Merge "Ansible for metrics QDR"
This commit is contained in:
commit
11c724b3cb
|
@ -0,0 +1,6 @@
|
|||
=====================
|
||||
Role - metrics_qdr
|
||||
=====================
|
||||
|
||||
.. ansibleautoplugin::
|
||||
:role: tripleo_ansible/roles/tripleo_metrics_qdr
|
|
@ -0,0 +1,103 @@
|
|||
---
|
||||
|
||||
# Corresponds to MetricsQdrAddresses in THT
|
||||
# Addresses configuration (array of hashes).
|
||||
tripleo_metrics_qdr_addresses:
|
||||
- prefix: collectd
|
||||
distribution: multicast
|
||||
- prefix: ceilometer
|
||||
distribution: multicast
|
||||
|
||||
# Corresponds to MetricsQdrAutoLinks in THT
|
||||
# AutoLinks for the Configured Addresses
|
||||
tripleo_metrics_qdr_autolink_addresses: []
|
||||
|
||||
# Where to write the config file
|
||||
tripleo_metrics_qdr_conf_output_dir: /var/lib/config-data/ansible-generated/metrics_qdr
|
||||
|
||||
# Corresponds to MetricsQdrConnectors in THT
|
||||
# Connectors configuration (array of hashes).
|
||||
tripleo_metrics_qdr_connectors: []
|
||||
|
||||
# Set to edge-only or controller-mesh
|
||||
tripleo_metrics_qdr_deployment_mode: edge-only
|
||||
|
||||
tripleo_metrics_qdr_extra_listeners: []
|
||||
|
||||
tripleo_metrics_qdr_extra_ssl_profiles: []
|
||||
|
||||
# Corresponds to MetricsQdrAuthenticateClient in THT
|
||||
# Authenticate the client using SSL/TLS
|
||||
tripleo_metrics_qdr_listener_auth_peer: false
|
||||
|
||||
# Corresponds to MetricsQdrPort in THT
|
||||
# Service name or port number on which the qdrouterd will accept connections.
|
||||
tripleo_metrics_qdr_listener_port: 5666
|
||||
|
||||
# Corresponds to MetricsQdrUseSSL in THT
|
||||
# Set to true if required to use SSL or TLS on the connection for listener.
|
||||
tripleo_metrics_qdr_listener_require_ssl: false
|
||||
|
||||
# Corresponds to MetricsQdrSaslMechanisms in THT
|
||||
# List of SASL auth mechanisms for listener as of comma separated list.
|
||||
tripleo_metrics_qdr_listener_sasl_mech: ANONYMOUS
|
||||
|
||||
# Corresponds to MetricsQdrSslCertFile in THT
|
||||
# Path to SSL certificate file for listener.
|
||||
tripleo_metrics_qdr_listener_ssl_cert_file: /etc/pki/tls/certs/metrics_qdr.crt
|
||||
|
||||
# Corresponds to MetricsQdrSslCertDb in THT
|
||||
# Path to SSL certificate db for listener.
|
||||
tripleo_metrics_qdr_listener_ssl_cert_db: /etc/pki/tls/certs/ca-bundle.crt
|
||||
|
||||
# Corresponds to MetricsQdrSslKeyFile in THT
|
||||
# Path to SSL private key file for listener.
|
||||
tripleo_metrics_qdr_listener_ssl_key_file: /etc/pki/tls/certs/metrics_qdr.key
|
||||
|
||||
# Corresponds to MetricsQdrSslPassword in THT
|
||||
# SSL password to be supplied for listener.
|
||||
tripleo_metrics_qdr_listener_ssl_password:
|
||||
|
||||
# Corresponds to MetricsQdrSslPwFile in THT
|
||||
# Path to SSL password file for certificate key for listener.
|
||||
tripleo_metrics_qdr_listener_ssl_pw_file:
|
||||
|
||||
# Corresponds to MetricsQdrTrustedCerts in THT
|
||||
# Path to file containing trusted certificates for listener.
|
||||
tripleo_metrics_qdr_listener_trusted_certs:
