
Change-Id: I27874f755bcef493165877a24e284c493d99cb2a
2018-10-26 16:59:03 +02:00
Jesse Pretorius
cad69ee25e Add missing congress_oslomsg_rpc_password
This variable is not defined, causing implementations
of congress in the integrated build to fail.

Change-Id: Iaf2880866d1cc3780fec47fdf429c64227db914f
2018-08-25 19:15:58 +01:00
Jesse Pretorius
41191f49d7 Remove the molteniron service from the integrated build
The molteniron service appears to be largely for testing purposes
and both the service and role have not had much activity for over
a year. As such, it is removed from OSA's integrated build.

Change-Id: I94b1be326935f7006027b4a437ff3b2b0a6f9a69
2018-07-31 19:42:36 +01:00
Jesse Pretorius
9b13d416bd Remove all MQ vhost/user and DB create tasks
Now that all the MQ and database creation tasks are in the roles,
and use appropriate defaults, we can remove all the wiring from
group_vars and the tasks.

To cater to the changes in passwords, we also ensure that the
upgrade tooling renames any existing secrets.

The healthcheck-infrastructure.yml playbook is deliberately left
alone due to it being refactored anyway in
https://review.openstack.org/587408

Change-Id: Ie3960e2e2ac9c0aff0bc36f46182be2fc0a038b3
2018-07-31 14:19:11 +01:00
Jean-Philippe Evrard
f2a3c8ed69 Prevent incorrect credentials
Currently 3 sets of credentials are generated for MQ, per service:
- rabbitmq_password
- oslomsg_rpc_password
- oslomsg_notify_password

In each service, we should use x_oslomsg_rpc_password and
x_oslomsg_notify_password, and not rabbitmq.

However there is no wiring as of today. This could lead
to a username like nova, on a vhost nova, with 3 different
passwords. Only one would work.

This patch ensures the wiring is done by default, for all
the roles to be able to use x_oslomsg_notify_password and
x_oslomsg_rpc_password. This is done by always referencing,
in the notify part, the credentials to the rpc part.

The RPC part is then a reference to the rabbitmq_password, so
it's easy to upgrade from queens to Rocky without changes.

If a deployer wants to override the credentials, he can
do so by uncommenting the appropriate line in the
user_secrets. This would then override the existing group_vars
and wire the secrets appropriately. A new user should be
used in that case, as written in the comments.

Change-Id: I834bdc5a33f6b3c49452a9948c889caa79659f3c
2018-07-16 11:30:08 +00:00
Jesse Pretorius
bd64bf7372 Move MQ vhost/user creation into role (glance)
There is no record for why we implement the MQ vhost/user creation
outside of the role in the playbook, when we could do it inside the
role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we remove the group_vars which were duplicated from the
role, and remove the MQ setup tasks as they are no longer required.

We also remove the user_secrets which are now totally unused.

Depends-On: https://review.openstack.org/568517
Change-Id: I366d9f7f7ffb0d6912590520a5ea5a718ab0d9af
2018-07-03 17:14:15 +00:00
German Eichberger
13ce4e0837 Adds the certificate client key password to user_secrets
With the automatic Octav ia cert creation the user has the option
to use a default secret for the generation of the client_ca key.
This ca will be used for generating client certificates to be used
by Octavia.

Change-Id: I6bf9c9f93e6fb96e836333bf1379035df488ee8f
Depends-On: https://review.openstack.org/553630
2018-05-31 13:34:06 +01:00
Andrew Smith
929aaf1482 Support oslo.messaging services for separate RPC and Notification
This commit introduces oslo.messaging service variables in place of
the rabbitmq server. This will enable the use of separate and alternative
messaging system backends for RPC and Notify communications with
minimal impact to the overall deployment configuration.

This patch:
* update service passwords
* add oslo-messaging to group vars
* update inventory group vars for each service
* add common task for oslo messaging vhost/user install
* update service install playbooks

Change-Id: I235bd33a52df5451a62d2c8700a65a1bc093e4d6
2018-04-30 15:18:42 -04:00
Taseer Ahmed
eee6c77180 Integrate Congress with OSA.
- Tests minimum tempest's congress tests.

Change-Id: Id0c4a4bb4c01757da671a495613141ad738573dd
Signed-off-by: Taseer Ahmed <taseer94@gmail.com>
2018-03-20 08:42:43 +00:00
Logan V
c700fdba0d Ceph RadosGW integration
This adds a new scenario for Ceph Rados GW integration:
- It adds the RGW into haproxy to the default swift port if
swift port isn't deployed already
- It adds tempest swift API testing on the rados gw in the
check scenario
- It adds ceph rgw in default inventories.

