Merge "Ansible for metrics QDR"

This commit is contained in:
Zuul 2021-03-30 04:42:00 +00:00 committed by Gerrit Code Review
commit 11c724b3cb
21 changed files with 916 additions and 0 deletions

View File

@ -0,0 +1,6 @@
=====================
Role - metrics_qdr
=====================
.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo_metrics_qdr

View File

@ -0,0 +1,103 @@
---
# Corresponds to MetricsQdrAddresses in THT
# Addresses configuration (array of hashes).
tripleo_metrics_qdr_addresses:
- prefix: collectd
distribution: multicast
- prefix: ceilometer
distribution: multicast
# Corresponds to MetricsQdrAutoLinks in THT
# AutoLinks for the Configured Addresses
tripleo_metrics_qdr_autolink_addresses: []
# Where to write the config file
tripleo_metrics_qdr_conf_output_dir: /var/lib/config-data/ansible-generated/metrics_qdr
# Corresponds to MetricsQdrConnectors in THT
# Connectors configuration (array of hashes).
tripleo_metrics_qdr_connectors: []
# Set to edge-only or controller-mesh
tripleo_metrics_qdr_deployment_mode: edge-only
tripleo_metrics_qdr_extra_listeners: []
tripleo_metrics_qdr_extra_ssl_profiles: []
# Corresponds to MetricsQdrAuthenticateClient in THT
# Authenticate the client using SSL/TLS
tripleo_metrics_qdr_listener_auth_peer: false
# Corresponds to MetricsQdrPort in THT
# Service name or port number on which the qdrouterd will accept connections.
tripleo_metrics_qdr_listener_port: 5666
# Corresponds to MetricsQdrUseSSL in THT
# Set to true if required to use SSL or TLS on the connection for listener.
tripleo_metrics_qdr_listener_require_ssl: false
# Corresponds to MetricsQdrSaslMechanisms in THT
# List of SASL auth mechanisms for listener as of comma separated list.
tripleo_metrics_qdr_listener_sasl_mech: ANONYMOUS
# Corresponds to MetricsQdrSslCertFile in THT
# Path to SSL certificate file for listener.
tripleo_metrics_qdr_listener_ssl_cert_file: /etc/pki/tls/certs/metrics_qdr.crt
# Corresponds to MetricsQdrSslCertDb in THT
# Path to SSL certificate db for listener.
tripleo_metrics_qdr_listener_ssl_cert_db: /etc/pki/tls/certs/ca-bundle.crt
# Corresponds to MetricsQdrSslKeyFile in THT
# Path to SSL private key file for listener.
tripleo_metrics_qdr_listener_ssl_key_file: /etc/pki/tls/certs/metrics_qdr.key
# Corresponds to MetricsQdrSslPassword in THT
# SSL password to be supplied for listener.
tripleo_metrics_qdr_listener_ssl_password:
# Corresponds to MetricsQdrSslPwFile in THT
# Path to SSL password file for certificate key for listener.
tripleo_metrics_qdr_listener_ssl_pw_file:
# Corresponds to MetricsQdrTrustedCerts in THT
# Path to file containing trusted certificates for listener.
tripleo_metrics_qdr_listener_trusted_certs:
# Corresponds to MetricsQdrUseEncryption in THT
# Set to true if it is required to encrypt connection to the peer for listener.
tripleo_metrics_qdr_listener_use_encryption: false
tripleo_metrics_qdr_log_output: /var/log/qdrouterd/metrics_qdr.log
# Corresponds to MetricsQdrPassword in THT
# Password which should be used to authenticate to the deployed qdrouterd.
tripleo_metrics_qdr_password: guest
tripleo_metrics_qdr_router_mode: edge
# Corresponds to MetricsQdrSSLProfiles in THT
# SSL Profiles for the connectors (array of hashes).
tripleo_metrics_qdr_ssl_profiles:
- name: sslProfile
tripleo_metrics_qdr_ssl_profile_base_mesh: {}
# Corresponds to MetricsQdrUsername in THT
# Username which should be used to authenticate to the deployed qdrouterd.
tripleo_metrics_qdr_username: guest
# Corresponds to MetricsQdrExternalEndpoint in THT
# Whether QDR should listen on external network interface. To enable listening
# on external network one must deploy QDRs in mesh mode.
metrics_qdr_external_endpoint: false
# Corresponds to EnableInternalTLS in THT
tripleo_enable_internal_tls: false
# Corresponds to InternalTLSCAFile in THT
# Specifies the default CA cert to use if TLS is used for services in the
# internal network.
tripleo_internal_tlscafile: /etc/ipa/ca.crt