|
||||
|
||||
# Corresponds to MetricsQdrUseEncryption in THT
|
||||
# Set to true if it is required to encrypt connection to the peer for listener.
|
||||
tripleo_metrics_qdr_listener_use_encryption: false
|
||||
|
||||
tripleo_metrics_qdr_log_output: /var/log/qdrouterd/metrics_qdr.log
|
||||
|
||||
# Corresponds to MetricsQdrPassword in THT
|
||||
# Password which should be used to authenticate to the deployed qdrouterd.
|
||||
tripleo_metrics_qdr_password: guest
|
||||
|
||||
tripleo_metrics_qdr_router_mode: edge
|
||||
|
||||
# Corresponds to MetricsQdrSSLProfiles in THT
|
||||
# SSL Profiles for the connectors (array of hashes).
|
||||
tripleo_metrics_qdr_ssl_profiles:
|
||||
- name: sslProfile
|
||||
|
||||
tripleo_metrics_qdr_ssl_profile_base_mesh: {}
|
||||
|
||||
# Corresponds to MetricsQdrUsername in THT
|
||||
# Username which should be used to authenticate to the deployed qdrouterd.
|
||||
tripleo_metrics_qdr_username: guest
|
||||
|
||||
# Corresponds to MetricsQdrExternalEndpoint in THT
|
||||
# Whether QDR should listen on external network interface. To enable listening
|
||||
# on external network one must deploy QDRs in mesh mode.
|
||||
metrics_qdr_external_endpoint: false
|
||||
|
||||
# Corresponds to EnableInternalTLS in THT
|
||||
tripleo_enable_internal_tls: false
|
||||
|
||||
# Corresponds to InternalTLSCAFile in THT
|
||||
# Specifies the default CA cert to use if TLS is used for services in the
|
||||
# internal network.
|
||||
tripleo_internal_tlscafile: /etc/ipa/ca.crt
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: OpenStack
|
||||
description: TripleO OpenStack Role -- tripleo_metrics_qdr
|
||||
company: Red Hat
|
||||
license: Apache-2.0
|
||||
min_ansible_version: 2.7
|
||||
platforms:
|
||||
- name: CentOS
|
||||
versions:
|
||||
- 8
|
||||
galaxy_tags:
|
||||
- tripleo
|
||||
dependencies: []
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: Create host dirs for QDR
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Set defaults for testing
|
||||
set_fact:
|
||||
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
|
||||
tripleo_metrics_qdr_log_output: /var/log/qdrouterd/metrics_qdr.log
|
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
tasks:
|
||||
|
||||
- name: "Enable delorean repos"
|
||||
command: |
|
||||
dnf config-manager --add-repo https://trunk.rdoproject.org/centos{{ ansible_facts['distribution_major_version'] }}/current/delorean.repo
|
||||
|
||||
- name: "Install tripleo-repos"
|
||||
package:
|
||||
name: "python*tripleo-repos"
|
||||
state: present
|
||||
|
||||
- name: "Set-up tripleo-repos"
|
||||
command: |
|
||||
tripleo-repos -b master current-tripleo
|
||||
|
||||
- name: Install Deps
|
||||
package:
|
||||
name:
|
||||
- qpid-dispatch-router
|
||||
- qpid-dispatch-tools
|
||||
|
||||
- name: "Make sure that /var/log/qdrouterd exists"
|
||||
file:
|
||||
path: "/var/log/qdrouterd"
|
||||
state: directory
|
||||
owner: qdrouterd
|
||||
mode: 0755
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
# TODO: Mirror these someplace cacheable outside of github
|
||||
roles:
|
||||
- src: git+https://github.com/infrawatch/functional-tests
|
||||
name: functional_tests
|
||||
- src: git+https://github.com/infrawatch/qdr-config-ansible-role
|
||||
name: qdr_config
|
|
@ -0,0 +1,88 @@
|
|||
---
|
||||
- name: Dump the config file and start the QDR
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Check for qdrouterd.conf
|
||||
find:
|
||||
paths: "{{ tripleo_metrics_qdr_conf_output_dir }}"
|
||||
patterns: qdrouterd.conf
|
||||
register: conf
|
||||
failed_when: conf.files|length != 1
|
||||
|
||||
- name: Read the config file
|
||||
slurp:
|
||||
src: "{{ tripleo_metrics_qdr_conf_output_dir }}/qdrouterd.conf"
|
||||
register: qdrconfig
|
||||
|
||||
- name: Decode the content
|
||||
set_fact:
|
||||
qdrconfig_content: "{{ qdrconfig['content'] | b64decode }}"
|
||||
|
||||
- name: Split into lines
|
||||
debug:
|
||||