Change-Id: I5f6ff3fa05a4a8019bf5b695b02184d9f065bc2e
Co-Authored-By: Jean-Philippe Evrard <jean-philippe@evrard.me>
Co-Authored-By: Maxime Guyot <maxime.guyot@elits.com>
2018-02-27 17:49:19 +01:00
Jesse Pretorius
604e8217a9 Remove placement_database related options/code
The placement_database config options were added in Newton
but the actual code to use the options was reverted and is
not used.

Change-Id: I97f44c0b52af6c356433cf2c1021e9c175a8710d
Depends-On: https://review.openstack.org/541685
Related-Reviews: I31293ac4689630e4113588ab2c6373cf572b8f38
Closes-Bug: #1670419
2018-02-07 12:00:50 +00:00
Manuel Buil
bd79f0720a Add tacker installation
This patch provides the necessary files and changes in existing files to
deploy tacker component. Tacker is an orchestrator and VNF manager, which
is widely used as MANO component in NFV type of deployments

Change-Id: I339c9cc032f871766a89e24c2ada38063fc7ac39
2017-08-21 16:27:32 +02:00
Samuel Matzek
55f0c1fef3 Remove trove_regular_user
Remove the unnecessary trove_regular_user.  The documenation that was
referenced [1] when this was added to the role is intended to configure
Trove for development purposes. The trove_regular_user is not used by the
Trove service and is only being created to give the developer a non-admin
user to use for testing.

[1] https://docs.openstack.org/trove/latest/install/manual_install.html

Change-Id: Ic71216c21092a22105ad56ef98e1554dff48f0b0
2017-07-28 14:55:47 +00:00
Kyle L. Henderson
e380357017 Add trove RPC encryption keys
Updated the user secrets file to include the Trove RPC
encryption keys.

Change-Id: If7129bc5d9e6f3b9b5861e69df63bb5f8b65d047
2017-03-31 13:16:52 -05:00
Mark Hamzy
bb7c06768a Add support to install a molteniron server
Molteniron is now an Ironic project which allows devstack testing on
bare metal nodes.

Change-Id: Ib30da201e0a170d15a2de342482c48ba98f89c5b
2017-03-24 08:52:06 -05:00
German Eichberger
daf20d0961 Additions to install OpenStack Octavia
- Adds Octavia AIO config
- Adds group vars to trigger config of LBaaS/Ocatvia in neutron
  if Octavia is installed
- Adds Octavia endpoint to haproxy
- Adds Octavia vars and secrets
- Adds Octavia to repository
- adjusts tests
- adds reno

Depends-On: Idb419a4ca5daa311d39c90eda5f83412ccf576ad

Change-Id: Ia334ed42ed0664b10cba860d4231a6aa1588800e
2017-03-13 16:50:46 -04:00
Andy McCrae
248caaf322 Revert role pins in master branch
Additionally, resolve the group name changes and variable removal from
the os_designate role in patch:

https://review.openstack.org/#/c/427810/

Change-Id: I7ed562aaa1f8f6db0b4cfb5da46b030540332f49
2017-02-08 10:41:05 +00:00
Andy McCrae
f752814732 Implement nova-placement-api group for integrated build
Change-Id: Ib5a4964bb05d69a0ffad4b49ec6a0f9657618624
2017-01-26 17:00:40 +00:00
Donovan Francesco (drifterza)
835bec6c36 Adding Designate to integrated repo.
Change-Id: I92208c81bde9efbd832951004b28791c429a1e12
2016-11-08 10:25:29 +00:00
Jenkins
d633726d47 Merge "Include barbican role in integrated release" 2016-11-02 19:54:48 +00:00
Jimmy McCrory
7eca22359f Include barbican role in integrated release
Add playbook, haproxy service configuration, variable definition,
and environment definition files required to deploy barbican as an
integrated role of openstack-ansible.

Change-Id: If87099958e0b1fc48866a468a47bb60bae622f28
2016-11-02 06:38:52 -07:00
Jimmy McCrory
2c6f0982ae Remove old secrets from user_secrets
Remove secrets that are no longer used from the base user_secrets.yml

Change-Id: I10c9db6befa4c4c9b8e308faa580fbe5e3ab57c4
2016-11-01 10:48:33 -07:00
Kevin Carter
bd3d933527
Added lxd password to the secrets file
In order to deplpoy LXD compute types the lxd password is required. This
change adds the `lxd_trust_password` variable to the default passwords
file so that a strong password is generated by default even if it's not
to be used intitally.

