diff --git a/ansible/openstack/HA-ansible-multinodes.yml b/ansible/openstack/HA-ansible-multinodes.yml
new file mode 100644
index 0000000..d8b82c7
--- /dev/null
+++ b/ansible/openstack/HA-ansible-multinodes.yml
@@ -0,0 +1,239 @@
+---
+- hosts: all
+ remote_user: root
+ pre_tasks:
+ - name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /root/.ssh
+ owner: root
+ group: root
+
+ - name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /root/.ssh/config
+ owner: root
+ group: root
+
+ - name: generate ssh keys
+ shell: if [ ! -f ~/.ssh/id_rsa.pub ]; then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; else echo "already gen ssh key!"; fi;
+
+ - name: fetch ssh keys
+ fetch: src=/root/.ssh/id_rsa.pub dest=/tmp/ssh-keys-{{ ansible_hostname }} flat=yes
+
+ - authorized_key:
+ user: root
+ key: "{{ lookup('file', 'item') }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+ max_fail_percentage: 0
+ roles:
+ - common
+
+- hosts: all
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - setup-network
+
+- hosts: ha
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ha
+
+- hosts: controller
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - memcached
+ - apache
+ - database
+ - mq
+ - keystone
+ - nova-controller
+ - neutron-controller
+ - cinder-controller
+ - glance
+ - neutron-common
+ - neutron-network
+ - ceilometer_controller
+# - ext-network
+ - dashboard
+ - heat
+# - aodh
+
+- hosts: all
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - storage
+
+- hosts: compute
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - nova-compute
+ - neutron-compute
+ - cinder-volume
+ - ceilometer_compute
+
+- hosts: all
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - secgroup
+
+- hosts: ceph_adm
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles: []
+ # - ceph-deploy
+
+- hosts: ceph
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-purge
+ - ceph-config
+
+- hosts: ceph_mon
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-mon
+
+- hosts: ceph_osd
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-osd
+
+- hosts: ceph
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - ceph-openstack
+
+- hosts: all
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - monitor
+
+
+- hosts: all
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ tasks:
+ - name: set bash to nova
+ user:
+ name: nova
+ shell: /bin/bash
+
+ - name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /var/lib/nova/.ssh
+ owner: nova
+ group: nova
+
+ - name: copy ssh keys for nova
+ shell: cp -rf /root/.ssh/id_rsa /var/lib/nova/.ssh;
+
+ - name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /var/lib/nova/.ssh/config
+ owner: nova
+ group: nova
+
+ - authorized_key:
+ user: nova
+ key: "{{ lookup('file', 'item') }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+
+ - name: chown ssh file
+ shell: chown -R nova:nova /var/lib/nova/.ssh;
+
+
+- hosts: all
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - odl_cluster
+
+- hosts: all
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - onos_cluster
+
+- hosts: all
+ remote_user: root
+ sudo: True
+ max_fail_percentage: 0
+ roles:
+ - open-contrail
+
+- hosts: all
+ remote_user: root
+ serial: 1
+ max_fail_percentage: 0
+ roles:
+ - odl_cluster_neutron
+
+- hosts: all
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - odl_cluster_post
+
+- hosts: controller
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - ext-network
+
+- hosts: controller
+ remote_user: root
+ accelerate: true
+ max_fail_percentage: 0
+ roles:
+ - tacker
diff --git a/ansible/openstack_juno/allinone.yml b/ansible/openstack/allinone.yml
similarity index 97%
rename from ansible/openstack_juno/allinone.yml
rename to ansible/openstack/allinone.yml
index d86af06..4539e5f 100644
--- a/ansible/openstack_juno/allinone.yml
+++ b/ansible/openstack/allinone.yml
@@ -1,7 +1,7 @@
---
- hosts: controller
sudo: True
- roles:
+ roles:
- common
- database
- mq
diff --git a/ansible/openstack_juno/compute.yml b/ansible/openstack/compute.yml
similarity index 100%
rename from ansible/openstack_juno/compute.yml
rename to ansible/openstack/compute.yml
diff --git a/ansible/openstack_juno/controller.yml b/ansible/openstack/controller.yml
similarity index 100%
rename from ansible/openstack_juno/controller.yml
rename to ansible/openstack/controller.yml
diff --git a/ansible/openstack_juno/group_vars/all b/ansible/openstack/group_vars/all
similarity index 93%
rename from ansible/openstack_juno/group_vars/all
rename to ansible/openstack/group_vars/all
index 5643fcd..79859d0 100644
--- a/ansible/openstack_juno/group_vars/all
+++ b/ansible/openstack/group_vars/all
@@ -24,6 +24,10 @@ NOVA_PASS: nova_secret
DASH_DBPASS: dash_db_secret
CINDER_DBPASS: cinder_db_secret
CINDER_PASS: cinder_secret
+HEAT_DBPASS: heat_db_secret
+HEAT_PASS: heat_secret
+AODH_DBPASS: aodh_db_secret
+AODH_PASS: aodh_secret
NEUTRON_DBPASS: neutron_db_secret
NEUTRON_PASS: netron_secret
NEUTRON_TYPE_DRIVERS: ['flat', 'gre', 'vxlan']
diff --git a/ansible/openstack_juno/multinodes.yml b/ansible/openstack/multinodes.yml
similarity index 92%
rename from ansible/openstack_juno/multinodes.yml
rename to ansible/openstack/multinodes.yml
index ae7c0a8..5b43a69 100644
--- a/ansible/openstack_juno/multinodes.yml
+++ b/ansible/openstack/multinodes.yml
@@ -65,3 +65,9 @@
- common
- nova-compute
- neutron-compute
+
+- hosts: odl
+ remote_user: root
+ sudo: True
+ roles:
+ - odl
diff --git a/ansible/openstack_juno/network.yml b/ansible/openstack/network.yml
similarity index 100%
rename from ansible/openstack_juno/network.yml
rename to ansible/openstack/network.yml
diff --git a/ansible/openstack_juno/single-controller.yml b/ansible/openstack/single-controller.yml
similarity index 85%
rename from ansible/openstack_juno/single-controller.yml
rename to ansible/openstack/single-controller.yml
index d86af06..96ec0a6 100644
--- a/ansible/openstack_juno/single-controller.yml
+++ b/ansible/openstack/single-controller.yml
@@ -1,7 +1,7 @@
---
- hosts: controller
sudo: True
- roles:
+ roles:
- common
- database
- mq
@@ -30,3 +30,9 @@
- common
- nova-compute
- neutron-compute
+
+- hosts: odl
+ remote_user: root
+ sudo: True
+ roles:
+ - odl
diff --git a/ansible/openstack_juno/storage.yml b/ansible/openstack/storage.yml
similarity index 100%
rename from ansible/openstack_juno/storage.yml
rename to ansible/openstack/storage.yml
diff --git a/ansible/roles/neutron-compute/templates/dnsmasq-neutron.conf b/ansible/openstack/templates/dnsmasq-neutron.conf
similarity index 100%
rename from ansible/roles/neutron-compute/templates/dnsmasq-neutron.conf
rename to ansible/openstack/templates/dnsmasq-neutron.conf
diff --git a/ansible/roles/neutron-network/templates/ml2_conf.ini b/ansible/openstack/templates/ml2_conf.ini
similarity index 90%
rename from ansible/roles/neutron-network/templates/ml2_conf.ini
rename to ansible/openstack/templates/ml2_conf.ini
index 9972842..7b3e76d 100644
--- a/ansible/roles/neutron-network/templates/ml2_conf.ini
+++ b/ansible/openstack/templates/ml2_conf.ini
@@ -29,7 +29,7 @@ mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }}
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
-flat_networks = external
+flat_networks = *
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
@@ -39,7 +39,7 @@ flat_networks = external
# tenant networks, as well as ranges of VLAN tags on each
# physical_network available for allocation as tenant networks.
#
-network_vlan_ranges =
+network_vlan_ranges = {{ NEUTRON_VLAN_RANGES|join(",") }}
# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
[ml2_type_gre]
@@ -67,16 +67,18 @@ firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewal
enable_security_group = True
[database]
-connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/ovs_neutron?charset=utf8
+connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron?charset=utf8
[ovs]
local_ip = {{ internal_ip }}
{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %}
integration_bridge = br-int
+{% if NEUTRON_TUNNEL_TYPES %}
tunnel_bridge = br-tun
tunnel_id_ranges = 1001:4095
tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
-bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }}
+{% endif %}
+bridge_mappings = {{ NEUTRON_OVS_BRIDGE_MAPPINGS | join(",") }}
{% endif %}
[agent]
@@ -90,11 +92,14 @@ l2_population = False
[odl]
{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
network_vlan_ranges = 1001:4095
+{% if NEUTRON_TUNNEL_TYPES %}
tunnel_id_ranges = 1001:4095
tun_peer_patch_port = patch-int
int_peer_patch_port = patch-tun
-tenant_network_type = vxlan
tunnel_bridge = br-tun
+{% endif %}
+
+tenant_network_type = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }}
integration_bridge = br-int
controllers = 10.1.0.15:8080:admin:admin
{% endif %}
@@ -103,6 +108,6 @@ controllers = 10.1.0.15:8080:admin:admin
{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
username = {{ odl_username }}
password = {{ odl_password }}
-url = http://{{ odl_controller }}:{{ odl_api_port }}/controller/nb/v2/neutron
+url = http://{{ controller }}:{{ odl_api_port }}/controller/nb/v2/neutron
{% endif %}
diff --git a/ansible/roles/neutron-controller/templates/neutron.conf b/ansible/openstack/templates/neutron.conf
similarity index 96%
rename from ansible/roles/neutron-controller/templates/neutron.conf
rename to ansible/openstack/templates/neutron.conf
index 28bb2ba..ebc46f9 100644
--- a/ansible/roles/neutron-controller/templates/neutron.conf
+++ b/ansible/openstack/templates/neutron.conf
@@ -142,7 +142,7 @@ rabbit_port = 5672
# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
# rabbit_hosts = localhost:5672
# User ID used for RabbitMQ connections
-rabbit_userid = guest
+rabbit_userid = {{ RABBIT_USER }}
# Location of a virtual RabbitMQ installation.
# rabbit_virtual_host = /
# Maximum retries with trying to connect to RabbitMQ
@@ -153,7 +153,6 @@ rabbit_userid = guest
# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
# wipe RabbitMQ database when changing this option. (boolean value)
# rabbit_ha_queues = false
-
# QPID
# rpc_backend=neutron.openstack.common.rpc.impl_qpid
# Qpid broker hostname
@@ -305,22 +304,23 @@ notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
# URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ compute_controller_host }}:8774/v2
+nova_url = http://{{ internal_vip.ip }}:8774/v2
# Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = RegionOne
+nova_region_name = regionOne
# Username for connection to nova in admin context
nova_admin_username = nova
# The uuid of the admin nova tenant
+{% if NOVA_ADMIN_TENANT_ID|default('') %}
nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }}
-
+{% endif %}
# Password for connection to nova in admin context.
nova_admin_password = {{ NOVA_PASS }}
# Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ identity_host }}:35357/v2.0
+nova_admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0
# Number of seconds between sending events to nova if there are any events to send
send_events_interval = 2
@@ -394,8 +394,8 @@ report_interval = 30
# =========== end of items for agent management extension =====
[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
admin_tenant_name = service
admin_user = neutron
admin_password = {{ NEUTRON_PASS }}
@@ -408,7 +408,7 @@ signing_dir = $state_path/keystone-signing
# Replace 127.0.0.1 above with the IP address of the database used by the
# main neutron server. (Leave it as is if the database runs on this host.)
# connection = sqlite:////var/lib/neutron/neutron.sqlite
-#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
+connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
# The SQLAlchemy connection string used to connect to the slave database
slave_connection =
@@ -428,7 +428,8 @@ min_pool_size = 1
max_pool_size = 100
# Timeout in seconds before idle sql connections are reaped
-idle_timeout = 3600
+idle_timeout = 30
+use_db_reconnect = True
# If set, use this value for max_overflow with sqlalchemy
max_overflow = 100
@@ -453,8 +454,7 @@ pool_timeout = 10
# example of non-default provider:
# service_provider=FIREWALL:name2:firewall_driver_path
# --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewllDriver:default
# In order to activate Radware's lbaas driver you need to uncomment the next line.
# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
# Otherwise comment the HA Proxy line
@@ -465,3 +465,9 @@ service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVP
# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
+
+{% if enable_fwaas %}
+[fwaas]
+driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
+enabled = True
+{% endif %}
diff --git a/ansible/roles/neutron-controller/templates/nova.conf b/ansible/openstack/templates/nova.conf
similarity index 60%
rename from ansible/roles/neutron-controller/templates/nova.conf
rename to ansible/openstack/templates/nova.conf
index dfb4b93..5277359 100644
--- a/ansible/roles/neutron-controller/templates/nova.conf
+++ b/ansible/openstack/templates/nova.conf
@@ -1,9 +1,15 @@
+{% set memcached_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+
[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
-lock_path=/var/lock/nova
+lock_path=/var/lib/nova/tmp
force_dhcp_release=True
iscsi_helper=tgtadm
libvirt_use_virtio_for_bridges=True
@@ -14,22 +20,24 @@ debug={{ DEBUG }}
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
volumes_path=/var/lib/nova/volumes
-enabled_apis=ec2,osapi_compute,metadata
-
-vif_plugging_is_fatal: false
-vif_plugging_timeout: 0
+enabled_apis=osapi_compute,metadata
+default_floating_pool={{ public_net_info.network }}
auth_strategy = keystone
rpc_backend = rabbit
rabbit_host = {{ rabbit_host }}
+rabbit_userid = {{ RABBIT_USER }}
rabbit_password = {{ RABBIT_PASS }}
+osapi_compute_listen={{ internal_ip }}
+metadata_listen={{ internal_ip }}
+
my_ip = {{ internal_ip }}
vnc_enabled = True
-vncserver_listen = 0.0.0.0
+vncserver_listen = {{ internal_ip }}
vncserver_proxyclient_address = {{ internal_ip }}
-novncproxy_base_url = http://{{ compute_controller_host }}:6080/vnc_auto.html
+novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html
novncproxy_host = {{ internal_ip }}
novncproxy_port = 6080
@@ -45,24 +53,32 @@ notify_on_state_change = vm_and_task_state
notification_driver = nova.openstack.common.notifier.rpc_notifier
notification_driver = ceilometer.compute.nova_notifier
+memcached_servers = {{ memcached_servers }}
+
[database]
# The SQLAlchemy connection string used to connect to the database
connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova
+idle_timeout = 30
+use_db_reconnect = True
+pool_timeout = 10
[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
admin_tenant_name = service
admin_user = nova
admin_password = {{ NOVA_PASS }}
+memcached_servers = {{ memcached_servers }}
[glance]
-host = {{ image_host }}
+host = {{ internal_vip.ip }}
[neutron]
-url = http://{{ network_server_host }}:9696
+url = http://{{ internal_vip.ip }}:9696
auth_strategy = keystone
admin_tenant_name = service
admin_username = neutron
admin_password = {{ NEUTRON_PASS }}
-admin_auth_url = http://{{ identity_host }}:35357/v2.0
+admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0
+service_metadata_proxy = True
+metadata_proxy_shared_secret = {{ METADATA_SECRET }}
diff --git a/ansible/openstack_juno/.gitkeep b/ansible/openstack_juno/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/openstack_juno_plumgrid/single-controller.yml b/ansible/openstack_juno_plumgrid/single-controller.yml
deleted file mode 100644
index 5551a19..0000000
--- a/ansible/openstack_juno_plumgrid/single-controller.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-- hosts: controller
- sudo: True
- roles:
- - common
- - database
- - mq
- - keystone
- - nova-controller
- - neutron-controller
- - dashboard
- - cinder-controller
- - glance
- - plumgrid
- - plumgrid-plugin
-
-- hosts: network
- sudo: True
- roles:
- - common
- - plumgrid
-
-- hosts: storage
- sudo: True
- roles:
- - common
- - cinder-volume
-
-- hosts: compute
- sudo: True
- roles:
- - common
- - nova-compute
- - neutron-compute
- - plumgrid
diff --git a/ansible/openstack_kilo/.gitkeep b/ansible/openstack_kilo/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/openstack_liberty/.gitkeep b/ansible/openstack_liberty/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/openstack_mitaka/.gitkeep b/ansible/openstack_mitaka/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/openstack_mitaka/aodh/handlers/main.yml b/ansible/openstack_mitaka/aodh/handlers/main.yml
new file mode 100644
index 0000000..e1084c8
--- /dev/null
+++ b/ansible/openstack_mitaka/aodh/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart aodh services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services
diff --git a/ansible/openstack_mitaka/aodh/tasks/main.yml b/ansible/openstack_mitaka/aodh/tasks/main.yml
new file mode 100644
index 0000000..aa23b9e
--- /dev/null
+++ b/ansible/openstack_mitaka/aodh/tasks/main.yml
@@ -0,0 +1,29 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install aodh packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: update aodh conf
+ template: src={{ item }} dest=/etc/aodh/{{ item }}
+ backup=yes
+ with_items:
+ - aodh.conf.j2
+# - api_paste.ini.j2
+# - policy.json.j2
+ notify: restart aodh services
+
+- name: write services to monitor list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services
+
+- meta: flush_handlers
diff --git a/ansible/openstack_mitaka/aodh/templates/aodh.conf.j2 b/ansible/openstack_mitaka/aodh/templates/aodh.conf.j2
new file mode 100644
index 0000000..eac6e5b
--- /dev/null
+++ b/ansible/openstack_mitaka/aodh/templates/aodh.conf.j2
@@ -0,0 +1,41 @@
+[DEFAULT]
+bind_host = {{ internal_ip }}
+bind_port = 8042
+rpc_backend = rabbit
+auth_strategy = keystone
+debug = True
+verbose = True
+
+[oslo_messaging_rabbit]
+rabbit_hosts = {{ internal_vip.ip }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+rabbit_use_ssl = false
+
+[database]
+connection = mongodb://aodh:{{ AODH_DBPASS }}@{{ internal_vip.ip }}:27017/aodh
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000
+auth_url = http://{{ internal_vip.ip }}:35357
+identity_uri = http://{{ internal_vip.ip }}:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = aodh
+password = {{ AODH_PASS }}
+memcached_servers = {{ memcached_servers }}
+token_cache_time = 300
+revocation_cache_time = 60
+
+[service_credentials]
+os_auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+os_username = aodh
+os_tenant_name = service
+os_password = {{ AODH_PASS }}
+os_endpoint_type = internalURL
+os_region_name = regionOne
+
+[api]
+host = {{ internal_ip }}
diff --git a/ansible/openstack_mitaka/aodh/templates/api_paste.ini.j2 b/ansible/openstack_mitaka/aodh/templates/api_paste.ini.j2
new file mode 100644
index 0000000..151789c
--- /dev/null
+++ b/ansible/openstack_mitaka/aodh/templates/api_paste.ini.j2
@@ -0,0 +1,22 @@
+# aodh API WSGI Pipeline
+# Define the filters that make up the pipeline for processing WSGI requests
+# Note: This pipeline is PasteDeploy's term rather than aodh's pipeline
+# used for processing samples
+
+# Remove authtoken from the pipeline if you don't want to use keystone authentication
+[pipeline:main]
+pipeline = cors request_id authtoken api-server
+
+[app:api-server]
+paste.app_factory = aodh.api.app:app_factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+oslo_config_project = aodh
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = aodh
diff --git a/ansible/openstack_mitaka/aodh/templates/policy.json.j2 b/ansible/openstack_mitaka/aodh/templates/policy.json.j2
new file mode 100644
index 0000000..4fd873e
--- /dev/null
+++ b/ansible/openstack_mitaka/aodh/templates/policy.json.j2
@@ -0,0 +1,20 @@
+{
+ "context_is_admin": "role:admin",
+ "segregation": "rule:context_is_admin",
+ "admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s",
+ "default": "rule:admin_or_owner",
+
+ "telemetry:get_alarm": "rule:admin_or_owner",
+ "telemetry:get_alarms": "rule:admin_or_owner",
+ "telemetry:query_alarm": "rule:admin_or_owner",
+
+ "telemetry:create_alarm": "",
+ "telemetry:change_alarm": "rule:admin_or_owner",
+ "telemetry:delete_alarm": "rule:admin_or_owner",
+
+ "telemetry:get_alarm_state": "rule:admin_or_owner",
+ "telemetry:change_alarm_state": "rule:admin_or_owner",
+
+ "telemetry:alarm_history": "rule:admin_or_owner",
+ "telemetry:query_alarm_history": "rule:admin_or_owner"
+}
diff --git a/ansible/openstack_mitaka/aodh/vars/Debian.yml b/ansible/openstack_mitaka/aodh/vars/Debian.yml
new file mode 100644
index 0000000..bdf4655
--- /dev/null
+++ b/ansible/openstack_mitaka/aodh/vars/Debian.yml
@@ -0,0 +1,22 @@
+#############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#############################################################################
+---
+packages:
+ - aodh-api
+ - aodh-evaluator
+ - aodh-notifier
+ - aodh-listener
+ - aodh-expirer
+ - python-ceilometerclient
+
+services:
+ - aodh-api
+ - aodh-notifier
+ - aodh-evaluator
+ - aodh-listener
diff --git a/ansible/openstack_mitaka/aodh/vars/RedHat.yml b/ansible/openstack_mitaka/aodh/vars/RedHat.yml
new file mode 100644
index 0000000..3d18288
--- /dev/null
+++ b/ansible/openstack_mitaka/aodh/vars/RedHat.yml
@@ -0,0 +1,22 @@
+#############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#############################################################################
+---
+packages:
+ - openstack-aodh-api
+ - openstack-aodh-evaluator
+ - openstack-aodh-notifier
+ - openstack-aodh-listener
+ - openstack-aodh-expirer
+ - python-ceilometerclient
+
+services:
+ - aodh-api
+ - aodh-notifier
+ - aodh-evaluator
+ - aodh-listener
diff --git a/ansible/openstack_mitaka/aodh/vars/main.yml b/ansible/openstack_mitaka/aodh/vars/main.yml
new file mode 100644
index 0000000..b17f6ed
--- /dev/null
+++ b/ansible/openstack_mitaka/aodh/vars/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+##
+## All rights reserved. This program and the accompanying materials
+## are made available under the terms of the Apache License, Version 2.0
+## which accompanies this distribution, and is available at
+## http://www.apache.org/licenses/LICENSE-2.0
+###############################################################################
+---
+packages_noarch: []
+
+services_noarch: []
diff --git a/ansible/openstack_mitaka/ceilometer_controller/vars/Debian.yml b/ansible/openstack_mitaka/ceilometer_controller/vars/Debian.yml
new file mode 100644
index 0000000..b749ffa
--- /dev/null
+++ b/ansible/openstack_mitaka/ceilometer_controller/vars/Debian.yml
@@ -0,0 +1,37 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+ - ceilometer-api
+ - ceilometer-collector
+ - ceilometer-agent-central
+ - ceilometer-agent-notification
+# - ceilometer-alarm-evaluator
+# - ceilometer-alarm-notifier
+ - python-ceilometerclient
+
+ceilometer_services:
+ - ceilometer-agent-central
+ - ceilometer-agent-notification
+ - ceilometer-api
+ - ceilometer-collector
+# - ceilometer-alarm-evaluator
+# - ceilometer-alarm-notifier
+
+ceilometer_configs_templates:
+ - src: ceilometer.j2
+ dest:
+ - /etc/ceilometer/ceilometer.conf
+ - src: cinder.j2
+ dest:
+ - /etc/cinder/cinder.conf
+ - src: glance.j2
+ dest:
+ - /etc/glance/glance-api.conf
+ - /etc/glance/glance-registry.conf
diff --git a/ansible/openstack_mitaka/ceilometer_controller/vars/RedHat.yml b/ansible/openstack_mitaka/ceilometer_controller/vars/RedHat.yml
new file mode 100644
index 0000000..6c5f53e
--- /dev/null
+++ b/ansible/openstack_mitaka/ceilometer_controller/vars/RedHat.yml
@@ -0,0 +1,36 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+ - openstack-ceilometer-api
+ - openstack-ceilometer-collector
+ - openstack-ceilometer-central
+ - openstack-ceilometer-notification
+# - openstack-ceilometer-alarm
+ - python-ceilometerclient
+
+ceilometer_services:
+ - openstack-ceilometer-central
+ - openstack-ceilometer-notification
+ - openstack-ceilometer-api
+ - openstack-ceilometer-collector
+# - openstack-ceilometer-alarm-evaluator
+# - openstack-ceilometer-alarm-notifier
+
+ceilometer_configs_templates:
+ - src: ceilometer.j2
+ dest:
+ - /etc/ceilometer/ceilometer.conf
+ - src: cinder.j2
+ dest:
+ - /etc/cinder/cinder.conf
+ - src: glance.j2
+ dest:
+ - /etc/glance/glance-api.conf
+ - /etc/glance/glance-registry.conf
diff --git a/ansible/openstack_mitaka/common/vars/Debian.yml b/ansible/openstack_mitaka/common/vars/Debian.yml
new file mode 100644
index 0000000..980bcac
--- /dev/null
+++ b/ansible/openstack_mitaka/common/vars/Debian.yml
@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - ubuntu-cloud-keyring
+ #- python-dev
+ - openvswitch-datapath-dkms
+ - openvswitch-switch
+ - python-memcache
+ - python-iniparse
+ - python-lxml
+# - python-d* #TODO, need remove
+
+pip_packages:
+ - crudini
+ - python-keyczar
+ - yang2tosca
+
+pip_conf: pip.conf
+
+services:
+ - ntp
+
+
diff --git a/ansible/roles/apache/handlers/main.yml b/ansible/roles/apache/handlers/main.yml
new file mode 100755
index 0000000..0f28dc2
--- /dev/null
+++ b/ansible/roles/apache/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart apache related services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services| union(services_noarch)
diff --git a/ansible/roles/apache/tasks/main.yml b/ansible/roles/apache/tasks/main.yml
new file mode 100755
index 0000000..7053229
--- /dev/null
+++ b/ansible/roles/apache/tasks/main.yml
@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes"
+ with_items: packages | union(packages_noarch)
+
+- name: assure listen port exist
+ template:
+ dest: '{{ apache_config_dir }}/ports.conf'
+ src: ports.conf.j2
+ notify:
+ - restart apache related services
+
+- name: remove default listen port on centos
+ lineinfile:
+ dest: /etc/httpd/conf/httpd.conf
+ state: absent
+ regexp: 'Listen 80'
+ when: ansible_os_family == 'RedHat'
+
+- meta: flush_handlers
diff --git a/ansible/roles/apache/templates/openstack-dashboard.conf.j2 b/ansible/roles/apache/templates/openstack-dashboard.conf.j2
new file mode 100755
index 0000000..403fcc2
--- /dev/null
+++ b/ansible/roles/apache/templates/openstack-dashboard.conf.j2
@@ -0,0 +1,15 @@
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+
+
+ WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi
+ WSGIDaemonProcess horizon user=horizon group=horizon processes={{ work_threads }} threads={{ work_threads }}
+ WSGIProcessGroup horizon
+ Alias /static {{ horizon_dir }}/static/
+ Alias /horizon/static {{ horizon_dir }}/static/
+
+ Order allow,deny
+ Allow from all
+
+
+
+
diff --git a/ansible/roles/apache/templates/ports.conf.j2 b/ansible/roles/apache/templates/ports.conf.j2
new file mode 100644
index 0000000..be27d19
--- /dev/null
+++ b/ansible/roles/apache/templates/ports.conf.j2
@@ -0,0 +1 @@
+Listen {{ internal_ip }}:80
diff --git a/ansible/roles/apache/vars/Debian.yml b/ansible/roles/apache/vars/Debian.yml
new file mode 100755
index 0000000..95e941e
--- /dev/null
+++ b/ansible/roles/apache/vars/Debian.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - apache2
+ - libapache2-mod-wsgi
+
+services:
+ - apache2
+
+apache_config_dir: /etc/apache2
diff --git a/ansible/roles/apache/vars/RedHat.yml b/ansible/roles/apache/vars/RedHat.yml
new file mode 100755
index 0000000..5211a12
--- /dev/null
+++ b/ansible/roles/apache/vars/RedHat.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - mod_wsgi
+ - httpd
+
+services:
+ - httpd
+
+apache_config_dir: /etc/httpd/conf.d
diff --git a/ansible/roles/apache/vars/main.yml b/ansible/roles/apache/vars/main.yml
new file mode 100755
index 0000000..f6fef74
--- /dev/null
+++ b/ansible/roles/apache/vars/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch: []
diff --git a/ansible/roles/ceilometer_compute/handlers/main.yml b/ansible/roles/ceilometer_compute/handlers/main.yml
new file mode 100644
index 0000000..c973d7d
--- /dev/null
+++ b/ansible/roles/ceilometer_compute/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart ceilometer relation service
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: ceilometer_services
diff --git a/ansible/roles/ceilometer_compute/tasks/main.yml b/ansible/roles/ceilometer_compute/tasks/main.yml
new file mode 100644
index 0000000..864ea97
--- /dev/null
+++ b/ansible/roles/ceilometer_compute/tasks/main.yml
@@ -0,0 +1,44 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install ceilometer packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: ceilometer_packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: copy ceilometer configs
+ template: src={{ item.src}} dest=/opt/os_templates
+ with_items: "{{ ceilometer_configs_templates }}"
+
+- name: update ceilometer configs
+ shell: crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }}
+ with_subelements:
+ - ceilometer_configs_templates
+ - dest
+ notify: restart ceilometer relation service
+
+- name: write services to monitor list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: ceilometer_services
+
+- meta: flush_handlers
diff --git a/ansible/roles/ceilometer_compute/templates/ceilometer.j2 b/ansible/roles/ceilometer_compute/templates/ceilometer.j2
new file mode 100644
index 0000000..ee78de0
--- /dev/null
+++ b/ansible/roles/ceilometer_compute/templates/ceilometer.j2
@@ -0,0 +1,31 @@
+[DEFAULT]
+verbose = True
+rpc_backend = rabbit
+auth_strategy = keystone
+
+[oslo_messaging_rabbit]
+rabbit_host = {{ internal_vip.ip }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+
+[publisher]
+metering_secret = {{ metering_secret }}
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000
+auth_url = http://{{ internal_vip.ip }}:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = ceilometer
+password = {{ CEILOMETER_PASS }}
+
+[service_credentials]
+os_auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+os_username = ceilometer
+os_tenant_name = service
+os_password = {{ CEILOMETER_PASS }}
+os_endpoint_type = internalURL
+os_region_name = regionOne
+
diff --git a/ansible/roles/ceilometer_compute/templates/nova.j2 b/ansible/roles/ceilometer_compute/templates/nova.j2
new file mode 100644
index 0000000..e7532c8
--- /dev/null
+++ b/ansible/roles/ceilometer_compute/templates/nova.j2
@@ -0,0 +1,5 @@
+[DEFAULT]
+instance_usage_audit = True
+instance_usage_audit_period = hour
+notify_on_state_change = vm_and_task_state
+notification_driver = messagingv2
diff --git a/ansible/roles/ceilometer_compute/vars/Debian.yml b/ansible/roles/ceilometer_compute/vars/Debian.yml
new file mode 100644
index 0000000..550d14f
--- /dev/null
+++ b/ansible/roles/ceilometer_compute/vars/Debian.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+ - ceilometer-agent-compute
+
+ceilometer_services:
+ - ceilometer-agent-compute
+ - nova-compute
+
+ceilometer_configs_templates:
+ - src: ceilometer.j2
+ dest:
+ - /etc/ceilometer/ceilometer.conf
+ - src: nova.j2
+ dest:
+ - /etc/nova/nova.conf
diff --git a/ansible/roles/ceilometer_compute/vars/RedHat.yml b/ansible/roles/ceilometer_compute/vars/RedHat.yml
new file mode 100644
index 0000000..5a9128c
--- /dev/null
+++ b/ansible/roles/ceilometer_compute/vars/RedHat.yml
@@ -0,0 +1,25 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+ - openstack-ceilometer-compute
+ - python-ceilometerclient
+ - python-pecan
+
+ceilometer_services:
+ - openstack-ceilometer-compute
+ - openstack-nova-compute
+
+ceilometer_configs_templates:
+ - src: ceilometer.j2
+ dest:
+ - /etc/ceilometer/ceilometer.conf
+ - src: nova.j2
+ dest:
+ - /etc/nova/nova.conf
diff --git a/ansible/roles/ceilometer_compute/vars/main.yml b/ansible/roles/ceilometer_compute/vars/main.yml
new file mode 100644
index 0000000..209e1e0
--- /dev/null
+++ b/ansible/roles/ceilometer_compute/vars/main.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+metering_secret: 1c5df72079b31fb47747
diff --git a/ansible/roles/ceilometer_controller/handlers/main.yml b/ansible/roles/ceilometer_controller/handlers/main.yml
new file mode 100644
index 0000000..c973d7d
--- /dev/null
+++ b/ansible/roles/ceilometer_controller/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart ceilometer relation service
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: ceilometer_services
diff --git a/ansible/roles/ceilometer_controller/tasks/main.yml b/ansible/roles/ceilometer_controller/tasks/main.yml
new file mode 100644
index 0000000..6b1882c
--- /dev/null
+++ b/ansible/roles/ceilometer_controller/tasks/main.yml
@@ -0,0 +1,51 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install ceilometer packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: ceilometer_packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: copy ceilometer configs
+ template: src={{ item.src}} dest=/opt/os_templates
+ with_items: "{{ ceilometer_configs_templates }}"
+
+- name: update ceilometer configs
+ shell: crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }}
+ with_subelements:
+ - ceilometer_configs_templates
+ - dest
+ notify: restart ceilometer relation service
+
+- name: change meter polling interval to 300s
+ replace:
+ dest: /etc/ceilometer/pipeline.yaml
+ regexp: 'interval: .+'
+ replace: 'interval: 300'
+ notify: restart ceilometer relation service
+
+- name: write services to monitor list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: ceilometer_services
+
+- meta: flush_handlers
diff --git a/ansible/roles/ceilometer_controller/templates/ceilometer.j2 b/ansible/roles/ceilometer_controller/templates/ceilometer.j2
new file mode 100644
index 0000000..b262a26
--- /dev/null
+++ b/ansible/roles/ceilometer_controller/templates/ceilometer.j2
@@ -0,0 +1,37 @@
+[DEFAULT]
+rpc_backend = rabbit
+auth_strategy = keystone
+verbose = True
+
+[oslo_messaging_rabbit]
+rabbit_host = {{ internal_vip.ip }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+
+[database]
+connection = mongodb://ceilometer:{{ CEILOMETER_DBPASS }}@{{ internal_vip.ip }}:27017/ceilometer
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000
+auth_url = http://{{ internal_vip.ip }}:35357
+identity_uri = http://{{ internal_vip.ip }}:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = ceilometer
+password = {{ CEILOMETER_PASS }}
+
+[service_credentials]
+os_auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+os_username = ceilometer
+os_tenant_name = service
+os_password = {{ CEILOMETER_PASS }}
+os_endpoint_type = internalURL
+os_region_name = regionOne
+
+[publisher]
+metering_secret = {{ metering_secret }}
+
+[api]
+host = {{ internal_ip }}
diff --git a/ansible/roles/ceilometer_controller/templates/cinder.j2 b/ansible/roles/ceilometer_controller/templates/cinder.j2
new file mode 100644
index 0000000..dfd0473
--- /dev/null
+++ b/ansible/roles/ceilometer_controller/templates/cinder.j2
@@ -0,0 +1,2 @@
+[DEFAULT]
+notification_driver = messagingv2
diff --git a/ansible/roles/ceilometer_controller/templates/glance.j2 b/ansible/roles/ceilometer_controller/templates/glance.j2
new file mode 100644
index 0000000..a513d2c
--- /dev/null
+++ b/ansible/roles/ceilometer_controller/templates/glance.j2
@@ -0,0 +1,8 @@
+[DEFAULT]
+notification_driver = messagingv2
+rpc_backend = rabbit
+
+[oslo_messaging_rabbit]
+rabbit_host = {{ internal_vip.ip }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
diff --git a/ansible/roles/ceilometer_controller/vars/Debian.yml b/ansible/roles/ceilometer_controller/vars/Debian.yml
new file mode 100644
index 0000000..55f5aa1
--- /dev/null
+++ b/ansible/roles/ceilometer_controller/vars/Debian.yml
@@ -0,0 +1,33 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+ - ceilometer-api
+ - ceilometer-collector
+ - ceilometer-agent-central
+ - ceilometer-agent-notification
+ - python-ceilometerclient
+
+ceilometer_services:
+ - ceilometer-agent-central
+ - ceilometer-agent-notification
+ - ceilometer-api
+ - ceilometer-collector
+
+ceilometer_configs_templates:
+ - src: ceilometer.j2
+ dest:
+ - /etc/ceilometer/ceilometer.conf
+ - src: cinder.j2
+ dest:
+ - /etc/cinder/cinder.conf
+ - src: glance.j2
+ dest:
+ - /etc/glance/glance-api.conf
+ - /etc/glance/glance-registry.conf
diff --git a/ansible/roles/ceilometer_controller/vars/RedHat.yml b/ansible/roles/ceilometer_controller/vars/RedHat.yml
new file mode 100644
index 0000000..86f464a
--- /dev/null
+++ b/ansible/roles/ceilometer_controller/vars/RedHat.yml
@@ -0,0 +1,33 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+ - openstack-ceilometer-api
+ - openstack-ceilometer-collector
+ - openstack-ceilometer-central
+ - openstack-ceilometer-notification
+ - python-ceilometerclient
+
+ceilometer_services:
+ - openstack-ceilometer-central
+ - openstack-ceilometer-notification
+ - openstack-ceilometer-api
+ - openstack-ceilometer-collector
+
+ceilometer_configs_templates:
+ - src: ceilometer.j2
+ dest:
+ - /etc/ceilometer/ceilometer.conf
+ - src: cinder.j2
+ dest:
+ - /etc/cinder/cinder.conf
+ - src: glance.j2
+ dest:
+ - /etc/glance/glance-api.conf
+ - /etc/glance/glance-registry.conf
diff --git a/ansible/roles/ceilometer_controller/vars/main.yml b/ansible/roles/ceilometer_controller/vars/main.yml
new file mode 100644
index 0000000..209e1e0
--- /dev/null
+++ b/ansible/roles/ceilometer_controller/vars/main.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+metering_secret: 1c5df72079b31fb47747
diff --git a/ansible/roles/ceph-config/files/create_osd.sh b/ansible/roles/ceph-config/files/create_osd.sh
new file mode 100755
index 0000000..dd815c2
--- /dev/null
+++ b/ansible/roles/ceph-config/files/create_osd.sh
@@ -0,0 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+if [ -d "/var/local/osd" ]; then
+echo "clear /var/local/osd"
+rm -r /var/local/osd/
+umount /var/local/osd
+rm -r /var/local/osd
+fi
+
+
+#safe check
+ps -ef |grep lvremove |awk '{print $2}' |xargs kill -9
+ps -ef |grep vgremove |awk '{print $2}' |xargs kill -9
+ps -ef |grep vgcreate |awk '{print $2}' |xargs kill -9
+ps -ef |grep lvcreate |awk '{print $2}' |xargs kill -9
+
+if [ -L "/dev/storage-volumes/ceph0" ]; then
+echo "remove lv vg"
+lvremove -f /dev/storage-volumes/ceph0
+fi
+
+
+echo "lvcreate"
+lvcreate -l 100%FREE -nceph0 storage-volumes
+echo "mkfs"
+mkfs.xfs -f /dev/storage-volumes/ceph0
+
+if [ ! -d "/var/local/osd" ]; then
+echo "mount osd"
+mkdir -p /var/local/osd
+mount /dev/storage-volumes/ceph0 /var/local/osd
+fi
+
diff --git a/ansible/roles/ceph-config/tasks/create_config.yml b/ansible/roles/ceph-config/tasks/create_config.yml
new file mode 100755
index 0000000..891e23e
--- /dev/null
+++ b/ansible/roles/ceph-config/tasks/create_config.yml
@@ -0,0 +1,67 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: gen ceph fsid
+ shell: uuidgen
+ register: ceph_fsid
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: gen ceph conf
+ local_action:
+ module: "template"
+ src: "ceph.j2"
+ dest: "/tmp/ceph.conf"
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: "make directory for ceph config file"
+ file: path="/etc/ceph" state="directory"
+
+- name: copy ceph conf to dest mon node
+ copy: src="/tmp/ceph.conf" dest="/etc/ceph/ceph.conf"
+
+- name: install ceph-related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - ceph
+
+- name: gen create monmap script
+ local_action: template src="create_monmap.j2" dest="/tmp/create_monmap.sh" mode=0755
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: create monmap
+ script: /tmp/create_monmap.sh
+ when: inventory_hostname in groups['ceph_mon']
+
+- name: create mon.keyring
+ shell: "ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'"
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: create admin.keyring
+ shell: "ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'"
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: Add the client.admin key to the ceph.mon.keyring
+ shell: "ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring"
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: fetch mon.keyring to local
+ fetch: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring" flat=yes
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: fetch client.admin.keyring to local
+ fetch: src="/etc/ceph/ceph.client.admin.keyring" dest="/tmp/ceph.client.admin.keyring" flat=yes
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: copy mon.keyring to remote nodes
+ copy: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring"
+
+- name: copy admin.keyring to remote nodes
+ copy: src="/tmp/ceph.client.admin.keyring" dest="/etc/ceph/ceph.client.admin.keyring"
+
+
+- meta: flush_handlers
diff --git a/ansible/roles/ceph-config/tasks/main.yml b/ansible/roles/ceph-config/tasks/main.yml
new file mode 100755
index 0000000..dbe9fea
--- /dev/null
+++ b/ansible/roles/ceph-config/tasks/main.yml
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- include: create_config.yml
+ tags:
+ - ceph_config
+ - ceph_deploy
+ - ceph_mon
diff --git a/ansible/roles/ceph-config/templates/ceph.j2 b/ansible/roles/ceph-config/templates/ceph.j2
new file mode 100755
index 0000000..bd0e3f5
--- /dev/null
+++ b/ansible/roles/ceph-config/templates/ceph.j2
@@ -0,0 +1,25 @@
+[global]
+fsid = {{ ceph_fsid.stdout }}
+mon initial members = {{ groups["ceph_mon"] | join(", ")}}
+mon host =
+{%- for host in groups["ceph_mon"] -%}
+{{ ', ' if not loop.first else ''}}{{ ip_settings[host].mgmt.ip }}
+{%- endfor %}
+
+public network = {{ mgmt_cidr }}
+cluster network = {{ storage_cidr }}
+
+auth cluster required = cephx
+auth service required = cephx
+auth client required = cephx
+
+osd journal size = 1024
+filestore xattr use omap = true
+osd pool default size = 1
+osd pool default min size = 1
+osd pool default pg num = 333
+osd pool default pgp num = 333
+osd crush chooseleaf type = 1
+
+debug mon = 1
+debug ms = 0
diff --git a/ansible/roles/ceph-config/templates/create_monmap.j2 b/ansible/roles/ceph-config/templates/create_monmap.j2
new file mode 100644
index 0000000..7d1eb9d
--- /dev/null
+++ b/ansible/roles/ceph-config/templates/create_monmap.j2
@@ -0,0 +1,5 @@
+monmaptool --create --clobber --fsid {{ ceph_fsid.stdout }}
+{%- for host in groups['ceph_mon']%}
+ --add {{host}} {{ ip_settings[host].mgmt.ip }}:6789
+{%- endfor %}
+ /tmp/monmap
diff --git a/ansible/roles/ceph-config/templates/dump_var.j2 b/ansible/roles/ceph-config/templates/dump_var.j2
new file mode 100755
index 0000000..a4a9b15
--- /dev/null
+++ b/ansible/roles/ceph-config/templates/dump_var.j2
@@ -0,0 +1,8 @@
+HOSTVARS (ANSIBLE GATHERED, group_vars, host_vars) :
+
+{{ hostvars[inventory_hostname] | to_yaml }}
+
+PLAYBOOK VARS:
+
+{{ vars | to_yaml }}
+
diff --git a/ansible/roles/ceph-mon/tasks/install_mon.yml b/ansible/roles/ceph-mon/tasks/install_mon.yml
new file mode 100644
index 0000000..658d109
--- /dev/null
+++ b/ansible/roles/ceph-mon/tasks/install_mon.yml
@@ -0,0 +1,32 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Create a default data directory
+ file: path="/var/lib/ceph/mon/ceph-{{ inventory_hostname }}" state="directory"
+
+- name: Populate the monitor daemon
+ shell: "ceph-mon --mkfs -i {{ inventory_hostname }} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring"
+
+- name: Touch the done and auto start file
+ file: path="/var/lib/ceph/mon/ceph-{{ inventory_hostname }}/{{ item }}" state="touch"
+ with_items:
+ - "done"
+ - "{{ ceph_start_type }}"
+
+- name: start mon daemon
+ shell: "{{ ceph_start_script }}"
+
+- name: wait for creating osd keyring
+ wait_for: path=/var/lib/ceph/bootstrap-osd/ceph.keyring
+
+- name: fetch osd keyring
+ fetch: src="/var/lib/ceph/bootstrap-osd/ceph.keyring" dest="/tmp/ceph.osd.keyring" flat=yes
+ run_once: True
diff --git a/ansible/roles/ceph-mon/tasks/main.yml b/ansible/roles/ceph-mon/tasks/main.yml
new file mode 100644
index 0000000..3defa26
--- /dev/null
+++ b/ansible/roles/ceph-mon/tasks/main.yml
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- include: install_mon.yml
+ when: inventory_hostname in groups["ceph_mon"]
+ tags:
+ - ceph_mon
+ - ceph_deploy
diff --git a/ansible/roles/ceph-mon/vars/Debian.yml b/ansible/roles/ceph-mon/vars/Debian.yml
new file mode 100644
index 0000000..16b7989
--- /dev/null
+++ b/ansible/roles/ceph-mon/vars/Debian.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+ceph_start_script: "start ceph-mon id={{ inventory_hostname }}"
+ceph_start_type: "upstart"
diff --git a/ansible/roles/ceph-mon/vars/RedHat.yml b/ansible/roles/ceph-mon/vars/RedHat.yml
new file mode 100644
index 0000000..fa19fc0
--- /dev/null
+++ b/ansible/roles/ceph-mon/vars/RedHat.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+ceph_start_script: "/etc/init.d/ceph start mon.{{ inventory_hostname }}"
+ceph_start_type: "sysvinit"
diff --git a/ansible/roles/ceph-mon/vars/main.yml b/ansible/roles/ceph-mon/vars/main.yml
new file mode 100644
index 0000000..466ea6a
--- /dev/null
+++ b/ansible/roles/ceph-mon/vars/main.yml
@@ -0,0 +1,10 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