msg: "{{ qdrconfig_content.split('\n') }}"
|
||||
|
||||
- name: Start qdrouterd # noqa 301
|
||||
command: qdrouterd -U qdrouterd -d
|
||||
|
||||
- name: Functional tests
|
||||
hosts: localhost
|
||||
tasks:
|
||||
- block:
|
||||
- name: Clear the failure flag
|
||||
set_fact: functest_failed_flag="unknown"
|
||||
|
||||
- name: Run the qdr test from STF functional-tests
|
||||
include_role:
|
||||
name: functional_tests
|
||||
tasks_from: test_qdr
|
||||
vars:
|
||||
qdr_container_name: 'ubi8'
|
||||
container_bin: podman
|
||||
|
||||
rescue:
|
||||
- name: Set flag if functional tests failed
|
||||
set_fact: functest_failed_flag="failed"
|
||||
|
||||
- name: Check functional test failure flag
|
||||
hosts: localhost
|
||||
tasks:
|
||||
- assert:
|
||||
that:
|
||||
- functest_failed_flag != "failed"
|
||||
name: Functional tests passed
|
||||
|
||||
- name: Process qdr log
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Slurp the file
|
||||
slurp:
|
||||
src: /var/log/qdrouterd/metrics_qdr.log
|
||||
register: qdrlog
|
||||
|
||||
- name: Decode the content
|
||||
set_fact:
|
||||
qdrlog_content: "{{ qdrlog['content'] | b64decode }}"
|
||||
|
||||
- name: Split into lines
|
||||
debug:
|
||||
msg: "{{ qdrlog_content.split('\n') }}"
|
||||
|
||||
- name: Check for errors
|
||||
debug:
|
||||
msg: "[WARNING] Found errors in the log. Please review above"
|
||||
when: qdrlog_content.find('ERROR (error)') != -1
|
||||
|
||||
- name: Check log for correct config of common QDR functionality
|
||||
hosts: all
|
||||
tasks:
|
||||
- assert:
|
||||
that:
|
||||
- "{{ qdrlog_content is search ('Configured Listener: '
|
||||
+ ansible_default_ipv4.address + ':5666 proto=any, role=normal') }}"
|
||||
name: Local listener configured
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- qdrlog_content is search('Created SSL Profile with name sslProfile')
|
||||
name: default sslProfile for external connector configured
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
- import_playbook: ../common/converge.yml
|
||||
|
||||
- name: Converge controller-mesh edge node config
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Invoke tripleo_metrics_qdr for edge node
|
||||
include_role:
|
||||
name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr"
|
||||
tasks_from: create_config
|
||||
vars:
|
||||
tripleo_metrics_qdr_connectors:
|
||||
- host: stf-default-interconnect-5671-service-telemetry.example.com
|
||||
port: 443
|
||||
role: edge
|
||||
sslProfile: sslProfile
|
||||
verifyHostname: false
|
||||
tripleo_metrics_qdr_deployment_mode: controller-mesh
|
||||
controller_node_ips: 10.0.0.20,10.0.0.30
|
||||
ctlplane_ip: 10.0.0.10
|
||||
internal_api_ip: "{{ ansible_default_ipv4.address }}"
|
||||
service_net_map:
|
||||
compute_metrics_qdr_network: internal_api
|
||||
tripleo_role_name: Compute
|
|
@ -0,0 +1,65 @@
|
|||
---
|
||||
driver:
|
||||
name: podman
|
||||
|
||||
log: true
|
||||
|
||||
platforms:
|
||||
- name: ubi8
|
||||
hostname: ubi8
|
||||
image: ubi8/ubi-init
|
||||
registry:
|
||||
url: registry.access.redhat.com
|
||||
pkg_extras: python*setuptools
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
# Had to comment this out to fix a problem installing rdo-release-victoria
|
||||
# see common/prepare.yml
|
||||
# - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
privileged: true
|
||||
environment: &env
|
||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
CONTAINER_BIN: podman
|
||||
ulimits: &ulimit
|
||||
- host
|
||||
|
||||
provisioner:
|
||||
inventory:
|
||||
hosts:
|
||||
all:
|
||||
hosts:
|
||||
ubi8:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
vars:
|
||||
ansible_user: root
|
||||
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
|
||||
name: ansible
|
||||
log: true
|
||||
env:
|
||||
ANSIBLE_STDOUT_CALLBACK: yaml
|
||||
ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\
|
||||
/usr/share/ansible/plugins/filter}"
|
||||
playbooks:
|
||||
prepare: ../common/prepare.yml