View File

@ -0,0 +1,14 @@
---
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo_metrics_qdr
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
platforms:
- name: CentOS
versions:
- 8
galaxy_tags:
- tripleo
dependencies: []

View File

@ -0,0 +1,8 @@
---
- name: Create host dirs for QDR
hosts: all
tasks:
- name: Set defaults for testing
set_fact:
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
tripleo_metrics_qdr_log_output: /var/log/qdrouterd/metrics_qdr.log

View File

@ -0,0 +1,30 @@
---
- name: Prepare
hosts: all
tasks:
- name: "Enable delorean repos"
command: |
dnf config-manager --add-repo https://trunk.rdoproject.org/centos{{ ansible_facts['distribution_major_version'] }}/current/delorean.repo
- name: "Install tripleo-repos"
package:
name: "python*tripleo-repos"
state: present
- name: "Set-up tripleo-repos"
command: |
tripleo-repos -b master current-tripleo
- name: Install Deps
package:
name:
- qpid-dispatch-router
- qpid-dispatch-tools
- name: "Make sure that /var/log/qdrouterd exists"
file:
path: "/var/log/qdrouterd"
state: directory
owner: qdrouterd
mode: 0755

View File

@ -0,0 +1,7 @@
---
# TODO: Mirror these someplace cacheable outside of github
roles:
- src: git+https://github.com/infrawatch/functional-tests
name: functional_tests
- src: git+https://github.com/infrawatch/qdr-config-ansible-role
name: qdr_config

View File

@ -0,0 +1,88 @@
---
- name: Dump the config file and start the QDR
hosts: all
tasks:
- name: Check for qdrouterd.conf
find:
paths: "{{ tripleo_metrics_qdr_conf_output_dir }}"
patterns: qdrouterd.conf
register: conf
failed_when: conf.files|length != 1
- name: Read the config file
slurp:
src: "{{ tripleo_metrics_qdr_conf_output_dir }}/qdrouterd.conf"
register: qdrconfig
- name: Decode the content
set_fact:
qdrconfig_content: "{{ qdrconfig['content'] | b64decode }}"
- name: Split into lines
debug:
msg: "{{ qdrconfig_content.split('\n') }}"
- name: Start qdrouterd # noqa 301
command: qdrouterd -U qdrouterd -d
- name: Functional tests
hosts: localhost
tasks:
- block:
- name: Clear the failure flag
set_fact: functest_failed_flag="unknown"
- name: Run the qdr test from STF functional-tests
include_role:
name: functional_tests
tasks_from: test_qdr
vars:
qdr_container_name: 'ubi8'
container_bin: podman
rescue:
- name: Set flag if functional tests failed
set_fact: functest_failed_flag="failed"
- name: Check functional test failure flag
hosts: localhost
tasks:
- assert:
that:
- functest_failed_flag != "failed"
name: Functional tests passed
- name: Process qdr log
hosts: all
tasks:
- name: Slurp the file
slurp:
src: /var/log/qdrouterd/metrics_qdr.log
register: qdrlog
- name: Decode the content
set_fact:
qdrlog_content: "{{ qdrlog['content'] | b64decode }}"
- name: Split into lines
debug:
msg: "{{ qdrlog_content.split('\n') }}"
- name: Check for errors
debug:
msg: "[WARNING] Found errors in the log. Please review above"
when: qdrlog_content.find('ERROR (error)') != -1
- name: Check log for correct config of common QDR functionality
hosts: all
tasks:
- assert:
that:
- "{{ qdrlog_content is search ('Configured Listener: '
+ ansible_default_ipv4.address + ':5666 proto=any, role=normal') }}"
name: Local listener configured
- assert:
that:
- qdrlog_content is search('Created SSL Profile with name sslProfile')
name: default sslProfile for external connector configured