diff --git a/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml b/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml
new file mode 100755
index 0000000..d7c414e
--- /dev/null
+++ b/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml
@@ -0,0 +1,40 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: chown of glance/api.log
+ shell: chown -R glance:glance /var/log/glance
+ when: inventory_hostname in groups['controller']
+ tags:
+ - ceph_conf_glance
+ ignore_errors: True
+
+- name: modify glance-api.conf for ceph
+ shell: sed -i 's/^\(default_store\).*/\1 = rbd/g' /etc/glance/glance-api.conf && sed -i '/^\[glance_store/a rbd_store_pool = images\nrbd_store_user = glance\nrbd_store_ceph_conf = /etc/ceph/ceph.conf\nrbd_store_chunk_size = 8\nshow_image_direct_url=True' /etc/glance/glance-api.conf
+ when: inventory_hostname in groups['controller']
+ tags:
+ - ceph_conf_glance
+
+- name: restart glance
+ shell: rm -f /var/log/glance/api.log && chown -R glance:glance /var/log/glance && service {{ glance_service }} restart
+ when: inventory_hostname in groups['controller']
+ tags:
+ - ceph_conf_glance
+ ignore_errors: True
+
+- name: modify cinder.conf for ceph
+ shell: sed -i 's/^\(volume_driver\).*/\1 = cinder.volume.drivers.rbd.RBDDriver/g' /etc/cinder/cinder.conf && sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid.stdout_lines[0] }}/g' /etc/cinder/cinder.conf && sed -i '/^\[DEFAULT/a rbd_pool = volumes\nrbd_ceph_conf = /etc/ceph/ceph.conf\nrbd_flatten_volume_from_snapshot = false\nrbd_max_clone_depth = 5\nrbd_store_chunk_size = 4\nrados_connect_timeout = -1\nglance_api_version = 2\nrbd_user = cinder\nrbd_secret_uuid = {{ ceph_uuid.stdout_lines[0] }}' /etc/cinder/cinder.conf && service {{ cinder_service }} restart
+ when: inventory_hostname in groups['compute']
+ tags:
+ - ceph_conf_cinder
+
+- name: modify nova.conf for ceph
+ shell: sed -i 's/^\(images_type\).*/\1 = rbd/g' /etc/nova/nova-compute.conf && sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid.stdout_lines[0] }}/g' /etc/nova/nova-compute.conf && sed -i '/^\[libvirt/a images_rbd_pool = vms\nimages_rbd_ceph_conf = /etc/ceph/ceph.conf\nrbd_user = cinder\nrbd_secret_uuid = {{ ceph_uuid.stdout_lines[0] }}\ndisk_cachemodes=\"network=writeback\"\nlive_migration_flag=\"VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST,VIR_MIGRATE_TUNNELLED\"' /etc/nova/nova-compute.conf && service {{ nova_service }} restart
+ when: inventory_hostname in groups['compute']
+ tags:
+ - ceph_conf_nova
diff --git a/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml b/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml
new file mode 100755
index 0000000..78b71ec
--- /dev/null
+++ b/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml
@@ -0,0 +1,77 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: gen ceph uuid
+ shell: uuidgen
+ register: ceph_uuid
+ run_once: true
+ tags:
+ - ceph_copy_secret
+
+- name: gen template secret.xml
+ local_action:
+ module: "template"
+ src: "secret.j2"
+ dest: "/tmp/secret.xml"
+ mode: "0777"
+ when: inventory_hostname in groups['ceph_adm']
+ tags:
+ - ceph_copy_secret
+
+- name: create pool
+ shell: ceph osd pool create {{ item }} 50
+ with_items:
+ - volumes
+ - images
+ - backups
+ - vms
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: create ceph users for openstack
+ shell: ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' && ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
+ when: inventory_hostname in groups['ceph_adm']
+
+- name: send glance key to controller nodes
+ shell: ceph auth get-or-create client.glance | tee /etc/ceph/ceph.client.glance.keyring && chown glance:glance /etc/ceph/ceph.client.glance.keyring
+ when: inventory_hostname in groups['controller']
+
+- name: send cinder key to compute nodes
+ shell: ceph auth get-or-create client.cinder | tee /etc/ceph/ceph.client.cinder.keyring && chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring
+ when: inventory_hostname in groups['compute']
+ tags:
+ - ceph_send_key
+
+- name: copy cinder key to compute node
+ shell: ceph auth get-key client.cinder | tee client.cinder.key
+ when: inventory_hostname in groups['compute']
+ tags:
+ - ceph_copy_secret
+
+- name: copy secret.xml to compute nodes
+ copy: src="/tmp/secret.xml" dest="~/secret.xml"
+ when: inventory_hostname in groups['compute']
+ tags:
+ - ceph_copy_secret
+
+- name: undefine libvirt secret in case of repeatedly execute ceph_deploy
+ shell: "virsh secret-list | awk '$1 ~ /[0-9]+/ {print $1}' | xargs virsh secret-undefine"
+ when: inventory_hostname in groups['compute']
+ tags:
+ - ceph_copy_secret
+ ignore_errors: True
+
+
+- name: create key for libvirt on compute nodes
+ shell: "virsh secret-define --file ~/secret.xml && virsh secret-set-value --secret {{ ceph_uuid.stdout_lines[0] }} --base64 $(cat client.cinder.key)"
+ when: inventory_hostname in groups['compute']
+ tags:
+ - ceph_copy_secret
+ ignore_errors: True
+
+
diff --git a/ansible/roles/ceph-openstack/tasks/main.yml b/ansible/roles/ceph-openstack/tasks/main.yml
new file mode 100644
index 0000000..8c9734d
--- /dev/null
+++ b/ansible/roles/ceph-openstack/tasks/main.yml
@@ -0,0 +1,26 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- include_vars: "{{ ansible_os_family }}.yml"
+ tags:
+ - ceph_deploy
+ - ceph_openstack_pre
+ - ceph_openstack_conf
+ - ceph_openstack
+
+- include: ceph_openstack_pre.yml
+ tags:
+ - ceph_deploy
+ - ceph_openstack_pre
+ - ceph_openstack
+
+- include: ceph_openstack_conf.yml
+ tags:
+ - ceph_deploy
+ - ceph_openstack_conf
+ - ceph_openstack
diff --git a/ansible/roles/ceph-openstack/templates/secret.j2 b/ansible/roles/ceph-openstack/templates/secret.j2
new file mode 100644
index 0000000..a0ffc6e
--- /dev/null
+++ b/ansible/roles/ceph-openstack/templates/secret.j2
@@ -0,0 +1,6 @@
+
+ {{ ceph_uuid.stdout_lines[0] }}
+
+ client.cinder secret
+
+
diff --git a/ansible/roles/ceph-openstack/vars/Debian.yml b/ansible/roles/ceph-openstack/vars/Debian.yml
new file mode 100755
index 0000000..1da4232
--- /dev/null
+++ b/ansible/roles/ceph-openstack/vars/Debian.yml
@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - ceph-deploy
+ - python-flask
+ - libgoogle-perftools4
+ - libleveldb1
+ - liblttng-ust0
+ - libsnappy1
+ - librbd1
+ - librados2
+ - python-ceph
+ - ceph
+ - ceph-mds
+ - ceph-common
+ - ceph-fs-common
+ - gdisk
+
+services: []
+
+cinder_service: cinder-volume
+nova_service: nova-compute
+glance_service: glance-api
diff --git a/ansible/roles/ceph-openstack/vars/RedHat.yml b/ansible/roles/ceph-openstack/vars/RedHat.yml
new file mode 100755
index 0000000..d0310f8
--- /dev/null
+++ b/ansible/roles/ceph-openstack/vars/RedHat.yml
@@ -0,0 +1,20 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - ceph-radosgw
+ - fcgi
+ - ceph-deploy
+ - ceph
+
+services: []
+
+cinder_service: openstack-cinder-volume
+nova_service: openstack-nova-compute
+glance_service: openstack-glance-api
diff --git a/ansible/roles/ceph-openstack/vars/main.yml b/ansible/roles/ceph-openstack/vars/main.yml
new file mode 100755
index 0000000..6de7e9f
--- /dev/null
+++ b/ansible/roles/ceph-openstack/vars/main.yml
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+ceph_cluster_dir:
+ - /root/ceph-cluster
diff --git a/ansible/roles/ceph-osd/files/create_osd.sh b/ansible/roles/ceph-osd/files/create_osd.sh
new file mode 100755
index 0000000..dd815c2
--- /dev/null
+++ b/ansible/roles/ceph-osd/files/create_osd.sh
@@ -0,0 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+if [ -d "/var/local/osd" ]; then
+echo "clear /var/local/osd"
+rm -r /var/local/osd/
+umount /var/local/osd
+rm -r /var/local/osd
+fi
+
+
+#safe check
+ps -ef |grep lvremove |awk '{print $2}' |xargs kill -9
+ps -ef |grep vgremove |awk '{print $2}' |xargs kill -9
+ps -ef |grep vgcreate |awk '{print $2}' |xargs kill -9
+ps -ef |grep lvcreate |awk '{print $2}' |xargs kill -9
+
+if [ -L "/dev/storage-volumes/ceph0" ]; then
+echo "remove lv vg"
+lvremove -f /dev/storage-volumes/ceph0
+fi
+
+
+echo "lvcreate"
+lvcreate -l 100%FREE -nceph0 storage-volumes
+echo "mkfs"
+mkfs.xfs -f /dev/storage-volumes/ceph0
+
+if [ ! -d "/var/local/osd" ]; then
+echo "mount osd"
+mkdir -p /var/local/osd
+mount /dev/storage-volumes/ceph0 /var/local/osd
+fi
+
diff --git a/ansible/roles/ceph-osd/tasks/install_osd.yml b/ansible/roles/ceph-osd/tasks/install_osd.yml
new file mode 100644
index 0000000..e7e4a24
--- /dev/null
+++ b/ansible/roles/ceph-osd/tasks/install_osd.yml
@@ -0,0 +1,33 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: create osd lv and mount it on /var/local/osd
+ script: create_osd.sh
+
+- name: copy osd keyring
+ copy: src="/tmp/ceph.osd.keyring" dest="/var/lib/ceph/bootstrap-osd/ceph.keyring"
+
+- name: prepare osd disk
+ shell: ceph-disk prepare --fs-type xfs /var/local/osd
+
+- name: activate osd node
+ shell: ceph-disk activate /var/local/osd
+
+- name: enable ceph service
+ service: name=ceph enabled=yes
+
+- name: rebuild osd after reboot
+ lineinfile: dest=/etc/init/ceph-osd-all-starter.conf insertafter="^task" line="pre-start script\n set -e\n /opt/setup_storage/losetup.sh\n sleep 3\n mount /dev/storage-volumes/ceph0 /var/local/osd\nend script"
+ when: ansible_os_family == "Debian"
+
+- name: rebuild osd after reboot for centos
+ lineinfile: dest=/etc/init.d/ceph insertafter="^### END INIT INFO" line="\nsleep 1\nmount /dev/storage-volumes/ceph0 /var/local/osd"
+ when: ansible_os_family == "RedHat"
+
diff --git a/ansible/roles/ceph-osd/tasks/main.yml b/ansible/roles/ceph-osd/tasks/main.yml
new file mode 100644
index 0000000..b2d10b1
--- /dev/null
+++ b/ansible/roles/ceph-osd/tasks/main.yml
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- include: install_osd.yml
+ when: inventory_hostname in groups["ceph_osd"]
+ tags:
+ - ceph_osd
+ - ceph_deploy
diff --git a/ansible/roles/ceph-purge/tasks/main.yml b/ansible/roles/ceph-purge/tasks/main.yml
new file mode 100644
index 0000000..a25572c
--- /dev/null
+++ b/ansible/roles/ceph-purge/tasks/main.yml
@@ -0,0 +1,35 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: clear tmp files
+ local_action: shell rm -rf /tmp/ceph*
+ tags:
+ - ceph_purge
+ - ceph_deploy
+
+- name: install ceph-related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - ceph-deploy
+ tags:
+ - ceph_purge
+ - ceph_deploy
+
+- name: purge ceph
+ shell: "ceph-deploy purge {{ inventory_hostname }}; ceph-deploy purgedata {{ inventory_hostname }}; ceph-deploy forgetkeys"
+ tags:
+ - ceph_purge
+ - ceph_deploy
+
+- name: remove monmap
+ file: path="/tmp/monmap" state="absent"
+ tags:
+ - ceph_purge
+ - ceph_deploy
+
+
diff --git a/ansible/roles/cinder-controller/handlers/main.yml b/ansible/roles/cinder-controller/handlers/main.yml
index aeeda0d..93bffe7 100644
--- a/ansible/roles/cinder-controller/handlers/main.yml
+++ b/ansible/roles/cinder-controller/handlers/main.yml
@@ -1,6 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: restart cinder-scheduler
- service: name=cinder-scheduler state=restarted
-- name: restart cinder-api
- service: name=cinder-api state=restarted
+- name: restart cinder control serveice
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/ansible/roles/cinder-controller/tasks/cinder_config.yml b/ansible/roles/cinder-controller/tasks/cinder_config.yml
new file mode 100644
index 0000000..e763a47
--- /dev/null
+++ b/ansible/roles/cinder-controller/tasks/cinder_config.yml
@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: upload cinder conf
+ template: src=cinder.conf dest=/etc/cinder/cinder.conf
+
+- name: sync cinder db
+ #cinder_manage: action=dbsync
+ shell: su -s /bin/sh -c 'cinder-manage db sync' cinder
+ ignore_errors: true
+ changed_when: true
+ notify:
+ - restart cinder control serveice
diff --git a/ansible/roles/cinder-controller/tasks/cinder_install.yml b/ansible/roles/cinder-controller/tasks/cinder_install.yml
new file mode 100644
index 0000000..d41094d
--- /dev/null
+++ b/ansible/roles/cinder-controller/tasks/cinder_install.yml
@@ -0,0 +1,34 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install cinder packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: generate common cinder service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: upload cinder conf
+ template: src=cinder.conf dest=/etc/cinder/cinder.conf
+ notify:
+ - restart cinder control serveice
diff --git a/ansible/roles/cinder-controller/tasks/main.yml b/ansible/roles/cinder-controller/tasks/main.yml
index b814d93..c719ca2 100644
--- a/ansible/roles/cinder-controller/tasks/main.yml
+++ b/ansible/roles/cinder-controller/tasks/main.yml
@@ -1,29 +1,25 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: install cinder packages
- apt: name={{ item }} state=present force=yes
- with_items:
- - cinder-api
- - cinder-scheduler
- - python-cinderclient
+- include_vars: "{{ ansible_os_family }}.yml"
-- name: upload cinder conf
- template: src=cinder.conf dest=/etc/cinder/cinder.conf
- notify:
- - restart cinder-scheduler
- - restart cinder-api
+- include: cinder_install.yml
+ tags:
+ - install
+ - cinder-install
+ - cinder
-- name: sync cinder db
- shell: su -s /bin/sh -c "cinder-manage db sync" cinder && cinder
- notify:
- - restart cinder-scheduler
- - restart cinder-api
+- include: cinder_config.yml
+ when: inventory_hostname == groups['controller'][0]
+ tags:
+ - config
+ - cinder-config
+ - cinder
- meta: flush_handlers
-
-- name: upload cinder keystone register script
- template: src=cinder_init.sh dest=/opt/cinder_init.sh mode=0744
-
-- name: run cinder register script
- shell: /opt/cinder_init.sh && touch cinder_init_complete
- args:
- creates: cinder_init_complete
diff --git a/ansible/roles/cinder-controller/templates/api-paste.ini b/ansible/roles/cinder-controller/templates/api-paste.ini
index 6ae63f1..0eb04e2 100644
--- a/ansible/roles/cinder-controller/templates/api-paste.ini
+++ b/ansible/roles/cinder-controller/templates/api-paste.ini
@@ -54,8 +54,8 @@ paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
# auth_host = 127.0.0.1
# auth_port = 35357
# auth_protocol = http
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
admin_tenant_name = service
admin_user = cinder
admin_password = {{ CINDER_PASS }}
diff --git a/ansible/roles/cinder-controller/templates/cinder.conf b/ansible/roles/cinder-controller/templates/cinder.conf
index 2fcd0b7..66d9948 100644
--- a/ansible/roles/cinder-controller/templates/cinder.conf
+++ b/ansible/roles/cinder-controller/templates/cinder.conf
@@ -3,7 +3,7 @@ rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-%s
-volume_group = cinder-volumes
+volume_group = storage-volumes
verbose = {{ VERBOSE }}
debug = {{ DEBUG }}
auth_strategy = keystone
@@ -18,11 +18,11 @@ control_exchange = cinder
rpc_backend = rabbit
rabbit_host = {{ rabbit_host }}
rabbit_port = 5672
-rabbit_userid = guest
+rabbit_userid = {{ RABBIT_USER }}
rabbit_password = {{ RABBIT_PASS }}
my_ip = {{ storage_controller_host }}
-glance_host = {{ image_host }}
+glance_host = {{ internal_vip.ip }}
glance_port = 9292
api_rate_limit = False
storage_availability_zone = nova
@@ -39,7 +39,6 @@ volume_name_template = volume-%s
snapshot_name_template = snapshot-%s
max_gigabytes=10000
-volume_group=cinder-volumes
volume_clear=zero
volume_clear_size=10
@@ -53,11 +52,15 @@ volumes_dir=/var/lib/cinder/volumes
volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/v3
+identity_uri = http://{{ internal_vip.ip }}:35357
admin_tenant_name = service
admin_user = cinder
admin_password = {{ CINDER_PASS }}
[database]
connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder
+idle_timeout = 30
+
+[keymgr]
+encryption_auth_url=http://{{ internal_vip.ip }}:5000/v3
diff --git a/ansible/roles/cinder-controller/templates/cinder_init.sh b/ansible/roles/cinder-controller/templates/cinder_init.sh
deleted file mode 100644
index 86968bf..0000000
--- a/ansible/roles/cinder-controller/templates/cinder_init.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-create --name=cinder --pass={{ CINDER_PASS }} --email=cinder@example.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-role-add --user=cinder --tenant=service --role=admin
-
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-create --name=cinder --type=volume --description="OpenStack Block Storage"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-list | awk '/ volume / {print $2}') --publicurl=http://{{ storage_controller_host }}:8776/v1/%\(tenant_id\)s --internalurl=http://{{ storage_controller_host }}:8776/v1/%\(tenant_id\)s --adminurl=http://{{ storage_controller_host }}:8776/v1/%\(tenant_id\)s
-
diff --git a/ansible/roles/cinder-controller/vars/Debian.yml b/ansible/roles/cinder-controller/vars/Debian.yml
new file mode 100644
index 0000000..801296b
--- /dev/null
+++ b/ansible/roles/cinder-controller/vars/Debian.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+packages:
+ - cinder-api
+ - cinder-scheduler
+
+services:
+ - cinder-api
+ - cinder-scheduler
diff --git a/ansible/roles/cinder-controller/vars/RedHat.yml b/ansible/roles/cinder-controller/vars/RedHat.yml
new file mode 100644
index 0000000..e11bef9
--- /dev/null
+++ b/ansible/roles/cinder-controller/vars/RedHat.yml
@@ -0,0 +1,16 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openstack-cinder
+ - python-oslo-db
+
+services:
+ - openstack-cinder-api
+ - openstack-cinder-scheduler
diff --git a/ansible/roles/cinder-controller/vars/main.yml b/ansible/roles/cinder-controller/vars/main.yml
new file mode 100644
index 0000000..483300e
--- /dev/null
+++ b/ansible/roles/cinder-controller/vars/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - python-cinderclient
+
+services_noarch: []
+
diff --git a/ansible/roles/cinder-volume/files/loop.yml b/ansible/roles/cinder-volume/files/loop.yml
deleted file mode 100644
index e872652..0000000
--- a/ansible/roles/cinder-volume/files/loop.yml
+++ /dev/null
@@ -1 +0,0 @@
-physical_device: /dev/loop0
diff --git a/ansible/roles/cinder-volume/handlers/main.yml b/ansible/roles/cinder-volume/handlers/main.yml
index 866eb83..f841a63 100644
--- a/ansible/roles/cinder-volume/handlers/main.yml
+++ b/ansible/roles/cinder-volume/handlers/main.yml
@@ -1,6 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: restart cinder-volume
- service: name=cinder-volume state=restarted
-
-- name: restart tgt
- shell: service tgt restart
+- name: restart cinder-volume services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/ansible/roles/cinder-volume/tasks/main.yml b/ansible/roles/cinder-volume/tasks/main.yml
index d29e94f..f3f40c1 100644
--- a/ansible/roles/cinder-volume/tasks/main.yml
+++ b/ansible/roles/cinder-volume/tasks/main.yml
@@ -1,51 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
- name: install cinder-volume and lvm2 packages
- apt: name={{ item }} state=present force=yes
- with_items:
- - cinder-volume
- - lvm2
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
-- name: check if physical device exists
- stat: path={{ physical_device }}
- register: st
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
-- name: repace physical_device if st is false
- local_action: copy src=loop.yml dest=/tmp/loop.yml
- when: st.stat.exists == False
-
-- name: load loop.yml
- include_vars: /tmp/loop.yml
- when: st.stat.exists == False
-
-- name: check if cinder-volumes is mounted
- shell: ls /mnt
- register: cindervolumes
-
-- name: get available partition size
- shell: df / | awk '$3 ~ /[0-9]+/ { print $4 }'
- register: partition_size
-
-- name: if not mounted, mount it
- shell: dd if=/dev/zero of=/mnt/cinder-volumes
- bs=1 count=0 seek={{ partition_size.stdout }}
- when: cindervolumes.stdout != 'cinder-volumes'
-
-- name: get first lo device
- shell: ls /dev/loop* | egrep 'loop[0-9]+'|sed -n 1p
- register: first_lo
- when: cindervolumes.stdout != 'cinder-volumes'
-
-- name: do a losetup on /mnt/cinder-volumes
- shell: losetup {{ first_lo.stdout }} /mnt/cinder-volumes
- when: cindervolumes.stdout != 'cinder-volumes'
-
-- name: create physical and group volumes
- lvg: vg=cinder-volumes pvs={{ physical_device }}
- vg_options=--force
+- name: generate cinder volume service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
- name: upload cinder-volume configuration
template: src=cinder.conf dest=/etc/cinder/cinder.conf
backup=yes
notify:
- - restart cinder-volume
- - restart tgt
+ - restart cinder-volume services
+
+- meta: flush_handlers
diff --git a/ansible/roles/cinder-volume/templates/cinder.conf b/ansible/roles/cinder-volume/templates/cinder.conf
index a674ca6..0660cba 100644
--- a/ansible/roles/cinder-volume/templates/cinder.conf
+++ b/ansible/roles/cinder-volume/templates/cinder.conf
@@ -3,11 +3,11 @@ rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-%s
-volume_group = cinder-volumes
+volume_group = storage-volumes
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
-lock_path = /var/lock/cinder
+lock_path = /var/lib/cinder/tmp
notification_driver=cinder.openstack.common.notifier.rpc_notifier
volumes_dir = /var/lib/cinder/volumes
@@ -17,11 +17,11 @@ control_exchange = cinder
rpc_backend = rabbit
rabbit_host = {{ rabbit_host }}
rabbit_port = 5672
-rabbit_userid = guest
+rabbit_userid = {{ RABBIT_USER }}
rabbit_password = {{ RABBIT_PASS }}
my_ip = {{ storage_controller_host }}
-glance_host = {{ image_host }}
+glance_host = {{ internal_vip.ip }}
glance_port = 9292
api_rate_limit = False
storage_availability_zone = nova
@@ -38,7 +38,6 @@ volume_name_template = volume-%s
snapshot_name_template = snapshot-%s
max_gigabytes=10000
-volume_group=cinder-volumes
volume_clear=zero
volume_clear_size=10
@@ -52,11 +51,12 @@ volumes_dir=/var/lib/cinder/volumes
volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/v3
+identity_uri = http://{{ internal_vip.ip }}:35357
admin_tenant_name = service
admin_user = cinder
admin_password = {{ CINDER_PASS }}
[database]
connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder
+idle_timeout = 30
diff --git a/ansible/roles/cinder-volume/vars/Debian.yml b/ansible/roles/cinder-volume/vars/Debian.yml
new file mode 100644
index 0000000..d95b779
--- /dev/null
+++ b/ansible/roles/cinder-volume/vars/Debian.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - cinder-volume
+
+services:
+ - cinder-volume
diff --git a/ansible/roles/cinder-volume/vars/RedHat.yml b/ansible/roles/cinder-volume/vars/RedHat.yml
new file mode 100644
index 0000000..6d596f4
--- /dev/null
+++ b/ansible/roles/cinder-volume/vars/RedHat.yml
@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openstack-cinder
+ - targetcli
+ - python-oslo-db
+ - MySQL-python
+ - lvm2
+
+services:
+ - openstack-cinder-volume
+ - lvm2-lvmetad
diff --git a/ansible/roles/cinder-volume/vars/main.yml b/ansible/roles/cinder-volume/vars/main.yml
new file mode 100644
index 0000000..9949450
--- /dev/null
+++ b/ansible/roles/cinder-volume/vars/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - lvm2
+
+services_noarch: []
+
diff --git a/ansible/roles/common/files/sources.list.d/cloudarchive-juno.list b/ansible/roles/common/files/sources.list.d/cloudarchive-juno.list
deleted file mode 100644
index 920f3d2..0000000
--- a/ansible/roles/common/files/sources.list.d/cloudarchive-juno.list
+++ /dev/null
@@ -1 +0,0 @@
-deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/juno main
diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml
deleted file mode 100644
index ba409f6..0000000
--- a/ansible/roles/common/handlers/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- name: restart ntp
- command: su -s /bin/sh -c "service ntp stop; ntpd -gq; hwclock --systohc; service ntp start"
- ignore_errors: True
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index 3730a33..f004e98 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -1,38 +1,92 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: first update pkgs
- apt: update_cache=yes
+- include_vars: "{{ ansible_os_family }}.yml"
-- name: install ubuntu-cloud-keyring(ubuntu)
- apt: name={{ item }} state=latest
- with_items:
- - ubuntu-cloud-keyring
-
-- name: add juno cloudarchive
- apt_repository: repo="{{ juno_cloud_archive }}" state=present
-
-- name: update packages once
- apt: update_cache=yes
+- name: speed up ansible by purging landscape-common
+ apt: pkg=landscape-common state=absent purge=yes
+ when: ansible_os_family == "Debian"
- name: update hosts files to all hosts
- template: src=hosts
- dest=/etc/hosts
- backup=yes
+ template: src=hosts dest=/etc/hosts backup=yes
-- name: install common packages
- apt: name={{ item }} state=latest
- with_items:
- - python-pip
- - python-dev
- - python-mysqldb
- - ntp
+- name: get compass-core hostname
+ local_action: shell hostname
+ register: name
+
+- name: get compass-core addr
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: COMPASS_SERVER
+
+- name: update compass-core name and ip to hosts files
+ shell: |
+ echo "# compass" >> /etc/hosts
+ echo {{ COMPASS_SERVER.stdout_lines[0] }} {{ name.stdout_lines[0] }} >> /etc/hosts
+
+- name: install python-crypto
+ yum: name=python-crypto state=present
+ register: python_crypto_result
+ ignore_errors: yes
+ when: ansible_os_family == "RedHat"
+
+- name: remove python crypt egg file to work-around https://bugs.centos.org/view.php?id=9896&nbn=2
+ shell: rm -rf /usr/lib64/python2.7/site-packages/pycrypto-2.6.1-py2.7.egg-info
+ when: ansible_os_family == "RedHat" and python_crypto_result.msg == "Error unpacking rpm package python2-crypto-2.6.1-9.el7.x86_64\n"
+
+- name: install packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes"
+ with_items: packages | union(packages_noarch)
+
+- name: make config template dir exist
+ file: path=/opt/os_templates state=directory mode=0755
+
+- name: create pip config directory
+ file: path=~/.pip state=directory
+
+- name: update pip.conf
+ template: src=pip.conf dest=~/.pip/{{ pip_conf }}
+
+- name: install pip packages
+ pip: name={{ item }} state=present extra_args='--pre'
+ with_items: pip_packages
+
+- name: install keyczar for accelerate
+ pip: name=python-keyczar state=present extra_args='--pre'
+ delegate_to: 127.0.0.1
+ run_once: true
- name: update ntp conf
template: src=ntp.conf dest=/etc/ntp.conf backup=yes
- notify:
- - restart ntp
-- name: update pip
- pip: name={{ item }} state=latest
- with_items:
- - pip
+- name: use ntpdate once for initial sync time
+ shell: ntpdate {{ ntp_server }}
+ ignore_errors: True
+- name: sync sys clock to hard clock
+ shell: hwclock --systohc
+ ignore_errors: True
+
+- name: create fireball keys dir
+ file: path=~/.fireball.keys state=directory mode=0700
+ delegate_to: 127.0.0.1
+ run_once: true
+
+- name: restart services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services| union(services_noarch)
+
+- name: write services to monitor list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services| union(services_noarch)
+
+- name: kill daemon for accelerate
+ shell: lsof -ni :5099|grep LISTEN|awk '{print $2}'|xargs kill -9
+ ignore_errors: true
+
+- meta: flush_handlers
diff --git a/ansible/roles/common/templates/hosts b/ansible/roles/common/templates/hosts
index 9d27c0a..bb770d5 100644
--- a/ansible/roles/common/templates/hosts
+++ b/ansible/roles/common/templates/hosts
@@ -1,22 +1,9 @@
-# compute-controller
-10.145.89.136 host-136
-# database
-10.145.89.136 host-136
-# messaging
-10.145.89.136 host-136
-# storage-controller
-10.145.89.138 host-138
-# image
-10.145.89.138 host-138
-# identity
-10.145.89.136 host-136
-# network-server
-10.145.89.138 host-138
-# dashboard
-10.145.89.136 host-136
-# storage-volume
-10.145.89.139 host-139
-# network-worker
-10.145.89.139 host-139
-# compute-worker
-10.145.89.137 host-137
+# localhost
+127.0.0.1 localhost
+# controller
+10.1.0.50 host1
+10.1.0.51 host2
+10.1.0.52 host3
+# compute
+10.1.0.53 host4
+10.1.0.54 host5
diff --git a/ansible/roles/common/templates/ntp.conf b/ansible/roles/common/templates/ntp.conf
index c613809..2d560be 100644
--- a/ansible/roles/common/templates/ntp.conf
+++ b/ansible/roles/common/templates/ntp.conf
@@ -16,14 +16,12 @@ filegen clockstats file clockstats type day enable
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
-server {{ NTP_SERVER_LOCAL }}
-server 0.ubuntu.pool.ntp.org
-server 1.ubuntu.pool.ntp.org
-server 2.ubuntu.pool.ntp.org
-server 3.ubuntu.pool.ntp.org
+server {{ ntp_server }}
+server {{ internal_vip.ip }}
-# Use Ubuntu's ntp server as a fallback.
-server ntp.ubuntu.com
+# Use local server as a fallback.
+server 127.127.1.0 # local clock
+fudge 127.127.1.0 stratum 10
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page
@@ -34,8 +32,8 @@ server ntp.ubuntu.com
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
-restrict -4 default kod notrap nomodify nopeer noquery
-restrict -6 default kod notrap nomodify nopeer noquery
+restrict -4 default kod notrap nomodify
+restrict -6 default kod notrap nomodify
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
diff --git a/ansible/roles/common/templates/pip.conf b/ansible/roles/common/templates/pip.conf
new file mode 100644
index 0000000..7bb3e43
--- /dev/null
+++ b/ansible/roles/common/templates/pip.conf
@@ -0,0 +1,5 @@
+[global]
+find-links = http://{{ COMPASS_SERVER.stdout_lines[0] }}/pip
+no-index = true
+[install]
+trusted-host={{ COMPASS_SERVER.stdout_lines[0] }}
diff --git a/ansible/roles/common/vars/Debian.yml b/ansible/roles/common/vars/Debian.yml
new file mode 100644
index 0000000..1d7972e
--- /dev/null
+++ b/ansible/roles/common/vars/Debian.yml
@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - ubuntu-cloud-keyring
+ - python-dev
+ - openvswitch-datapath-dkms
+ - openvswitch-switch
+ - python-memcache
+ - python-iniparse
+ - python-lxml
+ #- python-d* #TODO, need remove
+
+pip_packages:
+ - crudini
+ - python-keyczar
+ - yang2tosca
+
+pip_conf: pip.conf
+
+services:
+ - ntp
+
+
diff --git a/ansible/roles/common/vars/RedHat.yml b/ansible/roles/common/vars/RedHat.yml
new file mode 100644
index 0000000..8143e1c
--- /dev/null
+++ b/ansible/roles/common/vars/RedHat.yml
@@ -0,0 +1,26 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openvswitch
+ - python-devel
+ - python-memcached
+ - gcc
+ - redhat-lsb-core
+ - python-crypto
+
+pip_packages:
+ - crudini
+ - python-keyczar
+
+pip_conf: pip.conf
+
+services:
+ - openvswitch
+ - ntpd
diff --git a/ansible/roles/common/vars/main.yml b/ansible/roles/common/vars/main.yml
new file mode 100644
index 0000000..713b6b5
--- /dev/null
+++ b/ansible/roles/common/vars/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - python-pip
+ - ntp
+
+services_noarch: []
diff --git a/ansible/roles/dashboard/handlers/main.yml b/ansible/roles/dashboard/handlers/main.yml
new file mode 100755
index 0000000..62e0b8e
--- /dev/null
+++ b/ansible/roles/dashboard/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart dashboard services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/ansible/roles/dashboard/tasks/main.yml b/ansible/roles/dashboard/tasks/main.yml
index 33e6ebf..ce4fd97 100644
--- a/ansible/roles/dashboard/tasks/main.yml
+++ b/ansible/roles/dashboard/tasks/main.yml
@@ -1,30 +1,108 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
- name: install dashboard packages
- apt: name={{ item }} state=present force=yes
- with_items:
- - apache2
- - memcached
- - libapache2-mod-wsgi
- - openstack-dashboard
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
- name: remove ubuntu theme
- apt: name=openstack-dashboard-ubuntu-theme
- state=absent
+ action: "{{ ansible_pkg_mgr }} name=openstack-dashboard-ubuntu-theme state=absent"
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart dashboard services
-## horizon configuration is already enabled in apache2/conf-enabled
-## by openstack-dashboard package deploy script.
-#- name: update dashboard conf
-# template: src=openstack-dashboard.conf
-# dest=/etc/apache2/sites-available/openstack-dashboard.conf
-# backup=yes
+- name: remove default apache2 config
+ file:
+ path: '{{ item }}'
+ state: absent
+ when: ansible_os_family == 'Debian'
+ with_items:
+ - '{{ apache_config_dir }}/conf-available/openstack-dashboard.conf'
+ - '{{ apache_config_dir }}/conf-enabled/openstack-dashboard.conf'
+ - '{{ apache_config_dir }}/sites-available/000-default.conf'
+ - '{{ apache_config_dir }}/sites-enabled/000-default.conf'
+ notify:
+ - restart dashboard services
-- name: update horizon settings
- template: src=local_settings.py
- dest=/etc/openstack-dashboard/local_settings.py
- backup=yes
+- name: update apache2 configs
+ template:
+ src: openstack-dashboard.conf.j2
+ dest: '{{ apache_config_dir }}/sites-available/openstack-dashboard.conf'
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart dashboard services
-- name: restart apache2
- service: name=apache2 state=restarted
+- name: enable dashboard
+ file:
+ src: "/etc/apache2/sites-available/openstack-dashboard.conf"
+ dest: "/etc/apache2/sites-enabled/openstack-dashboard.conf"
+ state: "link"
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart dashboard services
-- name: restart memcached
- service: name=memcached state=restarted
+- name: update ubuntu horizon settings
+ lineinfile:
+ dest: /etc/openstack-dashboard/local_settings.py
+ regexp: '{{ item.regexp }}'
+ line: '{{ item.line }}'
+ with_items:
+ - regexp: '^WEBROOT[ \t]*=.*'
+ line: 'WEBROOT = "/horizon"'
+ - regexp: '^COMPRESS_OFFLINE[ \t]*=.*'
+ line: 'COMPRESS_OFFLINE=True'
+ - regexp: '^ALLOWED_HOSTS[ \t]*=.*'
+ line: 'ALLOWED_HOSTS = ["*"]'
+ - regexp: '^OPENSTACK_HOST[ \t]*=.*'
+ line: 'OPENSTACK_HOST = "{{ internal_ip }}"'
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart dashboard services
+
+- name: precompile horizon css
+ shell: /usr/bin/python /usr/share/openstack-dashboard/manage.py compress --force
+ ignore_errors: True
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart dashboard services
+
+- name: update redhat version horizon settings
+ lineinfile:
+ dest: /etc/openstack-dashboard/local_settings
+ regexp: '{{ item.regexp }}'
+ line: '{{ item.line }}'
+ with_items:
+ - regexp: '^WEBROOT[ \t]*=.*'
+ line: 'WEBROOT = "/horizon"'
+ - regexp: '^COMPRESS_OFFLINE[ \t]*=.*'
+ line: 'COMPRESS_OFFLINE=False'
+ - regexp: '^ALLOWED_HOSTS[ \t]*=.*'
+ line: 'ALLOWED_HOSTS = ["*"]'
+ - regexp: '^OPENSTACK_HOST[ \t]*=.*'
+ line: 'OPENSTACK_HOST = "{{ internal_ip }}"'
+ when: ansible_os_family == 'RedHat'
+ notify:
+ - restart dashboard services
+
+- meta: flush_handlers
diff --git a/ansible/roles/dashboard/templates/local_settings.py b/ansible/roles/dashboard/templates/local_settings.py
deleted file mode 100644
index 35f94c5..0000000
--- a/ansible/roles/dashboard/templates/local_settings.py
+++ /dev/null
@@ -1,511 +0,0 @@
-import os
-
-from django.utils.translation import ugettext_lazy as _
-
-from openstack_dashboard import exceptions
-
-DEBUG = True
-TEMPLATE_DEBUG = DEBUG
-
-# Required for Django 1.5.
-# If horizon is running in production (DEBUG is False), set this
-# with the list of host/domain names that the application can serve.
-# For more information see:
-# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
-#ALLOWED_HOSTS = ['horizon.example.com', ]
-
-# Set SSL proxy settings:
-# For Django 1.4+ pass this header from the proxy after terminating the SSL,
-# and don't forget to strip it from the client's request.
-# For more information see:
-# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
-# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
-
-# If Horizon is being served through SSL, then uncomment the following two
-# settings to better secure the cookies from security exploits
-#CSRF_COOKIE_SECURE = True
-#SESSION_COOKIE_SECURE = True
-
-# Overrides for OpenStack API versions. Use this setting to force the
-# OpenStack dashboard to use a specific API version for a given service API.
-# NOTE: The version should be formatted as it appears in the URL for the
-# service API. For example, The identity service APIs have inconsistent
-# use of the decimal point, so valid options would be "2.0" or "3".
-# OPENSTACK_API_VERSIONS = {
-# "identity": 3,
-# "volume": 2
-# }
-
-# Set this to True if running on multi-domain model. When this is enabled, it
-# will require user to enter the Domain name in addition to username for login.
-# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
-
-# Overrides the default domain used when running on single-domain model
-# with Keystone V3. All entities will be created in the default domain.
-# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
-
-# Set Console type:
-# valid options would be "AUTO", "VNC", "SPICE" or "RDP"
-# CONSOLE_TYPE = "AUTO"
-
-# Default OpenStack Dashboard configuration.
-HORIZON_CONFIG = {
- 'dashboards': ('project', 'admin', 'settings',),
- 'default_dashboard': 'project',
- 'user_home': 'openstack_dashboard.views.get_user_home',
- 'ajax_queue_limit': 10,
- 'auto_fade_alerts': {
- 'delay': 3000,
- 'fade_duration': 1500,
- 'types': ['alert-success', 'alert-info']
- },
- 'help_url': "http://docs.openstack.org",
- 'exceptions': {'recoverable': exceptions.RECOVERABLE,
- 'not_found': exceptions.NOT_FOUND,
- 'unauthorized': exceptions.UNAUTHORIZED},
-}
-
-# Specify a regular expression to validate user passwords.
-# HORIZON_CONFIG["password_validator"] = {
-# "regex": '.*',
-# "help_text": _("Your password does not meet the requirements.")
-# }
-
-# Disable simplified floating IP address management for deployments with
-# multiple floating IP pools or complex network requirements.
-# HORIZON_CONFIG["simple_ip_management"] = False
-
-# Turn off browser autocompletion for the login form if so desired.
-# HORIZON_CONFIG["password_autocomplete"] = "off"
-
-LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
-
-# Set custom secret key:
-# You can either set it to a specific value or you can let horizion generate a
-# default secret key that is unique on this machine, e.i. regardless of the
-# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there
-# may be situations where you would want to set this explicitly, e.g. when
-# multiple dashboard instances are distributed on different machines (usually
-# behind a load-balancer). Either you have to make sure that a session gets all
-# requests routed to the same dashboard instance or you set the same SECRET_KEY
-# for all of them.
-from horizon.utils import secret_key
-SECRET_KEY = 'AJDSKLAJDKASJDKASJDKSAJDKSJAKDSA'
-# We recommend you use memcached for development; otherwise after every reload
-# of the django development server, you will have to login again. To use
-# memcached set CACHES to something like
-CACHES = {
- 'default': {
- 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
- 'LOCATION' : '127.0.0.1:11211',
- }
-}
-
-#CACHES = {
-# 'default': {
-# 'BACKEND' : 'django.core.cache.backends.locmem.LocMemCache'
-# }
-#}
-
-# Enable the Ubuntu theme if it is present.
-try:
- from ubuntu_theme import *
-except ImportError:
- pass
-
-# Default Ubuntu apache configuration uses /horizon as the application root.
-# Configure auth redirects here accordingly.
-LOGIN_URL='/horizon/auth/login/'
-LOGOUT_URL='/horizon/auth/logout/'
-LOGIN_REDIRECT_URL='/horizon'
-
-# The Ubuntu package includes pre-compressed JS and compiled CSS to allow
-# offline compression by default. To enable online compression, install
-# the node-less package and enable the following option.
-COMPRESS_OFFLINE = True
-
-# By default, validation of the HTTP Host header is disabled. Production
-# installations should have this set accordingly. For more information
-# see https://docs.djangoproject.com/en/dev/ref/settings/.
-ALLOWED_HOSTS = ['{{ dashboard_host }}', '0.0.0.0']
-
-# Send email to the console by default
-EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
-# Or send them to /dev/null
-#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
-
-# Configure these for your outgoing email host
-# EMAIL_HOST = 'smtp.my-company.com'
-# EMAIL_PORT = 25
-# EMAIL_HOST_USER = 'djangomail'
-# EMAIL_HOST_PASSWORD = 'top-secret!'
-
-# For multiple regions uncomment this configuration, and add (endpoint, title).
-# AVAILABLE_REGIONS = [
-# ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
-# ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
-# ]
-
-OPENSTACK_HOST = "{{ identity_host }}"
-OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
-OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
-
-# Disable SSL certificate checks (useful for self-signed certificates):
-# OPENSTACK_SSL_NO_VERIFY = True
-
-# The CA certificate to use to verify SSL connections
-# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
-
-# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
-# capabilities of the auth backend for Keystone.
-# If Keystone has been configured to use LDAP as the auth backend then set
-# can_edit_user to False and name to 'ldap'.
-#
-# TODO(tres): Remove these once Keystone has an API to identify auth backend.
-OPENSTACK_KEYSTONE_BACKEND = {
- 'name': 'native',
- 'can_edit_user': True,
- 'can_edit_group': True,
- 'can_edit_project': True,
- 'can_edit_domain': True,
- 'can_edit_role': True
-}
-
-#Setting this to True, will add a new "Retrieve Password" action on instance,
-#allowing Admin session password retrieval/decryption.
-#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
-
-# The Xen Hypervisor has the ability to set the mount point for volumes
-# attached to instances (other Hypervisors currently do not). Setting
-# can_set_mount_point to True will add the option to set the mount point
-# from the UI.
-OPENSTACK_HYPERVISOR_FEATURES = {
- 'can_set_mount_point': False,
- 'can_set_password': False,
-}
-
-# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
-# services provided by neutron. Options currently available are load
-# balancer service, security groups, quotas, VPN service.
-OPENSTACK_NEUTRON_NETWORK = {
- 'enable_lb': False,
- 'enable_firewall': False,
- 'enable_quotas': True,
- 'enable_vpn': False,
- # The profile_support option is used to detect if an external router can be
- # configured via the dashboard. When using specific plugins the
- # profile_support can be turned on if needed.
- 'profile_support': None,
- #'profile_support': 'cisco',
-}
-
-# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
-# in the OpenStack Dashboard related to the Image service, such as the list
-# of supported image formats.
-# OPENSTACK_IMAGE_BACKEND = {
-# 'image_formats': [
-# ('', ''),
-# ('aki', _('AKI - Amazon Kernel Image')),
-# ('ami', _('AMI - Amazon Machine Image')),
-# ('ari', _('ARI - Amazon Ramdisk Image')),
-# ('iso', _('ISO - Optical Disk Image')),
-# ('qcow2', _('QCOW2 - QEMU Emulator')),
-# ('raw', _('Raw')),
-# ('vdi', _('VDI')),
-# ('vhd', _('VHD')),
-# ('vmdk', _('VMDK'))
-# ]
-# }
-
-# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
-# image custom property attributes that appear on image detail pages.
-IMAGE_CUSTOM_PROPERTY_TITLES = {
- "architecture": _("Architecture"),
- "kernel_id": _("Kernel ID"),
- "ramdisk_id": _("Ramdisk ID"),
- "image_state": _("Euca2ools state"),
- "project_id": _("Project ID"),
- "image_type": _("Image Type")
-}
-
-# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
-# in the Keystone service catalog. Use this setting when Horizon is running
-# external to the OpenStack environment. The default is 'publicURL'.
-#OPENSTACK_ENDPOINT_TYPE = "publicURL"
-
-# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
-# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
-# in the Keystone service catalog. Use this setting when Horizon is running
-# external to the OpenStack environment. The default is None. This
-# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
-#SECONDARY_ENDPOINT_TYPE = "publicURL"
-
-# The number of objects (Swift containers/objects or images) to display
-# on a single page before providing a paging element (a "more" link)
-# to paginate results.
-API_RESULT_LIMIT = 1000
-API_RESULT_PAGE_SIZE = 20
-
-# The timezone of the server. This should correspond with the timezone
-# of your entire OpenStack installation, and hopefully be in UTC.
-TIME_ZONE = "UTC"
-
-# When launching an instance, the menu of available flavors is
-# sorted by RAM usage, ascending. If you would like a different sort order,
-# you can provide another flavor attribute as sorting key. Alternatively, you
-# can provide a custom callback method to use for sorting. You can also provide
-# a flag for reverse sort. For more info, see
-# http://docs.python.org/2/library/functions.html#sorted
-# CREATE_INSTANCE_FLAVOR_SORT = {
-# 'key': 'name',
-# # or
-# 'key': my_awesome_callback_method,
-# 'reverse': False,
-# }
-
-# The Horizon Policy Enforcement engine uses these values to load per service
-# policy rule files. The content of these files should match the files the
-# OpenStack services are using to determine role based access control in the
-# target installation.
