openstack/tripleo-common
Code Issues Proposed changes

Merge "Octavia post deployment mistral wrapper"

Browse Source
This commit is contained in:
Zuul
2018-01-19 19:54:14 +00:00
committed by Gerrit Code Review
parent a12858256d 2bcbddfa9c
commit bd3476ff54
4 changed files with 148 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
releasenotes/notes/octavia-passphrase-285a06885ac735df.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
features:
- |
Add OctaviaCaKeyPassphrase to the list of passwords
to generate, so users don't have to pick a string or
rely on a default value for octavia CA private key
passphrase.

1
tripleo_common/constants.py
View File

@@ -102,6 +102,7 @@ PASSWORD_PARAMETER_NAMES = (
'NovaPassword', 'NovaPassword',
'NovajoinPassword', 'NovajoinPassword',
'MigrationSshKey', 'MigrationSshKey',
'OctaviaCaKeyPassphrase',
'OctaviaHeartbeatKey', 'OctaviaHeartbeatKey',
'OctaviaPassword', 'OctaviaPassword',
'PacemakerRemoteAuthkey', 'PacemakerRemoteAuthkey',

1
tripleo_common/tests/actions/test_parameters.py
View File

@@ -57,6 +57,7 @@ _EXISTING_PASSWORDS = {
'PankoPassword': 'cVZXehsSc2KdmFFMKDudxTLKn', 'PankoPassword': 'cVZXehsSc2KdmFFMKDudxTLKn',
'OctaviaHeartbeatKey': 'oct-heartbeat-key', 'OctaviaHeartbeatKey': 'oct-heartbeat-key',
'OctaviaPassword': 'NMl7j3nKk1VVwMxUZC8Cgw==', 'OctaviaPassword': 'NMl7j3nKk1VVwMxUZC8Cgw==',
'OctaviaCaKeyPassphrase': 'SLj4c3uCk4DDxPwQOG1Heb==',
'ManilaPassword': 'NYJN86Fua3X8AVFWmMhQa2zTH', 'ManilaPassword': 'NYJN86Fua3X8AVFWmMhQa2zTH',
'NeutronMetadataProxySharedSecret': 'Q2YgUCwmBkYdqsdhhCF4hbghu', 'NeutronMetadataProxySharedSecret': 'Q2YgUCwmBkYdqsdhhCF4hbghu',
'CephMdsKey': b'AQCQXtlXAAAAABAAT4Gk+U8EqqStL+JFa9bp1Q==', 'CephMdsKey': b'AQCQXtlXAAAAABAAT4Gk+U8EqqStL+JFa9bp1Q==',