Change-Id: Ifb7ec681043b02bbbbcd53bcba01653097a55253
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-10-28 11:55:54 -05:00
Ravi Gummadi
31b474e37f Fix trove deployment errors
1. Defined default values for some variables of trove
2. Added passwords related variables in user_secrets.yml
3. Fix variable names so that same variable name is used everywhere

Change-Id: I39c3bad7cca2ab8793419f4d184180ecf7d60f82
Closes-Bug: #1636798
2016-10-27 19:15:30 +00:00
Donovan Francesco (drifterza)
951e241089 Add integrated Trove deployment.
Change-Id: Ic71703960e2259edd25faa3e992c7fa9c6d28674
2016-10-03 15:48:55 +00:00
Michael Davies
6e50d69b22 os_ironic mysql password variable not updated
Ironic in OSA is currently broken as the ironic database
user isn't created, and consequently the ironic services can't
connect to the database. It broke back in patch 91deb13.

This patch corrects the openstack-ansible side of the problem.
Another patch will fix the os-ironic side.

Change-Id: I38aa44bc33a80bb6d53a66bce34aff57048a1af3
Partial-Bug: #1625081
Signed-off-by: Michael Davies <michael@the-davies.net>
2016-09-20 04:07:55 +00:00
Andy McCrae
6bd8f3c17b Add vars for Swift telemetry settings
Since adding the name spaced telemetry vars for swift in:
https://review.openstack.org/#/c/363644/

We need to adjust the openstack-ansible repository to reflect these
changes. Additionally, we need to add a task that will setup the
rabbitmq user/vhost when using ceilometer with swift.

Change-Id: I74d0d7dec19abb525837e65d1354091cdd3cd0f2
2016-09-01 11:28:46 +00:00
Flavio Ramalho
943676b94d Adding a playbook for deploying Sahara
This change adds a playbook for deploying sahara as part of the
sahara role integration.

This change also adds variables needed for the installation of
the sahara-dashboard and its support by the ceilometer service,
which will be added on patches in their respective roles.

Change-Id: I782d74e09d1796744ece75d12aa9c65c9453be19
2016-08-26 18:20:53 +00:00
Travis Truman
c89f27772a Add play to deploy Rally to the utility containers
This play allows deployers to install and configure
Rally for post-deployment functional and performance testing

Depends-On: I3d5cc822cc0d3c2b0b3ba7b05a9fe1b6b9e3a839
Change-Id: I1c4567649e4e35641610f27eaf3b8a57c8a722cc
2016-08-25 01:17:02 +00:00
Steve Lewis
085e57d11a Enable Gnocchi by default
Ceilometer is set to use Gnocchi dispatch when Gnocchi is deployed.
All references to MongoDB in the AIO are removed.

Partial-Blueprint: role-gnocchi
Depends-On: I94e7d461376a8032a76ea34b57190077a60a0fb5
Change-Id: Ia41141e947d48426c7d490497639d62e8dff6f8e
2016-08-15 20:30:03 +00:00
Donovan Francesco
37e7700938 Adding support for Magnum
In addition to adding the magnum role to the repo build process we also
include the os-magnum-install.yml to deploy magnum to hosts tagged with
os_magnum.

Change-Id: I32dee168d1005572510f630a21f7d7a7a05640d9
Implements: blueprint role-magnum
2016-08-09 20:02:42 +00:00
Steve Lewis
14f66504b2 Introduce a playbook for deploying Gnocchi
As the next step in integrating Gnocchi, this playbook installs the
gnocchi role. The role is enabled for the gate by default, but can
be disabled consistent with other roles. It is also included in
the setup-openstack.yml playbook so that linters run on the
playbook.

Change-Id: I2e8b32f1cc6830c479da418b04896f273c5b2b86
Depends-On: I0eb60ef7a31d873ba70c353138da252284389f28
Partial-Blueprint: role-gnocchi
2016-07-08 11:33:14 -07:00
Travis Truman
e84cc94788 Remove references to unused heat vars
heat_profiler_hmac_key and heat_cfn_service_password
are no longer referenced within any plays,tasks or templates
and should be removed.