-
-# Path to directory containing policy.json files
-#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
-# Map of local copy of service policy files
-#POLICY_FILES = {
-# 'identity': 'keystone_policy.json',
-# 'compute': 'nova_policy.json',
-# 'volume': 'cinder_policy.json',
-# 'image': 'glance_policy.json',
-#}
-
-# Trove user and database extension support. By default support for
-# creating users and databases on database instances is turned on.
-# To disable these extensions set the permission here to something
-# unusable such as ["!"].
-# TROVE_ADD_USER_PERMS = []
-# TROVE_ADD_DATABASE_PERMS = []
-
-LOGGING = {
- 'version': 1,
- # When set to True this will disable all logging except
- # for loggers specified in this configuration dictionary. Note that
- # if nothing is specified here and disable_existing_loggers is True,
- # django.db.backends will still log unless it is disabled explicitly.
- 'disable_existing_loggers': False,
- 'handlers': {
- 'null': {
- 'level': 'DEBUG',
- 'class': 'django.utils.log.NullHandler',
- },
- 'console': {
- # Set the level to "DEBUG" for verbose output logging.
- 'level': 'INFO',
- 'class': 'logging.StreamHandler',
- },
- },
- 'loggers': {
- # Logging from django.db.backends is VERY verbose, send to null
- # by default.
- 'django.db.backends': {
- 'handlers': ['null'],
- 'propagate': False,
- },
- 'requests': {
- 'handlers': ['null'],
- 'propagate': False,
- },
- 'horizon': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'openstack_dashboard': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'novaclient': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'cinderclient': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'keystoneclient': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'glanceclient': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'neutronclient': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'heatclient': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'ceilometerclient': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'troveclient': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'swiftclient': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'openstack_auth': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'nose.plugins.manager': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'django': {
- 'handlers': ['console'],
- 'level': 'DEBUG',
- 'propagate': False,
- },
- 'iso8601': {
- 'handlers': ['null'],
- 'propagate': False,
- },
- }
-}
-
-# 'direction' should not be specified for all_tcp/udp/icmp.
-# It is specified in the form.
-SECURITY_GROUP_RULES = {
- 'all_tcp': {
- 'name': 'ALL TCP',
- 'ip_protocol': 'tcp',
- 'from_port': '1',
- 'to_port': '65535',
- },
- 'all_udp': {
- 'name': 'ALL UDP',
- 'ip_protocol': 'udp',
- 'from_port': '1',
- 'to_port': '65535',
- },
- 'all_icmp': {
- 'name': 'ALL ICMP',
- 'ip_protocol': 'icmp',
- 'from_port': '-1',
- 'to_port': '-1',
- },
- 'ssh': {
- 'name': 'SSH',
- 'ip_protocol': 'tcp',
- 'from_port': '22',
- 'to_port': '22',
- },
- 'smtp': {
- 'name': 'SMTP',
- 'ip_protocol': 'tcp',
- 'from_port': '25',
- 'to_port': '25',
- },
- 'dns': {
- 'name': 'DNS',
- 'ip_protocol': 'tcp',
- 'from_port': '53',
- 'to_port': '53',
- },
- 'http': {
- 'name': 'HTTP',
- 'ip_protocol': 'tcp',
- 'from_port': '80',
- 'to_port': '80',
- },
- 'pop3': {
- 'name': 'POP3',
- 'ip_protocol': 'tcp',
- 'from_port': '110',
- 'to_port': '110',
- },
- 'imap': {
- 'name': 'IMAP',
- 'ip_protocol': 'tcp',
- 'from_port': '143',
- 'to_port': '143',
- },
- 'ldap': {
- 'name': 'LDAP',
- 'ip_protocol': 'tcp',
- 'from_port': '389',
- 'to_port': '389',
- },
- 'https': {
- 'name': 'HTTPS',
- 'ip_protocol': 'tcp',
- 'from_port': '443',
- 'to_port': '443',
- },
- 'smtps': {
- 'name': 'SMTPS',
- 'ip_protocol': 'tcp',
- 'from_port': '465',
- 'to_port': '465',
- },
- 'imaps': {
- 'name': 'IMAPS',
- 'ip_protocol': 'tcp',
- 'from_port': '993',
- 'to_port': '993',
- },
- 'pop3s': {
- 'name': 'POP3S',
- 'ip_protocol': 'tcp',
- 'from_port': '995',
- 'to_port': '995',
- },
- 'ms_sql': {
- 'name': 'MS SQL',
- 'ip_protocol': 'tcp',
- 'from_port': '1433',
- 'to_port': '1433',
- },
- 'mysql': {
- 'name': 'MYSQL',
- 'ip_protocol': 'tcp',
- 'from_port': '3306',
- 'to_port': '3306',
- },
- 'rdp': {
- 'name': 'RDP',
- 'ip_protocol': 'tcp',
- 'from_port': '3389',
- 'to_port': '3389',
- },
-}
-
-FLAVOR_EXTRA_KEYS = {
- 'flavor_keys': [
- ('quota:read_bytes_sec', _('Quota: Read bytes')),
- ('quota:write_bytes_sec', _('Quota: Write bytes')),
- ('quota:cpu_quota', _('Quota: CPU')),
- ('quota:cpu_period', _('Quota: CPU period')),
- ('quota:inbound_average', _('Quota: Inbound average')),
- ('quota:outbound_average', _('Quota: Outbound average')),
- ]
-}
-
diff --git a/ansible/roles/dashboard/templates/openstack-dashboard.conf.j2 b/ansible/roles/dashboard/templates/openstack-dashboard.conf.j2
new file mode 100755
index 0000000..403fcc2
--- /dev/null
+++ b/ansible/roles/dashboard/templates/openstack-dashboard.conf.j2
@@ -0,0 +1,15 @@
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+
+
+ WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi
+ WSGIDaemonProcess horizon user=horizon group=horizon processes={{ work_threads }} threads={{ work_threads }}
+ WSGIProcessGroup horizon
+ Alias /static {{ horizon_dir }}/static/
+ Alias /horizon/static {{ horizon_dir }}/static/
+
+ Order allow,deny
+ Allow from all
+
+
+
+
diff --git a/ansible/roles/dashboard/templates/ports.j2 b/ansible/roles/dashboard/templates/ports.j2
new file mode 100755
index 0000000..0bfa042
--- /dev/null
+++ b/ansible/roles/dashboard/templates/ports.j2
@@ -0,0 +1,15 @@
+# if you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen {{ internal_ip }}:80
+
+
+ Listen 443
+
+
+
+ Listen 443
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/ansible/roles/dashboard/vars/Debian.yml b/ansible/roles/dashboard/vars/Debian.yml
new file mode 100644
index 0000000..5c9b032
--- /dev/null
+++ b/ansible/roles/dashboard/vars/Debian.yml
@@ -0,0 +1,16 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages: []
+
+services:
+ - memcached
+
+apache_config_dir: /etc/apache2
+horizon_dir: /usr/share/openstack-dashboard/openstack_dashboard
diff --git a/ansible/roles/dashboard/vars/RedHat.yml b/ansible/roles/dashboard/vars/RedHat.yml
new file mode 100644
index 0000000..d213381
--- /dev/null
+++ b/ansible/roles/dashboard/vars/RedHat.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - mod_wsgi
+ - httpd
+
+services:
+ - httpd
+
+http_config_file: "/etc/httpd/conf/httpd.conf"
diff --git a/ansible/roles/dashboard/vars/main.yml b/ansible/roles/dashboard/vars/main.yml
new file mode 100644
index 0000000..2c940ed
--- /dev/null
+++ b/ansible/roles/dashboard/vars/main.yml
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - openstack-dashboard
+
+services_noarch: []
diff --git a/ansible/roles/database/files/my.cnf b/ansible/roles/database/files/my.cnf
deleted file mode 100644
index d61f947..0000000
--- a/ansible/roles/database/files/my.cnf
+++ /dev/null
@@ -1,131 +0,0 @@
-#
-# The MySQL database server configuration file.
-#
-# You can copy this to one of:
-# - "/etc/mysql/my.cnf" to set global options,
-# - "~/.my.cnf" to set user-specific options.
-#
-# One can use all long options that the program supports.
-# Run program with --help to get a list of available options and with
-# --print-defaults to see which it would actually understand and use.
-#
-# For explanations see
-# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
-
-# This will be passed to all mysql clients
-# It has been reported that passwords should be enclosed with ticks/quotes
-# escpecially if they contain "#" chars...
-# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
-[client]
-port = 3306
-socket = /var/run/mysqld/mysqld.sock
-
-# Here is entries for some specific programs
-# The following values assume you have at least 32M ram
-
-# This was formally known as [safe_mysqld]. Both versions are currently parsed.
-[mysqld_safe]
-socket = /var/run/mysqld/mysqld.sock
-nice = 0
-
-[mysqld]
-#
-# * Basic Settings
-#
-user = mysql
-pid-file = /var/run/mysqld/mysqld.pid
-socket = /var/run/mysqld/mysqld.sock
-port = 3306
-basedir = /usr
-datadir = /var/lib/mysql
-tmpdir = /tmp
-lc-messages-dir = /usr/share/mysql
-skip-external-locking
-#
-# Instead of skip-networking the default is now to listen only on
-# localhost which is more compatible and is not less secure.
-bind-address = 0.0.0.0
-#
-# * Fine Tuning
-#
-key_buffer = 16M
-max_allowed_packet = 16M
-thread_stack = 192K
-thread_cache_size = 8
-# This replaces the startup script and checks MyISAM tables if needed
-# the first time they are touched
-myisam-recover = BACKUP
-#max_connections = 100
-#table_cache = 64
-#thread_concurrency = 10
-#
-# * Query Cache Configuration
-#
-query_cache_limit = 1M
-query_cache_size = 16M
-#
-# * Logging and Replication
-#
-# Both location gets rotated by the cronjob.
-# Be aware that this log type is a performance killer.
-# As of 5.1 you can enable the log at runtime!
-#general_log_file = /var/log/mysql/mysql.log
-#general_log = 1
-#
-# Error log - should be very few entries.
-#
-log_error = /var/log/mysql/error.log
-#
-# Here you can see queries with especially long duration
-#log_slow_queries = /var/log/mysql/mysql-slow.log
-#long_query_time = 2
-#log-queries-not-using-indexes
-#
-# The following can be used as easy to replay backup logs or for replication.
-# note: if you are setting up a replication slave, see README.Debian about
-# other settings you may need to change.
-#server-id = 1
-#log_bin = /var/log/mysql/mysql-bin.log
-expire_logs_days = 10
-max_binlog_size = 100M
-#binlog_do_db = include_database_name
-#binlog_ignore_db = include_database_name
-#
-# * InnoDB
-#
-# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
-# Read the manual for more InnoDB related options. There are many!
-#
-# * Security Features
-#
-# Read the manual, too, if you want chroot!
-# chroot = /var/lib/mysql/
-#
-# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
-#
-# ssl-ca=/etc/mysql/cacert.pem
-# ssl-cert=/etc/mysql/server-cert.pem
-# ssl-key=/etc/mysql/server-key.pem
-default-storage-engine = innodb
-innodb_file_per_table
-collation-server = utf8_general_ci
-init-connect = 'SET NAMES utf8'
-character-set-server = utf8
-
-[mysqldump]
-quick
-quote-names
-max_allowed_packet = 16M
-
-[mysql]
-#no-auto-rehash # faster start of mysql but no tab completition
-
-[isamchk]
-key_buffer = 16M
-
-#
-# * IMPORTANT: Additional settings that can override those from this file!
-# The files must end with '.cnf', otherwise they'll be ignored.
-#
-!includedir /etc/mysql/conf.d/
-
diff --git a/ansible/roles/database/files/remove_user.sh b/ansible/roles/database/files/remove_user.sh
new file mode 100755
index 0000000..88b1518
--- /dev/null
+++ b/ansible/roles/database/files/remove_user.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+mysql -uroot -Dmysql < 1
+ and not cluster_nodes.stdout | search( '{{ internal_ip }}' ))
+
+
diff --git a/ansible/roles/database/tasks/mariadb_cluster_redhat.yml b/ansible/roles/database/tasks/mariadb_cluster_redhat.yml
new file mode 100644
index 0000000..da1b863
--- /dev/null
+++ b/ansible/roles/database/tasks/mariadb_cluster_redhat.yml
@@ -0,0 +1,59 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: get cluster status
+ shell: mysql --silent --skip-column-names -e 'SHOW STATUS LIKE "wsrep_evs_state"'|awk '{print $2}'
+ register: cluster_status
+ when:
+ - inventory_hostname == haproxy_hosts.keys()[0]
+
+- name: start first node to create new cluster
+ shell: service mysql start --wsrep-new-cluster
+ when: |
+ inventory_hostname == haproxy_hosts.keys()[0]
+ and not cluster_status.stdout | search("OPERATIONAL")
+
+- name: wait for cluster ready
+ shell: mysql --silent --skip-column-names -e 'SHOW STATUS LIKE "wsrep_evs_state"'|awk '{print $2}'
+ register: cluster_status
+ until: cluster_status|success
+ failed_when: not cluster_status.stdout | search("OPERATIONAL")
+ retries: 10
+ delay: 3
+ when: |
+ inventory_hostname == haproxy_hosts.keys()[0]
+ and not cluster_status.stdout | search("OPERATIONAL")
+
+- name: if I in the cluster nodes
+ shell: mysql --silent --skip-column-names -e 'SHOW STATUS LIKE "wsrep_incoming_addresses"'|awk '{print $2}'
+ register: cluster_nodes
+ changed_when: false
+
+- name: restart other nodes and join cluster
+ service:
+ name: mysql
+ state: restarted
+ enabled: yes
+ when: |
+ inventory_hostname != haproxy_hosts.keys()[0]
+ and not cluster_nodes.stdout | search( "{{ internal_ip }}")
+
+- name: remove unused user
+ script: remove_user.sh
+ when: ansible_os_family == "RedHat"
+
+- name: restart first nodes
+ service:
+ name: mysql
+ state: restarted
+ when: |
+ inventory_hostname == haproxy_hosts.keys()[0]
+ and haproxy_hosts|length > 1
+
+
diff --git a/ansible/roles/database/tasks/mariadb_config.yml b/ansible/roles/database/tasks/mariadb_config.yml
new file mode 100644
index 0000000..b18ae8f
--- /dev/null
+++ b/ansible/roles/database/tasks/mariadb_config.yml
@@ -0,0 +1,67 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: create all needed db
+ mysql_db: login_unix_socket=/var/run/mysqld/mysqld.sock name={{ item.db }} state=present
+ with_items: "{{ credentials }}"
+ tags:
+ - test_db
+
+- name: create service db user
+ mysql_user:
+ login_unix_socket=/var/run/mysqld/mysqld.sock
+ name={{ item[0].user }}
+ password={{ item[0].password }}
+ priv=*.*:ALL,GRANT
+ host={{ item[1] }}
+ state=present
+ with_nested:
+ - "{{ credentials }}"
+ - ['%', 'localhost']
+ tags:
+ - test_user
+
+- name: create wsrep db user
+ mysql_user:
+ login_unix_socket=/var/run/mysqld/mysqld.sock
+ name={{ WSREP_SST_USER }}
+ password={{ WSREP_SST_PASS }}
+ priv=*.*:ALL,GRANT
+ host={{ item }}
+ state=present
+ with_items: ['%', 'localhost']
+
+- name: remove unused user
+ script: remove_user.sh
+ when: ansible_os_family == "RedHat"
+
+- name: restart first nodes
+ service:
+ name: mysql
+ state: restarted
+ when: inventory_hostname == haproxy_hosts.keys()[0] and haproxy_hosts|length > 1
+
+- name: wait for cluster ready
+ command: mysql -e"show status like 'wsrep%'"
+ register: cluster_status
+ until: cluster_status|success
+ failed_when: not cluster_status.stdout | search("ON")
+ retries: 10
+ delay: 3
+ when:
+ - inventory_hostname == haproxy_hosts.keys()[0]
+
+- name: restart other nodes
+ service:
+ name: mysql
+ state: restarted
+ enabled: yes
+ when:
+ - inventory_hostname != haproxy_hosts.keys()[0]
+
diff --git a/ansible/roles/database/tasks/mariadb_install.yml b/ansible/roles/database/tasks/mariadb_install.yml
new file mode 100644
index 0000000..bf9f346
--- /dev/null
+++ b/ansible/roles/database/tasks/mariadb_install.yml
@@ -0,0 +1,69 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install python-mysqldb
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: maridb_packages | union(packages_noarch)
+
+- name: change open file limit
+ copy:
+ content: "* - nofile 65536 }}"
+ dest: "/etc/security/limits.conf"
+ mode: 0755
+
+- name: create conf dir for wsrep
+ file: path=/etc/my.cnf.d state=directory mode=0755
+ when: ansible_os_family == "RedHat"
+
+- name: update mariadb config file
+ template:
+ src: '{{ item.src }}'
+ dest: '{{ item.dest }}'
+ backup: yes
+ mode: 0644
+ with_items: mysql_config
+
+- name: bugfix for rsync version 3.1
+ lineinfile:
+ dest: /usr/bin/wsrep_sst_rsync
+ state: absent
+ regexp: '{{ item }}'
+ with_items:
+ - "\\s*uid = \\$MYUID$"
+ - "\\s*gid = \\$MYGID$"
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: set owner
+ file: path=/var/lib/mysql owner=mysql group=mysql recurse=yes state=directory
+
+- name: get logfile stat
+ stat: path='{{ mysql_data_dir }}/ib_logfile0'
+ register: logfile_stat
+
+- debug: msg='{{ logfile_stat.stat.exists}}'
+- debug: msg='{{ logfile_stat.stat.size }}'
+ when: logfile_stat.stat.exists
+
+- name: rm logfile if exist and size mismatch
+ shell: 'rm -rf {{ mysql_data_dir }}/ib_logfile*'
+ when: |
+ logfile_stat.stat.exists
+ and logfile_stat.stat.size != 1073741824
diff --git a/ansible/roles/database/tasks/mongodb_config.yml b/ansible/roles/database/tasks/mongodb_config.yml
new file mode 100755
index 0000000..0a449f8
--- /dev/null
+++ b/ansible/roles/database/tasks/mongodb_config.yml
@@ -0,0 +1,55 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: copy mongo js
+ template:
+ src: '{{ item.src }}'
+ dest: '{{ item.dest }}'
+ with_items:
+ - src: replica.js
+ dest: /opt/replica.js
+
+- name: init replica servers
+ shell: mongo compass /opt/replica.js
+
+- name: wait replica servers are ready
+ shell: mongo compass --eval 'printjson(rs.status())'|grep -E 'PRIMARY|SECONDARY'|wc -l
+ register: servers
+ until: servers.stdout|int == {{ haproxy_hosts|length }}
+ retries: 60
+ delay: 10
+
+- debug: msg='{{ servers.stdout |int }}'
+
+- name: wait replica servers are ready
+ shell: mongo compass --eval 'printjson(rs.status())'|grep -E 'PRIMARY'|wc -l
+ register: servers
+ until: servers.stdout|int == 1
+ retries: 60
+ delay: 10
+
+- debug: msg='{{ servers.stdout |int }}'
+
+- name: create mongodb user and db
+ mongodb_user:
+ login_host: "{{ internal_vip.ip }}"
+ database: ceilometer
+ name: ceilometer
+ password: "{{ CEILOMETER_DBPASS }}"
+ roles: 'readWrite,dbAdmin'
+ state: present
+
+- name: grant user privilege
+ mongodb_user:
+ login_host: "{{ internal_vip.ip }}"
+ database: ceilometer
+ name: ceilometer
+ password: "{{ CEILOMETER_DBPASS }}"
+ roles: 'readWrite,dbAdmin'
+ state: present
diff --git a/ansible/roles/database/tasks/mongodb_install.yml b/ansible/roles/database/tasks/mongodb_install.yml
new file mode 100755
index 0000000..dea15a8
--- /dev/null
+++ b/ansible/roles/database/tasks/mongodb_install.yml
@@ -0,0 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: install mongodb packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: mongodb_packages | union(packages_noarch)
+
+- name: install pymongod packages
+ pip: name={{ item }} state=present extra_args='--pre'
+ with_items: pip_packages
+
+- name: copy ceilometer configs
+ template: src=mongodb.conf dest=/opt/os_templates backup=yes
+
+- name: update mongodb config file
+ shell: crudini --merge {{ mongodb_config.dest }} < /opt/os_templates/mongodb.conf
+
+- name: rm prealloc files
+ file:
+ dest: "{{ item }}"
+ state: absent
+ with_fileglob:
+ - "{{ mongodb_config.journal }}"
+
+- name: manually restart mongodb server
+ service: name={{ mongodb_service }} state=restarted enabled=yes
+ ignore_errors: true
+
+- name: write mongodb to monitor list
+ lineinfile: dest=/opt/service create=yes line={{ mongodb_service}}
+
+- name: wait for mongod ready
+ wait_for: host=0.0.0.0 port=27017 delay=10
diff --git a/ansible/roles/database/templates/data.j2 b/ansible/roles/database/templates/data.j2
new file mode 100644
index 0000000..109201a
--- /dev/null
+++ b/ansible/roles/database/templates/data.j2
@@ -0,0 +1,45 @@
+#!/bin/sh
+mysql -uroot -Dmysql <[:port] of the node.
+# The values supplied will be used as defaults for state transfer receiving,
+# listening ports and so on. Default: address of the first network interface.
+wsrep_node_address={{ internal_ip }}
+
+# Address for incoming client connections. Autodetect by default.
+#wsrep_node_incoming_address=
+
+# How many threads will process writesets from other nodes
+wsrep_slave_threads={{ ansible_processor_vcpus }}
+
+# DBUG options for wsrep provider
+#wsrep_dbug_option
+
+# Generate fake primary keys for non-PK tables (required for multi-master
+# and parallel applying operation)
+wsrep_certify_nonPK=1
+
+# Maximum number of rows in write set
+wsrep_max_ws_rows=131072
+
+# Maximum size of write set
+wsrep_max_ws_size=1073741824
+
+# to enable debug level logging, set this to 1
+wsrep_debug=1
+
+# convert locking sessions into transactions
+wsrep_convert_LOCK_to_trx=0
+
+# how many times to retry deadlocked autocommits
+wsrep_retry_autocommit=3
+
+# change auto_increment_increment and auto_increment_offset automatically
+wsrep_auto_increment_control=1
+
+# retry autoinc insert, which failed for duplicate key error
+wsrep_drupal_282555_workaround=0
+
+# enable "strictly synchronous" semantics for read operations
+wsrep_causal_reads=0
+
+# Command to call when node status or cluster membership changes.
+# Will be passed all or some of the following options:
+# --status - new status of this node
+# --uuid - UUID of the cluster
+# --primary - whether the component is primary or not ("yes"/"no")
+# --members - comma-separated list of members
+# --index - index of this node in the list
+wsrep_notify_cmd=
+
+##
+## WSREP State Transfer options
+##
+
+# State Snapshot Transfer method
+wsrep_sst_method=rsync
+
+# Address on THIS node to receive SST at. DON'T SET IT TO DONOR ADDRESS!!!
+# (SST method dependent. Defaults to the first IP of the first interface)
+#wsrep_sst_receive_address=
+
+# SST authentication string. This will be used to send SST to joining nodes.
+# Depends on SST method. For mysqldump method it is root:
+wsrep_sst_auth={{ WSREP_SST_USER }}:{{ WSREP_SST_PASS }}
+
+# Desired SST donor name.
+#wsrep_sst_donor=
+
+# Protocol version to use
+# wsrep_protocol_version=
diff --git a/ansible/roles/database/vars/Debian.yml b/ansible/roles/database/vars/Debian.yml
new file mode 100644
index 0000000..621dc49
--- /dev/null
+++ b/ansible/roles/database/vars/Debian.yml
@@ -0,0 +1,45 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+mongodb_packages:
+ - mongodb-server
+ - mongodb-clients
+ - python-pymongo
+
+mysql_packages:
+ - python-mysqldb
+ - mysql-server
+
+maridb_packages:
+ - libaio1
+ - libssl0.9.8
+ - python-mysqldb
+ - mysql-wsrep-server-5.5
+ - galera-3
+
+pip_packages: []
+
+services: []
+
+mongodb_service: mongodb
+mysql_config:
+ - dest: /etc/mysql/my.cnf
+ src: my.cnf
+ - dest: /etc/mysql/conf.d/wsrep.cnf
+ src: wsrep.cnf
+
+mysql_config_dir: /etc/mysql/conf.d
+mysql_data_dir: /var/lib/mysql
+
+mongodb_config:
+ dest: /etc/mongodb.conf
+ src: mongodb.conf
+ journal: /var/lib/mongodb/journal/*
+
+wsrep_provider_file: "/usr/lib/galera/libgalera_smm.so"
diff --git a/ansible/roles/database/vars/RedHat.yml b/ansible/roles/database/vars/RedHat.yml
new file mode 100644
index 0000000..aed1ac9
--- /dev/null
+++ b/ansible/roles/database/vars/RedHat.yml
@@ -0,0 +1,46 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+mysql_packages:
+ - MySQL-python
+ - mysql-server
+
+maridb_packages:
+ - MySQL-python
+ - MariaDB-Galera-server
+ - MariaDB-client
+ - galera
+ - MySQL-python
+
+mongodb_packages:
+ - mongo-10gen-server
+ - mongo-10gen
+
+pip_packages:
+ - pymongo
+
+services: []
+
+mongodb_service: mongod
+
+mysql_config:
+ - dest: /etc/my.cnf
+ src: my.cnf
+ - dest: /etc/my.cnf.d/wsrep.cnf
+ src: wsrep.cnf
+
+mysql_config_dir: /etc/my.cnf.d
+mysql_data_dir: /var/lib/mysql
+
+mongodb_config:
+ dest: /etc/mongod.conf
+ src: mongodb.conf
+ journal: /var/lib/mongo/journal/*
+
+wsrep_provider_file: "/usr/lib64/galera/libgalera_smm.so"
diff --git a/ansible/roles/database/vars/main.yml b/ansible/roles/database/vars/main.yml
new file mode 100644
index 0000000..c053889
--- /dev/null
+++ b/ansible/roles/database/vars/main.yml
@@ -0,0 +1,34 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch:
+ - mysql
+
+credentials:
+ - user: keystone
+ db: keystone
+ password: "{{ KEYSTONE_DBPASS }}"
+ - user: neutron
+ db: neutron
+ password: "{{ NEUTRON_DBPASS }}"
+ - user: glance
+ db: glance
+ password: "{{ GLANCE_DBPASS }}"
+ - user: nova
+ db: nova
+ password: "{{ NOVA_DBPASS }}"
+ - user: cinder
+ db: cinder
+ password: "{{ CINDER_DBPASS }}"
+ - user: heat
+ db: heat
+ password: "{{ HEAT_DBPASS }}"
+
diff --git a/ansible/roles/ext-network/handlers/main.yml b/ansible/roles/ext-network/handlers/main.yml
new file mode 100644
index 0000000..a794586
--- /dev/null
+++ b/ansible/roles/ext-network/handlers/main.yml
@@ -0,0 +1,29 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart neutron-plugin-openvswitch-agent
+ service: name=neutron-plugin-openvswitch-agent state=restarted enabled=yes
+ when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}"
+
+- name: restart neutron-l3-agent
+ service: name=neutron-l3-agent state=restarted enabled=yes
+
+- name: kill dnsmasq
+ command: killall dnsmasq
+ ignore_errors: True
+
+- name: restart neutron-dhcp-agent
+ service: name=neutron-dhcp-agent state=restarted enabled=yes
+
+- name: restart neutron-metadata-agent
+ service: name=neutron-metadata-agent state=restarted enabled=yes
+
+- name: restart xorp
+ service: name=xorp state=restarted enabled=yes sleep=10
+ ignore_errors: True
diff --git a/ansible/roles/ext-network/tasks/main.yml b/ansible/roles/ext-network/tasks/main.yml
new file mode 100644
index 0000000..809a8fa
--- /dev/null
+++ b/ansible/roles/ext-network/tasks/main.yml
@@ -0,0 +1,43 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: create external net
+ neutron_network:
+ login_username: ADMIN
+ login_password: "{{ ADMIN_PASS }}"
+ login_tenant_name: admin
+ auth_url: "http://{{ internal_vip.ip }}:35357/v2.0"
+ name: "{{ public_net_info.network }}"
+ provider_network_type: "{{ public_net_info.type }}"
+ provider_physical_network: "{{ public_net_info.provider_network }}"
+ provider_segmentation_id: "{{ public_net_info.segment_id}}"
+ shared: true
+ router_external: yes
+ state: present
+ run_once: true
+ when: 'public_net_info.enable == True'
+
+- name: create external subnet
+ neutron_subnet:
+ login_username: ADMIN
+ login_password: "{{ ADMIN_PASS }}"
+ login_tenant_name: admin
+ auth_url: "http://{{ internal_vip.ip }}:35357/v2.0"
+ name: "{{ public_net_info.subnet }}"
+ network_name: "{{ public_net_info.network }}"
+ cidr: "{{ public_net_info.floating_ip_cidr }}"
+ enable_dhcp: "{{ public_net_info.enable_dhcp }}"
+ no_gateway: "{{ public_net_info.no_gateway }}"
+ gateway_ip: "{{ public_net_info.external_gw }}"
+ allocation_pool_start: "{{ public_net_info.floating_ip_start }}"
+ allocation_pool_end: "{{ public_net_info.floating_ip_end }}"
+ state: present
+ run_once: true
+ when: 'public_net_info.enable == True'
+
diff --git a/ansible/roles/glance/handlers/main.yml b/ansible/roles/glance/handlers/main.yml
index 0c7b25d..53ee01c 100644
--- a/ansible/roles/glance/handlers/main.yml
+++ b/ansible/roles/glance/handlers/main.yml
@@ -1,6 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: restart glance-api
- service: name=glance-api state=restarted
-
-- name: restart glance-registry
- service: name=glance-registry state=restarted
+- name: restart glance services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/ansible/roles/glance/tasks/glance_config.yml b/ansible/roles/glance/tasks/glance_config.yml
new file mode 100644
index 0000000..2df75ca
--- /dev/null
+++ b/ansible/roles/glance/tasks/glance_config.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: sync glance db
+ #glance_manage: action=dbsync
+ shell: su -s /bin/sh -c 'glance-manage db sync' glance
+ ignore_errors: True
+ notify:
+ - restart glance services
+
+- meta: flush_handlers
diff --git a/ansible/roles/glance/tasks/glance_install.yml b/ansible/roles/glance/tasks/glance_install.yml
new file mode 100644
index 0000000..a478363
--- /dev/null
+++ b/ansible/roles/glance/tasks/glance_install.yml
@@ -0,0 +1,26 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: install glance packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest"
+ with_items: packages | union(packages_noarch)
+
+- name: generate glance service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: update glance conf
+ template: src={{ item }} dest=/etc/glance/{{ item }}
+ backup=yes
+ with_items:
+ - glance-api.conf
+ - glance-registry.conf
+
+- name: remove default sqlite db
+ shell: rm /var/lib/glance/glance.sqlite || touch glance.sqllite.db.removed
diff --git a/ansible/roles/glance/tasks/main.yml b/ansible/roles/glance/tasks/main.yml
index 32d2ec5..a78ba77 100644
--- a/ansible/roles/glance/tasks/main.yml
+++ b/ansible/roles/glance/tasks/main.yml
@@ -1,47 +1,29 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: install glance packages
- apt: name={{ item }} state=latest force=yes
- with_items:
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- include: glance_install.yml
+ tags:
+ - install
+ - glance_install
- glance
- - python-glanceclient
-- name: update glance conf
- template: src={{ item }} dest=/etc/glance/{{ item }}
- backup=yes
- with_items:
- - glance-api.conf
- - glance-registry.conf
- notify:
- - restart glance-registry
- - restart glance-api
+- include: nfs.yml
+ tags:
+ - nfs
-#- name: manually stop glance-api
-# service: name=glance-api state=stopped
-
-#- name: manually stop glance-registry
-# service: name=glance-registry state=stopped
-
-- name: remove default sqlite db
- shell: rm /var/lib/glance/glance.sqlite || touch glance.sqllite.db.removed
-
-- name: sync glance db
- shell: su -s /bin/sh -c "glance-manage db_sync" glance
- notify:
- - restart glance-registry
- - restart glance-api
+- include: glance_config.yml
+ when: inventory_hostname == groups['controller'][0]
+ tags:
+ - config
+ - glance_config
+ - glance
- meta: flush_handlers
-
-- name: place image upload script
- template: src=image_upload.sh dest=/opt/image_upload.sh mode=0744
-
-- name: download cirros image file
- get_url: url={{ build_in_image }} dest=/opt/{{ build_in_image_name }}
-
-- name: wait for 9292 port to become available
- wait_for: port=9292 delay=5
-
-- name: run image upload
- shell: /opt/image_upload.sh && touch image_upload_completed
- args:
- creates: image_upload_completed
diff --git a/ansible/roles/glance/tasks/nfs.yml b/ansible/roles/glance/tasks/nfs.yml
new file mode 100644
index 0000000..7895c38
--- /dev/null
+++ b/ansible/roles/glance/tasks/nfs.yml
@@ -0,0 +1,57 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: install nfs
+ local_action: yum name={{ item }} state=present
+ with_items:
+ - rpcbind
+ - nfs-utils
+ run_once: True
+
+- name: create image directory
+ local_action: file path=/opt/images state=directory mode=0777
+ run_once: True
+
+- name: remove nfs config item if exist
+ local_action: lineinfile dest=/etc/exports state=absent
+ regexp="^/opt/images"
+ run_once: True
+
+- name: update nfs config
+ local_action: lineinfile dest=/etc/exports state=present
+ line="/opt/images *(rw,insecure,sync,all_squash)"
+ run_once: True
+
+- name: restart compass nfs service
+ local_action: service name={{ item }} state=restarted enabled=yes
+ with_items:
+ - rpcbind
+ - nfs-server
+ run_once: True
+
+- name: get mount info
+ command: mount
+ register: mount_info
+
+- name: get nfs server
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: ip_info
+
+- name: restart host nfs service
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: '{{ nfs_services }}'
+
+- name: mount image directory
+ shell: |
+ mount -t nfs -onfsvers=3 {{ ip_info.stdout_lines[0] }}:/opt/images /var/lib/glance/images
+ sed -i '/\/var\/lib\/glance\/images/d' /etc/fstab
+ echo {{ ip_info.stdout_lines[0] }}:/opt/images /var/lib/glance/images/ nfs nfsvers=3 >> /etc/fstab
+ when: mount_info.stdout.find('images') == -1
+ retries: 5
+ delay: 3
diff --git a/ansible/roles/glance/templates/glance-api.conf b/ansible/roles/glance/templates/glance-api.conf
index a3bc222..9be29f4 100644
--- a/ansible/roles/glance/templates/glance-api.conf
+++ b/ansible/roles/glance/templates/glance-api.conf
@@ -1,677 +1,79 @@
+{% set workers = ansible_processor_vcpus // 2 %}
+{% set workers = workers if workers else 1 %}
+{% set memcached_servers = [] %}
+{% set rabbitmq_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% set _ = rabbitmq_servers.append('%s:5672'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+{% set rabbitmq_servers = rabbitmq_servers|join(',') %}
+
[DEFAULT]
-# Show more verbose log output (sets INFO log level output)
-#verbose = False
-
-# Show debugging output in logs (sets DEBUG log level output)
-#debug = False
-
-# Which backend scheme should Glance use by default is not specified
-# in a request to add a new image to Glance? Known schemes are determined
-# by the known_stores option below.
-# Default: 'file'
-# "default_store" option has been moved to [glance_store] section in
-# Juno release
-
-# List of which store classes and store class locations are
-# currently known to glance at startup.
-# Existing but disabled stores:
-# glance.store.rbd.Store,
-# glance.store.s3.Store,
-# glance.store.swift.Store,
-# glance.store.sheepdog.Store,
-# glance.store.cinder.Store,
-# glance.store.gridfs.Store,
-# glance.store.vmware_datastore.Store,
-#known_stores = glance.store.filesystem.Store,
-# glance.store.http.Store
-
-
-# Maximum image size (in bytes) that may be uploaded through the
-# Glance API server. Defaults to 1 TB.
-# WARNING: this value should only be increased after careful consideration
-# and must be set to a value under 8 EB (9223372036854775808).
-#image_size_cap = 1099511627776
-
-# Address to bind the API server
-bind_host = 0.0.0.0
-
-# Port the bind the API server to
-bind_port = 9292
-
-# Log to this file. Make sure you do not set the same log file for both the API
-# and registry servers!
-#
-# If `log_file` is omitted and `use_syslog` is false, then log messages are
-# sent to stdout as a fallback.
+verbose = {{ VERBOSE }}
+debug = {{ DEBUG }}
log_file = /var/log/glance/api.log
-
-# Backlog requests when creating socket
+bind_host = {{ image_host }}
+bind_port = 9292
backlog = 4096
-
-# TCP_KEEPIDLE value in seconds when creating socket.
-# Not supported on OS X.
-#tcp_keepidle = 600
-
-# API to use for accessing data. Default value points to sqlalchemy
-# package, it is also possible to use: glance.db.registry.api
-# data_api = glance.db.sqlalchemy.api
-
-# Number of Glance API worker processes to start.
-# On machines with more than one CPU increasing this value
-# may improve performance (especially if using SSL with
-# compression turned on). It is typically recommended to set
-# this value to the number of CPUs present on your machine.
-workers = 1
-
-# Maximum line size of message headers to be accepted.
-# max_header_line may need to be increased when using large tokens
-# (typically those generated by the Keystone v3 API with big service
-# catalogs)
-# max_header_line = 16384
-
-# Role used to identify an authenticated user as administrator
-#admin_role = admin
-
-# Allow unauthenticated users to access the API with read-only
-# privileges. This only applies when using ContextMiddleware.
-#allow_anonymous_access = False
-
-# Allow access to version 1 of glance api
-#enable_v1_api = True
-
-# Allow access to version 2 of glance api
-#enable_v2_api = True
-
-# Return the URL that references where the data is stored on
-# the backend storage system. For example, if using the
-# file system store a URL of 'file:///path/to/image' will
-# be returned to the user in the 'direct_url' meta-data field.
-# The default value is false.
-#show_image_direct_url = False
-
-# Send headers containing user and tenant information when making requests to
-# the v1 glance registry. This allows the registry to function as if a user is
-# authenticated without the need to authenticate a user itself using the
-# auth_token middleware.
-# The default value is false.
-#send_identity_headers = False
-
-# Supported values for the 'container_format' image attribute
-#container_formats=ami,ari,aki,bare,ovf,ova
-
-# Supported values for the 'disk_format' image attribute
-#disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso
-
-# Directory to use for lock files. Default to a temp directory
-# (string value). This setting needs to be the same for both
-# glance-scrubber and glance-api.
-#lock_path=
-
-# Property Protections config file
-# This file contains the rules for property protections and the roles/policies
-# associated with it.
-# If this config value is not specified, by default, property protections
-# won't be enforced.
-# If a value is specified and the file is not found, then the glance-api
-# service will not start.
-#property_protection_file =
-
-# Specify whether 'roles' or 'policies' are used in the
-# property_protection_file.
-# The default value for property_protection_rule_format is 'roles'.
-#property_protection_rule_format = roles
-
-# Specifies how long (in hours) a task is supposed to live in the tasks DB
-# after succeeding or failing before getting soft-deleted.
-# The default value for task_time_to_live is 48 hours.
-# task_time_to_live = 48
-
-# This value sets what strategy will be used to determine the image location
-# order. Currently two strategies are packaged with Glance 'location_order'
-# and 'store_type'.
-#location_strategy = location_order
-
-# ================= Syslog Options ============================
-
-# Send logs to syslog (/dev/log) instead of to file specified
-# by `log_file`
-#use_syslog = False
-
-# Facility to use. If unset defaults to LOG_USER.
-#syslog_log_facility = LOG_LOCAL0
-
-# ================= SSL Options ===============================
-
-# Certificate file to use when starting API server securely
-#cert_file = /path/to/certfile
-
-# Private key file to use when starting API server securely
-#key_file = /path/to/keyfile
-
-# CA certificate file to use to verify connecting clients
-#ca_file = /path/to/cafile
-
-# ================= Security Options ==========================
-
-# AES key for encrypting store 'location' metadata, including
-# -- if used -- Swift or S3 credentials
-# Should be set to a random string of length 16, 24 or 32 bytes
-#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
-
-# ============ Registry Options ===============================
-
-# Address to find the registry server
-registry_host = 0.0.0.0
-
-# Port the registry server is listening on
+workers = {{ workers }}
+registry_host = {{ internal_ip }}
registry_port = 9191
-
-# What protocol to use when connecting to the registry server?
-# Set to https for secure HTTP communication
registry_client_protocol = http
+cinder_catalog_info = volume:cinder:internalURL
-# The path to the key file to use in SSL connections to the
-# registry server, if any. Alternately, you may set the
-# GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file
-#registry_client_key_file = /path/to/key/file
+enable_v1_api = True
+enable_v1_registry = True
+enable_v2_api = True
+enable_v2_registry = True
-# The path to the cert file to use in SSL connections to the
-# registry server, if any. Alternately, you may set the
-# GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file
-#registry_client_cert_file = /path/to/cert/file
+notification_driver = messagingv2
+rpc_backend = rabbit
-# The path to the certifying authority cert file to use in SSL connections
-# to the registry server, if any. Alternately, you may set the
-# GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file
-#registry_client_ca_file = /path/to/ca/file
+delayed_delete = False
+scrubber_datadir = /var/lib/glance/scrubber
+scrub_time = 43200
+image_cache_dir = /var/lib/glance/image-cache/
+show_image_direct_url = True
-# When using SSL in connections to the registry server, do not require
-# validation via a certifying authority. This is the registry's equivalent of
-# specifying --insecure on the command line using glanceclient for the API
-# Default: False
-#registry_client_insecure = False
+[task]
+task_executor = taskflow
-# The period of time, in seconds, that the API server will wait for a registry
-# request to complete. A value of '0' implies no timeout.
-# Default: 600
-#registry_client_timeout = 600
+[database]
+backend = sqlalchemy
+connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance?charset=utf8
+idle_timeout = 30
-# Whether to automatically create the database tables.
-# Default: False
-#db_auto_create = False
+[glance_store]
+default_store = file
+stores = file,http,cinder,rbd
+filesystem_store_datadir = /var/lib/glance/images/
-# Enable DEBUG log messages from sqlalchemy which prints every database
-# query and response.
-# Default: False
-#sqlalchemy_debug = True
+[profiler]
+enabled = True
-# Pass the user's token through for API requests to the registry.
-# Default: True
-#use_user_token = True
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
+admin_tenant_name = service
+admin_user = glance
+admin_password = {{ GLANCE_PASS }}
+memcached_servers = {{ memcached_servers }}
+token_cache_time = 300
+revocation_cache_time = 60
-# If 'use_user_token' is not in effect then admin credentials
-# can be specified. Requests to the registry on behalf of
-# the API will use these credentials.
-# Admin user name
-#admin_user = None
-# Admin password
-#admin_password = None
-# Admin tenant name
-#admin_tenant_name = None
-# Keystone endpoint
-#auth_url = None
-# Keystone region
-#auth_region = None
-# Auth strategy
-#auth_strategy = keystone
+[paste_deploy]
+flavor= keystone
-# ============ Notification System Options =====================
+[oslo_messaging_amqp]
+idle_timeout = 7200
-# Notifications can be sent when images are create, updated or deleted.
-# There are three methods of sending notifications, logging (via the
-# log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid
-# message queue), or noop (no notifications sent, the default)
-# NOTE: THIS CONFIGURATION OPTION HAS BEEN DEPRECATED IN FAVOR OF `notification_driver`
-# notifier_strategy = default
-
-# Driver or drivers to handle sending notifications
-# notification_driver = noop
-
-# Default publisher_id for outgoing notifications.
-# default_publisher_id = image.localhost
-
-# Configuration options if sending notifications via rabbitmq (these are
-# the defaults)
-rabbit_host = localhost
-rabbit_port = 5672
+[oslo_messaging_rabbit]
+rabbit_hosts = {{ rabbitmq_servers }}
rabbit_use_ssl = false
-rabbit_userid = guest
-rabbit_password = guest
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
rabbit_durable_queues = False
-
-# Configuration options if sending notifications via Qpid (these are
-# the defaults)
-qpid_notification_exchange = glance
-qpid_notification_topic = notifications
-qpid_hostname = localhost
-qpid_port = 5672
-qpid_username =
-qpid_password =
-qpid_sasl_mechanisms =
-qpid_reconnect_timeout = 0
-qpid_reconnect_limit = 0
-qpid_reconnect_interval_min = 0
-qpid_reconnect_interval_max = 0
-qpid_reconnect_interval = 0
-qpid_heartbeat = 5
-# Set to 'ssl' to enable SSL
-qpid_protocol = tcp
-qpid_tcp_nodelay = True
-
-# ============ Filesystem Store Options ========================
-
-# Directory that the Filesystem backend store
-# writes image data to
-# this option has been moved to [glance_store] for Juno release
-# filesystem_store_datadir = /var/lib/glance/images/
-
-# A list of directories where image data can be stored.
-# This option may be specified multiple times for specifying multiple store
-# directories. Either one of filesystem_store_datadirs or
-# filesystem_store_datadir option is required. A priority number may be given
-# after each directory entry, separated by a ":".
-# When adding an image, the highest priority directory will be selected, unless
-# there is not enough space available in cases where the image size is already
-# known. If no priority is given, it is assumed to be zero and the directory
-# will be considered for selection last. If multiple directories have the same
-# priority, then the one with the most free space available is selected.
-# If same store is specified multiple times then BadStoreConfiguration
-# exception will be raised.
-#filesystem_store_datadirs = /var/lib/glance/images/:1
-
-# A path to a JSON file that contains metadata describing the storage
-# system. When show_multiple_locations is True the information in this
-# file will be returned with any location that is contained in this
-# store.
-#filesystem_store_metadata_file = None
-
-# ============ Swift Store Options =============================
-
-# Version of the authentication service to use
-# Valid versions are '2' for keystone and '1' for swauth and rackspace
-swift_store_auth_version = 2
-
-# Address where the Swift authentication service lives
-# Valid schemes are 'http://' and 'https://'
-# If no scheme specified, default to 'https://'
-# For swauth, use something like '127.0.0.1:8080/v1.0/'
-swift_store_auth_address = 127.0.0.1:5000/v2.0/
-
-# User to authenticate against the Swift authentication service
-# If you use Swift authentication service, set it to 'account':'user'
-# where 'account' is a Swift storage account and 'user'
-# is a user in that account
-swift_store_user = jdoe:jdoe
-
-# Auth key for the user authenticating against the
-# Swift authentication service
-swift_store_key = a86850deb2742ec3cb41518e26aa2d89
-
-# Container within the account that the account should use
-# for storing images in Swift
-swift_store_container = glance
-
-# Do we create the container if it does not exist?