View File

@ -0,0 +1,24 @@
---
- import_playbook: ../common/converge.yml
- name: Converge controller-mesh edge node config
hosts: all
tasks:
- name: Invoke tripleo_metrics_qdr for edge node
include_role:
name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr"
tasks_from: create_config
vars:
tripleo_metrics_qdr_connectors:
- host: stf-default-interconnect-5671-service-telemetry.example.com
port: 443
role: edge
sslProfile: sslProfile
verifyHostname: false
tripleo_metrics_qdr_deployment_mode: controller-mesh
controller_node_ips: 10.0.0.20,10.0.0.30
ctlplane_ip: 10.0.0.10
internal_api_ip: "{{ ansible_default_ipv4.address }}"
service_net_map:
compute_metrics_qdr_network: internal_api
tripleo_role_name: Compute

View File

@ -0,0 +1,65 @@
---
driver:
name: podman
log: true
platforms:
- name: ubi8
hostname: ubi8
image: ubi8/ubi-init
registry:
url: registry.access.redhat.com
pkg_extras: python*setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
# Had to comment this out to fix a problem installing rdo-release-victoria
# see common/prepare.yml
# - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
privileged: true
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
CONTAINER_BIN: podman
ulimits: &ulimit
- host
provisioner:
inventory:
hosts:
all:
hosts:
ubi8:
ansible_python_interpreter: /usr/bin/python3
vars:
ansible_user: root
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\
/usr/share/ansible/plugins/filter}"
playbooks:
prepare: ../common/prepare.yml
verifier:
name: ansible
dependency:
name: galaxy
options:
role-file: molecule/common/requirements.yml
scenario:
name: controller-mesh-edge-node
test_sequence:
- destroy
- dependency
- create
- prepare
- converge
- check
- verify
- destroy

View File

@ -0,0 +1,27 @@
---
- import_playbook: ../common/verify.yml
- name: Check log for correct config of controller-mesh edge nodes
hosts: all
tasks:
- assert:
that:
- qdrlog_content.find('Router started in Edge mode') != -1
name: Router started in Edge mode
- assert:
that:
- >-
qdrlog_content is
search('Configured Connector: 10.0.0.20:5668 proto=any, role=edge')
- >-
qdrlog_content is
search('Configured Connector: 10.0.0.30:5668 proto=any, role=edge')
name: Connectors to internal mesh configured
- assert:
that:
- >-
qdrlog_content is not
search('stf-default-interconnect-5671-service-telemetry.example.com')
name: External connector correctly supressed for mesh edge nodes

View File

@ -0,0 +1,25 @@
---
- import_playbook: ../common/converge.yml
- name: Converge controller-mesh interior node config
hosts: all
tasks:
- name: Invoke tripleo_metrics_qdr for interior node
include_role:
name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr"
tasks_from: create_config
vars:
tripleo_metrics_qdr_connectors:
- host: stf-default-interconnect-5671-service-telemetry.example.com
port: 443
role: edge
sslProfile: sslProfile
verifyHostname: false
tripleo_metrics_qdr_deployment_mode: controller-mesh
controller_node_ips: "10.0.0.20,10.0.0.30,10.0.0.40,\
{{ ansible_default_ipv4.address }}"
ctlplane_ip: "{{ ansible_default_ipv4.address }}"
internal_api_ip: "{{ ansible_default_ipv4.address }}"
service_net_map:
controller_metrics_qdr_network: internal_api
tripleo_role_name: Controller