Related but not dependent upon change I42ca62a64a6985b37d73f7f14093207d02fefb5d

Change-Id: Id1c2d4b26735b671845cd76f63b7a922242c5662
2016-06-24 10:38:33 -04:00
wade-holler
b5b2bb9af4 Add RabbitMQ mgmt UI through HAProxy
Backgroud: Bug Requests ability to access
RabbitMQ management UI through HAproxy

Approach:
--Add rabbitmq ui port 15672 to HAProxy
--DO NOT Add monitoring user by default,
instead key on existence of rabbitmw_monitoring_userid
in user_variables.yml
--ADD user_variables.yml update per above with
explanation
--Add "monitoring" user to rabbitmq for monitoring with
"monitoring" user tag
--Add monitoring user passwd var to user_secrets
--Add features: release note

Closes-Bug: 1446434

Change-Id: Idaf02cad6bb292d02f1cf6a733dbbc6ff4b4435e
2016-06-01 09:24:06 +00:00
Travis Truman
27e65b2efd DOC - Adding warning about changing passwords/secrets
Change-Id: I8709054a933b4b3ea8eddab24569bf3c7e59f599
2016-04-19 14:11:48 -04:00
Kevin Carter
0d9530c9fd
Add ironic_swift_temp_url_secret_key the secrets
This change adds the `ironic_swift_temp_url_secret_key` variable to the
user_secrets.yml file. This file is required when doing an ironic deployment.

Change-Id: Id9f94c0238ad3b6598044fe618f9913e88acec8c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-04-15 16:20:13 -05:00
Michael Davies
35ed804e3a Add installation support for os_ironic
This patch adds the initial support for the ironic role in
openstack-ansible, but leaves ironic unconfigured and not
installed by default.

Configuration, including Nova configuration, will be addressed in
subsequent patches.

Change-Id: Id9f01deb5c46ee2186b9c41c7f88205560b5f437
Depends-On: Ide66c7ee59192ac441ac2919028eca0ad665ceea
Depends-On: I590f5ade90b3e37af7f1b8ee333000d4f993f8c5
Partially-implements: blueprint role-ironic
Signed-off-by: Michael Davies <michael@the-davies.net>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-04-14 10:12:19 +00:00
Kevin Carter
a925248924 Add support for the nova_api db
This change adds in the nova_api db migration that has to happen
within mitaka. This is a new required DB though the DB entry has
existed since Kilo.

Change:
  * The SHA was moved forward to the new version of nova to support
    this change. This was done independently of the rest of the stack
    to ensure functionality of this new DB.
  * An entry was added to the secrets file to support a new db user
    and password.
  * The requirements repo was rev'd forward to support the new
    requirements within nova.

Depends-On: If63b541bfaf91333ac5963d391e6058ac8254eec
UpgradeImpact
Change-Id: I711018f4f1f27d667a3dda94a01dc76616f98f4c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-03-09 23:50:30 +00:00
Kevin Carter
e2051debef
Implement L3HA support
This change enables L3HA using the neutron internals by default. This should
make the general Neutron router support more robust.

Note:
  * The ability will not effect running routers so upgrades are seemless.
  * The l3ha support is only rendered by default when using the ML2 plugin.
  * The ATT neutron l3HA tool is still needed as a backup to ensure that the
    routers are always scheduled to an agent and will remain to facilitate
    L3HA on routers created without the ha capability.

Upgrade notes:
 - neutron_ha_vrrp_advert_int (removed)
 - neutron_ha_vrrp_auth_password (moved to user_secrets.yml)
 - neutron_handle_internal_only_routers (removed)
 - neutron_l3_ha_enabled (removed)
 - neutron_min_l3_agents_per_router (removed)
 - neutron_max_l3_agents_per_router (removed)

DocImpact
UpgradeImpact
Closes-Bug: #1416405
Change-Id: Ie456a50f525f11b9d15cd2a9c9590b41f19a9b5e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-10-22 07:48:34 -05:00
Miguel Alex Cantu
cf335efa89 Seperated out Telemetry Alarming (Aodh)
The alarming function of Telemetry has been seperated out
by design. This patchset creates new containers for these
alarming services and deploys them accordingly.

See:
http://lists.openstack.org/pipermail/openstack-dev/2015-September/073897.html

DocImpact
UpgradeImpact
Implements: blueprint liberty-release
Change-Id: I25294a25afa76d4d8bddad0a51c48485f33a6d20
2015-10-15 11:20:53 +01:00
Jenkins
b8b68a73a3 Merge "Removed unnecessary comment in the user_secrets for ceph variable" 2015-10-09 14:35:45 +00:00
Jean-Philippe Evrard
cf55c3e534 Removed unnecessary comment in the user_secrets for ceph variable
Change-Id: Ic90431796f856907d528095f9d7921c916e4958b
Closes-Bug: #1504447
2015-10-09 10:48:57 +02:00
Jean-Philippe Evrard
a239b29baf
Implementation of keepalived for haproxy
This commit uses a keepalived role, available in
ansible galaxy, to configure keepalived for haproxy

Keepalived makes the haproxy truely HA, by having
haproxy's VIP highly available between the hosts
defined in the inventory.