-swift_store_create_container_on_put = False
-
-# What size, in MB, should Glance start chunking image files
-# and do a large object manifest in Swift? By default, this is
-# the maximum object size in Swift, which is 5GB
-swift_store_large_object_size = 5120
-
-# When doing a large object manifest, what size, in MB, should
-# Glance write chunks to Swift? This amount of data is written
-# to a temporary disk buffer during the process of chunking
-# the image file, and the default is 200MB
-swift_store_large_object_chunk_size = 200
-
-# Whether to use ServiceNET to communicate with the Swift storage servers.
-# (If you aren't RACKSPACE, leave this False!)
-#
-# To use ServiceNET for authentication, prefix hostname of
-# `swift_store_auth_address` with 'snet-'.
-# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
-swift_enable_snet = False
-
-# If set to True enables multi-tenant storage mode which causes Glance images
-# to be stored in tenant specific Swift accounts.
-#swift_store_multi_tenant = False
-
-# A list of swift ACL strings that will be applied as both read and
-# write ACLs to the containers created by Glance in multi-tenant
-# mode. This grants the specified tenants/users read and write access
-# to all newly created image objects. The standard swift ACL string
-# formats are allowed, including:
-# :
-# :
-# *:
-# Multiple ACLs can be combined using a comma separated list, for
-# example: swift_store_admin_tenants = service:glance,*:admin
-#swift_store_admin_tenants =
-
-# The region of the swift endpoint to be used for single tenant. This setting
-# is only necessary if the tenant has multiple swift endpoints.
-#swift_store_region =
-
-# If set to False, disables SSL layer compression of https swift requests.
-# Setting to 'False' may improve performance for images which are already
-# in a compressed format, eg qcow2. If set to True, enables SSL layer
-# compression (provided it is supported by the target swift proxy).
-#swift_store_ssl_compression = True
-
-# The number of times a Swift download will be retried before the
-# request fails
-#swift_store_retry_get_count = 0
-
-# ============ S3 Store Options =============================
-
-# Address where the S3 authentication service lives
-# Valid schemes are 'http://' and 'https://'
-# If no scheme specified, default to 'http://'
-s3_store_host = 127.0.0.1:8080/v1.0/
-
-# User to authenticate against the S3 authentication service
-s3_store_access_key = <20-char AWS access key>
-
-# Auth key for the user authenticating against the
-# S3 authentication service
-s3_store_secret_key = <40-char AWS secret key>
-
-# Container within the account that the account should use
-# for storing images in S3. Note that S3 has a flat namespace,
-# so you need a unique bucket name for your glance images. An
-# easy way to do this is append your AWS access key to "glance".
-# S3 buckets in AWS *must* be lowercased, so remember to lowercase
-# your AWS access key if you use it in your bucket name below!
-s3_store_bucket = glance
-
-# Do we create the bucket if it does not exist?
-s3_store_create_bucket_on_put = False
-
-# When sending images to S3, the data will first be written to a
-# temporary buffer on disk. By default the platform's temporary directory
-# will be used. If required, an alternative directory can be specified here.
-#s3_store_object_buffer_dir = /path/to/dir
-
-# When forming a bucket url, boto will either set the bucket name as the
-# subdomain or as the first token of the path. Amazon's S3 service will
-# accept it as the subdomain, but Swift's S3 middleware requires it be
-# in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'.
-#s3_store_bucket_url_format = subdomain
-
-# ============ RBD Store Options =============================
-
-# Ceph configuration file path
-# If using cephx authentication, this file should
-# include a reference to the right keyring
-# in a client. section
-#rbd_store_ceph_conf = /etc/ceph/ceph.conf
-
-# RADOS user to authenticate as (only applicable if using cephx)
-# If , a default will be chosen based on the client. section
-# in rbd_store_ceph_conf
-#rbd_store_user =
-
-# RADOS pool in which images are stored
-#rbd_store_pool = images
-
-# RADOS images will be chunked into objects of this size (in megabytes).
-# For best performance, this should be a power of two
-#rbd_store_chunk_size = 8
-
-# ============ Sheepdog Store Options =============================
-
-sheepdog_store_address = localhost
-
-sheepdog_store_port = 7000
-
-# Images will be chunked into objects of this size (in megabytes).
-# For best performance, this should be a power of two
-sheepdog_store_chunk_size = 64
-
-# ============ Cinder Store Options ===============================
-
-# Info to match when looking for cinder in the service catalog
-# Format is : separated values of the form:
-# :: (string value)
-#cinder_catalog_info = volume:cinder:publicURL
-
-# Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
-#cinder_endpoint_template =
-
-# Region name of this node (string value)
-#os_region_name =
-
-# Location of ca certicates file to use for cinder client requests
-# (string value)
-#cinder_ca_certificates_file =
-
-# Number of cinderclient retries on failed http calls (integer value)
-#cinder_http_retries = 3
-
-# Allow to perform insecure SSL requests to cinder (boolean value)
-#cinder_api_insecure = False
-
-# ============ VMware Datastore Store Options =====================
-
-# ESX/ESXi or vCenter Server target system.
-# The server value can be an IP address or a DNS name
-# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
-#vmware_server_host =
-
-# Server username (string value)
-#vmware_server_username =
-
-# Server password (string value)
-#vmware_server_password =
-
-# Inventory path to a datacenter (string value)
-# Value optional when vmware_server_ip is an ESX/ESXi host: if specified
-# should be `ha-datacenter`.
-#vmware_datacenter_path =
-
-# Datastore associated with the datacenter (string value)
-#vmware_datastore_name =
-
-# The number of times we retry on failures
-# e.g., socket error, etc (integer value)
-#vmware_api_retry_count = 10
-
-# The interval used for polling remote tasks
-# invoked on VMware ESX/VC server in seconds (integer value)
-#vmware_task_poll_interval = 5
-
-# Absolute path of the folder containing the images in the datastore
-# (string value)
-#vmware_store_image_dir = /openstack_glance
-
-# Allow to perform insecure SSL requests to the target system (boolean value)
-#vmware_api_insecure = False
-
-# ============ Delayed Delete Options =============================
-
-# Turn on/off delayed delete
-delayed_delete = False
-
-# Delayed delete time in seconds
-scrub_time = 43200
-
-# Directory that the scrubber will use to remind itself of what to delete
-# Make sure this is also set in glance-scrubber.conf
-scrubber_datadir = /var/lib/glance/scrubber
-
-# =============== Quota Options ==================================
-
-# The maximum number of image members allowed per image
-#image_member_quota = 128
-
-# The maximum number of image properties allowed per image
-#image_property_quota = 128
-
-# The maximum number of tags allowed per image
-#image_tag_quota = 128
-
-# The maximum number of locations allowed per image
-#image_location_quota = 10
-
-# Set a system wide quota for every user. This value is the total number
-# of bytes that a user can use across all storage systems. A value of
-# 0 means unlimited.
-#user_storage_quota = 0
-
-# =============== Image Cache Options =============================
-
-# Base directory that the Image Cache uses
-image_cache_dir = /var/lib/glance/image-cache/
-
-# =============== Manager Options =================================
-
-# DEPRECATED. TO BE REMOVED IN THE JUNO RELEASE.
-# Whether or not to enforce that all DB tables have charset utf8.
-# If your database tables do not have charset utf8 you will
-# need to convert before this option is removed. This option is
-# only relevant if your database engine is MySQL.
-#db_enforce_mysql_charset = True
-
-# =============== Glance Store ====================================
-[glance_store]
-# Moved from [DEFAULT], for Juno release
-default_store = file
-filesystem_store_datadir = /var/lib/glance/images/
-
-# =============== Database Options =================================
-
-[database]
-# The file name to use with SQLite (string value)
-sqlite_db = /var/lib/glance/glance.sqlite
-
-# If True, SQLite uses synchronous mode (boolean value)
-#sqlite_synchronous = True
-
-# The backend to use for db (string value)
-# Deprecated group/name - [DEFAULT]/db_backend
-backend = sqlalchemy
-
-# The SQLAlchemy connection string used to connect to the
-# database (string value)
-# Deprecated group/name - [DEFAULT]/sql_connection
-# Deprecated group/name - [DATABASE]/sql_connection
-# Deprecated group/name - [sql]/connection
-#connection =
-connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance
-
-# The SQL mode to be used for MySQL sessions. This option,
-# including the default, overrides any server-set SQL mode. To
-# use whatever SQL mode is set by the server configuration,
-# set this to no value. Example: mysql_sql_mode= (string
-# value)
-#mysql_sql_mode = TRADITIONAL
-
-# Timeout before idle sql connections are reaped (integer
-# value)
-# Deprecated group/name - [DEFAULT]/sql_idle_timeout
-# Deprecated group/name - [DATABASE]/sql_idle_timeout
-# Deprecated group/name - [sql]/idle_timeout
-#idle_timeout = 3600
-
-# Minimum number of SQL connections to keep open in a pool
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_min_pool_size
-# Deprecated group/name - [DATABASE]/sql_min_pool_size
-#min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_pool_size
-# Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size =
-
-# Maximum db connection retries during startup. (setting -1
-# implies an infinite retry count) (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_retries
-# Deprecated group/name - [DATABASE]/sql_max_retries
-#max_retries = 10
-
-# Interval between retries of opening a sql connection
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_retry_interval
-# Deprecated group/name - [DATABASE]/reconnect_interval
-#retry_interval = 10
-
-# If set, use this value for max_overflow with sqlalchemy
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_overflow
-# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow =
-
-# Verbosity of SQL debugging information. 0=None,
-# 100=Everything (integer value)
-# Deprecated group/name - [DEFAULT]/sql_connection_debug
-#connection_debug = 0
-
-# Add python stack traces to SQL as comment strings (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/sql_connection_trace
-#connection_trace = False
-
-# If set, use this value for pool_timeout with sqlalchemy
-# (integer value)
-# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
-#pool_timeout =
-
-# Enable the experimental use of database reconnect on
-# connection lost (boolean value)
-#use_db_reconnect = False
-
-# seconds between db connection retries (integer value)
-#db_retry_interval = 1
-
-# Whether to increase interval between db connection retries,
-# up to db_max_retry_interval (boolean value)
-#db_inc_retry_interval = True
-
-# max seconds between db connection retries, if
-# db_inc_retry_interval is enabled (integer value)
-#db_max_retry_interval = 10
-
-# maximum db connection retries before error is raised.
-# (setting -1 implies an infinite retry count) (integer value)
-#db_max_retries = 20
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = glance
-admin_password = {{ GLANCE_PASS }}
-
-[paste_deploy]
-# Name of the paste configuration file that defines the available pipelines
-#config_file = glance-api-paste.ini
-
-# Partial name of a pipeline in your paste configuration file with the
-# service name removed. For example, if your paste section name is
-# [pipeline:glance-api-keystone], you would configure the flavor below
-# as 'keystone'.
-flavor= keystone
-
-[store_type_location_strategy]
-# The scheme list to use to get store preference order. The scheme must be
-# registered by one of the stores defined by the 'known_stores' config option.
-# This option will be applied when you using 'store_type' option as image
-# location strategy defined by the 'location_strategy' config option.
-#store_type_preference =
diff --git a/ansible/roles/glance/templates/glance-registry.conf b/ansible/roles/glance/templates/glance-registry.conf
index 1c1c651..8453b96 100644
--- a/ansible/roles/glance/templates/glance-registry.conf
+++ b/ansible/roles/glance/templates/glance-registry.conf
@@ -1,190 +1,56 @@
+{% set workers = ansible_processor_vcpus // 2 %}
+{% set workers = workers if workers else 1 %}
+{% set memcached_servers = [] %}
+{% set rabbitmq_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% set _ = rabbitmq_servers.append('%s:5672'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+{% set rabbitmq_servers = rabbitmq_servers|join(',') %}
+
[DEFAULT]
-# Show more verbose log output (sets INFO log level output)
-#verbose = False
-
-# Show debugging output in logs (sets DEBUG log level output)
-#debug = False
-
-# Address to bind the registry server
-bind_host = 0.0.0.0
-
-# Port the bind the registry server to
+verbose = {{ VERBOSE }}
+debug = {{ DEBUG }}
+log_file = /var/log/glance/api.log
+bind_host = {{ image_host }}
bind_port = 9191
-
-# Log to this file. Make sure you do not set the same log file for both the API
-# and registry servers!
-#
-# If `log_file` is omitted and `use_syslog` is false, then log messages are
-# sent to stdout as a fallback.
-log_file = /var/log/glance/registry.log
-
-# Backlog requests when creating socket
backlog = 4096
+workers = {{ workers }}
-# TCP_KEEPIDLE value in seconds when creating socket.
-# Not supported on OS X.
-#tcp_keepidle = 600
-
-# API to use for accessing data. Default value points to sqlalchemy
-# package.
-#data_api = glance.db.sqlalchemy.api
-
-# Enable Registry API versions individually or simultaneously
-#enable_v1_registry = True
-#enable_v2_registry = True
-
-# Limit the api to return `param_limit_max` items in a call to a container. If
-# a larger `limit` query param is provided, it will be reduced to this value.
-api_limit_max = 1000
-
-# If a `limit` query param is not provided in an api request, it will
-# default to `limit_param_default`
-limit_param_default = 25
-
-# Role used to identify an authenticated user as administrator
-#admin_role = admin
-
-# Whether to automatically create the database tables.
-# Default: False
-#db_auto_create = False
-
-# Enable DEBUG log messages from sqlalchemy which prints every database
-# query and response.
-# Default: False
-#sqlalchemy_debug = True
-
-# ================= Syslog Options ============================
-
-# Send logs to syslog (/dev/log) instead of to file specified
-# by `log_file`
-#use_syslog = False
-
-# Facility to use. If unset defaults to LOG_USER.
-#syslog_log_facility = LOG_LOCAL1
-
-# ================= SSL Options ===============================
-
-# Certificate file to use when starting registry server securely
-#cert_file = /path/to/certfile
-
-# Private key file to use when starting registry server securely
-#key_file = /path/to/keyfile
-
-# CA certificate file to use to verify connecting clients
-#ca_file = /path/to/cafile
-
-# ================= Database Options ==========================
+notification_driver = messagingv2
+rpc_backend = rabbit
[database]
-# The file name to use with SQLite (string value)
-sqlite_db = /var/lib/glance/glance.sqlite
-
-# If True, SQLite uses synchronous mode (boolean value)
-#sqlite_synchronous = True
-
-# The backend to use for db (string value)
-# Deprecated group/name - [DEFAULT]/db_backend
backend = sqlalchemy
+connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance?charset=utf8
+idle_timeout = 30
-# The SQLAlchemy connection string used to connect to the
-# database (string value)
-# Deprecated group/name - [DEFAULT]/sql_connection
-# Deprecated group/name - [DATABASE]/sql_connection
-# Deprecated group/name - [sql]/connection
-#connection =
-connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance
-
-# The SQL mode to be used for MySQL sessions. This option,
-# including the default, overrides any server-set SQL mode. To
-# use whatever SQL mode is set by the server configuration,
-# set this to no value. Example: mysql_sql_mode= (string
-# value)
-#mysql_sql_mode = TRADITIONAL
-
-# Timeout before idle sql connections are reaped (integer
-# value)
-# Deprecated group/name - [DEFAULT]/sql_idle_timeout
-# Deprecated group/name - [DATABASE]/sql_idle_timeout
-# Deprecated group/name - [sql]/idle_timeout
-#idle_timeout = 3600
-
-# Minimum number of SQL connections to keep open in a pool
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_min_pool_size
-# Deprecated group/name - [DATABASE]/sql_min_pool_size
-#min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_pool_size
-# Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size =
-
-# Maximum db connection retries during startup. (setting -1
-# implies an infinite retry count) (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_retries
-# Deprecated group/name - [DATABASE]/sql_max_retries
-#max_retries = 10
-
-# Interval between retries of opening a sql connection
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_retry_interval
-# Deprecated group/name - [DATABASE]/reconnect_interval
-#retry_interval = 10
-
-# If set, use this value for max_overflow with sqlalchemy
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_overflow
-# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow =
-
-# Verbosity of SQL debugging information. 0=None,
-# 100=Everything (integer value)
-# Deprecated group/name - [DEFAULT]/sql_connection_debug
-#connection_debug = 0
-
-# Add python stack traces to SQL as comment strings (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/sql_connection_trace
-#connection_trace = False
-
-# If set, use this value for pool_timeout with sqlalchemy
-# (integer value)
-# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
-#pool_timeout =
-
-# Enable the experimental use of database reconnect on
-# connection lost (boolean value)
-#use_db_reconnect = False
-
-# seconds between db connection retries (integer value)
-#db_retry_interval = 1
-
-# Whether to increase interval between db connection retries,
-# up to db_max_retry_interval (boolean value)
-#db_inc_retry_interval = True
-
-# max seconds between db connection retries, if
-# db_inc_retry_interval is enabled (integer value)
-#db_max_retry_interval = 10
-
-# maximum db connection retries before error is raised.
-# (setting -1 implies an infinite retry count) (integer value)
-#db_max_retries = 20
+[profiler]
+enabled = True
[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
admin_tenant_name = service
admin_user = glance
admin_password = {{ GLANCE_PASS }}
+memcached_servers = {{ memcached_servers }}
+token_cache_time = 300
+revocation_cache_time = 60
[paste_deploy]
-# Name of the paste configuration file that defines the available pipelines
-#config_file = glance-registry-paste.ini
-
-# Partial name of a pipeline in your paste configuration file with the
-# service name removed. For example, if your paste section name is
-# [pipeline:glance-registry-keystone], you would configure the flavor below
-# as 'keystone'.
flavor= keystone
+
+[oslo_messaging_amqp]
+idle_timeout = 7200
+
+[oslo_messaging_rabbit]
+rabbit_hosts = {{ rabbitmq_servers }}
+rabbit_use_ssl = false
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+rabbit_virtual_host = /
+rabbit_notification_exchange = glance
+rabbit_notification_topic = notifications
+rabbit_durable_queues = False
diff --git a/ansible/roles/glance/templates/image_upload.sh b/ansible/roles/glance/templates/image_upload.sh
index 31b32b7..39cf927 100644
--- a/ansible/roles/glance/templates/image_upload.sh
+++ b/ansible/roles/glance/templates/image_upload.sh
@@ -1,2 +1,10 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
sleep 10
-glance --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 image-create --name="cirros" --disk-format=qcow2 --container-format=bare --is-public=true < /opt/{{ build_in_image_name }} && touch glance.import.completed
+glance --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ internal_vip.ip }}:35357/v2.0 image-create --name="cirros" --disk-format=qcow2 --container-format=bare --is-public=true < /opt/{{ build_in_image_name }} && touch glance.import.completed
diff --git a/ansible/roles/glance/vars/Debian.yml b/ansible/roles/glance/vars/Debian.yml
new file mode 100644
index 0000000..b5b4b6c
--- /dev/null
+++ b/ansible/roles/glance/vars/Debian.yml
@@ -0,0 +1,18 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - glance
+ - nfs-common
+
+nfs_services: []
+
+services:
+ - glance-registry
+ - glance-api
diff --git a/ansible/roles/glance/vars/RedHat.yml b/ansible/roles/glance/vars/RedHat.yml
new file mode 100644
index 0000000..517f347
--- /dev/null
+++ b/ansible/roles/glance/vars/RedHat.yml
@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openstack-glance
+ - rpcbind
+
+nfs_services:
+ - rpcbind
+
+services:
+ - openstack-glance-api
+ - openstack-glance-registry
diff --git a/ansible/roles/glance/vars/main.yml b/ansible/roles/glance/vars/main.yml
new file mode 100644
index 0000000..d34d42f
--- /dev/null
+++ b/ansible/roles/glance/vars/main.yml
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - python-glanceclient
+
+services_noarch: []
diff --git a/ansible/roles/ha/files/galera_chk b/ansible/roles/ha/files/galera_chk
new file mode 100644
index 0000000..9fd165c
--- /dev/null
+++ b/ansible/roles/ha/files/galera_chk
@@ -0,0 +1,10 @@
+#! /bin/sh
+
+code=`mysql -uroot -e "show status" | awk '/Threads_running/{print $2}'`
+
+if [ "$code"=="1" ]
+then
+ echo "HTTP/1.1 200 OK\r\n"
+else
+ echo "HTTP/1.1 503 Service Unavailable\r\n"
+fi
diff --git a/ansible/roles/ha/files/mysqlchk b/ansible/roles/ha/files/mysqlchk
new file mode 100644
index 0000000..7c5eaad
--- /dev/null
+++ b/ansible/roles/ha/files/mysqlchk
@@ -0,0 +1,15 @@
+# default: off
+# description: An xinetd internal service which echo's characters back to
+# clients.
+# This is the tcp version.
+service mysqlchk
+{
+ disable = no
+ flags = REUSE
+ socket_type = stream
+ protocol = tcp
+ user = root
+ wait = no
+ server = /usr/local/bin/galera_chk
+ port = 9200
+}
diff --git a/ansible/roles/ha/handlers/main.yml b/ansible/roles/ha/handlers/main.yml
new file mode 100644
index 0000000..34d7a57
--- /dev/null
+++ b/ansible/roles/ha/handlers/main.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart haproxy
+ service: name=haproxy state=restarted enabled=yes
+
+- name: restart xinetd
+ service: name=xinetd state=restarted enabled=yes
+
+- name: restart keepalived
+ service: name=keepalived state=restarted enabled=yes
diff --git a/ansible/roles/ha/tasks/main.yml b/ansible/roles/ha/tasks/main.yml
new file mode 100644
index 0000000..1a4c8ba
--- /dev/null
+++ b/ansible/roles/ha/tasks/main.yml
@@ -0,0 +1,96 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install keepalived xinet haproxy
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: generate ha service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: install pexpect
+ pip: name=pexpect state=present extra_args='--pre'
+
+- name: activate ip_nonlocal_bind
+ sysctl: name=net.ipv4.ip_nonlocal_bind value=1
+ state=present reload=yes
+
+- name: set net.ipv4.tcp_keepalive_intvl
+ sysctl: name=net.ipv4.tcp_keepalive_intvl value=1
+ state=present reload=yes
+
+- name: set net.ipv4.tcp_keepalive_probes
+ sysctl: name=net.ipv4.tcp_keepalive_probes value=5
+ state=present reload=yes
+
+- name: set net.ipv4.tcp_keepalive_time
+ sysctl: name=net.ipv4.tcp_keepalive_time value=5
+ state=present reload=yes
+
+- name: update haproxy cfg
+ template: src=haproxy.cfg dest=/etc/haproxy/haproxy.cfg
+ notify: restart haproxy
+
+- name: set haproxy enable flag
+ lineinfile: dest=/etc/default/haproxy state=present
+ regexp="ENABLED=*"
+ line="ENABLED=1"
+ notify: restart haproxy
+ when: ansible_os_family == "Debian"
+
+- name: set haproxy log
+ lineinfile: dest=/etc/rsyslog.conf state=present
+ regexp="local0.* /var/log/haproxy.log"
+ line="local0.* /var/log/haproxy.log"
+
+- name: set rsyslog udp module
+ lineinfile: dest=/etc/rsyslog.conf state=present
+ regexp="^#$ModLoad imudp"
+ line="$ModLoad imudp"
+
+- name: set rsyslog udp port
+ lineinfile: dest=/etc/rsyslog.conf state=present
+ regexp="^#$UDPServerRun 514"
+ line="$UDPServerRun 514"
+
+- name: copy galera_chk file
+ copy: src=galera_chk dest=/usr/local/bin/galera_chk mode=0777
+
+- name: add network service
+ lineinfile: dest=/etc/services state=present
+ line="mysqlchk 9200/tcp"
+ insertafter="Local services"
+ notify: restart xinetd
+
+- name: copy mysqlchk file
+ copy: src=mysqlchk dest=/etc/xinetd.d/mysqlchk mode=0777
+ notify: restart xinetd
+
+- name: set keepalived start param
+ lineinfile: dest=/etc/default/keepalived state=present
+ regexp="^DAEMON_ARGS=*"
+ line="DAEMON_ARGS=\"-D -d -S 1\""
+ when: ansible_os_family == "Debian"
+
+- name: set keepalived log
+ lineinfile: dest=/etc/rsyslog.conf state=present
+ regexp="local1.* /var/log/keepalived.log"
+ line="local1.* /var/log/keepalived.log"
+
+- name: update keepalived info
+ template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf
+ notify: restart keepalived
+
+- name: restart rsyslog
+ shell: service rsyslog restart
+
+- meta: flush_handlers
diff --git a/ansible/roles/ha/templates/haproxy.cfg b/ansible/roles/ha/templates/haproxy.cfg
new file mode 100644
index 0000000..222b556
--- /dev/null
+++ b/ansible/roles/ha/templates/haproxy.cfg
@@ -0,0 +1,206 @@
+
+global
+ #chroot /var/run/haproxy
+ daemon
+ user haproxy
+ group haproxy
+ maxconn 4000
+ pidfile /var/run/haproxy/haproxy.pid
+ #log 127.0.0.1 local0
+ tune.bufsize 1000000
+ stats socket /var/run/haproxy.sock
+ stats timeout 2m
+
+defaults
+ log global
+ maxconn 8000
+ option redispatch
+ option dontlognull
+ option splice-auto
+ timeout http-request 10s
+ timeout queue 1m
+ timeout connect 10s
+ timeout client 50s
+ timeout server 50s
+ timeout check 10s
+ retries 3
+
+listen proxy-mysql
+ bind {{ internal_vip.ip }}:3306
+ option tcpka
+ option tcplog
+ balance source
+{% for host, ip in haproxy_hosts.items() %}
+{% if loop.index == 1 %}
+ server {{ host }} {{ ip }}:3306 weight 1 check inter 2000 rise 2 fall 5
+{% else %}
+ server {{ host }} {{ ip }}:3306 weight 1 check inter 2000 rise 2 fall 5 backup
+{% endif %}
+{% endfor %}
+
+listen proxy-rabbit
+ bind {{ internal_vip.ip }}:5672
+ bind {{ public_vip.ip }}:5672
+
+ option tcpka
+ option tcplog
+ timeout client 3h
+ timeout server 3h
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:5672 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-glance_registry_cluster
+ bind {{ internal_vip.ip }}:9191
+ bind {{ public_vip.ip }}:9191
+ option tcpka
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:9191 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-glance_api_cluster
+ bind {{ internal_vip.ip }}:9292
+ bind {{ public_vip.ip }}:9292
+ option tcpka
+ option tcplog
+ option httpchk
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:9292 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-nova-novncproxy
+ bind {{ internal_vip.ip }}:6080
+ bind {{ public_vip.ip }}:6080
+ option tcpka
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:6080 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-network
+ bind {{ internal_vip.ip }}:9696
+ bind {{ public_vip.ip }}:9696
+ option tcpka
+ option tcplog
+ balance source
+ option httpchk
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:9696 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-volume
+ bind {{ internal_vip.ip }}:8776
+ bind {{ public_vip.ip }}:8776
+ option tcpka
+ option httpchk
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8776 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-keystone_admin_cluster
+ bind {{ internal_vip.ip }}:35357
+ bind {{ public_vip.ip }}:35357
+ option tcpka
+ option httpchk
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:35357 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-keystone_public_internal_cluster
+ bind {{ internal_vip.ip }}:5000
+ bind {{ public_vip.ip }}:5000
+ option tcpka
+ option httpchk
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:5000 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-nova_compute_api_cluster
+ bind {{ internal_vip.ip }}:8774
+ bind {{ public_vip.ip }}:8774
+ mode tcp
+ option httpchk
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8774 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-nova_metadata_api_cluster
+ bind {{ internal_vip.ip }}:8775
+ bind {{ public_vip.ip }}:8775
+ option tcpka
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8775 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-cinder_api_cluster
+ bind {{ internal_vip.ip }}:8776
+ bind {{ public_vip.ip }}:8776
+ mode tcp
+ option httpchk
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8776 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-ceilometer_api_cluster
+ bind {{ internal_vip.ip }}:8777
+ bind {{ public_vip.ip }}:8777
+ mode tcp
+ option tcp-check
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8777 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-aodh_api_cluster
+ bind {{ internal_vip.ip }}:8042
+ bind {{ public_vip.ip }}:8042
+ mode tcp
+ option tcp-check
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8042 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen proxy-dashboarad
+ bind {{ public_vip.ip }}:80
+ mode http
+ balance source
+ capture cookie vgnvisitor= len 32
+ cookie SERVERID insert indirect nocache
+ option forwardfor
+ option httpchk
+ option httpclose
+ rspidel ^Set-cookie:\ IP=
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:80 cookie {{ host }} weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen stats
+ mode http
+ bind 0.0.0.0:9999
+ stats enable
+ stats refresh 30s
+ stats uri /
+ stats realm Global\ statistics
+ stats auth admin:admin
+
+
diff --git a/ansible/roles/ha/templates/keepalived.conf b/ansible/roles/ha/templates/keepalived.conf
new file mode 100644
index 0000000..c2af86b
--- /dev/null
+++ b/ansible/roles/ha/templates/keepalived.conf
@@ -0,0 +1,47 @@
+global_defs {
+ router_id {{ inventory_hostname }}
+}
+
+vrrp_sync_group VG1 {
+ group {
+ internal_vip
+ public_vip
+ }
+}
+
+vrrp_instance internal_vip {
+ interface {{ internal_vip.interface }}
+ virtual_router_id {{ vrouter_id_internal }}
+ state BACKUP
+ nopreempt
+ advert_int 1
+ priority {{ 50 + (host_index[inventory_hostname] * 50) }}
+
+ authentication {
+ auth_type PASS
+ auth_pass 1234
+ }
+
+ virtual_ipaddress {
+ {{ internal_vip.ip }}/{{ internal_vip.netmask }} dev {{ internal_vip.interface }}
+ }
+}
+
+vrrp_instance public_vip {
+ interface {{ network_cfg.public_vip.interface }}
+ virtual_router_id {{ vrouter_id_public }}
+ state BACKUP
+ nopreempt
+ advert_int 1
+ priority {{ 50 + (host_index[inventory_hostname] * 50) }}
+
+ authentication {
+ auth_type PASS
+ auth_pass 4321
+ }
+
+ virtual_ipaddress {
+ {{ network_cfg.public_vip.ip }}/{{ network_cfg.public_vip.netmask }} dev {{ network_cfg.public_vip.interface }}
+ }
+
+}
diff --git a/ansible/roles/ha/vars/Debian.yml b/ansible/roles/ha/vars/Debian.yml
new file mode 100644
index 0000000..b9f46bd
--- /dev/null
+++ b/ansible/roles/ha/vars/Debian.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+services: []
+packages: []
diff --git a/ansible/roles/ha/vars/RedHat.yml b/ansible/roles/ha/vars/RedHat.yml
new file mode 100644
index 0000000..b9f46bd
--- /dev/null
+++ b/ansible/roles/ha/vars/RedHat.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+services: []
+packages: []
diff --git a/ansible/roles/ha/vars/main.yml b/ansible/roles/ha/vars/main.yml
new file mode 100644
index 0000000..bd73969
--- /dev/null
+++ b/ansible/roles/ha/vars/main.yml
@@ -0,0 +1,18 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - keepalived
+ - xinetd
+ - haproxy
+
+services_noarch:
+ - keepalived
+ - xinetd
+ - haproxy
diff --git a/ansible/roles/heat/handlers/main.yml b/ansible/roles/heat/handlers/main.yml
new file mode 100644
index 0000000..6cc567f
--- /dev/null
+++ b/ansible/roles/heat/handlers/main.yml
@@ -0,0 +1,16 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart heat service
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
+
+- name: remove heat-sqlite-db
+ shell: rm /var/lib/heat/heat.sqlite || touch heat.sqlite.db.removed
+
diff --git a/ansible/roles/heat/tasks/heat_config.yml b/ansible/roles/heat/tasks/heat_config.yml
new file mode 100644
index 0000000..a24e2f8
--- /dev/null
+++ b/ansible/roles/heat/tasks/heat_config.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: heat db sync
+ shell: su -s /bin/sh -c "heat-manage db_sync" heat
+ ignore_errors: True
+ notify:
+ - restart heat service
+
+- meta: flush_handlers
+
diff --git a/ansible/roles/heat/tasks/heat_install.yml b/ansible/roles/heat/tasks/heat_install.yml
new file mode 100644
index 0000000..1fbada8
--- /dev/null
+++ b/ansible/roles/heat/tasks/heat_install.yml
@@ -0,0 +1,27 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install heat related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: generate heat service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: update heat conf
+ template: src=heat.j2
+ dest=/etc/heat/heat.conf
+ backup=yes
+ notify:
+ - restart heat service
+ - remove heat-sqlite-db
+
diff --git a/ansible/roles/heat/tasks/main.yml b/ansible/roles/heat/tasks/main.yml
new file mode 100644
index 0000000..886907e
--- /dev/null
+++ b/ansible/roles/heat/tasks/main.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include: heat_install.yml
+ tags:
+ - install
+ - heat_install
+ - heat
+
+- include: heat_config.yml
+ when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == ''
+ tags:
+ - config
+ - heat_config
+ - heat
+
+- meta: flush_handlers
diff --git a/ansible/roles/heat/templates/heat.j2 b/ansible/roles/heat/templates/heat.j2
new file mode 100644
index 0000000..aec6b2e
--- /dev/null
+++ b/ansible/roles/heat/templates/heat.j2
@@ -0,0 +1,25 @@
+[DEFAULT]
+heat_metadata_server_url = http://{{ internal_vip.ip }}:8000
+heat_waitcondition_server_url = http://{{ internal_vip.ip }}:8000/v1/waitcondition
+rpc_backend = rabbit
+rabbit_host = {{ rabbit_host }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+log_dir = /var/log/heat
+
+[database]
+connection = mysql://heat:{{ HEAT_DBPASS }}@{{ db_host }}/heat
+idle_timeout = 30
+use_db_reconnect = True
+pool_timeout = 10
+
+[ec2authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
+admin_tenant_name = service
+admin_user = heat
+admin_password = {{ HEAT_PASS }}
+
diff --git a/ansible/roles/heat/vars/Debian.yml b/ansible/roles/heat/vars/Debian.yml
new file mode 100644
index 0000000..64608ca
--- /dev/null
+++ b/ansible/roles/heat/vars/Debian.yml
@@ -0,0 +1,20 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - heat-api
+ - heat-api-cfn
+ - heat-engine
+ - python-heatclient
+
+services:
+ - heat-api
+ - heat-api-cfn
+ - heat-engine
+
diff --git a/ansible/roles/heat/vars/RedHat.yml b/ansible/roles/heat/vars/RedHat.yml
new file mode 100644
index 0000000..680b161
--- /dev/null
+++ b/ansible/roles/heat/vars/RedHat.yml
@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+services:
+ - openstack-heat-api
+ - openstack-heat-api-cfn
+ - openstack-heat-engine
+
+packages:
+ - openstack-heat-api
+ - openstack-heat-api-cfn
+ - openstack-heat-engine
+ - python-heatclient
diff --git a/ansible/roles/heat/vars/main.yml b/ansible/roles/heat/vars/main.yml
new file mode 100644
index 0000000..7f867d2
--- /dev/null
+++ b/ansible/roles/heat/vars/main.yml
@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch: []
+
diff --git a/ansible/roles/keystone/handlers/main.yml b/ansible/roles/keystone/handlers/main.yml
old mode 100644
new mode 100755
index ca8afc8..608a8a0
--- a/ansible/roles/keystone/handlers/main.yml
+++ b/ansible/roles/keystone/handlers/main.yml
@@ -1,3 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: restart keystone
- service: name=keystone state=restarted
+- name: restart keystone services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/ansible/roles/keystone/tasks/keystone_config.yml b/ansible/roles/keystone/tasks/keystone_config.yml
new file mode 100644
index 0000000..574ebab
--- /dev/null
+++ b/ansible/roles/keystone/tasks/keystone_config.yml
@@ -0,0 +1,61 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: keystone-manage db-sync
+ #keystone_manage: action=dbsync
+ shell: su -s /bin/sh -c 'keystone-manage db_sync' keystone
+
+- name: wait for keystone ready
+ wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }}
+
+- name: cron job to purge expired tokens hourly
+ cron:
+ name: 'purge expired tokens'
+ special_time: hourly
+ job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1'
+
+- name: add tenants
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ tenant: "{{ item.tenant }}"
+ tenant_description: "{{ item.tenant_description }}"
+ with_items: "{{ os_users }}"
+
+- name: add users
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ user: "{{ item.user }}"
+ tenant: "{{ item.tenant }}"
+ password: "{{ item.password }}"
+ email: "{{ item.email }}"
+ with_items: "{{ os_users }}"
+
+- name: grant roles
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ user: "{{ item.user }}"
+ role: "{{ item.role }}"
+ tenant: "{{ item.tenant }}"
+ with_items: "{{ os_users }}"
+
+- name: add endpoints
+ keystone_service:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ name: "{{ item.name }}"
+ type: "{{ item.type }}"
+ region: "{{ item.region}}"
+ description: "{{ item.description }}"
+ publicurl: "{{ item.publicurl }}"
+ internalurl: "{{ item.internalurl }}"
+ adminurl: "{{ item.adminurl }}"
+ with_items: "{{ os_services }}"
diff --git a/ansible/roles/keystone/tasks/keystone_install.yml b/ansible/roles/keystone/tasks/keystone_install.yml
new file mode 100644
index 0000000..ffae8ff
--- /dev/null
+++ b/ansible/roles/keystone/tasks/keystone_install.yml
@@ -0,0 +1,87 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install keystone packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: generate keystone service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: delete sqlite database
+ file:
+ path: /var/lib/keystone/keystone.db
+ state: absent
+
+- name: update keystone conf
+ template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes
+ notify:
+ - restart keystone services
+
+- name: assure listen port exist
+ lineinfile:
+ dest: '{{ apache_config_dir }}/ports.conf'
+ regexp: '{{ item.regexp }}'
+ line: '{{ item.line}}'
+ with_items:
+ - regexp: "^Listen {{ internal_ip }}:5000"
+ line: "Listen {{ internal_ip }}:5000"
+ - regexp: "^Listen {{ internal_ip }}:35357"
+ line: "Listen {{ internal_ip }}:35357"
+ notify:
+ - restart keystone services
+
+- name: update apache2 configs
+ template:
+ src: wsgi-keystone.conf.j2
+ dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart keystone services
+
+- name: update apache2 configs
+ template:
+ src: wsgi-keystone.conf.j2
+ dest: '{{ apache_config_dir }}/wsgi-keystone.conf'
+ when: ansible_os_family == 'RedHat'
+ notify:
+ - restart keystone services
+
+- name: enable keystone server
+ file:
+ src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf"
+ dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf"
+ state: "link"
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart keystone services
+
+- name: keystone source files
+ template: src={{ item }} dest=/opt/{{ item }}
+ with_items:
+ - admin-openrc.sh
+ - demo-openrc.sh
+
+- meta: flush_handlers
diff --git a/ansible/roles/keystone/tasks/main.yml b/ansible/roles/keystone/tasks/main.yml
index a1a02be..21939fa 100644
--- a/ansible/roles/keystone/tasks/main.yml
+++ b/ansible/roles/keystone/tasks/main.yml
@@ -1,36 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: install keystone packages
- apt: name=keystone state=present force=yes
+- include: keystone_install.yml
+ tags:
+ - install
+ - keystone_install
+ - keystone
-- name: update keystone conf
- template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes
- notify: restart keystone
+- include: keystone_config.yml
+ when: inventory_hostname == groups['controller'][0]
+ tags:
+ - config
+ - keystone_config
+ - keystone
-- name: delete sqlite database
- shell: rm /var/lib/keystone/keystone.db || echo sqllite database already removed
-
-- name: manually stop keystone once
- service: name=keystone state=stopped
-
-- name: keystone-manage db-sync
- shell: su -s /bin/sh -c "keystone-manage db_sync"
-
-- name: cron job to purge expired tokens hourly
- shell: (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/crontabs/keystone
-
-- name: manually start keystone
- service: name=keystone state=started
-
-- name: place keystone init script under /opt/
- template: src=keystone_init dest=/opt/keystone_init mode=0744
-
-- name: run keystone_init
- shell: /opt/keystone_init && touch keystone_init_complete || keystone_init_failed
- args:
- creates: keystone_init_complete
-
-- name: keystone source files
- template: src={{ item }} dest=/opt/{{ item }}
- with_items:
- - admin-openrc.sh
- - demo-openrc.sh
+- meta: flush_handlers
diff --git a/ansible/roles/keystone/templates/admin-openrc.sh b/ansible/roles/keystone/templates/admin-openrc.sh
index 2e692f6..6ba620f 100644
--- a/ansible/roles/keystone/templates/admin-openrc.sh
+++ b/ansible/roles/keystone/templates/admin-openrc.sh
@@ -1,6 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
# Verify the Identity Service installation
export OS_PASSWORD={{ ADMIN_PASS }}
export OS_TENANT_NAME=admin
-export OS_AUTH_URL=http://{{ identity_host }}:35357/v2.0
-export OS_USERNAME=ADMIN
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
+export OS_USERNAME=admin
+export OS_VOLUME_API_VERSION=2
diff --git a/ansible/roles/keystone/templates/demo-openrc.sh b/ansible/roles/keystone/templates/demo-openrc.sh
index c66022d..5807e86 100644
--- a/ansible/roles/keystone/templates/demo-openrc.sh
+++ b/ansible/roles/keystone/templates/demo-openrc.sh
@@ -1,5 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
export OS_USERNAME=demo
export OS_PASSWORD={{ DEMO_PASS }}
export OS_TENANT_NAME=demo
-export OS_AUTH_URL=http://{{ identity_host }}:35357/v2.0
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
diff --git a/ansible/roles/keystone/templates/keystone.conf b/ansible/roles/keystone/templates/keystone.conf
index 9d5ba88..649fc32 100644
--- a/ansible/roles/keystone/templates/keystone.conf
+++ b/ansible/roles/keystone/templates/keystone.conf
@@ -1,1318 +1,59 @@
+{% set memcached_servers = [] %}
+{% set rabbitmq_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% set _ = rabbitmq_servers.append('%s:5672'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+{% set rabbitmq_servers = rabbitmq_servers|join(',') %}
[DEFAULT]
-
admin_token={{ ADMIN_TOKEN }}
-
-#public_bind_host=0.0.0.0
-
-#admin_bind_host=0.0.0.0
-
-#compute_port=8774
-
-#admin_port=35357
-
-#public_port=5000
-
-# The base public endpoint URL for keystone that are
-# advertised to clients (NOTE: this does NOT affect how
-# keystone listens for connections) (string value).
-# Defaults to the base host URL of the request. Eg a
-# request to http://server:5000/v2.0/users will
-# default to http://server:5000. You should only need
-# to set this value if the base URL contains a path
-# (eg /prefix/v2.0) or the endpoint should be found on
-# a different server.
-#public_endpoint=http://localhost:%(public_port)s/
-
-# The base admin endpoint URL for keystone that are advertised
-# to clients (NOTE: this does NOT affect how keystone listens
-# for connections) (string value).
-# Defaults to the base host URL of the request. Eg a
-# request to http://server:35357/v2.0/users will
-# default to http://server:35357. You should only need
-# to set this value if the base URL contains a path
-# (eg /prefix/v2.0) or the endpoint should be found on
-# a different server.
-#admin_endpoint=http://localhost:%(admin_port)s/
-
-# onready allows you to send a notification when the process
-# is ready to serve For example, to have it notify using
-# systemd, one could set shell command: "onready = systemd-
-# notify --ready" or a module with notify() method: "onready =
-# keystone.common.systemd". (string value)
-#onready=
-
-# enforced by optional sizelimit middleware
-# (keystone.middleware:RequestBodySizeLimiter). (integer
-# value)
-#max_request_body_size=114688
-
-# limit the sizes of user & tenant ID/names. (integer value)
-#max_param_size=64
-
-# similar to max_param_size, but provides an exception for
-# token values. (integer value)
-#max_token_size=8192
-
-# During a SQL upgrade member_role_id will be used to create a
-# new role that will replace records in the
-# user_tenant_membership table with explicit role grants.
-# After migration, the member_role_id will be used in the API
-# add_user_to_project. (string value)
-#member_role_id=9fe2ff9ee4384b1894a90878d3e92bab
-
-# During a SQL upgrade member_role_id will be used to create a
-# new role that will replace records in the
-# user_tenant_membership table with explicit role grants.
-# After migration, member_role_name will be ignored. (string
-# value)
-#member_role_name=_member_
-
-# The value passed as the keyword "rounds" to passlib encrypt
-# method. (integer value)
-#crypt_strength=40000
-
-# Set this to True if you want to enable TCP_KEEPALIVE on
-# server sockets i.e. sockets used by the keystone wsgi server
-# for client connections. (boolean value)
-#tcp_keepalive=false
-
-# Sets the value of TCP_KEEPIDLE in seconds for each server
-# socket. Only applies if tcp_keepalive is True. Not supported
-# on OS X. (integer value)
-#tcp_keepidle=600
-
-# The maximum number of entities that will be returned in a
-# collection can be set with list_limit, with no limit set by
-# default. This global limit may be then overridden for a
-# specific driver, by specifying a list_limit in the
-# appropriate section (e.g. [assignment]). (integer value)
-#list_limit=
-
-# Set this to false if you want to enable the ability for
-# user, group and project entities to be moved between domains
-# by updating their domain_id. Allowing such movement is not
-# recommended if the scope of a domain admin is being
-# restricted by use of an appropriate policy file (see
-# policy.v3cloudsample as an example). (boolean value)
-#domain_id_immutable=true
-
-
-#
-# Options defined in oslo.messaging
-#
-
-# Use durable queues in amqp. (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues=false
-
-# Auto-delete queues in amqp. (boolean value)
-#amqp_auto_delete=false
-
-# Size of RPC connection pool. (integer value)
-#rpc_conn_pool_size=30
-
-# Modules of exceptions that are permitted to be recreated
-# upon receiving exception data from an rpc call. (list value)
-#allowed_rpc_exception_modules=oslo.messaging.exceptions,nova.exception,cinder.exception,exceptions
-
-# Qpid broker hostname. (string value)
-#qpid_hostname=localhost
-
-# Qpid broker port. (integer value)
-#qpid_port=5672
-
-# Qpid HA cluster host:port pairs. (list value)
-#qpid_hosts=$qpid_hostname:$qpid_port
-
-# Username for Qpid connection. (string value)
-#qpid_username=
-
-# Password for Qpid connection. (string value)
-#qpid_password=
-
-# Space separated list of SASL mechanisms to use for auth.
-# (string value)
-#qpid_sasl_mechanisms=
-
-# Seconds between connection keepalive heartbeats. (integer
-# value)
-#qpid_heartbeat=60
-
-# Transport to use, either 'tcp' or 'ssl'. (string value)
-#qpid_protocol=tcp
-
-# Whether to disable the Nagle algorithm. (boolean value)
-#qpid_tcp_nodelay=true
-
-# The qpid topology version to use. Version 1 is what was
-# originally used by impl_qpid. Version 2 includes some
-# backwards-incompatible changes that allow broker federation
-# to work. Users should update to version 2 when they are
-# able to take everything down, as it requires a clean break.