|
||||
|
||||
|
||||
verifier:
|
||||
name: ansible
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/common/requirements.yml
|
||||
|
||||
scenario:
|
||||
name: controller-mesh-edge-node
|
||||
test_sequence:
|
||||
- destroy
|
||||
- dependency
|
||||
- create
|
||||
- prepare
|
||||
- converge
|
||||
- check
|
||||
- verify
|
||||
- destroy
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
- import_playbook: ../common/verify.yml
|
||||
|
||||
- name: Check log for correct config of controller-mesh edge nodes
|
||||
hosts: all
|
||||
tasks:
|
||||
- assert:
|
||||
that:
|
||||
- qdrlog_content.find('Router started in Edge mode') != -1
|
||||
name: Router started in Edge mode
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector: 10.0.0.20:5668 proto=any, role=edge')
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector: 10.0.0.30:5668 proto=any, role=edge')
|
||||
name: Connectors to internal mesh configured
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is not
|
||||
search('stf-default-interconnect-5671-service-telemetry.example.com')
|
||||
name: External connector correctly supressed for mesh edge nodes
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- import_playbook: ../common/converge.yml
|
||||
|
||||
- name: Converge controller-mesh interior node config
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Invoke tripleo_metrics_qdr for interior node
|
||||
include_role:
|
||||
name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr"
|
||||
tasks_from: create_config
|
||||
vars:
|
||||
tripleo_metrics_qdr_connectors:
|
||||
- host: stf-default-interconnect-5671-service-telemetry.example.com
|
||||
port: 443
|
||||
role: edge
|
||||
sslProfile: sslProfile
|
||||
verifyHostname: false
|
||||
tripleo_metrics_qdr_deployment_mode: controller-mesh
|
||||
controller_node_ips: "10.0.0.20,10.0.0.30,10.0.0.40,\
|
||||
{{ ansible_default_ipv4.address }}"
|
||||
ctlplane_ip: "{{ ansible_default_ipv4.address }}"
|
||||
internal_api_ip: "{{ ansible_default_ipv4.address }}"
|
||||
service_net_map:
|
||||
controller_metrics_qdr_network: internal_api
|
||||
tripleo_role_name: Controller
|
|
@ -0,0 +1,65 @@
|
|||
---
|
||||
driver:
|
||||
name: podman
|
||||
|
||||
log: true
|
||||
|
||||
platforms:
|
||||
- name: ubi8
|
||||
hostname: ubi8
|
||||
image: ubi8/ubi-init
|
||||
registry:
|
||||
url: registry.access.redhat.com
|
||||
pkg_extras: python*setuptools
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
# Had to comment this out to fix a problem installing rdo-release-victoria
|
||||
# see common/prepare.yml
|
||||
# - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
privileged: true
|
||||
environment: &env
|
||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
CONTAINER_BIN: podman
|
||||
ulimits: &ulimit
|
||||
- host
|
||||
|
||||
provisioner:
|
||||
inventory:
|
||||
hosts:
|
||||
all:
|
||||
hosts:
|
||||
ubi8:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
vars:
|
||||
ansible_user: root
|
||||
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
|
||||
name: ansible
|
||||
log: true
|
||||
env:
|
||||
ANSIBLE_STDOUT_CALLBACK: yaml
|
||||
ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\
|
||||
/usr/share/ansible/plugins/filter}"
|
||||
playbooks:
|
||||
prepare: ../common/prepare.yml
|
||||
|
||||
|
||||
verifier:
|
||||
name: ansible
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/common/requirements.yml
|
||||
|
||||
scenario:
|
||||
name: controller-mesh-interior-node
|
||||
test_sequence:
|
||||
- destroy
|
||||
- dependency
|
||||
- create
|
||||
- prepare
|
||||
- converge
|
||||
- check
|
||||
- verify
|
||||
- destroy
|
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
- import_playbook: ../common/verify.yml
|
||||
|
||||
- name: Check log for correct config of controller-mesh interior nodes
|
||||
hosts: all
|
||||
tasks:
|
||||
- assert:
|
||||
that:
|
||||
- qdrlog_content.find('Router started in Interior mode') != -1
|
||||