The keepalived role configuration is fully
documented on the upstream role.

To configure keepalived on your host, you only have to
give it a variable (dict). A template handles the
generation of the configuration of keepalived.

By default, the variable files defined in vars/configs/
are enough to have a keepalived working for haproxy,
with a master-backup configuration.

You can define other variable files by setting
haproxy_keepalived_(master|backup)_vars in your
user_variables. This should point to a "variable
template" file like the one you can find
in vars/configs/*

The haproxy playbook has been changed to rely on
the dynamic generation script. It will use the env.d
to have haproxy hosts. The first host from the
generated inventory will be considered as master,
while the others are slaves. The keepalived role
will only run if more than haproxy host is found
in the inventory. This behaviour can be changed
and keepalived can be disabled by the variable:
haproxy_use_keepalived.

The implemented variables are the following:
* haproxy_keepalived_(ext|int)ernal_vip_cidr
* haproxy_keepalived_(ext|int)ernal_interface
* haproxy_keepalived_(ext|int)ernal_virtual_router_id
* haproxy_keepalived_priority_backup
* haproxy_keepalived_priority_master
* haproxy_keepalived_vars_file

In these variables, only the following variables
are necessary: keepalived_(ext|int)ernal_vip_cidr
However, it's recommended to also configure the
keepalived_(ext|int)ernal_interface
(to know which interface the vips can bind on)

Closes-Bug: 1414397
Change-Id: Ib87a3bb70d6f4b7ac9356e8a28fe4b5936eb9334
2015-10-07 23:08:41 -05:00
kevin
b2624d4a26
Compartmentalizing RabbitMQ
Presently all services use the single root virtual host within RabbitMQ
and while this is “OK” for small to mid sized deployments however it
would be better to divide services into logical resource groups within
RabbitMQ which will bring with it additional security. This change set
provides OSAD better compartmentalization of consumer services that use
RabbitMQ.

UpgradeImpact
DocImpact
Change-Id: I6f9d07522faf133f3c1c84a5b9046a55d5789e52
Implements: blueprint compartmentalize-rabbitmq
2015-09-11 11:08:50 -05:00
george paraskevas
79e55616aa Enable HAProxy Stats Web UI
This patch enables the HAProxy webstats for all the configures
backends and frontends.

A password entry is added to user_secrets.yml for the webstats
password.

It also adds variables for port number, username and password
which can be overridden in user_variables.yml appropriately.

Change-Id: Iec866ad124bec6fb0b8524a966adf64e22422035
Closes-Bug: #1446432
2015-08-24 21:23:43 +00:00
Serge van Ginderachter
b878370a0b Add Ceph/RBD support to playbooks
Currently the playbooks do not allow Ceph to be configured as a backend
for Cinder, Glance or Nova. This commit adds a new role called
ceph_client to do the required configuration of the hosts and updates
the service roles to include the required configuration file changes.
This commit requires that a Ceph cluster already exists and does not
make any changes to that cluster.

ceph_client role, run on the OpenStack service hosts
  - configures the Ceph apt repo
  - installs any required Ceph dependencies
  - copies the ceph.conf file and appropriate keyring file to /etc/ceph
  - creates the necessary libvirt secrets

os_glance role
glance-api.conf will set the following variables for Ceph:
  - [DEFAULT]/show_image_direct_url
  - [glance_store]/stores
  - [glance_store]/rbd_store_pool
  - [glance_store]/rbd_store_user
  - [glance_store]/rbd_store_ceph_conf
  - [glance_store]/rbd_store_chunk_size

os_nova role
nova.conf will set the following variables for Ceph:
  - [libvirt]/rbd_user
  - [libvirt]/rbd_secret_uuid
  - [libvirt]/images_type
  - [libvirt]/images_rbd_pool
  - [libvirt]/images_rbd_ceph_conf
  - [libvirt]/inject_password
  - [libvirt]/inject_key
  - [libvirt]/inject_partition
  - [libvirt]/live_migration_flag

os_cinder is not updated because ceph is defined as a backend and that
is generated from a dictionary of the config, for an example backend
config, see etc/openstack_deploy/openstack_user_config.yml.example

pw-token-gen.py is updated so that variables ending in uuid are assigned
a UUID.

DocImpact
Implements: blueprint ceph-block-devices
Closes-Bug: #1455238
Change-Id: Ie484ce0bbb93adc53c30be32f291aa5058b20028
2015-08-01 19:49:00 +01:00