View File

@ -0,0 +1,65 @@
---
driver:
name: podman
log: true
platforms:
- name: ubi8
hostname: ubi8
image: ubi8/ubi-init
registry:
url: registry.access.redhat.com
pkg_extras: python*setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
# Had to comment this out to fix a problem installing rdo-release-victoria
# see common/prepare.yml
# - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
privileged: true
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
CONTAINER_BIN: podman
ulimits: &ulimit
- host
provisioner:
inventory:
hosts:
all:
hosts:
ubi8:
ansible_python_interpreter: /usr/bin/python3
vars:
ansible_user: root
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\
/usr/share/ansible/plugins/filter}"
playbooks:
prepare: ../common/prepare.yml
verifier:
name: ansible
dependency:
name: galaxy
options:
role-file: molecule/common/requirements.yml
scenario:
name: controller-mesh-interior-node
test_sequence:
- destroy
- dependency
- create
- prepare
- converge
- check
- verify
- destroy

View File

@ -0,0 +1,49 @@
---
- import_playbook: ../common/verify.yml
- name: Check log for correct config of controller-mesh interior nodes
hosts: all
tasks:
- assert:
that:
- qdrlog_content.find('Router started in Interior mode') != -1
name: Router started in Interior mode
- assert:
that:
- >-
qdrlog_content is search('Configured Listener:.*:5667 proto=any,
role=inter-router')
name: Mesh-to-mesh listener configured
- assert:
that:
- >-
qdrlog_content is search('Configured Listener:.*:5668 proto=any,
role=edge')
name: Edge-to-mesh listener configured
- assert:
that:
- >-
qdrlog_content is
search('Configured Connector: 10.0.0.20:5667 proto=any,
role=inter-router')
- >-
qdrlog_content is
search('Configured Connector: 10.0.0.30:5667 proto=any,
role=inter-router')
- >-
qdrlog_content is
search('Configured Connector: 10.0.0.40:5667 proto=any,
role=inter-router')
name: Connectors to other mesh nodes configured
- assert:
that:
- >-
qdrlog_content is
search('Configured Connector:
stf-default-interconnect-5671-service-telemetry.example.com:443
.* role=edge')
name: Connector to STF configured

View File

@ -0,0 +1,23 @@
---
- import_playbook: ../common/converge.yml
- name: Converge edge-only config
hosts: all
tasks:
- name: Invoke tripleo_metrics_qdr for edge-only
include_role:
name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr"
tasks_from: create_config
vars:
tripleo_metrics_qdr_connectors:
- host: stf-default-interconnect-5671-service-telemetry.example.com
port: 443
role: edge
sslProfile: sslProfile
verifyHostname: false
controller_node_ips: 10.0.0.20,10.0.0.30,10.0.0.40
ctlplane_ip: 10.0.0.10
internal_api_ip: "{{ ansible_default_ipv4.address }}"
service_net_map:
standalone_metrics_qdr_network: internal_api
tripleo_role_name: Standalone

View File

@ -0,0 +1,65 @@
---
driver:
name: podman
log: true
platforms:
- name: ubi8
hostname: ubi8
image: ubi8/ubi-init
registry:
url: registry.access.redhat.com
pkg_extras: python*setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
# Had to comment this out to fix a problem installing rdo-release-victoria
# see common/prepare.yml
# - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
privileged: true
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
CONTAINER_BIN: podman
ulimits: &ulimit
- host
provisioner:
inventory:
hosts:
all:
hosts:
ubi8:
ansible_python_interpreter: /usr/bin/python3
vars:
ansible_user: root
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\
/usr/share/ansible/plugins/filter}"
playbooks:
prepare: ../common/prepare.yml
verifier:
name: ansible
dependency:
name: galaxy
options:
role-file: molecule/common/requirements.yml
scenario:
name: default
test_sequence:
- destroy
- dependency
- create
- prepare
- converge
- check
- verify
- destroy

View File

@ -0,0 +1,20 @@
---
- import_playbook: ../common/verify.yml
- name: Check log for correct config
hosts: all
tasks:
- assert:
that:
- qdrlog_content.find('Router started in Edge mode') != -1
name: Router started in Edge mode
- assert:
that:
- >-
qdrlog_content is
search('Configured Connector:
stf-default-interconnect-5671-service-telemetry.example.com:443
proto=any, role=edge, sslProfile=sslProfile')
name: Connector to STF configured

