From 4d81522b36b8a3b2dbba2fdab127d644e26e295c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Mon, 5 Sep 2022 09:15:31 +0200 Subject: [PATCH] New tripleo_ironic role Allow to configure both ironic_wsgi and ironic_ipxe vhosts using the new tripleo_httpd_vhost role. It will use parameters provided through tripleo-heat-templates in order to configure both httpd service, and the actual vhost. Change-Id: I6a8a6df8995cbf3f4cd6e04db7bfca880bd6d67e --- doc/source/roles/role-tripleo_ironic.rst | 6 +++ .../tripleo_httpd_vhost/defaults/main.yml | 4 ++ .../templates/vhost.conf.j2 | 2 +- .../roles/tripleo_ironic/defaults/main.yml | 26 +++++++++++ .../roles/tripleo_ironic/meta/main.yml | 43 +++++++++++++++++++ .../molecule/default/converge.yml | 21 +++++++++ .../molecule/default/molecule.yml | 28 ++++++++++++ .../molecule/default/prepare.yml | 22 ++++++++++ .../roles/tripleo_ironic/tasks/api_httpd.yaml | 42 ++++++++++++++++++ .../tripleo_ironic/tasks/ipxe_httpd.yaml | 17 ++++++++ zuul.d/molecule.yaml | 10 +++++ 11 files changed, 220 insertions(+), 1 deletion(-) create mode 100644 doc/source/roles/role-tripleo_ironic.rst create mode 100644 tripleo_ansible/roles/tripleo_ironic/defaults/main.yml create mode 100644 tripleo_ansible/roles/tripleo_ironic/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo_ironic/molecule/default/converge.yml create mode 100644 tripleo_ansible/roles/tripleo_ironic/molecule/default/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo_ironic/molecule/default/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo_ironic/tasks/api_httpd.yaml create mode 100644 tripleo_ansible/roles/tripleo_ironic/tasks/ipxe_httpd.yaml diff --git a/doc/source/roles/role-tripleo_ironic.rst b/doc/source/roles/role-tripleo_ironic.rst new file mode 100644 index 000000000..0c4525975 --- /dev/null +++ b/doc/source/roles/role-tripleo_ironic.rst @@ -0,0 +1,6 @@ +========================= +Role - tripleo_ironic_api +========================= + +.. ansibleautoplugin:: + :role: tripleo_ansible/roles/tripleo_ironic diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml index c611c2753..fd8f0d2a8 100644 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml @@ -37,6 +37,10 @@ tripleo_httpd_vhost_document_root: '/var/www/cgi-bin' tripleo_httpd_vhost_error_log_file: "/var/log/httpd/{{ tripleo_httpd_vhost_access_log_name }}_error.log" tripleo_httpd_vhost_group: 'apache' tripleo_httpd_vhost_headers: [] +tripleo_httpd_vhost_options: + - '-Indexes' + - '+FollowSymLinks' + - '+MultiViews' tripleo_httpd_vhost_path: '/' tripleo_httpd_vhost_priority: 10 tripleo_httpd_vhost_proxy: false diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2 index dacdd6591..061925c6e 100644 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2 +++ b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2 @@ -6,7 +6,7 @@ DocumentRoot "{{ tripleo_httpd_vhost_document_root }}" - Options -Indexes +FollowSymLinks +MultiViews + Options {{ tripleo_httpd_vhost_options | join(' ') }} AllowOverride None Require all granted diff --git a/tripleo_ansible/roles/tripleo_ironic/defaults/main.yml b/tripleo_ansible/roles/tripleo_ironic/defaults/main.yml new file mode 100644 index 000000000..5cbdd82d9 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ironic/defaults/main.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should be placed in this file. + +# All variables within this role should have a prefix of "tripleo_ironic_" + +tripleo_ironic_api_httpd_config_httpd_conf: null +tripleo_ironic_api_httpd_config_prefork_serverlimit: null +tripleo_ironic_api_httpd_config_prefork_maxrequestworkers: null +tripleo_ironic_api_httpd_config_mods: null +tripleo_ironic_api_httpd_vhost_ssl_ca: null diff --git a/tripleo_ansible/roles/tripleo_ironic/meta/main.yml b/tripleo_ansible/roles/tripleo_ironic/meta/main.yml new file mode 100644 index 000000000..c17481447 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ironic/meta/main.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo_ironic + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + namespace: openstack + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: CentOS + versions: + - 8 + - 9 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ironic/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ironic/molecule/default/converge.yml new file mode 100644 index 000000000..9d57f8e56 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ironic/molecule/default/converge.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: "tripleo_ironic" diff --git a/tripleo_ansible/roles/tripleo_ironic/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ironic/molecule/default/molecule.yml new file mode 100644 index 000000000..20d7e2005 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ironic/molecule/default/molecule.yml @@ -0,0 +1,28 @@ +--- +driver: + name: podman + +provisioner: + inventory: + hosts: + all: + hosts: + centos: + ansible_python_interpreter: /usr/bin/python3 + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - check + - verify + - destroy + +verifier: + name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ironic/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ironic/molecule/default/prepare.yml new file mode 100644 index 000000000..ec16f729a --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ironic/molecule/default/prepare.