name: Router started in Interior mode
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is search('Configured Listener:.*:5667 proto=any,
|
||||
role=inter-router')
|
||||
name: Mesh-to-mesh listener configured
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is search('Configured Listener:.*:5668 proto=any,
|
||||
role=edge')
|
||||
name: Edge-to-mesh listener configured
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector: 10.0.0.20:5667 proto=any,
|
||||
role=inter-router')
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector: 10.0.0.30:5667 proto=any,
|
||||
role=inter-router')
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector: 10.0.0.40:5667 proto=any,
|
||||
role=inter-router')
|
||||
name: Connectors to other mesh nodes configured
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector:
|
||||
stf-default-interconnect-5671-service-telemetry.example.com:443
|
||||
.* role=edge')
|
||||
name: Connector to STF configured
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
- import_playbook: ../common/converge.yml
|
||||
|
||||
- name: Converge edge-only config
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Invoke tripleo_metrics_qdr for edge-only
|
||||
include_role:
|
||||
name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr"
|
||||
tasks_from: create_config
|
||||
vars:
|
||||
tripleo_metrics_qdr_connectors:
|
||||
- host: stf-default-interconnect-5671-service-telemetry.example.com
|
||||
port: 443
|
||||
role: edge
|
||||
sslProfile: sslProfile
|
||||
verifyHostname: false
|
||||
controller_node_ips: 10.0.0.20,10.0.0.30,10.0.0.40
|
||||
ctlplane_ip: 10.0.0.10
|
||||
internal_api_ip: "{{ ansible_default_ipv4.address }}"
|
||||
service_net_map:
|
||||
standalone_metrics_qdr_network: internal_api
|
||||
tripleo_role_name: Standalone
|
|
@ -0,0 +1,65 @@
|
|||
---
|
||||
driver:
|
||||
name: podman
|
||||
|
||||
log: true
|
||||
|
||||
platforms:
|
||||
- name: ubi8
|
||||
hostname: ubi8
|
||||
image: ubi8/ubi-init
|
||||
registry:
|
||||
url: registry.access.redhat.com
|
||||
pkg_extras: python*setuptools
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
# Had to comment this out to fix a problem installing rdo-release-victoria
|
||||
# see common/prepare.yml
|
||||
# - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
privileged: true
|
||||
environment: &env
|
||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
CONTAINER_BIN: podman
|
||||
ulimits: &ulimit
|
||||
- host
|
||||
|
||||
provisioner:
|
||||
inventory:
|
||||
hosts:
|
||||
all:
|
||||
hosts:
|
||||
ubi8:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
vars:
|
||||
ansible_user: root
|
||||
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
|
||||
name: ansible
|
||||
log: true
|
||||
env:
|
||||
ANSIBLE_STDOUT_CALLBACK: yaml
|
||||
ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\
|
||||
/usr/share/ansible/plugins/filter}"
|
||||
playbooks:
|
||||
prepare: ../common/prepare.yml
|
||||
|
||||
|
||||
verifier:
|
||||
name: ansible
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/common/requirements.yml
|
||||
|
||||
scenario:
|
||||
name: default
|
||||
test_sequence:
|
||||
- destroy
|
||||
- dependency
|
||||
- create
|
||||
- prepare
|
||||
- converge
|
||||
- check
|
||||
- verify
|
||||
- destroy
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
- import_playbook: ../common/verify.yml
|
||||
|
||||
|
||||
- name: Check log for correct config
|
||||
hosts: all
|
||||
tasks:
|
||||
- assert:
|
||||
that:
|
||||
- qdrlog_content.find('Router started in Edge mode') != -1
|
||||
name: Router started in Edge mode
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector:
|
||||
stf-default-interconnect-5671-service-telemetry.example.com:443
|
||||
proto=any, role=edge, sslProfile=sslProfile')
|
||||
name: Connector to STF configured
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
- import_playbook: ../common/converge.yml
|
||||
|
||||
- name: Converge edge-only config