View File

@ -0,0 +1,27 @@
---
- import_playbook: ../common/converge.yml
- name: Converge edge-only config
hosts: all
tasks:
- name: Invoke tripleo_metrics_qdr for internal-tls interior node
include_role:
name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr"
tasks_from: create_config
vars:
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
tripleo_metrics_qdr_connectors:
- host: stf-default-interconnect-5671-service-telemetry.example.com
port: 443
role: edge
sslProfile: sslProfile
verifyHostname: false
tripleo_metrics_qdr_deployment_mode: controller-mesh
controller_node_ips: "10.0.0.20,10.0.0.30,10.0.0.40,\
{{ ansible_default_ipv4.address }}"
ctlplane_ip: "{{ ansible_default_ipv4.address }}"
internal_api_ip: "{{ ansible_default_ipv4.address }}"
service_net_map:
controller_metrics_qdr_network: internal_api
tripleo_role_name: Controller
tripleo_enable_internal_tls: true

View File

@ -0,0 +1,65 @@
---
driver:
name: podman
log: true
platforms:
- name: ubi8
hostname: ubi8
image: ubi8/ubi-init
registry:
url: registry.access.redhat.com
pkg_extras: python*setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
# Had to comment this out to fix a problem installing rdo-release-victoria
# see common/prepare.yml
# - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
privileged: true
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
CONTAINER_BIN: podman
ulimits: &ulimit
- host
provisioner:
inventory:
hosts:
all:
hosts:
ubi8:
ansible_python_interpreter: /usr/bin/python3
vars:
ansible_user: root
tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\
/usr/share/ansible/plugins/filter}"
playbooks:
prepare: ../common/prepare.yml
verifier:
name: ansible
dependency:
name: galaxy
options:
role-file: molecule/common/requirements.yml
scenario:
name: internal-tls
test_sequence:
- destroy
- dependency
- create
- prepare
- converge
- check
- verify
- destroy

View File

@ -0,0 +1,41 @@
---
- import_playbook: ../common/verify.yml
- name: Check log for correct config
hosts: all
tasks:
- assert:
that:
- qdrlog_content is search('Created SSL Profile with name tlsProfile')
name: tlsProfile configured
- assert:
that:
- >-
qdrlog_content is search('Configured Listener:.*:5667 proto=any,
role=inter-router, sslProfile=tlsProfile')
name: Mesh-to-mesh listener configured with tls
- assert:
that:
- >-
qdrlog_content is search('Configured Listener:.*:5668 proto=any,
role=edge, sslProfile=tlsProfile')
name: Edge-to-mesh listener configured with tls
- assert:
that:
- >-
qdrlog_content is
search('Configured Connector: 10.0.0.20:5667 proto=any,
role=inter-router, sslProfile=tlsProfile')
- >-
qdrlog_content is
search('Configured Connector: 10.0.0.30:5667 proto=any,
role=inter-router, sslProfile=tlsProfile')
- >-
qdrlog_content is
search('Configured Connector: 10.0.0.40:5667 proto=any,
role=inter-router, sslProfile=tlsProfile')
name: Connectors to other mesh nodes configured with tls