-# (integer value)
-#qpid_topology_version=1
-
-# SSL version to use (valid only if SSL enabled). valid values
-# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
-# distributions. (string value)
-#kombu_ssl_version=
-
-# SSL key file (valid only if SSL enabled). (string value)
-#kombu_ssl_keyfile=
-
-# SSL cert file (valid only if SSL enabled). (string value)
-#kombu_ssl_certfile=
-
-# SSL certification authority file (valid only if SSL
-# enabled). (string value)
-#kombu_ssl_ca_certs=
-
-# How long to wait before reconnecting in response to an AMQP
-# consumer cancel notification. (floating point value)
-#kombu_reconnect_delay=1.0
-
-# The RabbitMQ broker address where a single node is used.
-# (string value)
-#rabbit_host=localhost
-
-# The RabbitMQ broker port where a single node is used.
-# (integer value)
-#rabbit_port=5672
-
-# RabbitMQ HA cluster host:port pairs. (list value)
-#rabbit_hosts=$rabbit_host:$rabbit_port
-
-# Connect over SSL for RabbitMQ. (boolean value)
-#rabbit_use_ssl=false
-
-# The RabbitMQ userid. (string value)
-#rabbit_userid=guest
-
-# The RabbitMQ password. (string value)
-#rabbit_password=guest
-
-# the RabbitMQ login method (string value)
-#rabbit_login_method=AMQPLAIN
-
-# The RabbitMQ virtual host. (string value)
-#rabbit_virtual_host=/
-
-# How frequently to retry connecting with RabbitMQ. (integer
-# value)
-#rabbit_retry_interval=1
-
-# How long to backoff for between retries when connecting to
-# RabbitMQ. (integer value)
-#rabbit_retry_backoff=2
-
-# Maximum number of RabbitMQ connection retries. Default is 0
-# (infinite retry count). (integer value)
-#rabbit_max_retries=0
-
-# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
-# this option, you must wipe the RabbitMQ database. (boolean
-# value)
-#rabbit_ha_queues=false
-
-# If passed, use a fake RabbitMQ provider. (boolean value)
-#fake_rabbit=false
-
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet
-# interface, or IP. The "host" option should point or resolve
-# to this address. (string value)
-#rpc_zmq_bind_address=*
-
-# MatchMaker driver. (string value)
-#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost
-
-# ZeroMQ receiver listening port. (integer value)
-#rpc_zmq_port=9501
-
-# Number of ZeroMQ contexts, defaults to 1. (integer value)
-#rpc_zmq_contexts=1
-
-# Maximum number of ingress messages to locally buffer per
-# topic. Default is unlimited. (integer value)
-#rpc_zmq_topic_backlog=
-
-# Directory for holding IPC sockets. (string value)
-#rpc_zmq_ipc_dir=/var/run/openstack
-
-# Name of this node. Must be a valid hostname, FQDN, or IP
-# address. Must match "host" option, if running Nova. (string
-# value)
-#rpc_zmq_host=keystone
-
-# Seconds to wait before a cast expires (TTL). Only supported
-# by impl_zmq. (integer value)
-#rpc_cast_timeout=30
-
-# Heartbeat frequency. (integer value)
-#matchmaker_heartbeat_freq=300
-
-# Heartbeat time-to-live. (integer value)
-#matchmaker_heartbeat_ttl=600
-
-# Host to locate redis. (string value)
-#host=127.0.0.1
-
-# Use this port to connect to redis host. (integer value)
-#port=6379
-
-# Password for Redis server (optional). (string value)
-#password=
-
-# Size of RPC greenthread pool. (integer value)
-#rpc_thread_pool_size=64
-
-# Driver or drivers to handle sending notifications. (multi
-# valued)
-#notification_driver=
-
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-#notification_topics=notifications
-
-# Seconds to wait for a response from a call. (integer value)
-#rpc_response_timeout=60
-
-# A URL representing the messaging driver to use and its full
-# configuration. If not set, we fall back to the rpc_backend
-# option and driver specific configuration. (string value)
-#transport_url=
-
-# The messaging driver to use, defaults to rabbit. Other
-# drivers include qpid and zmq. (string value)
-#rpc_backend=rabbit
-
-# The default exchange under which topics are scoped. May be
-# overridden by an exchange name specified in the
-# transport_url option. (string value)
-#control_exchange=openstack
-
-
-#
-# Options defined in keystone.notifications
-#
-
-# Default publisher_id for outgoing notifications (string
-# value)
-#default_publisher_id=
-
-
-#
-# Options defined in keystone.middleware.ec2_token
-#
-
-# URL to get token from ec2 request. (string value)
-#keystone_ec2_url=http://localhost:5000/v2.0/ec2tokens
-
-# Required if EC2 server requires client certificate. (string
-# value)
-#keystone_ec2_keyfile=
-
-# Client certificate key filename. Required if EC2 server
-# requires client certificate. (string value)
-#keystone_ec2_certfile=
-
-# A PEM encoded certificate authority to use when verifying
-# HTTPS connections. Defaults to the system CAs. (string
-# value)
-#keystone_ec2_cafile=
-
-# Disable SSL certificate verification. (boolean value)
-#keystone_ec2_insecure=false
-
-
-#
-# Options defined in keystone.openstack.common.eventlet_backdoor
-#
-
-# Enable eventlet backdoor. Acceptable values are 0, ,
-# and :, where 0 results in listening on a random
-# tcp port number; results in listening on the
-# specified port number (and not enabling backdoor if that
-# port is in use); and : results in listening on
-# the smallest unused port number within the specified range
-# of port numbers. The chosen port is displayed in the
-# service's log file. (string value)
-#backdoor_port=
-
-
-#
-# Options defined in keystone.openstack.common.lockutils
-#
-
-# Whether to disable inter-process locks (boolean value)
-#disable_process_locking=false
-
-# Directory to use for lock files. (string value)
-#lock_path=
-
-
-#
-# Options defined in keystone.openstack.common.log
-#
-
-# Print debugging output (set logging level to DEBUG instead
-# of default WARNING level). (boolean value)
-#debug=false
-
-# Print more verbose output (set logging level to INFO instead
-# of default WARNING level). (boolean value)
-#verbose=false
-
-# Log output to standard error (boolean value)
-#use_stderr=true
-
-# Format string to use for log messages with context (string
-# value)
-#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
-
-# Format string to use for log messages without context
-# (string value)
-#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-
-# Data to append to log format when level is DEBUG (string
-# value)
-#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d
-
-# Prefix each line of exception output with this format
-# (string value)
-#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
-
-# List of logger=LEVEL pairs (list value)
-#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN
-
-# Publish error events (boolean value)
-#publish_errors=false
-
-# Make deprecations fatal (boolean value)
-#fatal_deprecations=false
-
-# If an instance is passed with the log message, format it
-# like this (string value)
-#instance_format="[instance: %(uuid)s] "
-
-# If an instance UUID is passed with the log message, format
-# it like this (string value)
-#instance_uuid_format="[instance: %(uuid)s] "
-
-# The name of logging configuration file. It does not disable
-# existing loggers, but just appends specified logging
-# configuration to any other existing logging options. Please
-# see the Python logging module documentation for details on
-# logging configuration files. (string value)
-# Deprecated group/name - [DEFAULT]/log_config
-#log_config_append=
-
-# DEPRECATED. A logging.Formatter log message format string
-# which may use any of the available logging.LogRecord
-# attributes. This option is deprecated. Please use
-# logging_context_format_string and
-# logging_default_format_string instead. (string value)
-#log_format=
-
-# Format string for %%(asctime)s in log records. Default:
-# %(default)s (string value)
-#log_date_format=%Y-%m-%d %H:%M:%S
-
-# (Optional) Name of log file to output to. If no default is
-# set, logging will go to stdout. (string value)
-# Deprecated group/name - [DEFAULT]/logfile
-#log_file=
-
-# (Optional) The base directory used for relative --log-file
-# paths (string value)
-# Deprecated group/name - [DEFAULT]/logdir
+debug={{ DEBUG }}
log_dir = /var/log/keystone
-# Use syslog for logging. Existing syslog format is DEPRECATED
-# during I, and then will be changed in J to honor RFC5424
-# (boolean value)
-#use_syslog=false
-
-# (Optional) Use syslog rfc5424 format for logging. If
-# enabled, will add APP-NAME (RFC5424) before the MSG part of
-# the syslog message. The old format without APP-NAME is
-# deprecated in I, and will be removed in J. (boolean value)
-#use_syslog_rfc_format=false
-
-# Syslog facility to receive log lines (string value)
-#syslog_log_facility=LOG_USER
-
-
-#
-# Options defined in keystone.openstack.common.policy
-#
-
-# JSON file containing policy (string value)
-#policy_file=policy.json
-
-# Rule enforced when requested rule is not found (string
-# value)
-#policy_default_rule=default
-
-
-[assignment]
-
-#
-# Options defined in keystone
-#
-
-# Keystone Assignment backend driver. (string value)
-#driver=
-
-# Toggle for assignment caching. This has no effect unless
-# global caching is enabled. (boolean value)
-#caching=true
-
-# TTL (in seconds) to cache assignment data. This has no
-# effect unless global caching is enabled. (integer value)
-#cache_time=
-
-# Maximum number of entities that will be returned in an
-# assignment collection. (integer value)
-#list_limit=
-
-
-[auth]
-
-#
-# Options defined in keystone
-#
-
-# Default auth methods. (list value)
-#methods=external,password,token
-
-# The password auth plugin module. (string value)
-#password=keystone.auth.plugins.password.Password
-
-# The token auth plugin module. (string value)
-#token=keystone.auth.plugins.token.Token
-
-# The external (REMOTE_USER) auth plugin module. (string
-# value)
-#external=keystone.auth.plugins.external.DefaultDomain
-
-
[cache]
+backend=keystone.cache.memcache_pool
+memcache_servers={{ memcached_servers}}
+enabled=true
-#
-# Options defined in keystone
-#
-
-# Prefix for building the configuration dictionary for the
-# cache region. This should not need to be changed unless
-# there is another dogpile.cache region with the same
-# configuration name. (string value)
-#config_prefix=cache.keystone
-
-# Default TTL, in seconds, for any cached item in the
-# dogpile.cache region. This applies to any cached method that
-# doesn't have an explicit cache expiration time defined for
-# it. (integer value)
-#expiration_time=600
-
-# Dogpile.cache backend module. It is recommended that
-# Memcache (dogpile.cache.memcache) or Redis
-# (dogpile.cache.redis) be used in production deployments.
-# Small workloads (single process) like devstack can use the
-# dogpile.cache.memory backend. (string value)
-#backend=keystone.common.cache.noop
-
-# Use a key-mangling function (sha1) to ensure fixed length
-# cache-keys. This is toggle-able for debugging purposes, it
-# is highly recommended to always leave this set to True.
-# (boolean value)
-#use_key_mangler=true
-
-# Arguments supplied to the backend module. Specify this
-# option once per argument to be passed to the dogpile.cache
-# backend. Example format: ":". (multi valued)
-#backend_argument=
-
-# Proxy Classes to import that will affect the way the
-# dogpile.cache backend functions. See the dogpile.cache
-# documentation on changing-backend-behavior. Comma delimited
-# list e.g. my.dogpile.proxy.Class, my.dogpile.proxyClass2.
-# (list value)
-#proxies=
-
-# Global toggle for all caching using the should_cache_fn
-# mechanism. (boolean value)
-#enabled=false
-
-# Extra debugging from the cache backend (cache keys,
-# get/set/delete/etc calls) This is only really useful if you
-# need to see the specific cache-backend get/set/delete calls
-# with the keys/values. Typically this should be left set to
-# False. (boolean value)
-#debug_cache_backend=false
-
-
-[catalog]
-
-#
-# Options defined in keystone
-#
-
-# Catalog template file name for use with the template catalog
-# backend. (string value)
-#template_file=default_catalog.templates
-
-# Keystone catalog backend driver. (string value)
-#driver=keystone.catalog.backends.sql.Catalog
-
-# Maximum number of entities that will be returned in a
-# catalog collection. (integer value)
-#list_limit=
-
-
-[credential]
-
-#
-# Options defined in keystone
-#
-
-# Keystone Credential backend driver. (string value)
-#driver=keystone.credential.backends.sql.Credential
-
+[revoke]
+driver=sql
+expiration_buffer=3600
+caching=true
[database]
-
-#
-# Options defined in keystone.openstack.common.db.options
-#
-
-# The file name to use with SQLite (string value)
-#sqlite_db=keystone.sqlite
-
-# If True, SQLite uses synchronous mode (boolean value)
-#sqlite_synchronous=true
-
-# The backend to use for db (string value)
-# Deprecated group/name - [DEFAULT]/db_backend
-#backend=sqlalchemy
-
-# The SQLAlchemy connection string used to connect to the
-# database (string value)
-# Deprecated group/name - [DEFAULT]/sql_connection
-# Deprecated group/name - [DATABASE]/sql_connection
-# Deprecated group/name - [sql]/connection
-#connection=
-connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone
-
-# The SQL mode to be used for MySQL sessions. This option,
-# including the default, overrides any server-set SQL mode. To
-# use whatever SQL mode is set by the server configuration,
-# set this to no value. Example: mysql_sql_mode= (string
-# value)
-#mysql_sql_mode=TRADITIONAL
-
-# Timeout before idle sql connections are reaped (integer
-# value)
-# Deprecated group/name - [DEFAULT]/sql_idle_timeout
-# Deprecated group/name - [DATABASE]/sql_idle_timeout
-# Deprecated group/name - [sql]/idle_timeout
-#idle_timeout=3600
-
-# Minimum number of SQL connections to keep open in a pool
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_min_pool_size
-# Deprecated group/name - [DATABASE]/sql_min_pool_size
-#min_pool_size=1
-
-# Maximum number of SQL connections to keep open in a pool
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_pool_size
-# Deprecated group/name - [DATABASE]/sql_max_pool_size
-#max_pool_size=
-
-# Maximum db connection retries during startup. (setting -1
-# implies an infinite retry count) (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_retries
-# Deprecated group/name - [DATABASE]/sql_max_retries
-#max_retries=10
-
-# Interval between retries of opening a sql connection
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_retry_interval
-# Deprecated group/name - [DATABASE]/reconnect_interval
-#retry_interval=10
-
-# If set, use this value for max_overflow with sqlalchemy
-# (integer value)
-# Deprecated group/name - [DEFAULT]/sql_max_overflow
-# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow=
-
-# Verbosity of SQL debugging information. 0=None,
-# 100=Everything (integer value)
-# Deprecated group/name - [DEFAULT]/sql_connection_debug
-#connection_debug=0
-
-# Add python stack traces to SQL as comment strings (boolean
-# value)
-# Deprecated group/name - [DEFAULT]/sql_connection_trace
-#connection_trace=false
-
-# If set, use this value for pool_timeout with sqlalchemy
-# (integer value)
-# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
-#pool_timeout=
-
-# Enable the experimental use of database reconnect on
-# connection lost (boolean value)
-#use_db_reconnect=false
-
-# seconds between db connection retries (integer value)
-#db_retry_interval=1
-
-# Whether to increase interval between db connection retries,
-# up to db_max_retry_interval (boolean value)
-#db_inc_retry_interval=true
-
-# max seconds between db connection retries, if
-# db_inc_retry_interval is enabled (integer value)
-#db_max_retry_interval=10
-
-# maximum db connection retries before error is raised.
-# (setting -1 implies an infinite retry count) (integer value)
-#db_max_retries=20
-
-
-[ec2]
-
-#
-# Options defined in keystone
-#
-
-# Keystone EC2Credential backend driver. (string value)
-#driver=keystone.contrib.ec2.backends.kvs.Ec2
-
-
-[endpoint_filter]
-
-#
-# Options defined in keystone
-#
-
-# Keystone Endpoint Filter backend driver (string value)
-#driver=keystone.contrib.endpoint_filter.backends.sql.EndpointFilter
-
-# Toggle to return all active endpoints if no filter exists.
-# (boolean value)
-#return_all_endpoints_if_no_filter=true
-
-
-[federation]
-
-#
-# Options defined in keystone
-#
-
-# Keystone Federation backend driver. (string value)
-#driver=keystone.contrib.federation.backends.sql.Federation
-
-# Value to be used when filtering assertion parameters from
-# the environment. (string value)
-#assertion_prefix=
+connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone?charset=utf8
+idle_timeout=30
+min_pool_size=5
+max_pool_size=120
+pool_timeout=30
[identity]
+default_domain_id=default
+driver=sql
-#
-# Options defined in keystone
-#
-
-# This references the domain to use for all Identity API v2
-# requests (which are not aware of domains). A domain with
-# this ID will be created for you by keystone-manage db_sync
-# in migration 008. The domain referenced by this ID cannot
-# be deleted on the v3 API, to prevent accidentally breaking
-# the v2 API. There is nothing special about this domain,
-# other than the fact that it must exist to order to maintain
-# support for your v2 clients. (string value)
-#default_domain_id=default
-
-# A subset (or all) of domains can have their own identity
-# driver, each with their own partial configuration file in a
-# domain configuration directory. Only values specific to the
-# domain need to be placed in the domain specific
-# configuration file. This feature is disabled by default; set
-# to True to enable. (boolean value)
-#domain_specific_drivers_enabled=false
-
-# Path for Keystone to locate the domain specificidentity
-# configuration files if domain_specific_drivers_enabled is
-# set to true. (string value)
-#domain_config_dir=/etc/keystone/domains
-
-# Keystone Identity backend driver. (string value)
-#driver=keystone.identity.backends.sql.Identity
-
-# Maximum supported length for user passwords; decrease to
-# improve performance. (integer value)
-#max_password_length=4096
-
-# Maximum number of entities that will be returned in an
-# identity collection. (integer value)
-#list_limit=
-
-
-[kvs]
-
-#
-# Options defined in keystone
-#
-
-# Extra dogpile.cache backend modules to register with the
-# dogpile.cache library. (list value)
-#backends=
-
-# Prefix for building the configuration dictionary for the KVS
-# region. This should not need to be changed unless there is
-# another dogpile.cache region with the same configuration
-# name. (string value)
-#config_prefix=keystone.kvs
-
-# Toggle to disable using a key-mangling function to ensure
-# fixed length keys. This is toggle-able for debugging
-# purposes, it is highly recommended to always leave this set
-# to True. (boolean value)
-#enable_key_mangler=true
-
-# Default lock timeout for distributed locking. (integer
-# value)
-#default_lock_timeout=5
-
-
-[ldap]
-
-#
-# Options defined in keystone
-#
-
-# URL for connecting to the LDAP server. (string value)
-#url=ldap://localhost
-
-# User BindDN to query the LDAP server. (string value)
-#user=
-
-# Password for the BindDN to query the LDAP server. (string
-# value)
-#password=
-
-# LDAP server suffix (string value)
-#suffix=cn=example,cn=com
-
-# If true, will add a dummy member to groups. This is required
-# if the objectclass for groups requires the "member"
-# attribute. (boolean value)
-#use_dumb_member=false
-
-# DN of the "dummy member" to use when "use_dumb_member" is
-# enabled. (string value)
-#dumb_member=cn=dumb,dc=nonexistent
-
-# allow deleting subtrees. (boolean value)
-#allow_subtree_delete=false
-
-# The LDAP scope for queries, this can be either "one"
-# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree).
-# (string value)
-#query_scope=one
-
-# Maximum results per page; a value of zero ("0") disables
-# paging. (integer value)
-#page_size=0
-
-# The LDAP dereferencing option for queries. This can be
-# either "never", "searching", "always", "finding" or
-# "default". The "default" option falls back to using default
-# dereferencing configured by your ldap.conf. (string value)
-#alias_dereferencing=default
-
-# Override the system's default referral chasing behavior for
-# queries. (boolean value)
-#chase_referrals=
-
-# Search base for users. (string value)
-#user_tree_dn=
-
-# LDAP search filter for users. (string value)
-#user_filter=
-
-# LDAP objectClass for users. (string value)
-#user_objectclass=inetOrgPerson
-
-# LDAP attribute mapped to user id. (string value)
-#user_id_attribute=cn
-
-# LDAP attribute mapped to user name. (string value)
-#user_name_attribute=sn
-
-# LDAP attribute mapped to user email. (string value)
-#user_mail_attribute=email
-
-# LDAP attribute mapped to password. (string value)
-#user_pass_attribute=userPassword
-
-# LDAP attribute mapped to user enabled flag. (string value)
-#user_enabled_attribute=enabled
-
-# Bitmask integer to indicate the bit that the enabled value
-# is stored in if the LDAP server represents "enabled" as a
-# bit on an integer rather than a boolean. A value of "0"
-# indicates the mask is not used. If this is not set to "0"
-# the typical value is "2". This is typically used when
-# "user_enabled_attribute = userAccountControl". (integer
-# value)
-#user_enabled_mask=0
-
-# Default value to enable users. This should match an
-# appropriate int value if the LDAP server uses non-boolean
-# (bitmask) values to indicate if a user is enabled or
-# disabled. If this is not set to "True"the typical value is
-# "512". This is typically used when "user_enabled_attribute =
-# userAccountControl". (string value)
-#user_enabled_default=True
-
-# List of attributes stripped off the user on update. (list
-# value)
-#user_attribute_ignore=default_project_id,tenants
-
-# LDAP attribute mapped to default_project_id for users.
-# (string value)
-#user_default_project_id_attribute=
-
-# Allow user creation in LDAP backend. (boolean value)
-#user_allow_create=true
-
-# Allow user updates in LDAP backend. (boolean value)
-#user_allow_update=true
-
-# Allow user deletion in LDAP backend. (boolean value)
-#user_allow_delete=true
-
-# If True, Keystone uses an alternative method to determine if
-# a user is enabled or not by checking if they are a member of
-# the "user_enabled_emulation_dn" group. (boolean value)
-#user_enabled_emulation=false
-
-# DN of the group entry to hold enabled users when using
-# enabled emulation. (string value)
-#user_enabled_emulation_dn=
-
-# List of additional LDAP attributes used for mapping
-# Additional attribute mappings for users. Attribute mapping
-# format is :, where ldap_attr is the
-# attribute in the LDAP entry and user_attr is the Identity
-# API attribute. (list value)
-#user_additional_attribute_mapping=
-
-# Search base for projects (string value)
-#tenant_tree_dn=
-
-# LDAP search filter for projects. (string value)
-#tenant_filter=
-
-# LDAP objectClass for projects. (string value)
-#tenant_objectclass=groupOfNames
-
-# LDAP attribute mapped to project id. (string value)
-#tenant_id_attribute=cn
-
-# LDAP attribute mapped to project membership for user.
-# (string value)
-#tenant_member_attribute=member
-
-# LDAP attribute mapped to project name. (string value)
-#tenant_name_attribute=ou
-
-# LDAP attribute mapped to project description. (string value)
-#tenant_desc_attribute=description
-
-# LDAP attribute mapped to project enabled. (string value)
-#tenant_enabled_attribute=enabled
-
-# LDAP attribute mapped to project domain_id. (string value)
-#tenant_domain_id_attribute=businessCategory
-
-# List of attributes stripped off the project on update. (list
-# value)
-#tenant_attribute_ignore=
-
-# Allow tenant creation in LDAP backend. (boolean value)
-#tenant_allow_create=true
-
-# Allow tenant update in LDAP backend. (boolean value)
-#tenant_allow_update=true
-
-# Allow tenant deletion in LDAP backend. (boolean value)
-#tenant_allow_delete=true
-
-# If True, Keystone uses an alternative method to determine if
-# a project is enabled or not by checking if they are a member
-# of the "tenant_enabled_emulation_dn" group. (boolean value)
-#tenant_enabled_emulation=false
-
-# DN of the group entry to hold enabled projects when using
-# enabled emulation. (string value)
-#tenant_enabled_emulation_dn=
-
-# Additional attribute mappings for projects. Attribute
-# mapping format is :, where ldap_attr
-# is the attribute in the LDAP entry and user_attr is the
-# Identity API attribute. (list value)
-#tenant_additional_attribute_mapping=
-
-# Search base for roles. (string value)
-#role_tree_dn=
-
-# LDAP search filter for roles. (string value)
-#role_filter=
-
-# LDAP objectClass for roles. (string value)
-#role_objectclass=organizationalRole
-
-# LDAP attribute mapped to role id. (string value)
-#role_id_attribute=cn
-
-# LDAP attribute mapped to role name. (string value)
-#role_name_attribute=ou
-
-# LDAP attribute mapped to role membership. (string value)
-#role_member_attribute=roleOccupant
-
-# List of attributes stripped off the role on update. (list
-# value)
-#role_attribute_ignore=
-
-# Allow role creation in LDAP backend. (boolean value)
-#role_allow_create=true
-
-# Allow role update in LDAP backend. (boolean value)
-#role_allow_update=true
-
-# Allow role deletion in LDAP backend. (boolean value)
-#role_allow_delete=true
-
-# Additional attribute mappings for roles. Attribute mapping
-# format is :, where ldap_attr is the
-# attribute in the LDAP entry and user_attr is the Identity
-# API attribute. (list value)
-#role_additional_attribute_mapping=
-
-# Search base for groups. (string value)
-#group_tree_dn=
-
-# LDAP search filter for groups. (string value)
-#group_filter=
-
-# LDAP objectClass for groups. (string value)
-#group_objectclass=groupOfNames
-
-# LDAP attribute mapped to group id. (string value)
-#group_id_attribute=cn
-
-# LDAP attribute mapped to group name. (string value)
-#group_name_attribute=ou
-
-# LDAP attribute mapped to show group membership. (string
-# value)
-#group_member_attribute=member
-
-# LDAP attribute mapped to group description. (string value)
-#group_desc_attribute=description
-
-# List of attributes stripped off the group on update. (list
-# value)
-#group_attribute_ignore=
-
-# Allow group creation in LDAP backend. (boolean value)
-#group_allow_create=true
-
-# Allow group update in LDAP backend. (boolean value)
-#group_allow_update=true
-
-# Allow group deletion in LDAP backend. (boolean value)
-#group_allow_delete=true
-
-# Additional attribute mappings for groups. Attribute mapping
-# format is :, where ldap_attr is the
-# attribute in the LDAP entry and user_attr is the Identity
-# API attribute. (list value)
-#group_additional_attribute_mapping=
-
-# CA certificate file path for communicating with LDAP
-# servers. (string value)
-#tls_cacertfile=
-
-# CA certificate directory path for communicating with LDAP
-# servers. (string value)
-#tls_cacertdir=
-
-# Enable TLS for communicating with LDAP servers. (boolean
-# value)
-#use_tls=false
-
-# valid options for tls_req_cert are demand, never, and allow.
-# (string value)
-#tls_req_cert=demand
-
-
-[matchmaker_ring]
-
-#
-# Options defined in oslo.messaging
-#
-
-# Matchmaker ring file (JSON). (string value)
-# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
-#ringfile=/etc/oslo/matchmaker_ring.json
-
-
-[memcache]
-
-#
-# Options defined in keystone
-#
-
-# Memcache servers in the format of "host:port" (list value)
-#servers=localhost:11211
-
-# Number of compare-and-set attempts to make when using
-# compare-and-set in the token memcache back end. (integer
-# value)
-#max_compare_and_set_retry=16
-
-
-[oauth1]
-
-#
-# Options defined in keystone
-#
-
-# Keystone Credential backend driver. (string value)
-#driver=keystone.contrib.oauth1.backends.sql.OAuth1
-
-# Duration (in seconds) for the OAuth Request Token. (integer
-# value)
-#request_token_duration=28800
-
-# Duration (in seconds) for the OAuth Access Token. (integer
-# value)
-#access_token_duration=86400
-
-
-[os_inherit]
-
-#
-# Options defined in keystone
-#
-
-# role-assignment inheritance to projects from owning domain
-# can be optionally enabled. (boolean value)
-#enabled=false
-
-
-[paste_deploy]
-
-#
-# Options defined in keystone
-#
-
-# Name of the paste configuration file that defines the
-# available pipelines. (string value)
-#config_file=keystone-paste.ini
-
-
-[policy]
-
-#
-# Options defined in keystone
-#
-
-# Keystone Policy backend driver. (string value)
-#driver=keystone.policy.backends.sql.Policy
-
-# Maximum number of entities that will be returned in a policy
-# collection. (integer value)
-#list_limit=
-
-
-[revoke]
-
-#
-# Options defined in keystone
-#
-
-# An implementation of the backend for persisting revocation
-# events. (string value)
-#driver=keystone.contrib.revoke.backends.kvs.Revoke
-
-# This value (calculated in seconds) is added to token
-# expiration before a revocation event may be removed from the
-# backend. (integer value)
-#expiration_buffer=1800
-
-# Toggle for revocation event cacheing. This has no effect
-# unless global caching is enabled. (boolean value)
-#caching=true
-
-
-[signing]
-
-#
-# Options defined in keystone
-#
-
-# Deprecated in favor of provider in the [token] section.
-# (string value)
-#token_format=
-
-# Path of the certfile for token signing. (string value)
-#certfile=/etc/keystone/ssl/certs/signing_cert.pem
-
-# Path of the keyfile for token signing. (string value)
-#keyfile=/etc/keystone/ssl/private/signing_key.pem
-
-# Path of the CA for token signing. (string value)
-#ca_certs=/etc/keystone/ssl/certs/ca.pem
-
-# Path of the CA Key for token signing. (string value)
-#ca_key=/etc/keystone/ssl/private/cakey.pem
-
-# Key Size (in bits) for token signing cert (auto generated
-# certificate). (integer value)
-#key_size=2048
-
-# Day the token signing cert is valid for (auto generated
-# certificate). (integer value)
-#valid_days=3650
-
-# Certificate Subject (auto generated certificate) for token
-# signing. (string value)
-#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
-
-
-[ssl]
-
-#
-# Options defined in keystone
-#
-
-# Toggle for SSL support on the keystone eventlet servers.
-# (boolean value)
-#enable=false
-
-# Path of the certfile for SSL. (string value)
-#certfile=/etc/keystone/ssl/certs/keystone.pem
-
-# Path of the keyfile for SSL. (string value)
-#keyfile=/etc/keystone/ssl/private/keystonekey.pem
-
-# Path of the ca cert file for SSL. (string value)
-#ca_certs=/etc/keystone/ssl/certs/ca.pem
-
-# Path of the CA key file for SSL. (string value)
-#ca_key=/etc/keystone/ssl/private/cakey.pem
-
-# Require client certificate. (boolean value)
-#cert_required=false
-
-# SSL Key Length (in bits) (auto generated certificate).
-# (integer value)
-#key_size=1024
-
-# Days the certificate is valid for once signed (auto
-# generated certificate). (integer value)
-#valid_days=3650
-
-# SSL Certificate Subject (auto generated certificate).
-# (string value)
-#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost
-
-
-[stats]
-
-#
-# Options defined in keystone
-#
-
-# Keystone stats backend driver. (string value)
-#driver=keystone.contrib.stats.backends.kvs.Stats
-
+[assignment]
+driver=sql
+[resource]
+driver=sql
+caching=true
+cache_time=3600
+
[token]
+enforce_token_bind=permissive
+expiration=43200
+provider=uuid
+driver=sql
+caching=true
+cache_time=3600
-#
-# Options defined in keystone
-#
-
-# External auth mechanisms that should add bind information to
-# token e.g. kerberos, x509. (list value)
-#bind=
-
-# Enforcement policy on tokens presented to keystone with bind
-# information. One of disabled, permissive, strict, required
-# or a specifically required bind mode e.g. kerberos or x509
-# to require binding to that authentication. (string value)
-#enforce_token_bind=permissive
-
-# Amount of time a token should remain valid (in seconds).
-# (integer value)
-#expiration=3600
-
-# Controls the token construction, validation, and revocation
-# operations. Core providers are
-# "keystone.token.providers.[pki|uuid].Provider". (string
-# value)
-provider=keystone.token.providers.uuid.Provider
-
-# Keystone Token persistence backend driver. (string value)
-driver=keystone.token.persistence.backends.sql.Token
-
-# Toggle for token system cacheing. This has no effect unless
-# global caching is enabled. (boolean value)
-#caching=true
-
-# Time to cache the revocation list and the revocation events
-# if revoke extension is enabled (in seconds). This has no
-# effect unless global and token caching are enabled. (integer
-# value)
-revocation_cache_time=3600
-
-# Time to cache tokens (in seconds). This has no effect unless
-# global and token caching are enabled. (integer value)
-#cache_time=
-
-# Revoke token by token identifier. Setting revoke_by_id to
-# True enables various forms of enumerating tokens, e.g. `list
-# tokens for user`. These enumerations are processed to
-# determine the list of tokens to revoke. Only disable if
-# you are switching to using the Revoke extension with a
-# backend other than KVS, which stores events in memory.
-# (boolean value)
-#revoke_by_id=true
-
-
-[trust]
-
-#
-# Options defined in keystone
-#
-
-# delegation and impersonation features can be optionally
-# disabled. (boolean value)
-#enabled=true
-
-# Keystone Trust backend driver. (string value)
-#driver=keystone.trust.backends.sql.Trust
-
-
-[extra_headers]
-Distribution = Ubuntu
+[eventlet_server]
+public_bind_host= {{ identity_host }}
+admin_bind_host= {{ identity_host }}
+[oslo_messaging_rabbit]
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+rabbit_hosts = {{ rabbitmq_servers }}
diff --git a/ansible/roles/keystone/templates/keystone_init b/ansible/roles/keystone/templates/keystone_init
deleted file mode 100644
index ac81cb4..0000000
--- a/ansible/roles/keystone/templates/keystone_init
+++ /dev/null
@@ -1,43 +0,0 @@
-# create an administrative user
-
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-create --name=admin --pass={{ ADMIN_PASS }} --email=admin@admin.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 role-create --name=admin
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-create --name=admin --pass={{ ADMIN_PASS }} --email=admin@admin.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 tenant-create --name=admin --description="Admin Tenant"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-role-add --user=admin --tenant=admin --role=admin
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-role-add --user=admin --role=_member_ --tenant=admin
-
-# create a normal user
-
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-create --name=demo --pass={{ DEMO_PASS }} --email=DEMO_EMAIL
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 tenant-create --name=demo --description="Demo Tenant"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-role-add --user=demo --role=_member_ --tenant=demo
-
-# create a service tenant
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 tenant-create --name=service --description="Service Tenant"
-
-# regist keystone
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-create --name=keystone --type=identity --description="OpenStack Identity"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 endpoint-create --service_id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-list | awk '/ identity / {print $2}') --publicurl=http://{{ identity_host }}:5000/v2.0 --internalurl=http://{{ identity_host }}:5000/v2.0 --adminurl=http://{{ identity_host }}:35357/v2.0
-
-# Create a glance user that the Image Service can use to authenticate with the Identity service
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-create --name=glance --pass={{ GLANCE_PASS }} --email=glance@example.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-role-add --user=glance --tenant=service --role=admin
-
-#Register the Image Service with the Identity service so that other OpenStack services can locate it
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-create --name=glance --type=image --description="OpenStack Image Service"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-list | awk '/ image / {print $2}') --publicurl=http://{{ image_host }}:9292 --internalurl=http://{{ image_host }}:9292 --adminurl=http://{{ image_host }}:9292
-
-#Create a nova user that Compute uses to authenticate with the Identity Service
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-create --name=nova --pass={{ NOVA_PASS }} --email=nova@example.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-role-add --user=nova --tenant=service --role=admin
-
-# register Compute with the Identity Service so that other OpenStack services can locate it
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-create --name=nova --type=compute --description="OpenStack Compute"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-list | awk '/ compute / {print $2}') --publicurl=http://{{ identity_host }}:8774/v2/%\(tenant_id\)s --internalurl=http://{{ compute_controller_host }}:8774/v2/%\(tenant_id\)s --adminurl=http://{{ compute_controller_host }}:8774/v2/%\(tenant_id\)s
-
-# register netron user, role and service
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-create --name neutron --pass {{ NEUTRON_PASS }} --email neutron@example.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-role-add --user neutron --tenant service --role admin
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-create --name neutron --type network --description "OpenStack Networking"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 endpoint-create --service-id $(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-list | awk '/ network / {print $2}') --publicurl http://{{ network_server_host }}:9696 --adminurl http://{{ network_server_host }}:9696 --internalurl http://{{ network_server_host }}:9696
diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
new file mode 100644
index 0000000..64d864a
--- /dev/null
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -0,0 +1,46 @@
+ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+
+ WSGIDaemonProcess keystone-public processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-public
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-public
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ = 2.4>
+ ErrorLogFormat "%{cu}t %M"
+
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+
+ = 2.4>
+ Require all granted
+
+
+ Order allow,deny
+ Allow from all
+
+
+
+
+
+ WSGIDaemonProcess keystone-admin processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-admin
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ = 2.4>
+ ErrorLogFormat "%{cu}t %M"
+
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+
+
+ = 2.4>
+ Require all granted
+
+
+ Order allow,deny
+ Allow from all
+
+
+
diff --git a/ansible/roles/keystone/vars/Debian.yml b/ansible/roles/keystone/vars/Debian.yml
new file mode 100644
index 0000000..6754727
--- /dev/null
+++ b/ansible/roles/keystone/vars/Debian.yml
@@ -0,0 +1,20 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+cron_path: "/var/spool/cron/crontabs"
+
+packages:
+ - keystone
+
+services:
+ - apache2
+
+apache_config_dir: /etc/apache2
+http_service_name: apache2
diff --git a/ansible/roles/keystone/vars/RedHat.yml b/ansible/roles/keystone/vars/RedHat.yml
new file mode 100644
index 0000000..38f8d91
--- /dev/null
+++ b/ansible/roles/keystone/vars/RedHat.yml
@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+cron_path: "/var/spool/cron"
+
+packages:
+ - openstack-keystone
+
+services:
+ - httpd
+
+apache_config_dir: /etc/httpd/conf.d
+http_service_name: httpd
diff --git a/ansible/roles/keystone/vars/main.yml b/ansible/roles/keystone/vars/main.yml
new file mode 100644
index 0000000..58751df
--- /dev/null
+++ b/ansible/roles/keystone/vars/main.yml
@@ -0,0 +1,164 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - python-keystoneclient
+
+services_noarch: []
+os_services:
+ - name: keystone
+ type: identity
+ region: regionOne
+ description: "OpenStack Identity"
+ publicurl: "http://{{ public_vip.ip }}:5000/v2.0"
+ internalurl: "http://{{ internal_vip.ip }}:5000/v2.0"
+ adminurl: "http://{{ internal_vip.ip }}:35357/v2.0"
+
+ - name: glance
+ type: image
+ region: regionOne
+ description: "OpenStack Image Service"
+ publicurl: "http://{{ public_vip.ip }}:9292"
+ internalurl: "http://{{ internal_vip.ip }}:9292"
+ adminurl: "http://{{ internal_vip.ip }}:9292"
+
+ - name: nova
+ type: compute
+ region: regionOne
+ description: "OpenStack Compute"
+ publicurl: "http://{{ public_vip.ip }}:8774/v2/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
+
+ - name: neutron
+ type: network
+ region: regionOne
+ description: "OpenStack Networking"
+ publicurl: "http://{{ public_vip.ip }}:9696"
+ internalurl: "http://{{ internal_vip.ip }}:9696"
+ adminurl: "http://{{ internal_vip.ip }}:9696"
+
+ - name: ceilometer
+ type: metering
+ region: regionOne
+ description: "OpenStack Telemetry"
+ publicurl: "http://{{ public_vip.ip }}:8777"
+ internalurl: "http://{{ internal_vip.ip }}:8777"
+ adminurl: "http://{{ internal_vip.ip }}:8777"
+
+ - name: aodh
+ type: alarming
+ region: regionOne
+ description: "OpenStack Telemetry"
+ publicurl: "http://{{ public_vip.ip }}:8042"
+ internalurl: "http://{{ internal_vip.ip }}:8042"
+ adminurl: "http://{{ internal_vip.ip }}:8042"
+
+ - name: cinder
+ type: volume
+ region: regionOne
+ description: "OpenStack Block Storage"
+ publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+
+ - name: cinderv2
+ type: volumev2
+ region: regionOne
+ description: "OpenStack Block Storage v2"
+ publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+
+ - name: heat
+ type: orchestration
+ region: regionOne
+ description: "OpenStack Orchestration"
+ publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+
+ - name: heat-cfn
+ type: cloudformation
+ region: regionOne
+ description: "OpenStack CloudFormation Orchestration"
+ publicurl: "http://{{ public_vip.ip }}:8000/v1"
+ internalurl: "http://{{ internal_vip.ip }}:8000/v1"
+ adminurl: "http://{{ internal_vip.ip }}:8000/v1"
+
+os_users:
+ - user: admin
+ password: "{{ ADMIN_PASS }}"
+ email: admin@admin.com
+ role: admin
+ tenant: admin
+ tenant_description: "Admin Tenant"
+
+ - user: glance
+ password: "{{ GLANCE_PASS }}"
+ email: glance@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: nova
+ password: "{{ NOVA_PASS }}"
+ email: nova@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: keystone
+ password: "{{ KEYSTONE_PASS }}"
+ email: keystone@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: neutron
+ password: "{{ NEUTRON_PASS }}"
+ email: neutron@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: ceilometer
+ password: "{{ CEILOMETER_PASS }}"
+ email: ceilometer@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: cinder
+ password: "{{ CINDER_PASS }}"
+ email: cinder@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: aodh
+ password: "{{ AODH_PASS }}"
+ email: aodh@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: heat
+ password: "{{ HEAT_PASS }}"
+ email: heat@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: demo
+ password: ""
+ email: heat@demo.com
+ role: heat_stack_user
+ tenant: demo
+ tenant_description: "Demo Tenant"
diff --git a/ansible/roles/memcached/handlers/main.yml b/ansible/roles/memcached/handlers/main.yml
new file mode 100755
index 0000000..4c3230c
--- /dev/null
+++ b/ansible/roles/memcached/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart memcahed services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services| union(services_noarch)
diff --git a/ansible/roles/memcached/tasks/main.yml b/ansible/roles/memcached/tasks/main.yml
new file mode 100644
index 0000000..99ee6e8
--- /dev/null
+++ b/ansible/roles/memcached/tasks/main.yml
@@ -0,0 +1,35 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: change memcache listen ip
+ lineinfile: dest=/etc/memcached.conf regexp="^-l " line="-l 0.0.0.0"
+ when: ansible_os_family == "Debian"
+ notify:
+ - restart memcahed services
+
+- meta: flush_handlers
diff --git a/ansible/roles/memcached/vars/Debian.yml b/ansible/roles/memcached/vars/Debian.yml
new file mode 100644
index 0000000..277bf3b
--- /dev/null
+++ b/ansible/roles/memcached/vars/Debian.yml
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - python-memcache
+
+services: []
+
+
diff --git a/ansible/roles/memcached/vars/RedHat.yml b/ansible/roles/memcached/vars/RedHat.yml
new file mode 100644
index 0000000..521ac3e
--- /dev/null
+++ b/ansible/roles/memcached/vars/RedHat.yml
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - python-memcached
+
+pip_packages: []
+
+services: []
diff --git a/ansible/roles/memcached/vars/main.yml b/ansible/roles/memcached/vars/main.yml
new file mode 100644
index 0000000..908d267
--- /dev/null
+++ b/ansible/roles/memcached/vars/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - memcached
+
+services_noarch:
+ - memcached
diff --git a/ansible/roles/monitor/files/check_Debian_service.sh b/ansible/roles/monitor/files/check_Debian_service.sh
new file mode 100644
index 0000000..5dea3e6
--- /dev/null
+++ b/ansible/roles/monitor/files/check_Debian_service.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+services=`cat /opt/service | uniq`
+for service in $services; do
+ if [ `/sbin/initctl list|awk '/stop\/waiting/{print $1}'|uniq | grep $service` ]; then
+ /sbin/start $service
+ fi
+done
diff --git a/ansible/roles/monitor/files/check_RedHat_service.sh b/ansible/roles/monitor/files/check_RedHat_service.sh
new file mode 100644
index 0000000..1111f63
--- /dev/null
+++ b/ansible/roles/monitor/files/check_RedHat_service.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+services=`cat /opt/service | uniq`
+for service in $services; do
+ /usr/sbin/service $service status >/dev/null 2>&1
+ if [[ $? -ne 0 ]]; then
+ /usr/sbin/service $service start
+ fi
+done
diff --git a/ansible/roles/monitor/files/check_service.sh b/ansible/roles/monitor/files/check_service.sh
new file mode 100644
index 0000000..5dea3e6
--- /dev/null
+++ b/ansible/roles/monitor/files/check_service.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+services=`cat /opt/service | uniq`
+for service in $services; do
+ if [ `/sbin/initctl list|awk '/stop\/waiting/{print $1}'|uniq | grep $service` ]; then
+ /sbin/start $service
+ fi
+done
diff --git a/ansible/roles/monitor/files/root b/ansible/roles/monitor/files/root
new file mode 100644
index 0000000..9c55c4f
--- /dev/null
+++ b/ansible/roles/monitor/files/root
@@ -0,0 +1 @@
+* * * * * /usr/local/bin/check_service.sh >> /var/log/check_service.log 2>&1
diff --git a/ansible/roles/monitor/tasks/main.yml b/ansible/roles/monitor/tasks/main.yml
new file mode 100644
index 0000000..b31b91e
--- /dev/null
+++ b/ansible/roles/monitor/tasks/main.yml
@@ -0,0 +1,22 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: copy service check file
+ copy: src=check_{{ ansible_os_family }}_service.sh dest=/usr/local/bin/check_service.sh mode=0777
+
+- name: copy cron file
+ copy: src=root dest={{ cron_path }}/root mode=0600
+
+- name: restart cron
+ service: name={{ cron }} state=restarted
+
+- meta: flush_handlers
+
diff --git a/ansible/roles/monitor/vars/Debian.yml b/ansible/roles/monitor/vars/Debian.yml
new file mode 100644
index 0000000..225a149
--- /dev/null
+++ b/ansible/roles/monitor/vars/Debian.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+cron: cron
+cron_path: "/var/spool/cron/crontabs"
+
diff --git a/ansible/roles/monitor/vars/RedHat.yml b/ansible/roles/monitor/vars/RedHat.yml
new file mode 100644
index 0000000..58ce03f
--- /dev/null
+++ b/ansible/roles/monitor/vars/RedHat.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+cron: crond
+cron_path: "/var/spool/cron"
diff --git a/ansible/roles/mq/tasks/main.yml b/ansible/roles/mq/tasks/main.yml
index d4ff1e3..74be9cc 100644
--- a/ansible/roles/mq/tasks/main.yml
+++ b/ansible/roles/mq/tasks/main.yml
@@ -1,2 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- include: rabbitmq.yml
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- include: rabbitmq_install.yml
+
+- include: rabbitmq_config.yml
+ when: inventory_hostname == haproxy_hosts.keys()[0]
+
+- meta: flush_handlers
diff --git a/ansible/roles/mq/tasks/rabbitmq.yml b/ansible/roles/mq/tasks/rabbitmq.yml
deleted file mode 100644
index 3354325..0000000
--- a/ansible/roles/mq/tasks/rabbitmq.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- name: install rabbitmq-server
- apt: name=rabbitmq-server state=present
-
-- name: start and enable rabbitmq-server
- service: name=rabbitmq-server
- state=restarted
- enabled=yes
diff --git a/ansible/roles/mq/tasks/rabbitmq_cluster.yml b/ansible/roles/mq/tasks/rabbitmq_cluster.yml
new file mode 100644
index 0000000..50c062f
--- /dev/null
+++ b/ansible/roles/mq/tasks/rabbitmq_cluster.yml
@@ -0,0 +1,36 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: check if i in the node list
+ shell: |
+ rabbitmqctl -q cluster_status | grep '\[{nodes,'|grep {{ inventory_hostname }}
+ changed_when: is_member.rc != 0
+ failed_when: false
+ register: is_member
+ delegate_to: '{{ haproxy_hosts.keys()[0] }}'
+
+- name: stop rabbitmq app
+ shell: |
+ rabbitmqctl stop_app; sleep 5
+ failed_when: false
+ when: is_member.rc != 0
+
+- name: join cluster
+ shell: rabbitmqctl join_cluster rabbit@{{ haproxy_hosts.keys()[0] }}
+ register: join_result
+ when: is_member.rc != 0
+ until: join_result|success
+ failed_when: join_result|failed and not 'already_member' in join_result.stderr
+ changed_when: join_result|success
+ retries: 20
+ delay: 3
+
+- name: start rabbitmq app
+ shell: rabbitmqctl start_app
+ when: is_member.rc != 0
diff --git a/ansible/roles/mq/tasks/rabbitmq_config.yml b/ansible/roles/mq/tasks/rabbitmq_config.yml
new file mode 100644
index 0000000..e26b81b
--- /dev/null
+++ b/ansible/roles/mq/tasks/rabbitmq_config.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: remove default guest user is removed
+ rabbitmq_user:
+ user: guest
+ state: absent
+
+- name: add rabbitmq user
+ rabbitmq_user:
+ user='{{ RABBIT_USER }}'
+ password='{{ RABBIT_PASS }}'
+ vhost=/
+ configure_priv=.*
+ write_priv=.*
+ read_priv=.*
+ state=present
diff --git a/ansible/roles/mq/tasks/rabbitmq_install.yml b/ansible/roles/mq/tasks/rabbitmq_install.yml
new file mode 100755
index 0000000..1c8c2fe
--- /dev/null
+++ b/ansible/roles/mq/tasks/rabbitmq_install.yml
@@ -0,0 +1,91 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: create rabbitmq directory
+ file: path=/etc/rabbitmq state=directory mode=0755
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install rabbitmq-server
+ action: "{{ ansible_pkg_mgr }} name=rabbitmq-server state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: make sure rabbitmq-server stopped
+ service:
+ name: rabbitmq-server
+ state: stopped
+ enabled: yes
+
+- name: replace cookie
+ copy:
+ content: "{{ ERLANG_TOKEN }}"
+ dest: /var/lib/rabbitmq/.erlang.cookie
+ mode: 0400
+ owner: rabbitmq
+ group: rabbitmq
+
+- name: replace config
+ copy:
+ content: "RABBITMQ_NODE_IP_ADDRESS={{ internal_ip }}"
+ dest: /etc/rabbitmq/rabbitmq-env.conf
+ mode: 0400
+ owner: rabbitmq
+ group: rabbitmq
+
+- name: set open file limit for rabbitmq
+ copy:
+ content: "ulimit -n 65536"
+ dest: /etc/default/rabbitmq-server
+ mode: 0400
+ owner: rabbitmq
+ group: rabbitmq
+
+- name: restart rabbitmq-server
+ service:
+ name: rabbitmq-server
+ state: restarted
+
+- name: enable queue mirroring
+ rabbitmq_policy:
+ name: "ha-all"
+ pattern: '^(?!amq\.).*'
+ tags: "ha-mode=all"
+
+- name: get cluster name
+ shell: |
+ rabbitmqctl cluster_status | grep -w '<<"compass">>'
+ register: cluster_status
+ failed_when: false
+ changed_when: cluster_status.rc != 0
+ when: |
+ inventory_hostname == haproxy_hosts.keys()[0]
+
+- name: set cluster name
+ shell: rabbitmqctl set_cluster_name compass
+ when: |
+ inventory_hostname == haproxy_hosts.keys()[0]
+ and cluster_status.rc != 0
+
+- include: rabbitmq_cluster.yml
+ when: inventory_hostname != haproxy_hosts.keys()[0]
+
+- name: generate mq service list
+ shell: echo {{ item }} >> /opt/service
+ with_items: services_noarch
diff --git a/ansible/roles/mq/templates/.erlang.cookie b/ansible/roles/mq/templates/.erlang.cookie
new file mode 100644
index 0000000..cadcfaf
--- /dev/null
+++ b/ansible/roles/mq/templates/.erlang.cookie
@@ -0,0 +1 @@
+{{ ERLANG_TOKEN }}
diff --git a/ansible/roles/mq/templates/rabbitmq-env.conf b/ansible/roles/mq/templates/rabbitmq-env.conf
new file mode 100644
index 0000000..377c89d
--- /dev/null
+++ b/ansible/roles/mq/templates/rabbitmq-env.conf
@@ -0,0 +1 @@
+RABBITMQ_NODE_IP_ADDRESS={{ internal_vip.ip }}
diff --git a/ansible/roles/mq/vars/Debian.yml b/ansible/roles/mq/vars/Debian.yml
new file mode 100644
index 0000000..a8f73e1
--- /dev/null
+++ b/ansible/roles/mq/vars/Debian.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+services: []
+packages: []
+
diff --git a/ansible/roles/mq/vars/RedHat.yml b/ansible/roles/mq/vars/RedHat.yml
new file mode 100644
index 0000000..a8f73e1
--- /dev/null
+++ b/ansible/roles/mq/vars/RedHat.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+services: []
+packages: []
+
diff --git a/ansible/roles/mq/vars/main.yml b/ansible/roles/mq/vars/main.yml
new file mode 100644
index 0000000..35c499d
--- /dev/null
+++ b/ansible/roles/mq/vars/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - rabbitmq-server
+
+services_noarch:
+ - rabbitmq-server
diff --git a/ansible/roles/neutron-common/handlers/main.yml b/ansible/roles/neutron-common/handlers/main.yml
index d82c01b..a86a145 100644
--- a/ansible/roles/neutron-common/handlers/main.yml
+++ b/ansible/roles/neutron-common/handlers/main.yml
@@ -1,13 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
- name: restart neutron-plugin-openvswitch-agent
- service: name=neutron-plugin-openvswitch-agent state=restarted
- when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}"
-
-- name: restart neutron-l3-agent
- service: name=neutron-l3-agent state=restarted
-
-- name: restart neutron-dhcp-agent
- service: name=neutron-dhcp-agent state=restarted
-
-- name: restart neutron-metadata-agent
- service: name=neutron-metadata-agent state=restarted
+ service: name={{ neutron_plugin_openvswitch_agent_services }} state=restarted enabled=yes
diff --git a/ansible/roles/neutron-compute/defaults/main.yml b/ansible/roles/neutron-compute/defaults/main.yml
index 825178b..d760b4e 100644
--- a/ansible/roles/neutron-compute/defaults/main.yml
+++ b/ansible/roles/neutron-compute/defaults/main.yml
@@ -1,2 +1,9 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-neutron_ovs_bridge_mappings: ""
diff --git a/ansible/roles/neutron-compute/handlers/main.yml b/ansible/roles/neutron-compute/handlers/main.yml
index d82c01b..d544494 100644
--- a/ansible/roles/neutron-compute/handlers/main.yml
+++ b/ansible/roles/neutron-compute/handlers/main.yml
@@ -1,13 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: restart neutron-plugin-openvswitch-agent
- service: name=neutron-plugin-openvswitch-agent state=restarted
- when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}"
-
-- name: restart neutron-l3-agent
- service: name=neutron-l3-agent state=restarted
-
-- name: restart neutron-dhcp-agent
- service: name=neutron-dhcp-agent state=restarted
-
-- name: restart neutron-metadata-agent
- service: name=neutron-metadata-agent state=restarted
+- name: restart neutron compute service
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/ansible/roles/neutron-compute/tasks/main.yml b/ansible/roles/neutron-compute/tasks/main.yml
index 39523a9..3e4b24b 100644
--- a/ansible/roles/neutron-compute/tasks/main.yml
+++ b/ansible/roles/neutron-compute/tasks/main.yml
@@ -1,4 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
+- include_vars: "{{ ansible_os_family }}.yml"
- name: activate ipv4 forwarding
sysctl: name=net.ipv4.ip_forward value=1
@@ -12,39 +21,49 @@
sysctl: name=net.ipv4.conf.default.rp_filter
value=0 state=present reload=yes
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
- name: install compute-related neutron packages
- apt: name={{ item }} state=present force=yes
- with_items:
- - neutron-common
- - neutron-plugin-ml2
- - openvswitch-datapath-dkms
- - openvswitch-switch
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
-- name: install neutron openvswitch agent
- apt: name=neutron-plugin-openvswitch-agent
- state=present force=yes
- when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}"
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
-- name: config neutron
- template: src=neutron-network.conf
- dest=/etc/neutron/neutron.conf backup=yes
- notify:
- - restart neutron-plugin-openvswitch-agent
+- name: fix openstack neutron plugin config file
+ shell: |
+ sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
+ systemctl daemon-reload
+ when: ansible_os_family == 'RedHat'
+
+- name: generate neutron compute service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
- name: config ml2 plugin
- template: src=ml2_conf.ini
+ template: src=templates/ml2_conf.ini
dest=/etc/neutron/plugins/ml2/ml2_conf.ini
backup=yes
- notify:
- - restart neutron-plugin-openvswitch-agent
-- name: add br-int
- openvswitch_bridge: bridge=br-int state=present
+- name: ln plugin.ini
+ file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link
+
+- name: config neutron
+ template: src=templates/neutron.conf
+ dest=/etc/neutron/neutron.conf backup=yes
notify:
- - restart neutron-plugin-openvswitch-agent
- - restart nova-compute
+ - restart neutron compute service
+ - restart nova-compute services
+
+- meta: flush_handlers
- include: ../../neutron-network/tasks/odl.yml
when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}"
-
-- meta: flush_handlers
diff --git a/ansible/roles/neutron-compute/templates/l3_agent.ini b/ansible/roles/neutron-compute/templates/l3_agent.ini
index b394c00..5f49934 100644
--- a/ansible/roles/neutron-compute/templates/l3_agent.ini
+++ b/ansible/roles/neutron-compute/templates/l3_agent.ini
@@ -45,7 +45,7 @@ handle_internal_only_routers = True
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge. when this parameter is set, each L3 agent