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Invoke tripleo_metrics_qdr for internal-tls interior node
|
||||
include_role:
|
||||
name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr"
|
||||
tasks_from: create_config
|
||||
vars:
|
||||
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
|
||||
tripleo_metrics_qdr_connectors:
|
||||
- host: stf-default-interconnect-5671-service-telemetry.example.com
|
||||
port: 443
|
||||
role: edge
|
||||
sslProfile: sslProfile
|
||||
verifyHostname: false
|
||||
tripleo_metrics_qdr_deployment_mode: controller-mesh
|
||||
controller_node_ips: "10.0.0.20,10.0.0.30,10.0.0.40,\
|
||||
{{ ansible_default_ipv4.address }}"
|
||||
ctlplane_ip: "{{ ansible_default_ipv4.address }}"
|
||||
internal_api_ip: "{{ ansible_default_ipv4.address }}"
|
||||
service_net_map:
|
||||
controller_metrics_qdr_network: internal_api
|
||||
tripleo_role_name: Controller
|
||||
tripleo_enable_internal_tls: true
|
|
@ -0,0 +1,65 @@
|
|||
---
|
||||
driver:
|
||||
name: podman
|
||||
|
||||
log: true
|
||||
|
||||
platforms:
|
||||
- name: ubi8
|
||||
hostname: ubi8
|
||||
image: ubi8/ubi-init
|
||||
registry:
|
||||
url: registry.access.redhat.com
|
||||
pkg_extras: python*setuptools
|
||||
volumes:
|
||||
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
|
||||
# Had to comment this out to fix a problem installing rdo-release-victoria
|
||||
# see common/prepare.yml
|
||||
# - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
|
||||
privileged: true
|
||||
environment: &env
|
||||
http_proxy: "{{ lookup('env', 'http_proxy') }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') }}"
|
||||
CONTAINER_BIN: podman
|
||||
ulimits: &ulimit
|
||||
- host
|
||||
|
||||
provisioner:
|
||||
inventory:
|
||||
hosts:
|
||||
all:
|
||||
hosts:
|
||||
ubi8:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
vars:
|
||||
ansible_user: root
|
||||
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
|
||||
name: ansible
|
||||
log: true
|
||||
env:
|
||||
ANSIBLE_STDOUT_CALLBACK: yaml
|
||||
ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\
|
||||
/usr/share/ansible/plugins/filter}"
|
||||
playbooks:
|
||||
prepare: ../common/prepare.yml
|
||||
|
||||
|
||||
verifier:
|
||||
name: ansible
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/common/requirements.yml
|
||||
|
||||
scenario:
|
||||
name: internal-tls
|
||||
test_sequence:
|
||||
- destroy
|
||||
- dependency
|
||||
- create
|
||||
- prepare
|
||||
- converge
|
||||
- check
|
||||
- verify
|
||||
- destroy
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
- import_playbook: ../common/verify.yml
|
||||
|
||||
|
||||
- name: Check log for correct config
|
||||
hosts: all
|
||||
tasks:
|
||||
- assert:
|
||||
that:
|
||||
- qdrlog_content is search('Created SSL Profile with name tlsProfile')
|
||||
name: tlsProfile configured
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is search('Configured Listener:.*:5667 proto=any,
|
||||
role=inter-router, sslProfile=tlsProfile')
|
||||
name: Mesh-to-mesh listener configured with tls
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is search('Configured Listener:.*:5668 proto=any,
|
||||
role=edge, sslProfile=tlsProfile')
|
||||
name: Edge-to-mesh listener configured with tls
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector: 10.0.0.20:5667 proto=any,
|
||||
role=inter-router, sslProfile=tlsProfile')
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector: 10.0.0.30:5667 proto=any,
|
||||
role=inter-router, sslProfile=tlsProfile')
|
||||
- >-
|
||||
qdrlog_content is
|
||||
search('Configured Connector: 10.0.0.40:5667 proto=any,
|
||||
role=inter-router, sslProfile=tlsProfile')
|
||||
name: Connectors to other mesh nodes configured with tls
|
|
@ -0,0 +1,155 @@
|
|||
---
|
||||
# These tasks handle tripleo-driven additions to the qdr config:
|
||||
#
|
||||
# 1) Mesh mode - Controllers form a QDR mesh which connects to the external
|
||||