View File

@ -0,0 +1,155 @@
---
# These tasks handle tripleo-driven additions to the qdr config:
#
# 1) Mesh mode - Controllers form a QDR mesh which connects to the external
# endpoint, all other nodes connect to the mesh
# 2) TLS Everywhere - Enabling SSL for mesh-to-mesh and edge-to-mesh connections
- name: Set mutable and derivative vars
run_once: true
set_fact:
# Mutable connectors so we can supress it on edge nodes if in mesh mode
connectors: "{{ tripleo_metrics_qdr_connectors }}"
qdr_listener_addr: "{{
lookup('vars', (service_net_map[(tripleo_role_name + 'MetricsQdrNetwork') | snake_case] + '_ip') )
}}"
# RFE? Should be in QdrVars, right now there is no good way to alter it
qdr_log_enable: 'info+'
- name: Augment tripleo_metrics_qdr_extra_ssl_profiles if EnableInternalTLS
when: tripleo_enable_internal_tls
run_once: true
set_fact:
tripleo_metrics_qdr_extra_ssl_profiles: "{{ tripleo_metrics_qdr_extra_ssl_profiles | union(
[{ 'name': 'tlsProfile',
'certFile': tripleo_metrics_qdr_listener_ssl_cert_file,
'keyFile': tripleo_metrics_qdr_listener_ssl_key_file,
'caCertFile': tripleo_internal_tlscafile
}]) }}"
tripleo_metrics_qdr_ssl_profile_base_mesh:
sslProfile: tlsProfile
- name: Configure the mesh mode settings if requested
when: tripleo_metrics_qdr_deployment_mode == 'controller-mesh'
block:
- name: Set the list of interior mesh nodes
run_once: true
set_fact:
# Form mesh on controller nodes - RFE? Make placement configurable
interior_nodes_list: "{{ controller_node_ips.split(',') }}"
# TODO(BZ1816046): metrics should have it's own network, not use ctlplane
- name: Set interior IP for mesh mode connections to use ctlplane
set_fact:
interior_ip: "{{ ctlplane_ip }}"
- name: Define connectors for edge->interior, replacing existing connectors
when: not (interior_ip in interior_nodes_list)
block:
- name: Remove existing connector
set_fact:
connectors: []
- name: Create connectors to two random interior nodes
loop: "{{ (interior_nodes_list |
shuffle(seed=inventory_hostname))[0:2] }}"
set_fact:
# *CS TODO: Add the SSL support to mesh mode like node_base from
# the puppet (internal_tls), see https://git.io/Jt8oP
connectors: "{{ connectors | union(
[ tripleo_metrics_qdr_ssl_profile_base_mesh | combine(
{ 'host': item,
'port': '5668',
'role': 'edge',
'verifyHostname': 'no',
'saslMechanisms': 'ANONYMOUS'
})
])
}}"
- name: Configure interior mesh node
when: interior_ip in interior_nodes_list
block:
- name: Set additional listeners, connectors, mode
set_fact:
tripleo_metrics_qdr_router_mode: interior
# Set list of OTHER interior nodes with which to form mesh
# connections (ones with a lower ordinal position than us)
mesh_connection_nodes_list: "{{
interior_nodes_list[0:interior_nodes_list.index(interior_ip)] }}"
# *CS TODO: Add the SSL support to mesh mode like node_base from
# the puppet (internal_tls), see https://git.io/Jt8oP
# Add extra listener for edge -> interior
tripleo_metrics_qdr_extra_listeners: "{{ tripleo_metrics_qdr_extra_listeners | union(
[ tripleo_metrics_qdr_ssl_profile_base_mesh | combine(
{ 'host': interior_ip,
'port': '5668',
'role': 'edge',
'authenticatePeer': 'no',
'saslMechanisms': 'ANONYMOUS'
})
])
}}"
- name: Add extra listener for mesh connections
set_fact:
# *CS TODO: Add the SSL support to mesh mode like node_base from
# the puppet (internal_tls), see https://git.io/Jt8oP
tripleo_metrics_qdr_extra_listeners: "{{ tripleo_metrics_qdr_extra_listeners | union(
[ tripleo_metrics_qdr_ssl_profile_base_mesh | combine(
{ 'host': interior_ip,
'port': '5667',
'role': 'inter-router',
'authenticatePeer': 'no',
'saslMechanisms': 'ANONYMOUS'
})
])
}}"
- name: Add mesh connections
loop: "{{ mesh_connection_nodes_list }}"
set_fact:
# *CS TODO: Add the SSL support to mesh mode like node_base from
# the puppet (internal_tls), see https://git.io/Jt8oP
connectors: "{{ connectors | union(
[ tripleo_metrics_qdr_ssl_profile_base_mesh | combine(
{ 'host': item,
'port': '5667',
'role': 'inter-router',
'verifyHostname': 'no',
'saslMechanisms': 'ANONYMOUS'
})
])
}}"
# End of mesh-mode block
- name: "Include QDR config role"
include_role:
name: qdr_config
vars:
qdr_addresses: "{{ tripleo_metrics_qdr_addresses }}"
qdr_autolink_addresses: "{{ tripleo_metrics_qdr_autolink_addresses }}"
qdr_conf_output_dir: "{{ tripleo_metrics_qdr_conf_output_dir }}"
qdr_connectors: "{{ connectors }}"
qdr_deployment_mode: "{{ tripleo_metrics_qdr_deployment_mode }}"
qdr_extra_listeners: "{{ tripleo_metrics_qdr_extra_listeners }}"
qdr_extra_ssl_profiles: "{{ tripleo_metrics_qdr_extra_ssl_profiles }}"
qdr_listener_auth_peer: "{{ tripleo_metrics_qdr_listener_auth_peer }}"
qdr_listener_port: "{{ tripleo_metrics_qdr_listener_port }}"
qdr_listener_require_ssl: "{{ tripleo_metrics_qdr_listener_require_ssl }}"
qdr_listener_sasl_mech: "{{ tripleo_metrics_qdr_listener_sasl_mech }}"
qdr_listener_ssl_cert_file: "{{ tripleo_metrics_qdr_listener_ssl_cert_file }}"
qdr_listener_ssl_cert_db: "{{ tripleo_metrics_qdr_listener_ssl_cert_db }}"
qdr_listener_ssl_key_file: "{{ tripleo_metrics_qdr_listener_ssl_key_file }}"
qdr_listener_ssl_password: "{{ tripleo_metrics_qdr_listener_ssl_password }}"
qdr_listener_ssl_pw_file: "{{ tripleo_metrics_qdr_listener_ssl_pw_file }}"
qdr_listener_trusted_certs: "{{ tripleo_metrics_qdr_listener_trusted_certs }}"
qdr_listener_use_encryption: "{{ tripleo_metrics_qdr_listener_use_encryption }}"
qdr_log_output: "{{ tripleo_metrics_qdr_log_output }}"
qdr_password: "{{ tripleo_metrics_qdr_password }}"
qdr_router_mode: "{{ tripleo_metrics_qdr_router_mode }}"
qdr_ssl_profiles: "{{ tripleo_metrics_qdr_ssl_profiles }}"
qdr_username: "{{ tripleo_metrics_qdr_username }}"