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps + - role: env_data diff --git a/tripleo_ansible/roles/tripleo_ironic/tasks/api_httpd.yaml b/tripleo_ansible/roles/tripleo_ironic/tasks/api_httpd.yaml new file mode 100644 index 000000000..d3a688043 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ironic/tasks/api_httpd.yaml @@ -0,0 +1,42 @@ +--- +- name: Ensure needed params are set + fail: + msg: "{{ item.k }} must be set to an actual value" + when: item.v == None + loop: + - k: "tripleo_ironic_api_httpd_config_httpd_conf" + v: "{{ tripleo_ironic_api_httpd_config_httpd_conf }}" + - k: "tripleo_ironic_api_httpd_config_prefork_serverlimit" + v: "{{ tripleo_ironic_api_httpd_config_prefork_serverlimit }}" + - k: "tripleo_ironic_api_httpd_config_prefork_maxrequestworkers" + v: "{{ tripleo_ironic_api_httpd_config_prefork_maxrequestworkers }}" + - k: "tripleo_ironic_api_httpd_config_mods" + v: "{{ tripleo_ironic_api_httpd_config_mods }}" + +- name: Create httpd config and vhost + vars: + tripleo_httpd_config_httpd_conf: "{{ tripleo_ironic_api_httpd_config_httpd_conf }}" + tripleo_httpd_config_prefork_serverlimit: "{{ tripleo_ironic_api_httpd_config_prefork_serverlimit }}" + tripleo_httpd_config_prefork_maxrequestworkers: "{{ tripleo_ironic_api_httpd_config_prefork_maxrequestworkers }}" + tripleo_httpd_config_mods: "{{ tripleo_ironic_api_httpd_config_mods }}" + tripleo_httpd_vhost_ssl_ca: "{{ tripleo_ironic_api_httpd_vhost_ssl_ca }}" + # Fixed params + tripleo_httpd_vhost_user: 'ironic' + tripleo_httpd_vhost_service_name: 'ironic_api' + tripleo_httpd_vhost_group: "{{ tripleo_httpd_vhost_user }}" + tripleo_httpd_vhost_access_log_format: 'forwarded' + tripleo_httpd_vhost_access_log_name: 'ironic_wsgi' + tripleo_httpd_vhost_document_root: '/var/www/cgi-bin/ironic' + tripleo_httpd_vhost_wsgi_process_group: "{{ tripleo_httpd_vhost_user }}" + tripleo_httpd_vhost_wsgi_daemon_process: + ironic: + 'display-name': 'ironic_wsgi' + group: "{{ tripleo_httpd_vhost_user }}" + processes: 6 + threads: 15 + user: "{{ tripleo_httpd_vhost_user }}" + tripleo_httpd_vhost_wsgi: true + tripleo_httpd_vhost_wsgi_script_alias: + '/': '/var/www/cgi-bin/ironic/app' + import_role: + name: tripleo_httpd_vhost diff --git a/tripleo_ansible/roles/tripleo_ironic/tasks/ipxe_httpd.yaml b/tripleo_ansible/roles/tripleo_ironic/tasks/ipxe_httpd.yaml new file mode 100644 index 000000000..8b510b654 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ironic/tasks/ipxe_httpd.yaml @@ -0,0 +1,17 @@ +--- +- name: Create httpd config and vhost + vars: + tripleo_httpd_vhost_user: 'ironic' + tripleo_httpd_vhost_service_name: 'ironic' + tripleo_httpd_vhost_servername: 'ipxe_vhost' + tripleo_httpd_vhost_group: "{{ tripleo_httpd_vhost_user }}" + tripleo_httpd_vhost_access_log_name: "{{ tripleo_httpd_vhost_servername }}" + tripleo_httpd_vhost_document_root: '/var/lib/ironic/httpboot' + tripleo_httpd_vhost_bind_port: 8088 + tripleo_httpd_vhost_options: + - 'Indexes' + - 'FollowSymLinks' + tripleo_httpd_vhost_wsgi: false + tripleo_httpd_vhost_ssl: false + import_role: + name: tripleo_httpd_vhost diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index e43bce1ae..4de02d68c 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -38,6 +38,7 @@ - tripleo-ansible-centos-stream-molecule-tripleo_httpd_config - tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost - tripleo-ansible-centos-stream-molecule-tripleo_image_serve + - tripleo-ansible-centos-stream-molecule-tripleo_ironic - tripleo-ansible-centos-stream-molecule-tripleo_iscsid - tripleo-ansible-centos-stream-molecule-tripleo_kernel - tripleo-ansible-centos-stream-molecule-tripleo_keystone @@ -110,6 +111,7 @@ - tripleo-ansible-centos-stream-molecule-tripleo_httpd_config - tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost - tripleo-ansible-centos-stream-molecule-tripleo_image_serve + - tripleo-ansible-centos-stream-molecule-tripleo_ironic - tripleo-ansible-centos-stream-molecule-tripleo_iscsid - tripleo-ansible-centos-stream-molecule-tripleo_kernel - tripleo-ansible-centos-stream-molecule-tripleo_keystone @@ -181,6 +183,7 @@ - tripleo-ansible-centos-stream-molecule-tripleo_httpd_config - tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost - tripleo-ansible-centos-stream-molecule-tripleo_image_serve + - tripleo-ansible-centos-stream-molecule-tripleo_ironic - tripleo-ansible-centos-stream-molecule-tripleo_iscsid - tripleo-ansible-centos-stream-molecule-tripleo_kernel - tripleo-ansible-centos-stream-molecule-tripleo_keystone @@ -480,6 +483,13 @@ parent: tripleo-ansible-centos-stream-base vars: tripleo_role_name: tripleo_image_serve +- job: + files: + - ^tripleo_ansible/roles/tripleo_ironic/(?!meta).* + name: tripleo-ansible-centos-stream-molecule-tripleo_ironic + parent: tripleo-ansible-centos-stream-base + vars: + tripleo_role_name: tripleo_ironic - job: files: - ^tripleo_ansible/roles/tripleo_iscsid/(?!meta).*