# endpoint, all other nodes connect to the mesh
|
||||
# 2) TLS Everywhere - Enabling SSL for mesh-to-mesh and edge-to-mesh connections
|
||||
|
||||
- name: Set mutable and derivative vars
|
||||
run_once: true
|
||||
set_fact:
|
||||
# Mutable connectors so we can supress it on edge nodes if in mesh mode
|
||||
connectors: "{{ tripleo_metrics_qdr_connectors }}"
|
||||
qdr_listener_addr: "{{
|
||||
lookup('vars', (service_net_map[(tripleo_role_name + 'MetricsQdrNetwork') | snake_case] + '_ip') )
|
||||
}}"
|
||||
# RFE? Should be in QdrVars, right now there is no good way to alter it
|
||||
qdr_log_enable: 'info+'
|
||||
|
||||
- name: Augment tripleo_metrics_qdr_extra_ssl_profiles if EnableInternalTLS
|
||||
when: tripleo_enable_internal_tls
|
||||
run_once: true
|
||||
set_fact:
|
||||
tripleo_metrics_qdr_extra_ssl_profiles: "{{ tripleo_metrics_qdr_extra_ssl_profiles | union(
|
||||
[{ 'name': 'tlsProfile',
|
||||
'certFile': tripleo_metrics_qdr_listener_ssl_cert_file,
|
||||
'keyFile': tripleo_metrics_qdr_listener_ssl_key_file,
|
||||
'caCertFile': tripleo_internal_tlscafile
|
||||
}]) }}"
|
||||
tripleo_metrics_qdr_ssl_profile_base_mesh:
|
||||
sslProfile: tlsProfile
|
||||
|
||||
- name: Configure the mesh mode settings if requested
|
||||
when: tripleo_metrics_qdr_deployment_mode == 'controller-mesh'
|
||||
block:
|
||||
|
||||
- name: Set the list of interior mesh nodes
|
||||
run_once: true
|
||||
set_fact:
|
||||
# Form mesh on controller nodes - RFE? Make placement configurable
|
||||
interior_nodes_list: "{{ controller_node_ips.split(',') }}"
|
||||
|
||||
# TODO(BZ1816046): metrics should have it's own network, not use ctlplane
|
||||
- name: Set interior IP for mesh mode connections to use ctlplane
|
||||
set_fact:
|
||||
interior_ip: "{{ ctlplane_ip }}"
|
||||
|
||||
- name: Define connectors for edge->interior, replacing existing connectors
|
||||
when: not (interior_ip in interior_nodes_list)
|
||||
block:
|
||||
- name: Remove existing connector
|
||||
set_fact:
|
||||
connectors: []
|
||||
|
||||
- name: Create connectors to two random interior nodes
|
||||
loop: "{{ (interior_nodes_list |
|
||||
shuffle(seed=inventory_hostname))[0:2] }}"
|
||||
set_fact:
|
||||
# *CS TODO: Add the SSL support to mesh mode like node_base from
|
||||
# the puppet (internal_tls), see https://git.io/Jt8oP
|
||||
connectors: "{{ connectors | union(
|
||||
[ tripleo_metrics_qdr_ssl_profile_base_mesh | combine(
|
||||
{ 'host': item,
|
||||
'port': '5668',
|
||||
'role': 'edge',
|
||||
'verifyHostname': 'no',
|
||||
'saslMechanisms': 'ANONYMOUS'
|
||||
})
|
||||
])
|
||||
}}"
|
||||
|
||||
- name: Configure interior mesh node
|
||||
when: interior_ip in interior_nodes_list
|
||||
block:
|
||||
- name: Set additional listeners, connectors, mode
|
||||
set_fact:
|
||||
tripleo_metrics_qdr_router_mode: interior
|
||||
|
||||
# Set list of OTHER interior nodes with which to form mesh
|
||||
# connections (ones with a lower ordinal position than us)
|
||||
mesh_connection_nodes_list: "{{
|
||||
interior_nodes_list[0:interior_nodes_list.index(interior_ip)] }}"
|
||||
|
||||
# *CS TODO: Add the SSL support to mesh mode like node_base from
|
||||
# the puppet (internal_tls), see https://git.io/Jt8oP
|
||||
# Add extra listener for edge -> interior
|
||||
tripleo_metrics_qdr_extra_listeners: "{{ tripleo_metrics_qdr_extra_listeners | union(
|
||||
[ tripleo_metrics_qdr_ssl_profile_base_mesh | combine(
|
||||
{ 'host': interior_ip,
|
||||
'port': '5668',
|
||||
'role': 'edge',
|
||||
'authenticatePeer': 'no',
|
||||
'saslMechanisms': 'ANONYMOUS'
|
||||
})
|
||||
])
|
||||
}}"
|
||||
|
||||
- name: Add extra listener for mesh connections
|
||||
set_fact:
|
||||
# *CS TODO: Add the SSL support to mesh mode like node_base from
|
||||
# the puppet (internal_tls), see https://git.io/Jt8oP
|
||||
tripleo_metrics_qdr_extra_listeners: "{{ tripleo_metrics_qdr_extra_listeners | union(
|
||||
[ tripleo_metrics_qdr_ssl_profile_base_mesh | combine(
|
||||