View File

@ -35,6 +35,7 @@
- tripleo-ansible-centos-8-molecule-tripleo_kernel
- tripleo-ansible-centos-8-molecule-tripleo_keystone_resources
- tripleo-ansible-centos-8-molecule-tripleo_lvmfilter
- tripleo-ansible-centos-8-molecule-tripleo_metrics_qdr
- tripleo-ansible-centos-8-molecule-tripleo_module_load
- tripleo-ansible-centos-8-molecule-tripleo_multipathd
- tripleo-ansible-centos-8-molecule-tripleo_network_config
@ -95,6 +96,7 @@
- tripleo-ansible-centos-8-molecule-tripleo_kernel
- tripleo-ansible-centos-8-molecule-tripleo_keystone_resources
- tripleo-ansible-centos-8-molecule-tripleo_lvmfilter
- tripleo-ansible-centos-8-molecule-tripleo_metrics_qdr
- tripleo-ansible-centos-8-molecule-tripleo_module_load
- tripleo-ansible-centos-8-molecule-tripleo_multipathd
- tripleo-ansible-centos-8-molecule-tripleo_network_config
@ -411,6 +413,13 @@
parent: tripleo-ansible-centos-8-base
vars:
tripleo_role_name: tripleo_lvmfilter
- job:
files:
- ^tripleo_ansible/roles/tripleo_metrics_qdr/.*
name: tripleo-ansible-centos-8-molecule-tripleo_metrics_qdr
parent: tripleo-ansible-centos-8-base
vars:
tripleo_role_name: tripleo_metrics_qdr
- job:
files:
- ^tripleo_ansible/roles/tripleo_module_load/.*