# can be associated with no more than one external network.
-external_network_bridge = br-ex
+external_network_bridge =
# TCP Port used by Neutron metadata server
metadata_port = 9697
diff --git a/ansible/roles/neutron-compute/templates/metadata_agent.ini b/ansible/roles/neutron-compute/templates/metadata_agent.ini
index edde22c..87937cc 100644
--- a/ansible/roles/neutron-compute/templates/metadata_agent.ini
+++ b/ansible/roles/neutron-compute/templates/metadata_agent.ini
@@ -3,8 +3,8 @@
debug = True
# The Neutron user information for accessing the Neutron API.
-auth_url = http://{{ identity_host }}:5000/v2.0
-auth_region = RegionOne
+auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+auth_region = regionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
@@ -17,7 +17,7 @@ admin_password = {{ NEUTRON_PASS }}
# endpoint_type = adminURL
# IP address used by Nova metadata server
-nova_metadata_ip = {{ compute_controller_host }}
+nova_metadata_ip = {{ internal_vip.ip }}
# TCP Port used by Nova metadata server
nova_metadata_port = 8775
diff --git a/ansible/roles/neutron-compute/templates/ml2_conf.ini b/ansible/roles/neutron-compute/templates/ml2_conf.ini
deleted file mode 100644
index 9972842..0000000
--- a/ansible/roles/neutron-compute/templates/ml2_conf.ini
+++ /dev/null
@@ -1,108 +0,0 @@
-[ml2]
-# (ListOpt) List of network type driver entrypoints to be loaded from
-# the neutron.ml2.type_drivers namespace.
-#
-# type_drivers = local,flat,vlan,gre,vxlan
-# Example: type_drivers = flat,vlan,gre,vxlan
-type_drivers = {{ NEUTRON_TYPE_DRIVERS |join(",") }}
-
-# (ListOpt) Ordered list of network_types to allocate as tenant
-# networks. The default value 'local' is useful for single-box testing
-# but provides no connectivity between hosts.
-#
-# tenant_network_types = local
-# Example: tenant_network_types = vlan,gre,vxlan
-tenant_network_types = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }}
-
-# (ListOpt) Ordered list of networking mechanism driver entrypoints
-# to be loaded from the neutron.ml2.mechanism_drivers namespace.
-# mechanism_drivers =
-# Example: mechanism_drivers = openvswitch,mlnx
-# Example: mechanism_drivers = arista
-# Example: mechanism_drivers = cisco,logger
-# Example: mechanism_drivers = openvswitch,brocade
-# Example: mechanism_drivers = linuxbridge,brocade
-mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }}
-
-[ml2_type_flat]
-# (ListOpt) List of physical_network names with which flat networks
-# can be created. Use * to allow flat networks with arbitrary
-# physical_network names.
-#
-flat_networks = external
-# Example:flat_networks = physnet1,physnet2
-# Example:flat_networks = *
-
-[ml2_type_vlan]
-# (ListOpt) List of [::] tuples
-# specifying physical_network names usable for VLAN provider and
-# tenant networks, as well as ranges of VLAN tags on each
-# physical_network available for allocation as tenant networks.
-#
-network_vlan_ranges =
-# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
-
-[ml2_type_gre]
-# (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
-tunnel_id_ranges = 1:1000
-
-[ml2_type_vxlan]
-# (ListOpt) Comma-separated list of : tuples enumerating
-# ranges of VXLAN VNI IDs that are available for tenant network allocation.
-#
-vni_ranges = 1001:4095
-
-# (StrOpt) Multicast group for the VXLAN interface. When configured, will
-# enable sending all broadcast traffic to this multicast group. When left
-# unconfigured, will disable multicast VXLAN mode.
-#
-vxlan_group = 239.1.1.1
-# Example: vxlan_group = 239.1.1.1
-
-[securitygroup]
-# Controls if neutron security group is enabled or not.
-# It should be false when you use nova security group.
-# enable_security_group = True
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
-enable_security_group = True
-
-[database]
-connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/ovs_neutron?charset=utf8
-
-[ovs]
-local_ip = {{ internal_ip }}
-{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %}
-integration_bridge = br-int
-tunnel_bridge = br-tun
-tunnel_id_ranges = 1001:4095
-tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
-bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }}
-{% endif %}
-
-[agent]
-root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
-tunnel_types = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
-{% if 'vxlan' in NEUTRON_TUNNEL_TYPES %}
-vxlan_udp_port = 4789
-{% endif %}
-l2_population = False
-
-[odl]
-{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
-network_vlan_ranges = 1001:4095
-tunnel_id_ranges = 1001:4095
-tun_peer_patch_port = patch-int
-int_peer_patch_port = patch-tun
-tenant_network_type = vxlan
-tunnel_bridge = br-tun
-integration_bridge = br-int
-controllers = 10.1.0.15:8080:admin:admin
-{% endif %}
-
-[ml2_odl]
-{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
-username = {{ odl_username }}
-password = {{ odl_password }}
-url = http://{{ odl_controller }}:{{ odl_api_port }}/controller/nb/v2/neutron
-{% endif %}
-
diff --git a/ansible/roles/neutron-compute/templates/neutron-network.conf b/ansible/roles/neutron-compute/templates/neutron-network.conf
deleted file mode 100644
index 318e4c0..0000000
--- a/ansible/roles/neutron-compute/templates/neutron-network.conf
+++ /dev/null
@@ -1,466 +0,0 @@
-[DEFAULT]
-# Print more verbose output (set logging level to INFO instead of default WARNING level).
-verbose = {{ VERBOSE }}
-
-# Print debugging output (set logging level to DEBUG instead of default WARNING level).
-debug = {{ DEBUG }}
-
-# Where to store Neutron state files. This directory must be writable by the
-# user executing the agent.
-state_path = /var/lib/neutron
-
-# Where to store lock files
-lock_path = $state_path/lock
-
-# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
-# log_date_format = %Y-%m-%d %H:%M:%S
-
-# use_syslog -> syslog
-# log_file and log_dir -> log_dir/log_file
-# (not log_file) and log_dir -> log_dir/{binary_name}.log
-# use_stderr -> stderr
-# (not user_stderr) and (not log_file) -> stdout
-# publish_errors -> notification system
-
-# use_syslog = False
-# syslog_log_facility = LOG_USER
-
-# use_stderr = True
-# log_file =
-log_dir = /var/log/neutron
-
-# publish_errors = False
-
-# Address to bind the API server to
-bind_host = {{ network_server_host }}
-
-# Port the bind the API server to
-bind_port = 9696
-
-# Path to the extensions. Note that this can be a colon-separated list of
-# paths. For example:
-# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
-# The __path__ of neutron.extensions is appended to this, so if your
-# extensions are in there you don't need to specify them here
-# api_extensions_path =
-
-# (StrOpt) Neutron core plugin entrypoint to be loaded from the
-# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
-# plugins included in the neutron source distribution. For compatibility with
-# previous versions, the class name of a plugin can be specified instead of its
-# entrypoint name.
-#
-#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-core_plugin = ml2
-# Example: core_plugin = ml2
-
-# (ListOpt) List of service plugin entrypoints to be loaded from the
-# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
-# the plugins included in the neutron source distribution. For compatibility
-# with previous versions, the class name of a plugin can be specified instead
-# of its entrypoint name.
-#
-# service_plugins =
-# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
-service_plugins = router
-
-# Paste configuration file
-api_paste_config = api-paste.ini
-
-# The strategy to be used for auth.
-# Supported values are 'keystone'(default), 'noauth'.
-auth_strategy = keystone
-
-# Base MAC address. The first 3 octets will remain unchanged. If the
-# 4h octet is not 00, it will also be used. The others will be
-# randomly generated.
-# 3 octet
-# base_mac = fa:16:3e:00:00:00
-# 4 octet
-# base_mac = fa:16:3e:4f:00:00
-
-# Maximum amount of retries to generate a unique MAC address
-# mac_generation_retries = 16
-
-# DHCP Lease duration (in seconds)
-dhcp_lease_duration = 86400
-
-# Allow sending resource operation notification to DHCP agent
-# dhcp_agent_notification = True
-
-# Enable or disable bulk create/update/delete operations
-# allow_bulk = True
-# Enable or disable pagination
-# allow_pagination = False
-# Enable or disable sorting
-# allow_sorting = False
-# Enable or disable overlapping IPs for subnets
-# Attention: the following parameter MUST be set to False if Neutron is
-# being used in conjunction with nova security groups
-allow_overlapping_ips = True
-# Ensure that configured gateway is on subnet
-# force_gateway_on_subnet = False
-
-
-# RPC configuration options. Defined in rpc __init__
-# The messaging module to use, defaults to kombu.
-# rpc_backend = neutron.openstack.common.rpc.impl_kombu
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-# Size of RPC thread pool
-rpc_thread_pool_size = 240
-# Size of RPC connection pool
-rpc_conn_pool_size = 100
-# Seconds to wait for a response from call or multicall
-rpc_response_timeout = 300
-# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
-rpc_cast_timeout = 300
-# Modules of exceptions that are permitted to be recreated
-# upon receiving exception data from an rpc call.
-# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
-# AMQP exchange to connect to if using RabbitMQ or QPID
-# control_exchange = neutron
-
-# If passed, use a fake RabbitMQ provider
-# fake_rabbit = False
-
-# Configuration options if sending notifications via kombu rpc (these are
-# the defaults)
-# SSL version to use (valid only if SSL enabled)
-# kombu_ssl_version =
-# SSL key file (valid only if SSL enabled)
-# kombu_ssl_keyfile =
-# SSL cert file (valid only if SSL enabled)
-# kombu_ssl_certfile =
-# SSL certification authority file (valid only if SSL enabled)
-# kombu_ssl_ca_certs =
-# Port where RabbitMQ server is running/listening
-rabbit_port = 5672
-# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
-# rabbit_hosts = localhost:5672
-# User ID used for RabbitMQ connections
-rabbit_userid = guest
-# Location of a virtual RabbitMQ installation.
-# rabbit_virtual_host = /
-# Maximum retries with trying to connect to RabbitMQ
-# (the default of 0 implies an infinite retry count)
-# rabbit_max_retries = 0
-# RabbitMQ connection retry interval
-# rabbit_retry_interval = 1
-# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
-# wipe RabbitMQ database when changing this option. (boolean value)
-# rabbit_ha_queues = false
-
-# QPID
-# rpc_backend=neutron.openstack.common.rpc.impl_qpid
-# Qpid broker hostname
-# qpid_hostname = localhost
-# Qpid broker port
-# qpid_port = 5672
-# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
-# qpid_hosts = localhost:5672
-# Username for qpid connection
-# qpid_username = ''
-# Password for qpid connection
-# qpid_password = ''
-# Space separated list of SASL mechanisms to use for auth
-# qpid_sasl_mechanisms = ''
-# Seconds between connection keepalive heartbeats
-# qpid_heartbeat = 60
-# Transport to use, either 'tcp' or 'ssl'
-# qpid_protocol = tcp
-# Disable Nagle algorithm
-# qpid_tcp_nodelay = True
-
-# ZMQ
-# rpc_backend=neutron.openstack.common.rpc.impl_zmq
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address.
-# rpc_zmq_bind_address = *
-
-# ============ Notification System Options =====================
-
-# Notifications can be sent when network/subnet/port are created, updated or deleted.
-# There are three methods of sending notifications: logging (via the
-# log_file directive), rpc (via a message queue) and
-# noop (no notifications sent, the default)
-
-# Notification_driver can be defined multiple times
-# Do nothing driver
-# notification_driver = neutron.openstack.common.notifier.no_op_notifier
-# Logging driver
-# notification_driver = neutron.openstack.common.notifier.log_notifier
-# RPC driver.
-notification_driver = neutron.openstack.common.notifier.rpc_notifier
-
-# default_notification_level is used to form actual topic name(s) or to set logging level
-default_notification_level = INFO
-
-# default_publisher_id is a part of the notification payload
-# host = myhost.com
-# default_publisher_id = $host
-
-# Defined in rpc_notifier, can be comma separated values.
-# The actual topic names will be %s.%(default_notification_level)s
-notification_topics = notifications
-
-# Default maximum number of items returned in a single response,
-# value == infinite and value < 0 means no max limit, and value must
-# be greater than 0. If the number of items requested is greater than
-# pagination_max_limit, server will just return pagination_max_limit
-# of number of items.
-# pagination_max_limit = -1
-
-# Maximum number of DNS nameservers per subnet
-# max_dns_nameservers = 5
-
-# Maximum number of host routes per subnet
-# max_subnet_host_routes = 20
-
-# Maximum number of fixed ips per port
-# max_fixed_ips_per_port = 5
-
-# =========== items for agent management extension =============
-# Seconds to regard the agent as down; should be at least twice
-# report_interval, to be sure the agent is down for good
-agent_down_time = 75
-# =========== end of items for agent management extension =====
-
-# =========== items for agent scheduler extension =============
-# Driver to use for scheduling network to DHCP agent
-network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling router to a default L3 agent
-router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling a loadbalancer pool to an lbaas agent
-# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
-
-# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
-# networks to first DHCP agent which sends get_active_networks message to
-# neutron server
-# network_auto_schedule = True
-
-# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
-# routers to first L3 agent which sends sync_routers message to neutron server
-# router_auto_schedule = True
-
-# Number of DHCP agents scheduled to host a network. This enables redundant
-# DHCP agents for configured networks.
-# dhcp_agents_per_network = 1
-
-# =========== end of items for agent scheduler extension =====
-
-# =========== WSGI parameters related to the API server ==============
-# Number of separate worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as workers. The parent process manages them.
-api_workers = 8
-
-# Number of separate RPC worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as RPC workers. The parent process manages them.
-# This feature is experimental until issues are addressed and testing has been
-# enabled for various plugins for compatibility.
-rpc_workers = 8
-
-# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
-# starting API server. Not supported on OS X.
-# tcp_keepidle = 600
-
-# Number of seconds to keep retrying to listen
-# retry_until_window = 30
-
-# Number of backlog requests to configure the socket with.
-# backlog = 4096
-
-# Max header line to accommodate large tokens
-# max_header_line = 16384
-
-# Enable SSL on the API server
-# use_ssl = False
-
-# Certificate file to use when starting API server securely
-# ssl_cert_file = /path/to/certfile
-
-# Private key file to use when starting API server securely
-# ssl_key_file = /path/to/keyfile
-
-# CA certificate file to use when starting API server securely to
-# verify connecting clients. This is an optional parameter only required if
-# API clients need to authenticate to the API server using SSL certificates
-# signed by a trusted CA
-# ssl_ca_file = /path/to/cafile
-# ======== end of WSGI parameters related to the API server ==========
-
-
-# ======== neutron nova interactions ==========
-# Send notification to nova when port status is active.
-notify_nova_on_port_status_changes = True
-
-# Send notifications to nova when port data (fixed_ips/floatingips) change
-# so nova can update it's cache.
-notify_nova_on_port_data_changes = True
-
-# URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ compute_controller_host }}:8774/v2
-
-# Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = RegionOne
-
-# Username for connection to nova in admin context
-nova_admin_username = nova
-
-# The uuid of the admin nova tenant
-
-# Password for connection to nova in admin context.
-nova_admin_password = {{ NOVA_PASS }}
-
-# Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ identity_host }}:35357/v2.0
-
-# Number of seconds between sending events to nova if there are any events to send
-send_events_interval = 2
-
-# ======== end of neutron nova interactions ==========
-
-[quotas]
-# Default driver to use for quota checks
-quota_driver = neutron.db.quota_db.DbQuotaDriver
-
-# Resource name(s) that are supported in quota features
-quota_items = network,subnet,port
-
-# Default number of resource allowed per tenant. A negative value means
-# unlimited.
-default_quota = -1
-
-# Number of networks allowed per tenant. A negative value means unlimited.
-quota_network = 100
-
-# Number of subnets allowed per tenant. A negative value means unlimited.
-quota_subnet = 100
-
-# Number of ports allowed per tenant. A negative value means unlimited.
-quota_port = 8000
-
-# Number of security groups allowed per tenant. A negative value means
-# unlimited.
-quota_security_group = 1000
-
-# Number of security group rules allowed per tenant. A negative value means
-# unlimited.
-quota_security_group_rule = 1000
-
-# Number of vips allowed per tenant. A negative value means unlimited.
-# quota_vip = 10
-
-# Number of pools allowed per tenant. A negative value means unlimited.
-# quota_pool = 10
-
-# Number of pool members allowed per tenant. A negative value means unlimited.
-# The default is unlimited because a member is not a real resource consumer
-# on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_member = -1
-
-# Number of health monitors allowed per tenant. A negative value means
-# unlimited.
-# The default is unlimited because a health monitor is not a real resource
-# consumer on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_health_monitors = -1
-
-# Number of routers allowed per tenant. A negative value means unlimited.
-# quota_router = 10
-
-# Number of floating IPs allowed per tenant. A negative value means unlimited.
-# quota_floatingip = 50
-
-[agent]
-# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
-# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
-root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
-
-# =========== items for agent management extension =============
-# seconds between nodes reporting state to server; should be less than
-# agent_down_time, best if it is half or less than agent_down_time
-report_interval = 30
-
-# =========== end of items for agent management extension =====
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = neutron
-admin_password = {{ NEUTRON_PASS }}
-signing_dir = $state_path/keystone-signing
-
-[database]
-# This line MUST be changed to actually run the plugin.
-# Example:
-# connection = mysql://root:pass@127.0.0.1:3306/neutron
-# Replace 127.0.0.1 above with the IP address of the database used by the
-# main neutron server. (Leave it as is if the database runs on this host.)
-# connection = sqlite:////var/lib/neutron/neutron.sqlite
-#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
-
-# The SQLAlchemy connection string used to connect to the slave database
-slave_connection =
-
-# Database reconnection retry times - in event connectivity is lost
-# set to -1 implies an infinite retry count
-max_retries = 10
-
-# Database reconnection interval in seconds - if the initial connection to the
-# database fails
-retry_interval = 10
-
-# Minimum number of SQL connections to keep open in a pool
-min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool
-max_pool_size = 100
-
-# Timeout in seconds before idle sql connections are reaped
-idle_timeout = 3600
-
-# If set, use this value for max_overflow with sqlalchemy
-max_overflow = 100
-
-# Verbosity of SQL debugging information. 0=None, 100=Everything
-connection_debug = 0
-
-# Add python stack traces to SQL as comment strings
-connection_trace = False
-
-# If set, use this value for pool_timeout with sqlalchemy
-pool_timeout = 10
-
-[service_providers]
-# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
-# Must be in form:
-# service_provider=::[:default]
-# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
-# Combination of and must be unique; must also be unique
-# This is multiline option, example for default provider:
-# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
-# example of non-default provider:
-# service_provider=FIREWALL:name2:firewall_driver_path
-# --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
-# In order to activate Radware's lbaas driver you need to uncomment the next line.
-# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
-# Otherwise comment the HA Proxy line
-# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
-# uncomment the following line to make the 'netscaler' LBaaS provider available.
-# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
-# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
-# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
-# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
-# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
diff --git a/ansible/roles/neutron-compute/templates/neutron.conf b/ansible/roles/neutron-compute/templates/neutron.conf
deleted file mode 100644
index 28bb2ba..0000000
--- a/ansible/roles/neutron-compute/templates/neutron.conf
+++ /dev/null
@@ -1,467 +0,0 @@
-[DEFAULT]
-# Print more verbose output (set logging level to INFO instead of default WARNING level).
-verbose = {{ VERBOSE }}
-
-# Print debugging output (set logging level to DEBUG instead of default WARNING level).
-debug = {{ VERBOSE }}
-
-# Where to store Neutron state files. This directory must be writable by the
-# user executing the agent.
-state_path = /var/lib/neutron
-
-# Where to store lock files
-lock_path = $state_path/lock
-
-# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
-# log_date_format = %Y-%m-%d %H:%M:%S
-
-# use_syslog -> syslog
-# log_file and log_dir -> log_dir/log_file
-# (not log_file) and log_dir -> log_dir/{binary_name}.log
-# use_stderr -> stderr
-# (not user_stderr) and (not log_file) -> stdout
-# publish_errors -> notification system
-
-# use_syslog = False
-# syslog_log_facility = LOG_USER
-
-# use_stderr = True
-# log_file =
-log_dir = /var/log/neutron
-
-# publish_errors = False
-
-# Address to bind the API server to
-bind_host = {{ network_server_host }}
-
-# Port the bind the API server to
-bind_port = 9696
-
-# Path to the extensions. Note that this can be a colon-separated list of
-# paths. For example:
-# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
-# The __path__ of neutron.extensions is appended to this, so if your
-# extensions are in there you don't need to specify them here
-# api_extensions_path =
-
-# (StrOpt) Neutron core plugin entrypoint to be loaded from the
-# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
-# plugins included in the neutron source distribution. For compatibility with
-# previous versions, the class name of a plugin can be specified instead of its
-# entrypoint name.
-#
-#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-core_plugin = ml2
-# Example: core_plugin = ml2
-
-# (ListOpt) List of service plugin entrypoints to be loaded from the
-# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
-# the plugins included in the neutron source distribution. For compatibility
-# with previous versions, the class name of a plugin can be specified instead
-# of its entrypoint name.
-#
-# service_plugins =
-# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
-service_plugins = router
-
-# Paste configuration file
-api_paste_config = api-paste.ini
-
-# The strategy to be used for auth.
-# Supported values are 'keystone'(default), 'noauth'.
-auth_strategy = keystone
-
-# Base MAC address. The first 3 octets will remain unchanged. If the
-# 4h octet is not 00, it will also be used. The others will be
-# randomly generated.
-# 3 octet
-# base_mac = fa:16:3e:00:00:00
-# 4 octet
-# base_mac = fa:16:3e:4f:00:00
-
-# Maximum amount of retries to generate a unique MAC address
-# mac_generation_retries = 16
-
-# DHCP Lease duration (in seconds)
-dhcp_lease_duration = 86400
-
-# Allow sending resource operation notification to DHCP agent
-# dhcp_agent_notification = True
-
-# Enable or disable bulk create/update/delete operations
-# allow_bulk = True
-# Enable or disable pagination
-# allow_pagination = False
-# Enable or disable sorting
-# allow_sorting = False
-# Enable or disable overlapping IPs for subnets
-# Attention: the following parameter MUST be set to False if Neutron is
-# being used in conjunction with nova security groups
-allow_overlapping_ips = True
-# Ensure that configured gateway is on subnet
-# force_gateway_on_subnet = False
-
-
-# RPC configuration options. Defined in rpc __init__
-# The messaging module to use, defaults to kombu.
-# rpc_backend = neutron.openstack.common.rpc.impl_kombu
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-# Size of RPC thread pool
-rpc_thread_pool_size = 240
-# Size of RPC connection pool
-rpc_conn_pool_size = 100
-# Seconds to wait for a response from call or multicall
-rpc_response_timeout = 300
-# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
-rpc_cast_timeout = 300
-# Modules of exceptions that are permitted to be recreated
-# upon receiving exception data from an rpc call.
-# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
-# AMQP exchange to connect to if using RabbitMQ or QPID
-# control_exchange = neutron
-
-# If passed, use a fake RabbitMQ provider
-# fake_rabbit = False
-
-# Configuration options if sending notifications via kombu rpc (these are
-# the defaults)
-# SSL version to use (valid only if SSL enabled)
-# kombu_ssl_version =
-# SSL key file (valid only if SSL enabled)
-# kombu_ssl_keyfile =
-# SSL cert file (valid only if SSL enabled)
-# kombu_ssl_certfile =
-# SSL certification authority file (valid only if SSL enabled)
-# kombu_ssl_ca_certs =
-# Port where RabbitMQ server is running/listening
-rabbit_port = 5672
-# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
-# rabbit_hosts = localhost:5672
-# User ID used for RabbitMQ connections
-rabbit_userid = guest
-# Location of a virtual RabbitMQ installation.
-# rabbit_virtual_host = /
-# Maximum retries with trying to connect to RabbitMQ
-# (the default of 0 implies an infinite retry count)
-# rabbit_max_retries = 0
-# RabbitMQ connection retry interval
-# rabbit_retry_interval = 1
-# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
-# wipe RabbitMQ database when changing this option. (boolean value)
-# rabbit_ha_queues = false
-
-# QPID
-# rpc_backend=neutron.openstack.common.rpc.impl_qpid
-# Qpid broker hostname
-# qpid_hostname = localhost
-# Qpid broker port
-# qpid_port = 5672
-# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
-# qpid_hosts = localhost:5672
-# Username for qpid connection
-# qpid_username = ''
-# Password for qpid connection
-# qpid_password = ''
-# Space separated list of SASL mechanisms to use for auth
-# qpid_sasl_mechanisms = ''
-# Seconds between connection keepalive heartbeats
-# qpid_heartbeat = 60
-# Transport to use, either 'tcp' or 'ssl'
-# qpid_protocol = tcp
-# Disable Nagle algorithm
-# qpid_tcp_nodelay = True
-
-# ZMQ
-# rpc_backend=neutron.openstack.common.rpc.impl_zmq
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address.
-# rpc_zmq_bind_address = *
-
-# ============ Notification System Options =====================
-
-# Notifications can be sent when network/subnet/port are created, updated or deleted.
-# There are three methods of sending notifications: logging (via the
-# log_file directive), rpc (via a message queue) and
-# noop (no notifications sent, the default)
-
-# Notification_driver can be defined multiple times
-# Do nothing driver
-# notification_driver = neutron.openstack.common.notifier.no_op_notifier
-# Logging driver
-# notification_driver = neutron.openstack.common.notifier.log_notifier
-# RPC driver.
-notification_driver = neutron.openstack.common.notifier.rpc_notifier
-
-# default_notification_level is used to form actual topic name(s) or to set logging level
-default_notification_level = INFO
-
-# default_publisher_id is a part of the notification payload
-# host = myhost.com
-# default_publisher_id = $host
-
-# Defined in rpc_notifier, can be comma separated values.
-# The actual topic names will be %s.%(default_notification_level)s
-notification_topics = notifications
-
-# Default maximum number of items returned in a single response,
-# value == infinite and value < 0 means no max limit, and value must
-# be greater than 0. If the number of items requested is greater than
-# pagination_max_limit, server will just return pagination_max_limit
-# of number of items.
-# pagination_max_limit = -1
-
-# Maximum number of DNS nameservers per subnet
-# max_dns_nameservers = 5
-
-# Maximum number of host routes per subnet
-# max_subnet_host_routes = 20
-
-# Maximum number of fixed ips per port
-# max_fixed_ips_per_port = 5
-
-# =========== items for agent management extension =============
-# Seconds to regard the agent as down; should be at least twice
-# report_interval, to be sure the agent is down for good
-agent_down_time = 75
-# =========== end of items for agent management extension =====
-
-# =========== items for agent scheduler extension =============
-# Driver to use for scheduling network to DHCP agent
-network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling router to a default L3 agent
-router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling a loadbalancer pool to an lbaas agent
-# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
-
-# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
-# networks to first DHCP agent which sends get_active_networks message to
-# neutron server
-# network_auto_schedule = True
-
-# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
-# routers to first L3 agent which sends sync_routers message to neutron server
-# router_auto_schedule = True
-
-# Number of DHCP agents scheduled to host a network. This enables redundant
-# DHCP agents for configured networks.
-# dhcp_agents_per_network = 1
-
-# =========== end of items for agent scheduler extension =====
-
-# =========== WSGI parameters related to the API server ==============
-# Number of separate worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as workers. The parent process manages them.
-api_workers = 8
-
-# Number of separate RPC worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as RPC workers. The parent process manages them.
-# This feature is experimental until issues are addressed and testing has been
-# enabled for various plugins for compatibility.
-rpc_workers = 8
-
-# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
-# starting API server. Not supported on OS X.
-# tcp_keepidle = 600
-
-# Number of seconds to keep retrying to listen
-# retry_until_window = 30
-
-# Number of backlog requests to configure the socket with.
-# backlog = 4096
-
-# Max header line to accommodate large tokens
-# max_header_line = 16384
-
-# Enable SSL on the API server
-# use_ssl = False
-
-# Certificate file to use when starting API server securely
-# ssl_cert_file = /path/to/certfile
-
-# Private key file to use when starting API server securely
-# ssl_key_file = /path/to/keyfile
-
-# CA certificate file to use when starting API server securely to
-# verify connecting clients. This is an optional parameter only required if
-# API clients need to authenticate to the API server using SSL certificates
-# signed by a trusted CA
-# ssl_ca_file = /path/to/cafile
-# ======== end of WSGI parameters related to the API server ==========
-
-
-# ======== neutron nova interactions ==========
-# Send notification to nova when port status is active.
-notify_nova_on_port_status_changes = True
-
-# Send notifications to nova when port data (fixed_ips/floatingips) change
-# so nova can update it's cache.
-notify_nova_on_port_data_changes = True
-
-# URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ compute_controller_host }}:8774/v2
-
-# Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = RegionOne
-
-# Username for connection to nova in admin context
-nova_admin_username = nova
-
-# The uuid of the admin nova tenant
-nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }}
-
-# Password for connection to nova in admin context.
-nova_admin_password = {{ NOVA_PASS }}
-
-# Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ identity_host }}:35357/v2.0
-
-# Number of seconds between sending events to nova if there are any events to send
-send_events_interval = 2
-
-# ======== end of neutron nova interactions ==========
-
-[quotas]
-# Default driver to use for quota checks
-quota_driver = neutron.db.quota_db.DbQuotaDriver
-
-# Resource name(s) that are supported in quota features
-quota_items = network,subnet,port
-
-# Default number of resource allowed per tenant. A negative value means
-# unlimited.
-default_quota = -1
-
-# Number of networks allowed per tenant. A negative value means unlimited.
-quota_network = 100
-
-# Number of subnets allowed per tenant. A negative value means unlimited.
-quota_subnet = 100
-
-# Number of ports allowed per tenant. A negative value means unlimited.
-quota_port = 8000
-
-# Number of security groups allowed per tenant. A negative value means
-# unlimited.
-quota_security_group = 1000
-
-# Number of security group rules allowed per tenant. A negative value means
-# unlimited.
-quota_security_group_rule = 1000
-
-# Number of vips allowed per tenant. A negative value means unlimited.
-# quota_vip = 10
-
-# Number of pools allowed per tenant. A negative value means unlimited.
-# quota_pool = 10
-
-# Number of pool members allowed per tenant. A negative value means unlimited.
-# The default is unlimited because a member is not a real resource consumer
-# on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_member = -1
-
-# Number of health monitors allowed per tenant. A negative value means
-# unlimited.
-# The default is unlimited because a health monitor is not a real resource
-# consumer on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_health_monitors = -1
-
-# Number of routers allowed per tenant. A negative value means unlimited.
-# quota_router = 10
-
-# Number of floating IPs allowed per tenant. A negative value means unlimited.
-# quota_floatingip = 50
-
-[agent]
-# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
-# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
-root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
-
-# =========== items for agent management extension =============
-# seconds between nodes reporting state to server; should be less than
-# agent_down_time, best if it is half or less than agent_down_time
-report_interval = 30
-
-# =========== end of items for agent management extension =====
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = neutron
-admin_password = {{ NEUTRON_PASS }}
-signing_dir = $state_path/keystone-signing
-
-[database]
-# This line MUST be changed to actually run the plugin.
-# Example:
-# connection = mysql://root:pass@127.0.0.1:3306/neutron
-# Replace 127.0.0.1 above with the IP address of the database used by the
-# main neutron server. (Leave it as is if the database runs on this host.)
-# connection = sqlite:////var/lib/neutron/neutron.sqlite
-#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
-
-# The SQLAlchemy connection string used to connect to the slave database
-slave_connection =
-
-# Database reconnection retry times - in event connectivity is lost
-# set to -1 implies an infinite retry count
-max_retries = 10
-
-# Database reconnection interval in seconds - if the initial connection to the
-# database fails
-retry_interval = 10
-
-# Minimum number of SQL connections to keep open in a pool
-min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool
-max_pool_size = 100
-
-# Timeout in seconds before idle sql connections are reaped
-idle_timeout = 3600
-
-# If set, use this value for max_overflow with sqlalchemy
-max_overflow = 100
-
-# Verbosity of SQL debugging information. 0=None, 100=Everything
-connection_debug = 0
-
-# Add python stack traces to SQL as comment strings
-connection_trace = False
-
-# If set, use this value for pool_timeout with sqlalchemy
-pool_timeout = 10
-
-[service_providers]
-# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
-# Must be in form:
-# service_provider=::[:default]
-# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
-# Combination of and must be unique; must also be unique
-# This is multiline option, example for default provider:
-# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
-# example of non-default provider:
-# service_provider=FIREWALL:name2:firewall_driver_path
-# --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
-# In order to activate Radware's lbaas driver you need to uncomment the next line.
-# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
-# Otherwise comment the HA Proxy line
-# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
-# uncomment the following line to make the 'netscaler' LBaaS provider available.
-# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
-# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
-# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
-# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
-# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
diff --git a/ansible/roles/neutron-compute/templates/neutron_init.sh b/ansible/roles/neutron-compute/templates/neutron_init.sh
deleted file mode 100644
index b92e202..0000000
--- a/ansible/roles/neutron-compute/templates/neutron_init.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 net-create ext-net --shared --router:external=True
-
-# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 subnet-create ext-net --name ext-subnet --allocation-pool start={{ FLOATING_IP_START }},end={{ FLOATING_IP_END}} --disable-dhcp --gateway {{EXTERNAL_NETWORK_GATEWAY}} {{EXTERNAL_NETWORK_CIDR}}
-
diff --git a/ansible/roles/neutron-compute/templates/nova.conf b/ansible/roles/neutron-compute/templates/nova.conf
deleted file mode 100644
index dfb4b93..0000000
--- a/ansible/roles/neutron-compute/templates/nova.conf
+++ /dev/null
@@ -1,68 +0,0 @@
-[DEFAULT]
-dhcpbridge_flagfile=/etc/nova/nova.conf
-dhcpbridge=/usr/bin/nova-dhcpbridge
-logdir=/var/log/nova
-state_path=/var/lib/nova
-lock_path=/var/lock/nova
-force_dhcp_release=True
-iscsi_helper=tgtadm
-libvirt_use_virtio_for_bridges=True
-connection_type=libvirt
-root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
-verbose={{ VERBOSE}}
-debug={{ DEBUG }}
-ec2_private_dns_show_ip=True
-api_paste_config=/etc/nova/api-paste.ini
-volumes_path=/var/lib/nova/volumes
-enabled_apis=ec2,osapi_compute,metadata
-
-vif_plugging_is_fatal: false
-vif_plugging_timeout: 0
-
-auth_strategy = keystone
-
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-my_ip = {{ internal_ip }}
-vnc_enabled = True
-vncserver_listen = 0.0.0.0
-vncserver_proxyclient_address = {{ internal_ip }}
-novncproxy_base_url = http://{{ compute_controller_host }}:6080/vnc_auto.html
-
-novncproxy_host = {{ internal_ip }}
-novncproxy_port = 6080
-
-network_api_class = nova.network.neutronv2.api.API
-linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
-firewall_driver = nova.virt.firewall.NoopFirewallDriver
-security_group_api = neutron
-
-instance_usage_audit = True
-instance_usage_audit_period = hour
-notify_on_state_change = vm_and_task_state
-notification_driver = nova.openstack.common.notifier.rpc_notifier
-notification_driver = ceilometer.compute.nova_notifier
-
-[database]
-# The SQLAlchemy connection string used to connect to the database
-connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = nova
-admin_password = {{ NOVA_PASS }}
-
-[glance]
-host = {{ image_host }}
-
-[neutron]
-url = http://{{ network_server_host }}:9696
-auth_strategy = keystone
-admin_tenant_name = service
-admin_username = neutron
-admin_password = {{ NEUTRON_PASS }}
-admin_auth_url = http://{{ identity_host }}:35357/v2.0
diff --git a/ansible/roles/neutron-compute/vars/Debian.yml b/ansible/roles/neutron-compute/vars/Debian.yml
new file mode 100644
index 0000000..8319e42
--- /dev/null
+++ b/ansible/roles/neutron-compute/vars/Debian.yml
@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+packages:
+ - neutron-common
+ - neutron-plugin-ml2
+ - openvswitch-datapath-dkms
+ - openvswitch-switch
+ - neutron-plugin-openvswitch-agent
+
+services:
+ - neutron-plugin-openvswitch-agent
diff --git a/ansible/roles/neutron-compute/vars/RedHat.yml b/ansible/roles/neutron-compute/vars/RedHat.yml
new file mode 100644
index 0000000..65dda6b
--- /dev/null
+++ b/ansible/roles/neutron-compute/vars/RedHat.yml
@@ -0,0 +1,18 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openstack-neutron
+ - openstack-neutron-ml2
+ - openstack-neutron-openvswitch
+
+services:
+ - openvswitch
+ - neutron-openvswitch-agent
+ - libvirtd
diff --git a/ansible/roles/neutron-compute/vars/main.yml b/ansible/roles/neutron-compute/vars/main.yml
new file mode 100644
index 0000000..f6fef74
--- /dev/null
+++ b/ansible/roles/neutron-compute/vars/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch: []
diff --git a/ansible/roles/neutron-controller/handlers/main.yml b/ansible/roles/neutron-controller/handlers/main.yml
index c830296..98d2113 100644
--- a/ansible/roles/neutron-controller/handlers/main.yml
+++ b/ansible/roles/neutron-controller/handlers/main.yml
@@ -1,24 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: restart nova-api
- service: name=nova-api state=restarted
-
-- name: restart nova-cert
- service: name=nova-cert state=restarted
-
-- name: restart nova-consoleauth
- service: name=nova-consoleauth state=restarted
-
-- name: restart nova-scheduler
- service: name=nova-scheduler state=restarted
-
-- name: restart nova-conductor
- service: name=nova-conductor state=restarted
-
-- name: restart nova-novncproxy
- service: name=nova-novncproxy state=restarted
-
-- name: remove nova-sqlite-db
- shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.db.removed
-
-- name: restart neutron-server
- service: name=neutron-server state=restarted
+- name: restart neutron control services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
+ when: item != "neutron-server"
diff --git a/ansible/roles/neutron-controller/tasks/main.yml b/ansible/roles/neutron-controller/tasks/main.yml
index ed0c297..1aaf91a 100644
--- a/ansible/roles/neutron-controller/tasks/main.yml
+++ b/ansible/roles/neutron-controller/tasks/main.yml
@@ -1,46 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: install controller-related neutron packages
- apt: name={{ item }} state=present force=yes
- with_items:
- - neutron-server
- - neutron-plugin-ml2
+- include: neutron_install.yml
+ tags:
+ - install
+ - neutron_install
+ - neutron
-- name: get tenant id to fill neutron.conf
- shell: keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 tenant-get service | grep id | awk '{print $4}'
- register: NOVA_ADMIN_TENANT_ID
-
-- name: update neutron conf
- template: src=neutron.conf dest=/etc/neutron/neutron.conf backup=yes
- notify:
- - restart neutron-server
-
-- name: update ml2 plugin conf
- template: src=ml2_conf.ini dest=/etc/neutron/plugins/ml2/ml2_conf.ini backup=yes
- notify:
- - restart neutron-server
+- include: neutron_config.yml
+ when: inventory_hostname == groups['controller'][0]
+ tags:
+ - config
+ - neutron_config
+ - neutron
- meta: flush_handlers
-#- name: manually restart nova-api
-# service: name=nova-api state=restarted
-
-#- name: manually restart nova-scheduler
-# service: name=nova-scheduler state=restarted
-
-#- name: manually restart nova-conductor
-# service: name=nova-conductor state=restarted
-
-#- name: manually restart neutron-server
-# service: name=neutron-server state=restarted
-
-- name: place neutron_init.sh under /opt/
- template: src=neutron_init.sh dest=/opt/neutron_init.sh mode=0744
-
-- name: init neutron
- shell: /opt/neutron_init.sh && touch neutron_init_complete || touch neutron_init_failed
- args:
- creates: neutron_init_complete
-
-- name: neutron-db-manage upgrade to Juno
- shell: neutron-db-manage --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
- notify:
- - restart neutron-server
diff --git a/ansible/roles/neutron-controller/tasks/neutron_config.yml b/ansible/roles/neutron-controller/tasks/neutron_config.yml
new file mode 100644
index 0000000..d07e187
--- /dev/null
+++ b/ansible/roles/neutron-controller/tasks/neutron_config.yml
@@ -0,0 +1,33 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: fix openstack neutron plugin config file
+ shell: |
+ sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
+ systemctl daemon-reload
+ when: ansible_os_family == 'RedHat'
+
+- name: neutron-db-manage upgrade to Juno
+ shell: neutron-db-manage --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
+ register: result
+ run_once: True
+ until: result.rc == 0
+ retries: 5
+ delay: 3
+ notify:
+ - restart neutron control services
+
+- name: restart first neutron-server
+ service: name=neutron-server state=restarted enabled=yes
+
+- name: restart other neutron-server
+ service: name=neutron-server state=restarted enabled=yes
+
+- meta: flush_handlers
diff --git a/ansible/roles/neutron-controller/tasks/neutron_install.yml b/ansible/roles/neutron-controller/tasks/neutron_install.yml
new file mode 100644
index 0000000..be64c41
--- /dev/null
+++ b/ansible/roles/neutron-controller/tasks/neutron_install.yml
@@ -0,0 +1,44 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install controller-related neutron packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: generate neutron control service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: get tenant id to fill neutron.conf
+ shell: keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 tenant-get service | grep id | awk '{print $4}'
+ register: NOVA_ADMIN_TENANT_ID
+
+- name: update neutron conf
+ template: src=templates/neutron.conf dest=/etc/neutron/neutron.conf backup=yes
+
+- name: update ml2 plugin conf
+ template: src=templates/ml2_conf.ini dest=/etc/neutron/plugins/ml2/ml2_conf.ini backup=yes
+
+- name: ln plugin.ini
+ file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link
diff --git a/ansible/roles/neutron-controller/templates/dnsmasq-neutron.conf b/ansible/roles/neutron-controller/templates/dnsmasq-neutron.conf
deleted file mode 100644
index 7bcbd9d..0000000
--- a/ansible/roles/neutron-controller/templates/dnsmasq-neutron.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-dhcp-option-force=26,1454
-
diff --git a/ansible/roles/neutron-controller/templates/l3_agent.ini b/ansible/roles/neutron-controller/templates/l3_agent.ini
index b394c00..5f49934 100644
--- a/ansible/roles/neutron-controller/templates/l3_agent.ini
+++ b/ansible/roles/neutron-controller/templates/l3_agent.ini
@@ -45,7 +45,7 @@ handle_internal_only_routers = True
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge. when this parameter is set, each L3 agent
# can be associated with no more than one external network.
-external_network_bridge = br-ex
+external_network_bridge =
# TCP Port used by Neutron metadata server
metadata_port = 9697
diff --git a/ansible/roles/neutron-controller/templates/metadata_agent.ini b/ansible/roles/neutron-controller/templates/metadata_agent.ini
index edde22c..87937cc 100644
--- a/ansible/roles/neutron-controller/templates/metadata_agent.ini
+++ b/ansible/roles/neutron-controller/templates/metadata_agent.ini
@@ -3,8 +3,8 @@
debug = True
# The Neutron user information for accessing the Neutron API.
-auth_url = http://{{ identity_host }}:5000/v2.0
-auth_region = RegionOne
+auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+auth_region = regionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
@@ -17,7 +17,7 @@ admin_password = {{ NEUTRON_PASS }}
# endpoint_type = adminURL
# IP address used by Nova metadata server
-nova_metadata_ip = {{ compute_controller_host }}
+nova_metadata_ip = {{ internal_vip.ip }}
# TCP Port used by Nova metadata server
nova_metadata_port = 8775
diff --git a/ansible/roles/neutron-controller/templates/ml2_conf.ini b/ansible/roles/neutron-controller/templates/ml2_conf.ini
deleted file mode 100644
index 9972842..0000000
--- a/ansible/roles/neutron-controller/templates/ml2_conf.ini
+++ /dev/null
@@ -1,108 +0,0 @@
-[ml2]
-# (ListOpt) List of network type driver entrypoints to be loaded from
-# the neutron.ml2.type_drivers namespace.
-#
-# type_drivers = local,flat,vlan,gre,vxlan
-# Example: type_drivers = flat,vlan,gre,vxlan
-type_drivers = {{ NEUTRON_TYPE_DRIVERS |join(",") }}
-
-# (ListOpt) Ordered list of network_types to allocate as tenant
-# networks. The default value 'local' is useful for single-box testing
-# but provides no connectivity between hosts.
-#
-# tenant_network_types = local
-# Example: tenant_network_types = vlan,gre,vxlan
-tenant_network_types = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }}
-
-# (ListOpt) Ordered list of networking mechanism driver entrypoints
-# to be loaded from the neutron.ml2.mechanism_drivers namespace.
-# mechanism_drivers =
-# Example: mechanism_drivers = openvswitch,mlnx
-# Example: mechanism_drivers = arista
-# Example: mechanism_drivers = cisco,logger
-# Example: mechanism_drivers = openvswitch,brocade
-# Example: mechanism_drivers = linuxbridge,brocade
-mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }}
-
-[ml2_type_flat]
-# (ListOpt) List of physical_network names with which flat networks
-# can be created. Use * to allow flat networks with arbitrary
-# physical_network names.
-#
-flat_networks = external
-# Example:flat_networks = physnet1,physnet2
-# Example:flat_networks = *
-
-[ml2_type_vlan]
-# (ListOpt) List of [::] tuples
-# specifying physical_network names usable for VLAN provider and
-# tenant networks, as well as ranges of VLAN tags on each
-# physical_network available for allocation as tenant networks.
-#
-network_vlan_ranges =
-# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
-
-[ml2_type_gre]
-# (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
-tunnel_id_ranges = 1:1000
-
-[ml2_type_vxlan]
-# (ListOpt) Comma-separated list of : tuples enumerating
-# ranges of VXLAN VNI IDs that are available for tenant network allocation.
-#
-vni_ranges = 1001:4095
-
-# (StrOpt) Multicast group for the VXLAN interface. When configured, will
-# enable sending all broadcast traffic to this multicast group. When left
-# unconfigured, will disable multicast VXLAN mode.
-#
-vxlan_group = 239.1.1.1
-# Example: vxlan_group = 239.1.1.1
-
-[securitygroup]
-# Controls if neutron security group is enabled or not.
-# It should be false when you use nova security group.
-# enable_security_group = True
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
-enable_security_group = True
-
-[database]
-connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/ovs_neutron?charset=utf8
-
-[ovs]
-local_ip = {{ internal_ip }}
-{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %}
-integration_bridge = br-int
-tunnel_bridge = br-tun
-tunnel_id_ranges = 1001:4095
-tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
-bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }}
-{% endif %}
-
-[agent]
-root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
-tunnel_types = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
-{% if 'vxlan' in NEUTRON_TUNNEL_TYPES %}
-vxlan_udp_port = 4789
-{% endif %}
-l2_population = False
-
-[odl]
-{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
-network_vlan_ranges = 1001:4095
-tunnel_id_ranges = 1001:4095
-tun_peer_patch_port = patch-int
-int_peer_patch_port = patch-tun
-tenant_network_type = vxlan
-tunnel_bridge = br-tun
-integration_bridge = br-int
-controllers = 10.1.0.15:8080:admin:admin
-{% endif %}
-
-[ml2_odl]
-{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
-username = {{ odl_username }}
-password = {{ odl_password }}
-url = http://{{ odl_controller }}:{{ odl_api_port }}/controller/nb/v2/neutron
-{% endif %}
-
diff --git a/ansible/roles/neutron-controller/templates/neutron-network.conf b/ansible/roles/neutron-controller/templates/neutron-network.conf
deleted file mode 100644
index 318e4c0..0000000
--- a/ansible/roles/neutron-controller/templates/neutron-network.conf
+++ /dev/null
@@ -1,466 +0,0 @@
-[DEFAULT]
-# Print more verbose output (set logging level to INFO instead of default WARNING level).
-verbose = {{ VERBOSE }}
-
-# Print debugging output (set logging level to DEBUG instead of default WARNING level).
-debug = {{ DEBUG }}
-
-# Where to store Neutron state files. This directory must be writable by the
-# user executing the agent.
-state_path = /var/lib/neutron
-
-# Where to store lock files
-lock_path = $state_path/lock
-
-# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
-# log_date_format = %Y-%m-%d %H:%M:%S
-
-# use_syslog -> syslog
-# log_file and log_dir -> log_dir/log_file
-# (not log_file) and log_dir -> log_dir/{binary_name}.log
-# use_stderr -> stderr
-# (not user_stderr) and (not log_file) -> stdout
-# publish_errors -> notification system
-
-# use_syslog = False
-# syslog_log_facility = LOG_USER
-
-# use_stderr = True
-# log_file =
-log_dir = /var/log/neutron
-
-# publish_errors = False
-
-# Address to bind the API server to
-bind_host = {{ network_server_host }}
-
-# Port the bind the API server to
-bind_port = 9696
-
-# Path to the extensions. Note that this can be a colon-separated list of
-# paths. For example:
-# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
-# The __path__ of neutron.extensions is appended to this, so if your
-# extensions are in there you don't need to specify them here
-# api_extensions_path =
-
-# (StrOpt) Neutron core plugin entrypoint to be loaded from the
-# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
-# plugins included in the neutron source distribution. For compatibility with
-# previous versions, the class name of a plugin can be specified instead of its
-# entrypoint name.
-#
-#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-core_plugin = ml2
-# Example: core_plugin = ml2
-
-# (ListOpt) List of service plugin entrypoints to be loaded from the
-# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
-# the plugins included in the neutron source distribution. For compatibility
-# with previous versions, the class name of a plugin can be specified instead
-# of its entrypoint name.
-#
-# service_plugins =
-# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
-service_plugins = router
-
-# Paste configuration file
-api_paste_config = api-paste.ini
-
-# The strategy to be used for auth.
-# Supported values are 'keystone'(default), 'noauth'.
-auth_strategy = keystone
-
-# Base MAC address. The first 3 octets will remain unchanged. If the
-# 4h octet is not 00, it will also be used. The others will be
-# randomly generated.
-# 3 octet
-# base_mac = fa:16:3e:00:00:00
-# 4 octet
-# base_mac = fa:16:3e:4f:00:00
-
-# Maximum amount of retries to generate a unique MAC address
-# mac_generation_retries = 16
-
-# DHCP Lease duration (in seconds)
-dhcp_lease_duration = 86400
-
-# Allow sending resource operation notification to DHCP agent
-# dhcp_agent_notification = True
-
-# Enable or disable bulk create/update/delete operations
-# allow_bulk = True
-# Enable or disable pagination
-# allow_pagination = False
-# Enable or disable sorting
-# allow_sorting = False
-# Enable or disable overlapping IPs for subnets
-# Attention: the following parameter MUST be set to False if Neutron is
-# being used in conjunction with nova security groups
-allow_overlapping_ips = True
-# Ensure that configured gateway is on subnet
-# force_gateway_on_subnet = False
-
-
-# RPC configuration options. Defined in rpc __init__
-# The messaging module to use, defaults to kombu.
-# rpc_backend = neutron.openstack.common.rpc.impl_kombu
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-# Size of RPC thread pool
-rpc_thread_pool_size = 240
-# Size of RPC connection pool
-rpc_conn_pool_size = 100
-# Seconds to wait for a response from call or multicall
-rpc_response_timeout = 300
-# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
-rpc_cast_timeout = 300
-# Modules of exceptions that are permitted to be recreated
-# upon receiving exception data from an rpc call.
-# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
-# AMQP exchange to connect to if using RabbitMQ or QPID
-# control_exchange = neutron
-
-# If passed, use a fake RabbitMQ provider
-# fake_rabbit = False
-
-# Configuration options if sending notifications via kombu rpc (these are
-# the defaults)
-# SSL version to use (valid only if SSL enabled)
-# kombu_ssl_version =
-# SSL key file (valid only if SSL enabled)
-# kombu_ssl_keyfile =
-# SSL cert file (valid only if SSL enabled)
-# kombu_ssl_certfile =
-# SSL certification authority file (valid only if SSL enabled)
-# kombu_ssl_ca_certs =
-# Port where RabbitMQ server is running/listening
-rabbit_port = 5672
-# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
-# rabbit_hosts = localhost:5672
-# User ID used for RabbitMQ connections
-rabbit_userid = guest
-# Location of a virtual RabbitMQ installation.
-# rabbit_virtual_host = /
-# Maximum retries with trying to connect to RabbitMQ
-# (the default of 0 implies an infinite retry count)
-# rabbit_max_retries = 0
-# RabbitMQ connection retry interval
-# rabbit_retry_interval = 1
-# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
-# wipe RabbitMQ database when changing this option. (boolean value)
-# rabbit_ha_queues = false
-
-# QPID
-# rpc_backend=neutron.openstack.common.rpc.impl_qpid
-# Qpid broker hostname
-# qpid_hostname = localhost
-# Qpid broker port
-# qpid_port = 5672
-# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
-# qpid_hosts = localhost:5672
-# Username for qpid connection
-# qpid_username = ''
-# Password for qpid connection
-# qpid_password = ''
-# Space separated list of SASL mechanisms to use for auth
-# qpid_sasl_mechanisms = ''
-# Seconds between connection keepalive heartbeats
-# qpid_heartbeat = 60
-# Transport to use, either 'tcp' or 'ssl'
-# qpid_protocol = tcp
-# Disable Nagle algorithm
-# qpid_tcp_nodelay = True
-
-# ZMQ
-# rpc_backend=neutron.openstack.common.rpc.impl_zmq
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address.
-# rpc_zmq_bind_address = *
-
-# ============ Notification System Options =====================
-
-# Notifications can be sent when network/subnet/port are created, updated or deleted.
-# There are three methods of sending notifications: logging (via the
-# log_file directive), rpc (via a message queue) and
-# noop (no notifications sent, the default)
-
-# Notification_driver can be defined multiple times
-# Do nothing driver
-# notification_driver = neutron.openstack.common.notifier.no_op_notifier
-# Logging driver
-# notification_driver = neutron.openstack.common.notifier.log_notifier
-# RPC driver.
-notification_driver = neutron.openstack.common.notifier.rpc_notifier
-
-# default_notification_level is used to form actual topic name(s) or to set logging level
-default_notification_level = INFO
-
-# default_publisher_id is a part of the notification payload
-# host = myhost.com
-# default_publisher_id = $host
-
-# Defined in rpc_notifier, can be comma separated values.
-# The actual topic names will be %s.%(default_notification_level)s
-notification_topics = notifications
-
-# Default maximum number of items returned in a single response,
-# value == infinite and value < 0 means no max limit, and value must
-# be greater than 0. If the number of items requested is greater than
-# pagination_max_limit, server will just return pagination_max_limit
-# of number of items.
-# pagination_max_limit = -1
-
-# Maximum number of DNS nameservers per subnet
-# max_dns_nameservers = 5
-
-# Maximum number of host routes per subnet
-# max_subnet_host_routes = 20
-
-# Maximum number of fixed ips per port
-# max_fixed_ips_per_port = 5
-
-# =========== items for agent management extension =============
-# Seconds to regard the agent as down; should be at least twice
-# report_interval, to be sure the agent is down for good
-agent_down_time = 75
-# =========== end of items for agent management extension =====
-
-# =========== items for agent scheduler extension =============
-# Driver to use for scheduling network to DHCP agent
-network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling router to a default L3 agent
-router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling a loadbalancer pool to an lbaas agent
-# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
-
-# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
-# networks to first DHCP agent which sends get_active_networks message to
-# neutron server
-# network_auto_schedule = True
-
-# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
-# routers to first L3 agent which sends sync_routers message to neutron server
-# router_auto_schedule = True
-
-# Number of DHCP agents scheduled to host a network. This enables redundant
-# DHCP agents for configured networks.
-# dhcp_agents_per_network = 1
-
-# =========== end of items for agent scheduler extension =====
-
-# =========== WSGI parameters related to the API server ==============
-# Number of separate worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as workers. The parent process manages them.
-api_workers = 8
-
-# Number of separate RPC worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as RPC workers. The parent process manages them.
-# This feature is experimental until issues are addressed and testing has been
-# enabled for various plugins for compatibility.
-rpc_workers = 8
-
-# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
-# starting API server. Not supported on OS X.
-# tcp_keepidle = 600
-
-# Number of seconds to keep retrying to listen
-# retry_until_window = 30
-
-# Number of backlog requests to configure the socket with.
-# backlog = 4096
-
-# Max header line to accommodate large tokens
-# max_header_line = 16384
-
-# Enable SSL on the API server
-# use_ssl = False
-
-# Certificate file to use when starting API server securely
-# ssl_cert_file = /path/to/certfile
-
-# Private key file to use when starting API server securely
-# ssl_key_file = /path/to/keyfile
-
-# CA certificate file to use when starting API server securely to
-# verify connecting clients. This is an optional parameter only required if
-# API clients need to authenticate to the API server using SSL certificates
-# signed by a trusted CA
-# ssl_ca_file = /path/to/cafile
-# ======== end of WSGI parameters related to the API server ==========
-
-
-# ======== neutron nova interactions ==========
-# Send notification to nova when port status is active.
-notify_nova_on_port_status_changes = True
-
-# Send notifications to nova when port data (fixed_ips/floatingips) change
-# so nova can update it's cache.
-notify_nova_on_port_data_changes = True
-
-# URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ compute_controller_host }}:8774/v2
-
-# Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = RegionOne
-
-# Username for connection to nova in admin context
-nova_admin_username = nova
-
-# The uuid of the admin nova tenant
-
-# Password for connection to nova in admin context.
-nova_admin_password = {{ NOVA_PASS }}
-
-# Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ identity_host }}:35357/v2.0
-
-# Number of seconds between sending events to nova if there are any events to send
-send_events_interval = 2
-
-# ======== end of neutron nova interactions ==========
-
-[quotas]
-# Default driver to use for quota checks
-quota_driver = neutron.db.quota_db.DbQuotaDriver
-
-# Resource name(s) that are supported in quota features
-quota_items = network,subnet,port
-
-# Default number of resource allowed per tenant. A negative value means
-# unlimited.
-default_quota = -1
-
-# Number of networks allowed per tenant. A negative value means unlimited.
-quota_network = 100
-
-# Number of subnets allowed per tenant. A negative value means unlimited.
-quota_subnet = 100
-
-# Number of ports allowed per tenant. A negative value means unlimited.
-quota_port = 8000
-
-# Number of security groups allowed per tenant. A negative value means
-# unlimited.
-quota_security_group = 1000
-
-# Number of security group rules allowed per tenant. A negative value means
-# unlimited.
-quota_security_group_rule = 1000
-
-# Number of vips allowed per tenant. A negative value means unlimited.
-# quota_vip = 10
-
-# Number of pools allowed per tenant. A negative value means unlimited.
-# quota_pool = 10
-
-# Number of pool members allowed per tenant. A negative value means unlimited.
-# The default is unlimited because a member is not a real resource consumer
-# on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_member = -1
-
-# Number of health monitors allowed per tenant. A negative value means
-# unlimited.
-# The default is unlimited because a health monitor is not a real resource
-# consumer on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_health_monitors = -1
-
-# Number of routers allowed per tenant. A negative value means unlimited.
-# quota_router = 10
-
-# Number of floating IPs allowed per tenant. A negative value means unlimited.
-# quota_floatingip = 50
-
-[agent]
-# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
-# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
-root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
-
-# =========== items for agent management extension =============
-# seconds between nodes reporting state to server; should be less than
-# agent_down_time, best if it is half or less than agent_down_time
-report_interval = 30
-
-# =========== end of items for agent management extension =====
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = neutron
-admin_password = {{ NEUTRON_PASS }}
-signing_dir = $state_path/keystone-signing
-
-[database]
-# This line MUST be changed to actually run the plugin.
-# Example:
-# connection = mysql://root:pass@127.0.0.1:3306/neutron
-# Replace 127.0.0.1 above with the IP address of the database used by the
-# main neutron server. (Leave it as is if the database runs on this host.)
-# connection = sqlite:////var/lib/neutron/neutron.sqlite
-#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
-
-# The SQLAlchemy connection string used to connect to the slave database
-slave_connection =
-
-# Database reconnection retry times - in event connectivity is lost
-# set to -1 implies an infinite retry count
-max_retries = 10
-
-# Database reconnection interval in seconds - if the initial connection to the
-# database fails
-retry_interval = 10
-
-# Minimum number of SQL connections to keep open in a pool
-min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool
-max_pool_size = 100
-
-# Timeout in seconds before idle sql connections are reaped
-idle_timeout = 3600
-
-# If set, use this value for max_overflow with sqlalchemy
-max_overflow = 100
-
-# Verbosity of SQL debugging information. 0=None, 100=Everything
-connection_debug = 0
-
-# Add python stack traces to SQL as comment strings
-connection_trace = False
-
-# If set, use this value for pool_timeout with sqlalchemy
-pool_timeout = 10
-
-[service_providers]
-# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
-# Must be in form:
-# service_provider=::[:default]
-# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
-# Combination of and must be unique; must also be unique
-# This is multiline option, example for default provider:
-# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
-# example of non-default provider:
-# service_provider=FIREWALL:name2:firewall_driver_path
-# --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
-# In order to activate Radware's lbaas driver you need to uncomment the next line.
-# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
-# Otherwise comment the HA Proxy line
-# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
-# uncomment the following line to make the 'netscaler' LBaaS provider available.
-# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
-# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
-# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
-# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
-# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
diff --git a/ansible/roles/neutron-controller/templates/neutron_init.sh b/ansible/roles/neutron-controller/templates/neutron_init.sh
deleted file mode 100644
index b92e202..0000000
--- a/ansible/roles/neutron-controller/templates/neutron_init.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 net-create ext-net --shared --router:external=True
-
-# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 subnet-create ext-net --name ext-subnet --allocation-pool start={{ FLOATING_IP_START }},end={{ FLOATING_IP_END}} --disable-dhcp --gateway {{EXTERNAL_NETWORK_GATEWAY}} {{EXTERNAL_NETWORK_CIDR}}
-
diff --git a/ansible/roles/neutron-controller/vars/Debian.yml b/ansible/roles/neutron-controller/vars/Debian.yml
new file mode 100644
index 0000000..70d652c
--- /dev/null
+++ b/ansible/roles/neutron-controller/vars/Debian.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - neutron-server
+ - neutron-plugin-ml2
+
+services: []
diff --git a/ansible/roles/neutron-controller/vars/RedHat.yml b/ansible/roles/neutron-controller/vars/RedHat.yml
new file mode 100644
index 0000000..89f41de
--- /dev/null
+++ b/ansible/roles/neutron-controller/vars/RedHat.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openstack-neutron
+ - openstack-neutron-ml2
+
+services: []
diff --git a/ansible/roles/neutron-controller/vars/main.yml b/ansible/roles/neutron-controller/vars/main.yml
new file mode 100644
index 0000000..928b0bd
--- /dev/null
+++ b/ansible/roles/neutron-controller/vars/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch:
+ - neutron-server
+
diff --git a/ansible/roles/neutron-network/files/vpnaas.filters b/ansible/roles/neutron-network/files/vpnaas.filters
new file mode 100644
index 0000000..c5eaa80
--- /dev/null
+++ b/ansible/roles/neutron-network/files/vpnaas.filters
@@ -0,0 +1,7 @@
+[Filters]
+ip: IpFilter, ip, root
+ip_exec: IpNetnsExecFilter, ip, root
+ipsec: CommandFilter, ipsec, root
+strongswan: CommandFilter, strongswan, root
+neutron_netns_wrapper: CommandFilter, neutron-vpn-netns-wrapper, root
+neutron_netns_wrapper_local: CommandFilter, /usr/local/bin/neutron-vpn-netns-wrapper, root
diff --git a/ansible/roles/neutron-network/files/xorp b/ansible/roles/neutron-network/files/xorp
new file mode 100644
index 0000000..5a48610
--- /dev/null
+++ b/ansible/roles/neutron-network/files/xorp
@@ -0,0 +1,23 @@
+# Defaults for xorp initscript
+# sourced by /etc/init.d/xorp
+# installed at /etc/default/xorp by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Master system-wide xorp switch. The initscript
+# will not run if it is not set to yes.
+
+RUN="yes"
+
+
+# Additional options that are passed to the rtrmgr Daemon.
+# e.g. :
+# -a Host allowed by the finder
+# -n Subnet allowed by the finder
+# -v Print verbose information
+# -b Specify boot file
+# -d Run as a daemon, detach from tty
+
+DAEMON_OPTS="-b /etc/xorp/config.boot "
diff --git a/ansible/roles/neutron-network/handlers/main.yml b/ansible/roles/neutron-network/handlers/main.yml
index cbfc8e9..9a9c9b4 100644
--- a/ansible/roles/neutron-network/handlers/main.yml
+++ b/ansible/roles/neutron-network/handlers/main.yml
@@ -1,21 +1,31 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: restart neutron-plugin-openvswitch-agent
- service: name=neutron-plugin-openvswitch-agent state=restarted
- when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}"
+- name: restart neutron network relation service
+ service: name={{ item }} state=restarted enabled=yes
+ with_flattened:
+ - services_noarch
+ - services
-- name: restart neutron-l3-agent
- service: name=neutron-l3-agent state=restarted
+- name: restart openvswitch agent service
+ service: name=neutron-openvswitch-agent state=restarted enabled=yes
+
+- name: restart vpn agent service
+ service: name={{ item }} state=restarted enabled=yes
+ with_items:
+ - neutron-vpn-agent
+ - strongswan
- name: kill dnsmasq
command: killall dnsmasq
ignore_errors: True
-- name: restart neutron-dhcp-agent
- service: name=neutron-dhcp-agent state=restarted
-
-- name: restart neutron-metadata-agent
- service: name=neutron-metadata-agent state=restarted
-
- name: restart xorp
- service: name=xorp state=restarted sleep=10
+ service: name=xorp state=restarted enabled=yes sleep=10
ignore_errors: True
diff --git a/ansible/roles/neutron-network/tasks/firewall.yml b/ansible/roles/neutron-network/tasks/firewall.yml
new file mode 100755
index 0000000..aec714f
--- /dev/null
+++ b/ansible/roles/neutron-network/tasks/firewall.yml
@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install firewall packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: firewall_packages
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: update firewall related conf
+ shell: crudini --set --list /etc/neutron/neutron.conf DEFAULT service_plugins firewall
diff --git a/ansible/roles/neutron-network/tasks/igmp-router.yml b/ansible/roles/neutron-network/tasks/igmp-router.yml
index d6f38a0..2ce1651 100644
--- a/ansible/roles/neutron-network/tasks/igmp-router.yml
+++ b/ansible/roles/neutron-network/tasks/igmp-router.yml
@@ -1,6 +1,18 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
- name: Install XORP to provide IGMP router functionality
- apt: pkg=xorp
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: xorp_packages
+
+- name: create xorp directory
+ file: path=/etc/xorp state=directory
- name: configure xorp
template: src=etc/xorp/config.boot dest=/etc/xorp/config.boot
@@ -8,7 +20,7 @@
- restart xorp
- name: set xorp defaults
- lineinfile: dest=/etc/default/xorp regexp=^RUN= line=RUN=yes
+ copy: src=xorp dest=/etc/default/xorp
notify:
- restart xorp
diff --git a/ansible/roles/neutron-network/tasks/main.yml b/ansible/roles/neutron-network/tasks/main.yml
index 4a804ef..9b41ac1 100644
--- a/ansible/roles/neutron-network/tasks/main.yml
+++ b/ansible/roles/neutron-network/tasks/main.yml
@@ -1,4 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
+- include_vars: "{{ ansible_os_family }}.yml"
+
- name: activate ipv4 forwarding
sysctl: name=net.ipv4.ip_forward value=1
state=present reload=yes
@@ -11,80 +21,6 @@
sysctl: name=net.ipv4.conf.default.rp_filter
value=0 state=present reload=yes
-- name: install neutron network related packages
- apt: name={{ item }} state=present force=yes
- with_items:
- - neutron-plugin-ml2
- - openvswitch-datapath-dkms
- - openvswitch-switch
- - neutron-l3-agent
- - neutron-dhcp-agent
-
-- name: install neutron openvswitch agent
- apt: name=neutron-plugin-openvswitch-agent
- state=present force=yes
- when: "'openvswitch' in {{ NEUTRON_MECHANISM_DRIVERS }}"
-
-- name: config neutron
- template: src=neutron-network.conf
- dest=/etc/neutron/neutron.conf backup=yes
- notify:
- - restart neutron-plugin-openvswitch-agent
- - restart neutron-l3-agent
- - kill dnsmasq
- - restart neutron-dhcp-agent
- - restart neutron-metadata-agent
-
-- name: config l3 agent
- template: src=l3_agent.ini dest=/etc/neutron/l3_agent.ini
- backup=yes
- notify:
- - restart neutron-l3-agent
-
-- name: config dhcp agent
- template: src=dhcp_agent.ini dest=/etc/neutron/dhcp_agent.ini
- backup=yes
- notify:
- - kill dnsmasq
- - restart neutron-dhcp-agent
-
-- name: update dnsmasq-neutron.conf
- template: src=dnsmasq-neutron.conf
- dest=/etc/neutron/dnsmasq-neutron.conf
- notify:
- - kill dnsmasq
- - restart neutron-dhcp-agent
-
-- name: config metadata agent
- template: src=metadata_agent.ini
- dest=/etc/neutron/metadata_agent.ini backup=yes
- notify:
- - restart neutron-metadata-agent
-
-- name: config ml2 plugin
- template: src=ml2_conf.ini
- dest=/etc/neutron/plugins/ml2/ml2_conf.ini
- backup=yes
- notify:
- - restart neutron-plugin-openvswitch-agent
-
-- meta: flush_handlers
-
-- name: add br-int
- openvswitch_bridge: bridge=br-int state=present
-
-- name: add br-ex
- openvswitch_bridge: bridge=br-ex state=present
- when: "'openvswitch' in {{ NEUTRON_MECHANISM_DRIVERS }}"
-
-- name: assign a port to br-ex for physical ext interface
- openvswitch_port: bridge=br-ex port={{ INTERFACE_NAME }}
- state=present
- when: "'openvswitch' in {{ NEUTRON_MECHANISM_DRIVERS }}"
-
-- include: igmp-router.yml
- when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
-
- name: assert kernel support for vxlan
command: modinfo -F version vxlan
when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
@@ -95,10 +31,81 @@
failed_when: iproute_out.rc == 255
when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install neutron network related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: generate neutron network service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: fix openstack neutron plugin config file
+ shell: |
+ sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
+ systemctl daemon-reload
+ when: ansible_os_family == 'RedHat'
+
+- name: config l3 agent
+ template: src=l3_agent.ini dest=/etc/neutron/l3_agent.ini
+ backup=yes
+
+- name: config dhcp agent
+ template: src=dhcp_agent.ini dest=/etc/neutron/dhcp_agent.ini
+ backup=yes
+
+- name: update dnsmasq-neutron.conf
+ template: src=templates/dnsmasq-neutron.conf
+ dest=/etc/neutron/dnsmasq-neutron.conf
+
+- name: config metadata agent
+ template: src=metadata_agent.ini
+ dest=/etc/neutron/metadata_agent.ini backup=yes
+
+- name: config ml2 plugin
+ template: src=templates/ml2_conf.ini
+ dest=/etc/neutron/plugins/ml2/ml2_conf.ini
+ backup=yes
+
+- name: ln plugin.ini
+ file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link
+
+- name: config neutron
+ template: src=templates/neutron.conf
+ dest=/etc/neutron/neutron.conf backup=yes
+
+- name: force mtu to 1450 for vxlan
+ lineinfile:
+ dest: /etc/neutron/dnsmasq-neutron.conf
+ regexp: '^dhcp-option-force'
+ line: 'dhcp-option-force=26,1450'
+ when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
+
+- include: firewall.yml
+ when: enable_fwaas == True
+
+- include: vpn.yml
+ when: enable_vpnaas == True
+
- include: odl.yml
when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}"
-- name: restart ovs service
- service: name=openvswitch-switch state=restarted
+- name: restart neutron network relation service
+ service: name={{ item }} state=restarted enabled=yes
+ with_flattened:
+ - services_noarch
+ - services
- meta: flush_handlers
diff --git a/ansible/roles/neutron-network/tasks/odl.yml b/ansible/roles/neutron-network/tasks/odl.yml
index 5817a2f..dd1e478 100644
--- a/ansible/roles/neutron-network/tasks/odl.yml
+++ b/ansible/roles/neutron-network/tasks/odl.yml
@@ -1,6 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
- name: ovs set manager
- command: ovs-vsctl set-manager tcp:{{ odl_controller }}:6640
+ command: ovs-vsctl set-manager tcp:{{ controller }}:6640
- name: get ovs uuid
shell: ovs-vsctl get Open_vSwitch . _uuid
diff --git a/ansible/roles/neutron-network/tasks/vpn.yml b/ansible/roles/neutron-network/tasks/vpn.yml
new file mode 100755
index 0000000..9722ab7
--- /dev/null
+++ b/ansible/roles/neutron-network/tasks/vpn.yml
@@ -0,0 +1,47 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install vpn packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: vpn_packages
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: update vpn related conf
+ shell: crudini --set /etc/neutron/l3_agent.ini vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver;
+ crudini --set --list /etc/neutron/neutron.conf DEFAULT service_plugins vpnaas
+ crudini --set /etc/neutron/neutron_vpnaas.conf service_providers service_provider 'VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default'
+
+- name: make sure rootwrap.d dir exist
+ file: path=/etc/neutron/rootwrap.d state=directory mode=0755
+
+- name: update rootwrap
+ copy: src=vpnaas.filters dest=/etc/neutron/rootwrap.d/vpnaas.filters
+
+- name: enable vpn service
+ service: name={{ item }} state=started enabled=yes
+ with_items:
+ - neutron-vpn-agent
+ - strongswan
+ notify:
+ - restart vpn agent service
+
diff --git a/ansible/roles/neutron-network/templates/dnsmasq-neutron.conf b/ansible/roles/neutron-network/templates/dnsmasq-neutron.conf
deleted file mode 100644
index 7bcbd9d..0000000
--- a/ansible/roles/neutron-network/templates/dnsmasq-neutron.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-dhcp-option-force=26,1454
-
diff --git a/ansible/roles/neutron-network/templates/etc/xorp/config.boot b/ansible/roles/neutron-network/templates/etc/xorp/config.boot
index 32caf96..426a8fd 100644
--- a/ansible/roles/neutron-network/templates/etc/xorp/config.boot
+++ b/ansible/roles/neutron-network/templates/etc/xorp/config.boot
@@ -1,6 +1,6 @@
interfaces {
restore-original-config-on-shutdown: false
- interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} {
+ interface {{ internal_nic }} {
description: "Internal pNodes interface"
disable: false
default-system-config
@@ -10,8 +10,8 @@ interfaces {
protocols {
igmp {
disable: false
- interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} {
- vif {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} {
+ interface {{ internal_nic }} {
+ vif {{ internal_nic }} {
disable: false
version: 3
}
diff --git a/ansible/roles/neutron-network/templates/l3_agent.ini b/ansible/roles/neutron-network/templates/l3_agent.ini
index b394c00..5f49934 100644
--- a/ansible/roles/neutron-network/templates/l3_agent.ini
+++ b/ansible/roles/neutron-network/templates/l3_agent.ini
@@ -45,7 +45,7 @@ handle_internal_only_routers = True
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge. when this parameter is set, each L3 agent
# can be associated with no more than one external network.
-external_network_bridge = br-ex
+external_network_bridge =
# TCP Port used by Neutron metadata server
metadata_port = 9697
diff --git a/ansible/roles/neutron-network/templates/metadata_agent.ini b/ansible/roles/neutron-network/templates/metadata_agent.ini
index edde22c..87937cc 100644
--- a/ansible/roles/neutron-network/templates/metadata_agent.ini
+++ b/ansible/roles/neutron-network/templates/metadata_agent.ini
@@ -3,8 +3,8 @@
debug = True
# The Neutron user information for accessing the Neutron API.
-auth_url = http://{{ identity_host }}:5000/v2.0
-auth_region = RegionOne
+auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+auth_region = regionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
@@ -17,7 +17,7 @@ admin_password = {{ NEUTRON_PASS }}
# endpoint_type = adminURL
# IP address used by Nova metadata server
-nova_metadata_ip = {{ compute_controller_host }}
+nova_metadata_ip = {{ internal_vip.ip }}
# TCP Port used by Nova metadata server
nova_metadata_port = 8775
diff --git a/ansible/roles/neutron-network/templates/neutron-network.conf b/ansible/roles/neutron-network/templates/neutron-network.conf
deleted file mode 100644
index 318e4c0..0000000
--- a/ansible/roles/neutron-network/templates/neutron-network.conf
+++ /dev/null
@@ -1,466 +0,0 @@
-[DEFAULT]
-# Print more verbose output (set logging level to INFO instead of default WARNING level).
-verbose = {{ VERBOSE }}
-
-# Print debugging output (set logging level to DEBUG instead of default WARNING level).
-debug = {{ DEBUG }}
-
-# Where to store Neutron state files. This directory must be writable by the
-# user executing the agent.
-state_path = /var/lib/neutron
-
-# Where to store lock files
-lock_path = $state_path/lock
-
-# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
-# log_date_format = %Y-%m-%d %H:%M:%S
-
-# use_syslog -> syslog
-# log_file and log_dir -> log_dir/log_file
-# (not log_file) and log_dir -> log_dir/{binary_name}.log
-# use_stderr -> stderr
-# (not user_stderr) and (not log_file) -> stdout
-# publish_errors -> notification system
-
-# use_syslog = False
-# syslog_log_facility = LOG_USER
-
-# use_stderr = True
-# log_file =
-log_dir = /var/log/neutron
-
-# publish_errors = False
-
-# Address to bind the API server to
-bind_host = {{ network_server_host }}
-
-# Port the bind the API server to
-bind_port = 9696
-
-# Path to the extensions. Note that this can be a colon-separated list of
-# paths. For example:
-# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
-# The __path__ of neutron.extensions is appended to this, so if your
-# extensions are in there you don't need to specify them here
-# api_extensions_path =
-
-# (StrOpt) Neutron core plugin entrypoint to be loaded from the
-# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
-# plugins included in the neutron source distribution. For compatibility with
-# previous versions, the class name of a plugin can be specified instead of its
-# entrypoint name.
-#
-#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-core_plugin = ml2
-# Example: core_plugin = ml2
-
-# (ListOpt) List of service plugin entrypoints to be loaded from the
-# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
-# the plugins included in the neutron source distribution. For compatibility
-# with previous versions, the class name of a plugin can be specified instead
-# of its entrypoint name.
-#
-# service_plugins =
-# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
-service_plugins = router
-
-# Paste configuration file
-api_paste_config = api-paste.ini
-
-# The strategy to be used for auth.
-# Supported values are 'keystone'(default), 'noauth'.
-auth_strategy = keystone
-
-# Base MAC address. The first 3 octets will remain unchanged. If the
-# 4h octet is not 00, it will also be used. The others will be
-# randomly generated.
-# 3 octet
-# base_mac = fa:16:3e:00:00:00
-# 4 octet
-# base_mac = fa:16:3e:4f:00:00
-
-# Maximum amount of retries to generate a unique MAC address
-# mac_generation_retries = 16
-
-# DHCP Lease duration (in seconds)
-dhcp_lease_duration = 86400
-
-# Allow sending resource operation notification to DHCP agent
-# dhcp_agent_notification = True
-
-# Enable or disable bulk create/update/delete operations
-# allow_bulk = True
-# Enable or disable pagination
-# allow_pagination = False
-# Enable or disable sorting
-# allow_sorting = False
-# Enable or disable overlapping IPs for subnets
-# Attention: the following parameter MUST be set to False if Neutron is
-# being used in conjunction with nova security groups
-allow_overlapping_ips = True
-# Ensure that configured gateway is on subnet
-# force_gateway_on_subnet = False
-
-
-# RPC configuration options. Defined in rpc __init__
-# The messaging module to use, defaults to kombu.
-# rpc_backend = neutron.openstack.common.rpc.impl_kombu
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-# Size of RPC thread pool
-rpc_thread_pool_size = 240
-# Size of RPC connection pool
-rpc_conn_pool_size = 100
-# Seconds to wait for a response from call or multicall
-rpc_response_timeout = 300
-# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
-rpc_cast_timeout = 300
-# Modules of exceptions that are permitted to be recreated
-# upon receiving exception data from an rpc call.
-# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
-# AMQP exchange to connect to if using RabbitMQ or QPID
-# control_exchange = neutron
-
-# If passed, use a fake RabbitMQ provider
-# fake_rabbit = False
-
-# Configuration options if sending notifications via kombu rpc (these are
-# the defaults)
-# SSL version to use (valid only if SSL enabled)
-# kombu_ssl_version =
-# SSL key file (valid only if SSL enabled)
-# kombu_ssl_keyfile =
-# SSL cert file (valid only if SSL enabled)
-# kombu_ssl_certfile =
-# SSL certification authority file (valid only if SSL enabled)
-# kombu_ssl_ca_certs =
-# Port where RabbitMQ server is running/listening
-rabbit_port = 5672
-# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
-# rabbit_hosts = localhost:5672
-# User ID used for RabbitMQ connections
-rabbit_userid = guest
-# Location of a virtual RabbitMQ installation.
-# rabbit_virtual_host = /
-# Maximum retries with trying to connect to RabbitMQ
-# (the default of 0 implies an infinite retry count)
-# rabbit_max_retries = 0
-# RabbitMQ connection retry interval
-# rabbit_retry_interval = 1
-# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
-# wipe RabbitMQ database when changing this option. (boolean value)
-# rabbit_ha_queues = false
-
-# QPID
-# rpc_backend=neutron.openstack.common.rpc.impl_qpid
-# Qpid broker hostname
-# qpid_hostname = localhost
-# Qpid broker port
-# qpid_port = 5672
-# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
-# qpid_hosts = localhost:5672
-# Username for qpid connection
-# qpid_username = ''
-# Password for qpid connection
-# qpid_password = ''
-# Space separated list of SASL mechanisms to use for auth
-# qpid_sasl_mechanisms = ''
-# Seconds between connection keepalive heartbeats
-# qpid_heartbeat = 60
-# Transport to use, either 'tcp' or 'ssl'
-# qpid_protocol = tcp
-# Disable Nagle algorithm
-# qpid_tcp_nodelay = True
-
-# ZMQ
-# rpc_backend=neutron.openstack.common.rpc.impl_zmq
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address.
-# rpc_zmq_bind_address = *
-
-# ============ Notification System Options =====================
-
-# Notifications can be sent when network/subnet/port are created, updated or deleted.
-# There are three methods of sending notifications: logging (via the
-# log_file directive), rpc (via a message queue) and
-# noop (no notifications sent, the default)
-
-# Notification_driver can be defined multiple times
-# Do nothing driver
-# notification_driver = neutron.openstack.common.notifier.no_op_notifier
-# Logging driver
-# notification_driver = neutron.openstack.common.notifier.log_notifier
-# RPC driver.
-notification_driver = neutron.openstack.common.notifier.rpc_notifier
-
-# default_notification_level is used to form actual topic name(s) or to set logging level
-default_notification_level = INFO
-
-# default_publisher_id is a part of the notification payload
-# host = myhost.com
-# default_publisher_id = $host
-
-# Defined in rpc_notifier, can be comma separated values.