{ 'host': interior_ip,
|
||||
'port': '5667',
|
||||
'role': 'inter-router',
|
||||
'authenticatePeer': 'no',
|
||||
'saslMechanisms': 'ANONYMOUS'
|
||||
})
|
||||
])
|
||||
}}"
|
||||
|
||||
- name: Add mesh connections
|
||||
loop: "{{ mesh_connection_nodes_list }}"
|
||||
set_fact:
|
||||
# *CS TODO: Add the SSL support to mesh mode like node_base from
|
||||
# the puppet (internal_tls), see https://git.io/Jt8oP
|
||||
connectors: "{{ connectors | union(
|
||||
[ tripleo_metrics_qdr_ssl_profile_base_mesh | combine(
|
||||
{ 'host': item,
|
||||
'port': '5667',
|
||||
'role': 'inter-router',
|
||||
'verifyHostname': 'no',
|
||||
'saslMechanisms': 'ANONYMOUS'
|
||||
})
|
||||
])
|
||||
}}"
|
||||
# End of mesh-mode block
|
||||
|
||||
- name: "Include QDR config role"
|
||||
include_role:
|
||||
name: qdr_config
|
||||
vars:
|
||||
qdr_addresses: "{{ tripleo_metrics_qdr_addresses }}"
|
||||
qdr_autolink_addresses: "{{ tripleo_metrics_qdr_autolink_addresses }}"
|
||||
qdr_conf_output_dir: "{{ tripleo_metrics_qdr_conf_output_dir }}"
|
||||
qdr_connectors: "{{ connectors }}"
|
||||
qdr_deployment_mode: "{{ tripleo_metrics_qdr_deployment_mode }}"
|
||||
qdr_extra_listeners: "{{ tripleo_metrics_qdr_extra_listeners }}"
|
||||
qdr_extra_ssl_profiles: "{{ tripleo_metrics_qdr_extra_ssl_profiles }}"
|
||||
qdr_listener_auth_peer: "{{ tripleo_metrics_qdr_listener_auth_peer }}"
|
||||
qdr_listener_port: "{{ tripleo_metrics_qdr_listener_port }}"
|
||||
qdr_listener_require_ssl: "{{ tripleo_metrics_qdr_listener_require_ssl }}"
|
||||
qdr_listener_sasl_mech: "{{ tripleo_metrics_qdr_listener_sasl_mech }}"
|
||||
qdr_listener_ssl_cert_file: "{{ tripleo_metrics_qdr_listener_ssl_cert_file }}"
|
||||
qdr_listener_ssl_cert_db: "{{ tripleo_metrics_qdr_listener_ssl_cert_db }}"
|
||||
qdr_listener_ssl_key_file: "{{ tripleo_metrics_qdr_listener_ssl_key_file }}"
|
||||
qdr_listener_ssl_password: "{{ tripleo_metrics_qdr_listener_ssl_password }}"
|
||||
qdr_listener_ssl_pw_file: "{{ tripleo_metrics_qdr_listener_ssl_pw_file }}"
|
||||
qdr_listener_trusted_certs: "{{ tripleo_metrics_qdr_listener_trusted_certs }}"
|
||||
qdr_listener_use_encryption: "{{ tripleo_metrics_qdr_listener_use_encryption }}"
|
||||
qdr_log_output: "{{ tripleo_metrics_qdr_log_output }}"
|
||||
qdr_password: "{{ tripleo_metrics_qdr_password }}"
|
||||
qdr_router_mode: "{{ tripleo_metrics_qdr_router_mode }}"
|
||||
qdr_ssl_profiles: "{{ tripleo_metrics_qdr_ssl_profiles }}"
|
||||
qdr_username: "{{ tripleo_metrics_qdr_username }}"
|
|
@ -35,6 +35,7 @@
|
|||
- tripleo-ansible-centos-8-molecule-tripleo_kernel
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_keystone_resources
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_lvmfilter
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_metrics_qdr
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_module_load
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_multipathd
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_network_config
|
||||
|
@ -95,6 +96,7 @@
|
|||
- tripleo-ansible-centos-8-molecule-tripleo_kernel
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_keystone_resources
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_lvmfilter
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_metrics_qdr
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_module_load
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_multipathd
|
||||
- tripleo-ansible-centos-8-molecule-tripleo_network_config
|
||||
|
@ -411,6 +413,13 @@
|
|||
parent: tripleo-ansible-centos-8-base
|
||||
vars:
|
||||
tripleo_role_name: tripleo_lvmfilter
|
||||
- job:
|
||||
files:
|
||||
- ^tripleo_ansible/roles/tripleo_metrics_qdr/.*
|
||||
name: tripleo-ansible-centos-8-molecule-tripleo_metrics_qdr
|
||||
parent: tripleo-ansible-centos-8-base
|
||||
vars:
|
||||
tripleo_role_name: tripleo_metrics_qdr
|
||||
- job:
|
||||
files:
|
||||
- ^tripleo_ansible/roles/tripleo_module_load/.*
|
||||
|
|
Loading…
Reference in New Issue