139
workbooks/octavia_post.yaml Normal file
View File

@@ -0,0 +1,139 @@
---
version: '2.0'
name: tripleo.octavia_post.v1
description: TripleO Octavia post deployment Workflows
workflows:
octavia_post_deploy:
description: Octavia post deployment
input:
- amp_image_name
- amp_image_filename
- amp_image_tag
- lb_mgmt_net_name
- lb_mgmt_subnet_name
- lb_sec_group_name
- lb_mgmt_subnet_cidr
- lb_mgmt_subnet_gateway
- lb_mgmt_subnet_pool_start
- lb_mgmt_subnet_pool_end
- generate_certs
- octavia_ansible_playbook
- overcloud_admin
- ca_cert_path
- ca_private_key_path
- ca_passphrase
- client_cert_path
- mgmt_port_dev
- overcloud_password
- overcloud_project
- overcloud_pub_auth_uri
- ansible_extra_env_variables:
ANSIBLE_HOST_KEY_CHECKING: 'False'
ANSIBLE_SSH_RETRIES: '3'
tags:
- tripleo-common-managed
tasks:
enable_ssh_admin:
workflow: tripleo.access.v1.enable_ssh_admin
on-success: get_private_key
get_private_key:
action: tripleo.validations.get_privkey
publish:
private_key: <% task().result %>
on-success: get_overcloud_stack_details
get_overcloud_stack_details:
publish:
# TODO(beagles), we are making an assumption about the octavia heatlh manager and
# controller worker needing
#
octavia_controller_ips: <% env().get('service_ips', {}).get('octavia_worker_ctlplane_node_ips', []) %>
on-success: make_local_temp_directory
make_local_temp_directory:
action: tripleo.files.make_temp_dir
publish:
undercloud_local_dir: <% task().result.path %>
on-success: make_remote_temp_directory
make_remote_temp_directory:
action: tripleo.files.make_temp_dir
publish:
undercloud_remote_dir: <% task().result.path %>
on-success: build_local_connection_environment_vars
build_local_connection_environment_vars:
publish:
ansible_local_connection_variables: <% dict('ANSIBLE_REMOTE_TEMP' => $.undercloud_remote_dir, 'ANSIBLE_LOCAL_TEMP' => $.undercloud_local_dir) + $.ansible_extra_env_variables %>
on-success: upload_amphora
upload_amphora:
action: tripleo.ansible-playbook
input:
inventory:
undercloud:
hosts:
localhost:
ansible_connection: local
playbook: <% $.octavia_ansible_playbook %>
remote_user: stack
extra_env_variables: <% $.ansible_local_connection_variables %>
extra_vars:
os_password: <% $.overcloud_password %>
os_username: <% $.overcloud_admin %>
os_project_name: <% $.overcloud_project %>
os_auth_url: <% $.overcloud_pub_auth_uri %>
os_auth_type: "password"
os_identity_api_version: "3"
amp_image_name: <% $.amp_image_name %>
amp_image_filename: <% $.amp_image_filename %>
amp_image_tag: <% $.amp_image_tag %>
on-success: config_octavia
config_octavia:
action: tripleo.ansible-playbook
input:
inventory:
octavia_nodes:
hosts: <% $.octavia_controller_ips.toDict($, {}) %>
verbosity: 0
playbook: <% $.octavia_ansible_playbook %>
remote_user: tripleo-admin
become: true
become_user: root
ssh_private_key: <% $.private_key %>
ssh_common_args: '-o StrictHostKeyChecking=no'
ssh_extra_args: '-o UserKnownHostsFile=/dev/null'
extra_env_variables: <% $.ansible_extra_env_variables %>
extra_vars:
os_password: <% $.overcloud_password %>
os_username: <% $.overcloud_admin %>
os_project_name: <% $.overcloud_project %>
os_auth_url: <% $.overcloud_pub_auth_uri %>
os_auth_type: "password"
os_identity_api_version: "3"
amp_image_tag: <% $.amp_image_tag %>
lb_mgmt_net_name: <% $.lb_mgmt_net_name %>
lb_mgmt_subnet_name: <% $.lb_mgmt_subnet_name %>
lb_sec_group_name: <% $.lb_sec_group_name %>
lb_mgmt_subnet_cidr: <% $.lb_mgmt_subnet_cidr %>
lb_mgmt_subnet_gateway: <% $.lb_mgmt_subnet_gateway %>
lb_mgmt_subnet_pool_start: <% $.lb_mgmt_subnet_pool_start %>
lb_mgmt_subnet_pool_end: <% $.lb_mgmt_subnet_pool_end %>
ca_cert_path: <% $.ca_cert_path %>
ca_private_key_path: <% $.ca_private_key_path %>
ca_passphrase: <% $.ca_passphrase %>
client_cert_path: <% $.client_cert_path %>
generate_certs: <% $.generate_certs %>
mgmt_port_dev: <% $.mgmt_port_dev %>
on-complete: purge_local_temp_dir
purge_local_temp_dir:
action: tripleo.files.remove_temp_dir path=<% $.undercloud_local_dir %>
on-complete: purge_remote_temp_dir
purge_remote_temp_dir:
action: tripleo.files.remove_temp_dir path=<% $.undercloud_remote_dir %>