-# The actual topic names will be %s.%(default_notification_level)s
-notification_topics = notifications
-
-# Default maximum number of items returned in a single response,
-# value == infinite and value < 0 means no max limit, and value must
-# be greater than 0. If the number of items requested is greater than
-# pagination_max_limit, server will just return pagination_max_limit
-# of number of items.
-# pagination_max_limit = -1
-
-# Maximum number of DNS nameservers per subnet
-# max_dns_nameservers = 5
-
-# Maximum number of host routes per subnet
-# max_subnet_host_routes = 20
-
-# Maximum number of fixed ips per port
-# max_fixed_ips_per_port = 5
-
-# =========== items for agent management extension =============
-# Seconds to regard the agent as down; should be at least twice
-# report_interval, to be sure the agent is down for good
-agent_down_time = 75
-# =========== end of items for agent management extension =====
-
-# =========== items for agent scheduler extension =============
-# Driver to use for scheduling network to DHCP agent
-network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling router to a default L3 agent
-router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling a loadbalancer pool to an lbaas agent
-# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
-
-# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
-# networks to first DHCP agent which sends get_active_networks message to
-# neutron server
-# network_auto_schedule = True
-
-# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
-# routers to first L3 agent which sends sync_routers message to neutron server
-# router_auto_schedule = True
-
-# Number of DHCP agents scheduled to host a network. This enables redundant
-# DHCP agents for configured networks.
-# dhcp_agents_per_network = 1
-
-# =========== end of items for agent scheduler extension =====
-
-# =========== WSGI parameters related to the API server ==============
-# Number of separate worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as workers. The parent process manages them.
-api_workers = 8
-
-# Number of separate RPC worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as RPC workers. The parent process manages them.
-# This feature is experimental until issues are addressed and testing has been
-# enabled for various plugins for compatibility.
-rpc_workers = 8
-
-# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
-# starting API server. Not supported on OS X.
-# tcp_keepidle = 600
-
-# Number of seconds to keep retrying to listen
-# retry_until_window = 30
-
-# Number of backlog requests to configure the socket with.
-# backlog = 4096
-
-# Max header line to accommodate large tokens
-# max_header_line = 16384
-
-# Enable SSL on the API server
-# use_ssl = False
-
-# Certificate file to use when starting API server securely
-# ssl_cert_file = /path/to/certfile
-
-# Private key file to use when starting API server securely
-# ssl_key_file = /path/to/keyfile
-
-# CA certificate file to use when starting API server securely to
-# verify connecting clients. This is an optional parameter only required if
-# API clients need to authenticate to the API server using SSL certificates
-# signed by a trusted CA
-# ssl_ca_file = /path/to/cafile
-# ======== end of WSGI parameters related to the API server ==========
-
-
-# ======== neutron nova interactions ==========
-# Send notification to nova when port status is active.
-notify_nova_on_port_status_changes = True
-
-# Send notifications to nova when port data (fixed_ips/floatingips) change
-# so nova can update it's cache.
-notify_nova_on_port_data_changes = True
-
-# URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ compute_controller_host }}:8774/v2
-
-# Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = RegionOne
-
-# Username for connection to nova in admin context
-nova_admin_username = nova
-
-# The uuid of the admin nova tenant
-
-# Password for connection to nova in admin context.
-nova_admin_password = {{ NOVA_PASS }}
-
-# Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ identity_host }}:35357/v2.0
-
-# Number of seconds between sending events to nova if there are any events to send
-send_events_interval = 2
-
-# ======== end of neutron nova interactions ==========
-
-[quotas]
-# Default driver to use for quota checks
-quota_driver = neutron.db.quota_db.DbQuotaDriver
-
-# Resource name(s) that are supported in quota features
-quota_items = network,subnet,port
-
-# Default number of resource allowed per tenant. A negative value means
-# unlimited.
-default_quota = -1
-
-# Number of networks allowed per tenant. A negative value means unlimited.
-quota_network = 100
-
-# Number of subnets allowed per tenant. A negative value means unlimited.
-quota_subnet = 100
-
-# Number of ports allowed per tenant. A negative value means unlimited.
-quota_port = 8000
-
-# Number of security groups allowed per tenant. A negative value means
-# unlimited.
-quota_security_group = 1000
-
-# Number of security group rules allowed per tenant. A negative value means
-# unlimited.
-quota_security_group_rule = 1000
-
-# Number of vips allowed per tenant. A negative value means unlimited.
-# quota_vip = 10
-
-# Number of pools allowed per tenant. A negative value means unlimited.
-# quota_pool = 10
-
-# Number of pool members allowed per tenant. A negative value means unlimited.
-# The default is unlimited because a member is not a real resource consumer
-# on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_member = -1
-
-# Number of health monitors allowed per tenant. A negative value means
-# unlimited.
-# The default is unlimited because a health monitor is not a real resource
-# consumer on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_health_monitors = -1
-
-# Number of routers allowed per tenant. A negative value means unlimited.
-# quota_router = 10
-
-# Number of floating IPs allowed per tenant. A negative value means unlimited.
-# quota_floatingip = 50
-
-[agent]
-# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
-# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
-root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
-
-# =========== items for agent management extension =============
-# seconds between nodes reporting state to server; should be less than
-# agent_down_time, best if it is half or less than agent_down_time
-report_interval = 30
-
-# =========== end of items for agent management extension =====
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = neutron
-admin_password = {{ NEUTRON_PASS }}
-signing_dir = $state_path/keystone-signing
-
-[database]
-# This line MUST be changed to actually run the plugin.
-# Example:
-# connection = mysql://root:pass@127.0.0.1:3306/neutron
-# Replace 127.0.0.1 above with the IP address of the database used by the
-# main neutron server. (Leave it as is if the database runs on this host.)
-# connection = sqlite:////var/lib/neutron/neutron.sqlite
-#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
-
-# The SQLAlchemy connection string used to connect to the slave database
-slave_connection =
-
-# Database reconnection retry times - in event connectivity is lost
-# set to -1 implies an infinite retry count
-max_retries = 10
-
-# Database reconnection interval in seconds - if the initial connection to the
-# database fails
-retry_interval = 10
-
-# Minimum number of SQL connections to keep open in a pool
-min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool
-max_pool_size = 100
-
-# Timeout in seconds before idle sql connections are reaped
-idle_timeout = 3600
-
-# If set, use this value for max_overflow with sqlalchemy
-max_overflow = 100
-
-# Verbosity of SQL debugging information. 0=None, 100=Everything
-connection_debug = 0
-
-# Add python stack traces to SQL as comment strings
-connection_trace = False
-
-# If set, use this value for pool_timeout with sqlalchemy
-pool_timeout = 10
-
-[service_providers]
-# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
-# Must be in form:
-# service_provider=::[:default]
-# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
-# Combination of and must be unique; must also be unique
-# This is multiline option, example for default provider:
-# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
-# example of non-default provider:
-# service_provider=FIREWALL:name2:firewall_driver_path
-# --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
-# In order to activate Radware's lbaas driver you need to uncomment the next line.
-# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
-# Otherwise comment the HA Proxy line
-# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
-# uncomment the following line to make the 'netscaler' LBaaS provider available.
-# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
-# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
-# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
-# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
-# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
diff --git a/ansible/roles/neutron-network/templates/neutron.conf b/ansible/roles/neutron-network/templates/neutron.conf
deleted file mode 100644
index 28bb2ba..0000000
--- a/ansible/roles/neutron-network/templates/neutron.conf
+++ /dev/null
@@ -1,467 +0,0 @@
-[DEFAULT]
-# Print more verbose output (set logging level to INFO instead of default WARNING level).
-verbose = {{ VERBOSE }}
-
-# Print debugging output (set logging level to DEBUG instead of default WARNING level).
-debug = {{ VERBOSE }}
-
-# Where to store Neutron state files. This directory must be writable by the
-# user executing the agent.
-state_path = /var/lib/neutron
-
-# Where to store lock files
-lock_path = $state_path/lock
-
-# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
-# log_date_format = %Y-%m-%d %H:%M:%S
-
-# use_syslog -> syslog
-# log_file and log_dir -> log_dir/log_file
-# (not log_file) and log_dir -> log_dir/{binary_name}.log
-# use_stderr -> stderr
-# (not user_stderr) and (not log_file) -> stdout
-# publish_errors -> notification system
-
-# use_syslog = False
-# syslog_log_facility = LOG_USER
-
-# use_stderr = True
-# log_file =
-log_dir = /var/log/neutron
-
-# publish_errors = False
-
-# Address to bind the API server to
-bind_host = {{ network_server_host }}
-
-# Port the bind the API server to
-bind_port = 9696
-
-# Path to the extensions. Note that this can be a colon-separated list of
-# paths. For example:
-# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
-# The __path__ of neutron.extensions is appended to this, so if your
-# extensions are in there you don't need to specify them here
-# api_extensions_path =
-
-# (StrOpt) Neutron core plugin entrypoint to be loaded from the
-# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
-# plugins included in the neutron source distribution. For compatibility with
-# previous versions, the class name of a plugin can be specified instead of its
-# entrypoint name.
-#
-#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-core_plugin = ml2
-# Example: core_plugin = ml2
-
-# (ListOpt) List of service plugin entrypoints to be loaded from the
-# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
-# the plugins included in the neutron source distribution. For compatibility
-# with previous versions, the class name of a plugin can be specified instead
-# of its entrypoint name.
-#
-# service_plugins =
-# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
-service_plugins = router
-
-# Paste configuration file
-api_paste_config = api-paste.ini
-
-# The strategy to be used for auth.
-# Supported values are 'keystone'(default), 'noauth'.
-auth_strategy = keystone
-
-# Base MAC address. The first 3 octets will remain unchanged. If the
-# 4h octet is not 00, it will also be used. The others will be
-# randomly generated.
-# 3 octet
-# base_mac = fa:16:3e:00:00:00
-# 4 octet
-# base_mac = fa:16:3e:4f:00:00
-
-# Maximum amount of retries to generate a unique MAC address
-# mac_generation_retries = 16
-
-# DHCP Lease duration (in seconds)
-dhcp_lease_duration = 86400
-
-# Allow sending resource operation notification to DHCP agent
-# dhcp_agent_notification = True
-
-# Enable or disable bulk create/update/delete operations
-# allow_bulk = True
-# Enable or disable pagination
-# allow_pagination = False
-# Enable or disable sorting
-# allow_sorting = False
-# Enable or disable overlapping IPs for subnets
-# Attention: the following parameter MUST be set to False if Neutron is
-# being used in conjunction with nova security groups
-allow_overlapping_ips = True
-# Ensure that configured gateway is on subnet
-# force_gateway_on_subnet = False
-
-
-# RPC configuration options. Defined in rpc __init__
-# The messaging module to use, defaults to kombu.
-# rpc_backend = neutron.openstack.common.rpc.impl_kombu
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-# Size of RPC thread pool
-rpc_thread_pool_size = 240
-# Size of RPC connection pool
-rpc_conn_pool_size = 100
-# Seconds to wait for a response from call or multicall
-rpc_response_timeout = 300
-# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
-rpc_cast_timeout = 300
-# Modules of exceptions that are permitted to be recreated
-# upon receiving exception data from an rpc call.
-# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
-# AMQP exchange to connect to if using RabbitMQ or QPID
-# control_exchange = neutron
-
-# If passed, use a fake RabbitMQ provider
-# fake_rabbit = False
-
-# Configuration options if sending notifications via kombu rpc (these are
-# the defaults)
-# SSL version to use (valid only if SSL enabled)
-# kombu_ssl_version =
-# SSL key file (valid only if SSL enabled)
-# kombu_ssl_keyfile =
-# SSL cert file (valid only if SSL enabled)
-# kombu_ssl_certfile =
-# SSL certification authority file (valid only if SSL enabled)
-# kombu_ssl_ca_certs =
-# Port where RabbitMQ server is running/listening
-rabbit_port = 5672
-# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
-# rabbit_hosts = localhost:5672
-# User ID used for RabbitMQ connections
-rabbit_userid = guest
-# Location of a virtual RabbitMQ installation.
-# rabbit_virtual_host = /
-# Maximum retries with trying to connect to RabbitMQ
-# (the default of 0 implies an infinite retry count)
-# rabbit_max_retries = 0
-# RabbitMQ connection retry interval
-# rabbit_retry_interval = 1
-# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
-# wipe RabbitMQ database when changing this option. (boolean value)
-# rabbit_ha_queues = false
-
-# QPID
-# rpc_backend=neutron.openstack.common.rpc.impl_qpid
-# Qpid broker hostname
-# qpid_hostname = localhost
-# Qpid broker port
-# qpid_port = 5672
-# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
-# qpid_hosts = localhost:5672
-# Username for qpid connection
-# qpid_username = ''
-# Password for qpid connection
-# qpid_password = ''
-# Space separated list of SASL mechanisms to use for auth
-# qpid_sasl_mechanisms = ''
-# Seconds between connection keepalive heartbeats
-# qpid_heartbeat = 60
-# Transport to use, either 'tcp' or 'ssl'
-# qpid_protocol = tcp
-# Disable Nagle algorithm
-# qpid_tcp_nodelay = True
-
-# ZMQ
-# rpc_backend=neutron.openstack.common.rpc.impl_zmq
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address.
-# rpc_zmq_bind_address = *
-
-# ============ Notification System Options =====================
-
-# Notifications can be sent when network/subnet/port are created, updated or deleted.
-# There are three methods of sending notifications: logging (via the
-# log_file directive), rpc (via a message queue) and
-# noop (no notifications sent, the default)
-
-# Notification_driver can be defined multiple times
-# Do nothing driver
-# notification_driver = neutron.openstack.common.notifier.no_op_notifier
-# Logging driver
-# notification_driver = neutron.openstack.common.notifier.log_notifier
-# RPC driver.
-notification_driver = neutron.openstack.common.notifier.rpc_notifier
-
-# default_notification_level is used to form actual topic name(s) or to set logging level
-default_notification_level = INFO
-
-# default_publisher_id is a part of the notification payload
-# host = myhost.com
-# default_publisher_id = $host
-
-# Defined in rpc_notifier, can be comma separated values.
-# The actual topic names will be %s.%(default_notification_level)s
-notification_topics = notifications
-
-# Default maximum number of items returned in a single response,
-# value == infinite and value < 0 means no max limit, and value must
-# be greater than 0. If the number of items requested is greater than
-# pagination_max_limit, server will just return pagination_max_limit
-# of number of items.
-# pagination_max_limit = -1
-
-# Maximum number of DNS nameservers per subnet
-# max_dns_nameservers = 5
-
-# Maximum number of host routes per subnet
-# max_subnet_host_routes = 20
-
-# Maximum number of fixed ips per port
-# max_fixed_ips_per_port = 5
-
-# =========== items for agent management extension =============
-# Seconds to regard the agent as down; should be at least twice
-# report_interval, to be sure the agent is down for good
-agent_down_time = 75
-# =========== end of items for agent management extension =====
-
-# =========== items for agent scheduler extension =============
-# Driver to use for scheduling network to DHCP agent
-network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling router to a default L3 agent
-router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling a loadbalancer pool to an lbaas agent
-# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
-
-# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
-# networks to first DHCP agent which sends get_active_networks message to
-# neutron server
-# network_auto_schedule = True
-
-# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
-# routers to first L3 agent which sends sync_routers message to neutron server
-# router_auto_schedule = True
-
-# Number of DHCP agents scheduled to host a network. This enables redundant
-# DHCP agents for configured networks.
-# dhcp_agents_per_network = 1
-
-# =========== end of items for agent scheduler extension =====
-
-# =========== WSGI parameters related to the API server ==============
-# Number of separate worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as workers. The parent process manages them.
-api_workers = 8
-
-# Number of separate RPC worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as RPC workers. The parent process manages them.
-# This feature is experimental until issues are addressed and testing has been
-# enabled for various plugins for compatibility.
-rpc_workers = 8
-
-# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
-# starting API server. Not supported on OS X.
-# tcp_keepidle = 600
-
-# Number of seconds to keep retrying to listen
-# retry_until_window = 30
-
-# Number of backlog requests to configure the socket with.
-# backlog = 4096
-
-# Max header line to accommodate large tokens
-# max_header_line = 16384
-
-# Enable SSL on the API server
-# use_ssl = False
-
-# Certificate file to use when starting API server securely
-# ssl_cert_file = /path/to/certfile
-
-# Private key file to use when starting API server securely
-# ssl_key_file = /path/to/keyfile
-
-# CA certificate file to use when starting API server securely to
-# verify connecting clients. This is an optional parameter only required if
-# API clients need to authenticate to the API server using SSL certificates
-# signed by a trusted CA
-# ssl_ca_file = /path/to/cafile
-# ======== end of WSGI parameters related to the API server ==========
-
-
-# ======== neutron nova interactions ==========
-# Send notification to nova when port status is active.
-notify_nova_on_port_status_changes = True
-
-# Send notifications to nova when port data (fixed_ips/floatingips) change
-# so nova can update it's cache.
-notify_nova_on_port_data_changes = True
-
-# URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ compute_controller_host }}:8774/v2
-
-# Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = RegionOne
-
-# Username for connection to nova in admin context
-nova_admin_username = nova
-
-# The uuid of the admin nova tenant
-nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }}
-
-# Password for connection to nova in admin context.
-nova_admin_password = {{ NOVA_PASS }}
-
-# Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ identity_host }}:35357/v2.0
-
-# Number of seconds between sending events to nova if there are any events to send
-send_events_interval = 2
-
-# ======== end of neutron nova interactions ==========
-
-[quotas]
-# Default driver to use for quota checks
-quota_driver = neutron.db.quota_db.DbQuotaDriver
-
-# Resource name(s) that are supported in quota features
-quota_items = network,subnet,port
-
-# Default number of resource allowed per tenant. A negative value means
-# unlimited.
-default_quota = -1
-
-# Number of networks allowed per tenant. A negative value means unlimited.
-quota_network = 100
-
-# Number of subnets allowed per tenant. A negative value means unlimited.
-quota_subnet = 100
-
-# Number of ports allowed per tenant. A negative value means unlimited.
-quota_port = 8000
-
-# Number of security groups allowed per tenant. A negative value means
-# unlimited.
-quota_security_group = 1000
-
-# Number of security group rules allowed per tenant. A negative value means
-# unlimited.
-quota_security_group_rule = 1000
-
-# Number of vips allowed per tenant. A negative value means unlimited.
-# quota_vip = 10
-
-# Number of pools allowed per tenant. A negative value means unlimited.
-# quota_pool = 10
-
-# Number of pool members allowed per tenant. A negative value means unlimited.
-# The default is unlimited because a member is not a real resource consumer
-# on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_member = -1
-
-# Number of health monitors allowed per tenant. A negative value means
-# unlimited.
-# The default is unlimited because a health monitor is not a real resource
-# consumer on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_health_monitors = -1
-
-# Number of routers allowed per tenant. A negative value means unlimited.
-# quota_router = 10
-
-# Number of floating IPs allowed per tenant. A negative value means unlimited.
-# quota_floatingip = 50
-
-[agent]
-# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
-# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
-root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
-
-# =========== items for agent management extension =============
-# seconds between nodes reporting state to server; should be less than
-# agent_down_time, best if it is half or less than agent_down_time
-report_interval = 30
-
-# =========== end of items for agent management extension =====
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = neutron
-admin_password = {{ NEUTRON_PASS }}
-signing_dir = $state_path/keystone-signing
-
-[database]
-# This line MUST be changed to actually run the plugin.
-# Example:
-# connection = mysql://root:pass@127.0.0.1:3306/neutron
-# Replace 127.0.0.1 above with the IP address of the database used by the
-# main neutron server. (Leave it as is if the database runs on this host.)
-# connection = sqlite:////var/lib/neutron/neutron.sqlite
-#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
-
-# The SQLAlchemy connection string used to connect to the slave database
-slave_connection =
-
-# Database reconnection retry times - in event connectivity is lost
-# set to -1 implies an infinite retry count
-max_retries = 10
-
-# Database reconnection interval in seconds - if the initial connection to the
-# database fails
-retry_interval = 10
-
-# Minimum number of SQL connections to keep open in a pool
-min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool
-max_pool_size = 100
-
-# Timeout in seconds before idle sql connections are reaped
-idle_timeout = 3600
-
-# If set, use this value for max_overflow with sqlalchemy
-max_overflow = 100
-
-# Verbosity of SQL debugging information. 0=None, 100=Everything
-connection_debug = 0
-
-# Add python stack traces to SQL as comment strings
-connection_trace = False
-
-# If set, use this value for pool_timeout with sqlalchemy
-pool_timeout = 10
-
-[service_providers]
-# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
-# Must be in form:
-# service_provider=::[:default]
-# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
-# Combination of and must be unique; must also be unique
-# This is multiline option, example for default provider:
-# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
-# example of non-default provider:
-# service_provider=FIREWALL:name2:firewall_driver_path
-# --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
-# In order to activate Radware's lbaas driver you need to uncomment the next line.
-# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
-# Otherwise comment the HA Proxy line
-# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
-# uncomment the following line to make the 'netscaler' LBaaS provider available.
-# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
-# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
-# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
-# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
-# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
diff --git a/ansible/roles/neutron-network/templates/neutron_init.sh b/ansible/roles/neutron-network/templates/neutron_init.sh
deleted file mode 100644
index b92e202..0000000
--- a/ansible/roles/neutron-network/templates/neutron_init.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 net-create ext-net --shared --router:external=True
-
-# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 subnet-create ext-net --name ext-subnet --allocation-pool start={{ FLOATING_IP_START }},end={{ FLOATING_IP_END}} --disable-dhcp --gateway {{EXTERNAL_NETWORK_GATEWAY}} {{EXTERNAL_NETWORK_CIDR}}
-
diff --git a/ansible/roles/neutron-network/templates/nova.conf b/ansible/roles/neutron-network/templates/nova.conf
deleted file mode 100644
index dfb4b93..0000000
--- a/ansible/roles/neutron-network/templates/nova.conf
+++ /dev/null
@@ -1,68 +0,0 @@
-[DEFAULT]
-dhcpbridge_flagfile=/etc/nova/nova.conf
-dhcpbridge=/usr/bin/nova-dhcpbridge
-logdir=/var/log/nova
-state_path=/var/lib/nova
-lock_path=/var/lock/nova
-force_dhcp_release=True
-iscsi_helper=tgtadm
-libvirt_use_virtio_for_bridges=True
-connection_type=libvirt
-root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
-verbose={{ VERBOSE}}
-debug={{ DEBUG }}
-ec2_private_dns_show_ip=True
-api_paste_config=/etc/nova/api-paste.ini
-volumes_path=/var/lib/nova/volumes
-enabled_apis=ec2,osapi_compute,metadata
-
-vif_plugging_is_fatal: false
-vif_plugging_timeout: 0
-
-auth_strategy = keystone
-
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-my_ip = {{ internal_ip }}
-vnc_enabled = True
-vncserver_listen = 0.0.0.0
-vncserver_proxyclient_address = {{ internal_ip }}
-novncproxy_base_url = http://{{ compute_controller_host }}:6080/vnc_auto.html
-
-novncproxy_host = {{ internal_ip }}
-novncproxy_port = 6080
-
-network_api_class = nova.network.neutronv2.api.API
-linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
-firewall_driver = nova.virt.firewall.NoopFirewallDriver
-security_group_api = neutron
-
-instance_usage_audit = True
-instance_usage_audit_period = hour
-notify_on_state_change = vm_and_task_state
-notification_driver = nova.openstack.common.notifier.rpc_notifier
-notification_driver = ceilometer.compute.nova_notifier
-
-[database]
-# The SQLAlchemy connection string used to connect to the database
-connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = nova
-admin_password = {{ NOVA_PASS }}
-
-[glance]
-host = {{ image_host }}
-
-[neutron]
-url = http://{{ network_server_host }}:9696
-auth_strategy = keystone
-admin_tenant_name = service
-admin_username = neutron
-admin_password = {{ NEUTRON_PASS }}
-admin_auth_url = http://{{ identity_host }}:35357/v2.0
diff --git a/ansible/roles/neutron-network/vars/Debian.yml b/ansible/roles/neutron-network/vars/Debian.yml
new file mode 100644
index 0000000..86d1af6
--- /dev/null
+++ b/ansible/roles/neutron-network/vars/Debian.yml
@@ -0,0 +1,25 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - neutron-plugin-ml2
+ - openvswitch-datapath-dkms
+ - openvswitch-switch
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-plugin-openvswitch-agent
+
+services:
+ - openvswitch-switch
+ - neutron-plugin-openvswitch-agent
+
+openvswitch_agent: neutron-plugin-openvswitch-agent
+
+xorp_packages:
+ - xorp
diff --git a/ansible/roles/neutron-network/vars/RedHat.yml b/ansible/roles/neutron-network/vars/RedHat.yml
new file mode 100644
index 0000000..aa35dde
--- /dev/null
+++ b/ansible/roles/neutron-network/vars/RedHat.yml
@@ -0,0 +1,29 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openstack-neutron-ml2
+ - openstack-neutron-openvswitch
+
+vpn_packages:
+ - openstack-neutron-vpn-agent
+ - strongswan
+
+firewall_packages:
+ - openstack-neutron-fwaas
+
+services:
+ - openvswitch
+ - neutron-openvswitch-agent
+
+openvswitch_agent: neutron-openvswitch-agent
+
+xorp_packages:
+ - openssl098e
+ #- xorp
diff --git a/ansible/roles/neutron-network/vars/main.yml b/ansible/roles/neutron-network/vars/main.yml
new file mode 100644
index 0000000..ddd983e
--- /dev/null
+++ b/ansible/roles/neutron-network/vars/main.yml
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch:
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-metadata-agent
diff --git a/ansible/roles/nova-compute/handlers/main.yml b/ansible/roles/nova-compute/handlers/main.yml
index 71c8d46..a50ce3d 100644
--- a/ansible/roles/nova-compute/handlers/main.yml
+++ b/ansible/roles/nova-compute/handlers/main.yml
@@ -1,3 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: restart nova-compute
- service: name=nova-compute state=restarted
+- name: restart nova-compute services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/ansible/roles/nova-compute/tasks/main.yml b/ansible/roles/nova-compute/tasks/main.yml
index 813864a..7ee60ba 100644
--- a/ansible/roles/nova-compute/tasks/main.yml
+++ b/ansible/roles/nova-compute/tasks/main.yml
@@ -1,16 +1,50 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
- name: install nova-compute related packages
- apt: name=nova-compute-kvm state=present force=yes
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: update nova-compute conf
+ template: src=templates/{{ item }} dest=/etc/nova/{{ item }}
+ with_items:
+ - nova.conf
+ notify:
+ - restart nova-compute services
- name: update nova-compute conf
template: src={{ item }} dest=/etc/nova/{{ item }}
with_items:
- - nova.conf
- nova-compute.conf
notify:
- - restart nova-compute
+ - restart nova-compute services
-- meta: flush_handlers
+- name: generate neutron control service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
- name: remove nova sqlite db
shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.removed
+
+- meta: flush_handlers
diff --git a/ansible/roles/nova-compute/templates/nova-compute.conf b/ansible/roles/nova-compute/templates/nova-compute.conf
index 1ef5590..1ac775b 100644
--- a/ansible/roles/nova-compute/templates/nova-compute.conf
+++ b/ansible/roles/nova-compute/templates/nova-compute.conf
@@ -1,4 +1,11 @@
[DEFAULT]
compute_driver=libvirt.LibvirtDriver
+force_raw_images = true
[libvirt]
+{% if deploy_type == 'virtual' %}
virt_type=qemu
+{% else %}
+virt_type=kvm
+{% endif %}
+images_type = raw
+mem_stats_period_seconds=0
diff --git a/ansible/roles/nova-compute/templates/nova.conf b/ansible/roles/nova-compute/templates/nova.conf
deleted file mode 100644
index dfb4b93..0000000
--- a/ansible/roles/nova-compute/templates/nova.conf
+++ /dev/null
@@ -1,68 +0,0 @@
-[DEFAULT]
-dhcpbridge_flagfile=/etc/nova/nova.conf
-dhcpbridge=/usr/bin/nova-dhcpbridge
-logdir=/var/log/nova
-state_path=/var/lib/nova
-lock_path=/var/lock/nova
-force_dhcp_release=True
-iscsi_helper=tgtadm
-libvirt_use_virtio_for_bridges=True
-connection_type=libvirt
-root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
-verbose={{ VERBOSE}}
-debug={{ DEBUG }}
-ec2_private_dns_show_ip=True
-api_paste_config=/etc/nova/api-paste.ini
-volumes_path=/var/lib/nova/volumes
-enabled_apis=ec2,osapi_compute,metadata
-
-vif_plugging_is_fatal: false
-vif_plugging_timeout: 0
-
-auth_strategy = keystone
-
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-my_ip = {{ internal_ip }}
-vnc_enabled = True
-vncserver_listen = 0.0.0.0
-vncserver_proxyclient_address = {{ internal_ip }}
-novncproxy_base_url = http://{{ compute_controller_host }}:6080/vnc_auto.html
-
-novncproxy_host = {{ internal_ip }}
-novncproxy_port = 6080
-
-network_api_class = nova.network.neutronv2.api.API
-linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
-firewall_driver = nova.virt.firewall.NoopFirewallDriver
-security_group_api = neutron
-
-instance_usage_audit = True
-instance_usage_audit_period = hour
-notify_on_state_change = vm_and_task_state
-notification_driver = nova.openstack.common.notifier.rpc_notifier
-notification_driver = ceilometer.compute.nova_notifier
-
-[database]
-# The SQLAlchemy connection string used to connect to the database
-connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = nova
-admin_password = {{ NOVA_PASS }}
-
-[glance]
-host = {{ image_host }}
-
-[neutron]
-url = http://{{ network_server_host }}:9696
-auth_strategy = keystone
-admin_tenant_name = service
-admin_username = neutron
-admin_password = {{ NEUTRON_PASS }}
-admin_auth_url = http://{{ identity_host }}:35357/v2.0
diff --git a/ansible/roles/nova-compute/vars/Debian.yml b/ansible/roles/nova-compute/vars/Debian.yml
new file mode 100644
index 0000000..20b1141
--- /dev/null
+++ b/ansible/roles/nova-compute/vars/Debian.yml
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+packages:
+ - nova-compute-kvm
+
+services:
+ - nova-compute
diff --git a/ansible/roles/nova-compute/vars/RedHat.yml b/ansible/roles/nova-compute/vars/RedHat.yml
new file mode 100644
index 0000000..dab2cfd
--- /dev/null
+++ b/ansible/roles/nova-compute/vars/RedHat.yml
@@ -0,0 +1,16 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openstack-nova-compute
+ - sysfsutils
+
+services:
+ - libvirtd
+ - openstack-nova-compute
diff --git a/ansible/roles/nova-compute/vars/main.yml b/ansible/roles/nova-compute/vars/main.yml
new file mode 100644
index 0000000..f6fef74
--- /dev/null
+++ b/ansible/roles/nova-compute/vars/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch: []
diff --git a/ansible/roles/nova-controller/handlers/main.yml b/ansible/roles/nova-controller/handlers/main.yml
index c830296..0e512a7 100644
--- a/ansible/roles/nova-controller/handlers/main.yml
+++ b/ansible/roles/nova-controller/handlers/main.yml
@@ -1,24 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: restart nova-api
- service: name=nova-api state=restarted
-
-- name: restart nova-cert
- service: name=nova-cert state=restarted
-
-- name: restart nova-consoleauth
- service: name=nova-consoleauth state=restarted
-
-- name: restart nova-scheduler
- service: name=nova-scheduler state=restarted
-
-- name: restart nova-conductor
- service: name=nova-conductor state=restarted
-
-- name: restart nova-novncproxy
- service: name=nova-novncproxy state=restarted
+- name: restart nova service
+ service: name={{ item}} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
- name: remove nova-sqlite-db
shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.db.removed
-
-- name: restart neutron-server
- service: name=neutron-server state=restarted
diff --git a/ansible/roles/nova-controller/tasks/main.yml b/ansible/roles/nova-controller/tasks/main.yml
index 85e3a8a..1ebe628 100644
--- a/ansible/roles/nova-controller/tasks/main.yml
+++ b/ansible/roles/nova-controller/tasks/main.yml
@@ -1,37 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
---
-- name: install nova related packages
- apt: name={{ item }} state=present force=yes
- with_items:
- - nova-api
- - nova-cert
- - nova-conductor
- - nova-consoleauth
- - nova-novncproxy
- - nova-scheduler
- - python-novaclient
- - python-oslo.rootwrap
+- include: nova_install.yml
+ tags:
+ - install
+ - nova_install
+ - nova
-- name: update nova conf
- template: src=nova.conf
- dest=/etc/nova/nova.conf
- backup=yes
- notify:
- - restart nova-api
- - restart nova-cert
- - restart nova-consoleauth
- - restart nova-scheduler
- - restart nova-conductor
- - restart nova-novncproxy
- - remove nova-sqlite-db
-
-- name: nova db sync
- command: su -s /bin/sh -c "nova-manage db sync" nova
- notify:
- - restart nova-api
- - restart nova-cert
- - restart nova-consoleauth
- - restart nova-scheduler
- - restart nova-conductor
- - restart nova-novncproxy
+- include: nova_config.yml
+ when: inventory_hostname == groups['controller'][0]
+ tags:
+ - config
+ - nova_config
+ - nova
- meta: flush_handlers
diff --git a/ansible/roles/nova-controller/tasks/nova_config.yml b/ansible/roles/nova-controller/tasks/nova_config.yml
new file mode 100644
index 0000000..bf1b0f6
--- /dev/null
+++ b/ansible/roles/nova-controller/tasks/nova_config.yml
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: nova db sync
+ nova_manage: action=dbsync
+ notify:
+ - restart nova service
+
+- meta: flush_handlers
diff --git a/ansible/roles/nova-controller/tasks/nova_install.yml b/ansible/roles/nova-controller/tasks/nova_install.yml
new file mode 100644
index 0000000..865ad2e
--- /dev/null
+++ b/ansible/roles/nova-controller/tasks/nova_install.yml
@@ -0,0 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install nova related packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: generate nova control service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: update nova conf
+ template: src=templates/nova.conf
+ dest=/etc/nova/nova.conf
+ backup=yes
+ notify:
+ - restart nova service
+ - remove nova-sqlite-db
diff --git a/ansible/roles/nova-controller/templates/dnsmasq-neutron.conf b/ansible/roles/nova-controller/templates/dnsmasq-neutron.conf
deleted file mode 100644
index 7bcbd9d..0000000
--- a/ansible/roles/nova-controller/templates/dnsmasq-neutron.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-dhcp-option-force=26,1454
-
diff --git a/ansible/roles/nova-controller/templates/l3_agent.ini b/ansible/roles/nova-controller/templates/l3_agent.ini
index b394c00..5f49934 100644
--- a/ansible/roles/nova-controller/templates/l3_agent.ini
+++ b/ansible/roles/nova-controller/templates/l3_agent.ini
@@ -45,7 +45,7 @@ handle_internal_only_routers = True
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge. when this parameter is set, each L3 agent
# can be associated with no more than one external network.
-external_network_bridge = br-ex
+external_network_bridge =
# TCP Port used by Neutron metadata server
metadata_port = 9697
diff --git a/ansible/roles/nova-controller/templates/metadata_agent.ini b/ansible/roles/nova-controller/templates/metadata_agent.ini
index edde22c..87937cc 100644
--- a/ansible/roles/nova-controller/templates/metadata_agent.ini
+++ b/ansible/roles/nova-controller/templates/metadata_agent.ini
@@ -3,8 +3,8 @@
debug = True
# The Neutron user information for accessing the Neutron API.
-auth_url = http://{{ identity_host }}:5000/v2.0
-auth_region = RegionOne
+auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+auth_region = regionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
@@ -17,7 +17,7 @@ admin_password = {{ NEUTRON_PASS }}
# endpoint_type = adminURL
# IP address used by Nova metadata server
-nova_metadata_ip = {{ compute_controller_host }}
+nova_metadata_ip = {{ internal_vip.ip }}
# TCP Port used by Nova metadata server
nova_metadata_port = 8775
diff --git a/ansible/roles/nova-controller/templates/ml2_conf.ini b/ansible/roles/nova-controller/templates/ml2_conf.ini
deleted file mode 100644
index 9972842..0000000
--- a/ansible/roles/nova-controller/templates/ml2_conf.ini
+++ /dev/null
@@ -1,108 +0,0 @@
-[ml2]
-# (ListOpt) List of network type driver entrypoints to be loaded from
-# the neutron.ml2.type_drivers namespace.
-#
-# type_drivers = local,flat,vlan,gre,vxlan
-# Example: type_drivers = flat,vlan,gre,vxlan
-type_drivers = {{ NEUTRON_TYPE_DRIVERS |join(",") }}
-
-# (ListOpt) Ordered list of network_types to allocate as tenant
-# networks. The default value 'local' is useful for single-box testing
-# but provides no connectivity between hosts.
-#
-# tenant_network_types = local
-# Example: tenant_network_types = vlan,gre,vxlan
-tenant_network_types = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }}
-
-# (ListOpt) Ordered list of networking mechanism driver entrypoints
-# to be loaded from the neutron.ml2.mechanism_drivers namespace.
-# mechanism_drivers =
-# Example: mechanism_drivers = openvswitch,mlnx
-# Example: mechanism_drivers = arista
-# Example: mechanism_drivers = cisco,logger
-# Example: mechanism_drivers = openvswitch,brocade
-# Example: mechanism_drivers = linuxbridge,brocade
-mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }}
-
-[ml2_type_flat]
-# (ListOpt) List of physical_network names with which flat networks
-# can be created. Use * to allow flat networks with arbitrary
-# physical_network names.
-#
-flat_networks = external
-# Example:flat_networks = physnet1,physnet2
-# Example:flat_networks = *
-
-[ml2_type_vlan]
-# (ListOpt) List of [::] tuples
-# specifying physical_network names usable for VLAN provider and
-# tenant networks, as well as ranges of VLAN tags on each
-# physical_network available for allocation as tenant networks.
-#
-network_vlan_ranges =
-# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
-
-[ml2_type_gre]
-# (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
-tunnel_id_ranges = 1:1000
-
-[ml2_type_vxlan]
-# (ListOpt) Comma-separated list of : tuples enumerating
-# ranges of VXLAN VNI IDs that are available for tenant network allocation.
-#
-vni_ranges = 1001:4095
-
-# (StrOpt) Multicast group for the VXLAN interface. When configured, will
-# enable sending all broadcast traffic to this multicast group. When left
-# unconfigured, will disable multicast VXLAN mode.
-#
-vxlan_group = 239.1.1.1
-# Example: vxlan_group = 239.1.1.1
-
-[securitygroup]
-# Controls if neutron security group is enabled or not.
-# It should be false when you use nova security group.
-# enable_security_group = True
-firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
-enable_security_group = True
-
-[database]
-connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/ovs_neutron?charset=utf8
-
-[ovs]
-local_ip = {{ internal_ip }}
-{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %}
-integration_bridge = br-int
-tunnel_bridge = br-tun
-tunnel_id_ranges = 1001:4095
-tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
-bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }}
-{% endif %}
-
-[agent]
-root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
-tunnel_types = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
-{% if 'vxlan' in NEUTRON_TUNNEL_TYPES %}
-vxlan_udp_port = 4789
-{% endif %}
-l2_population = False
-
-[odl]
-{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
-network_vlan_ranges = 1001:4095
-tunnel_id_ranges = 1001:4095
-tun_peer_patch_port = patch-int
-int_peer_patch_port = patch-tun
-tenant_network_type = vxlan
-tunnel_bridge = br-tun
-integration_bridge = br-int
-controllers = 10.1.0.15:8080:admin:admin
-{% endif %}
-
-[ml2_odl]
-{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
-username = {{ odl_username }}
-password = {{ odl_password }}
-url = http://{{ odl_controller }}:{{ odl_api_port }}/controller/nb/v2/neutron
-{% endif %}
-
diff --git a/ansible/roles/nova-controller/templates/neutron-network.conf b/ansible/roles/nova-controller/templates/neutron-network.conf
deleted file mode 100644
index 318e4c0..0000000
--- a/ansible/roles/nova-controller/templates/neutron-network.conf
+++ /dev/null
@@ -1,466 +0,0 @@
-[DEFAULT]
-# Print more verbose output (set logging level to INFO instead of default WARNING level).
-verbose = {{ VERBOSE }}
-
-# Print debugging output (set logging level to DEBUG instead of default WARNING level).
-debug = {{ DEBUG }}
-
-# Where to store Neutron state files. This directory must be writable by the
-# user executing the agent.
-state_path = /var/lib/neutron
-
-# Where to store lock files
-lock_path = $state_path/lock
-
-# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
-# log_date_format = %Y-%m-%d %H:%M:%S
-
-# use_syslog -> syslog
-# log_file and log_dir -> log_dir/log_file
-# (not log_file) and log_dir -> log_dir/{binary_name}.log
-# use_stderr -> stderr
-# (not user_stderr) and (not log_file) -> stdout
-# publish_errors -> notification system
-
-# use_syslog = False
-# syslog_log_facility = LOG_USER
-
-# use_stderr = True
-# log_file =
-log_dir = /var/log/neutron
-
-# publish_errors = False
-
-# Address to bind the API server to
-bind_host = {{ network_server_host }}
-
-# Port the bind the API server to
-bind_port = 9696
-
-# Path to the extensions. Note that this can be a colon-separated list of
-# paths. For example:
-# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
-# The __path__ of neutron.extensions is appended to this, so if your
-# extensions are in there you don't need to specify them here
-# api_extensions_path =
-
-# (StrOpt) Neutron core plugin entrypoint to be loaded from the
-# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
-# plugins included in the neutron source distribution. For compatibility with
-# previous versions, the class name of a plugin can be specified instead of its
-# entrypoint name.
-#
-#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-core_plugin = ml2
-# Example: core_plugin = ml2
-
-# (ListOpt) List of service plugin entrypoints to be loaded from the
-# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
-# the plugins included in the neutron source distribution. For compatibility
-# with previous versions, the class name of a plugin can be specified instead
-# of its entrypoint name.
-#
-# service_plugins =
-# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
-service_plugins = router
-
-# Paste configuration file
-api_paste_config = api-paste.ini
-
-# The strategy to be used for auth.
-# Supported values are 'keystone'(default), 'noauth'.
-auth_strategy = keystone
-
-# Base MAC address. The first 3 octets will remain unchanged. If the
-# 4h octet is not 00, it will also be used. The others will be
-# randomly generated.
-# 3 octet
-# base_mac = fa:16:3e:00:00:00
-# 4 octet
-# base_mac = fa:16:3e:4f:00:00
-
-# Maximum amount of retries to generate a unique MAC address
-# mac_generation_retries = 16
-
-# DHCP Lease duration (in seconds)
-dhcp_lease_duration = 86400
-
-# Allow sending resource operation notification to DHCP agent
-# dhcp_agent_notification = True
-
-# Enable or disable bulk create/update/delete operations
-# allow_bulk = True
-# Enable or disable pagination
-# allow_pagination = False
-# Enable or disable sorting
-# allow_sorting = False
-# Enable or disable overlapping IPs for subnets
-# Attention: the following parameter MUST be set to False if Neutron is
-# being used in conjunction with nova security groups
-allow_overlapping_ips = True
-# Ensure that configured gateway is on subnet
-# force_gateway_on_subnet = False
-
-
-# RPC configuration options. Defined in rpc __init__
-# The messaging module to use, defaults to kombu.
-# rpc_backend = neutron.openstack.common.rpc.impl_kombu
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-# Size of RPC thread pool
-rpc_thread_pool_size = 240
-# Size of RPC connection pool
-rpc_conn_pool_size = 100
-# Seconds to wait for a response from call or multicall
-rpc_response_timeout = 300
-# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
-rpc_cast_timeout = 300
-# Modules of exceptions that are permitted to be recreated
-# upon receiving exception data from an rpc call.
-# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
-# AMQP exchange to connect to if using RabbitMQ or QPID
-# control_exchange = neutron
-
-# If passed, use a fake RabbitMQ provider
-# fake_rabbit = False
-
-# Configuration options if sending notifications via kombu rpc (these are
-# the defaults)
-# SSL version to use (valid only if SSL enabled)
-# kombu_ssl_version =
-# SSL key file (valid only if SSL enabled)
-# kombu_ssl_keyfile =
-# SSL cert file (valid only if SSL enabled)
-# kombu_ssl_certfile =
-# SSL certification authority file (valid only if SSL enabled)
-# kombu_ssl_ca_certs =
-# Port where RabbitMQ server is running/listening
-rabbit_port = 5672
-# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
-# rabbit_hosts = localhost:5672
-# User ID used for RabbitMQ connections
-rabbit_userid = guest
-# Location of a virtual RabbitMQ installation.
-# rabbit_virtual_host = /
-# Maximum retries with trying to connect to RabbitMQ
-# (the default of 0 implies an infinite retry count)
-# rabbit_max_retries = 0
-# RabbitMQ connection retry interval
-# rabbit_retry_interval = 1
-# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
-# wipe RabbitMQ database when changing this option. (boolean value)
-# rabbit_ha_queues = false
-
-# QPID
-# rpc_backend=neutron.openstack.common.rpc.impl_qpid
-# Qpid broker hostname
-# qpid_hostname = localhost
-# Qpid broker port
-# qpid_port = 5672
-# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
-# qpid_hosts = localhost:5672
-# Username for qpid connection
-# qpid_username = ''
-# Password for qpid connection
-# qpid_password = ''
-# Space separated list of SASL mechanisms to use for auth
-# qpid_sasl_mechanisms = ''
-# Seconds between connection keepalive heartbeats
-# qpid_heartbeat = 60
-# Transport to use, either 'tcp' or 'ssl'
-# qpid_protocol = tcp
-# Disable Nagle algorithm
-# qpid_tcp_nodelay = True
-
-# ZMQ
-# rpc_backend=neutron.openstack.common.rpc.impl_zmq
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address.
-# rpc_zmq_bind_address = *
-
-# ============ Notification System Options =====================
-
-# Notifications can be sent when network/subnet/port are created, updated or deleted.
-# There are three methods of sending notifications: logging (via the
-# log_file directive), rpc (via a message queue) and
-# noop (no notifications sent, the default)
-
-# Notification_driver can be defined multiple times
-# Do nothing driver
-# notification_driver = neutron.openstack.common.notifier.no_op_notifier
-# Logging driver
-# notification_driver = neutron.openstack.common.notifier.log_notifier
-# RPC driver.
-notification_driver = neutron.openstack.common.notifier.rpc_notifier
-
-# default_notification_level is used to form actual topic name(s) or to set logging level
-default_notification_level = INFO
-
-# default_publisher_id is a part of the notification payload
-# host = myhost.com
-# default_publisher_id = $host
-
-# Defined in rpc_notifier, can be comma separated values.
-# The actual topic names will be %s.%(default_notification_level)s
-notification_topics = notifications
-
-# Default maximum number of items returned in a single response,
-# value == infinite and value < 0 means no max limit, and value must
-# be greater than 0. If the number of items requested is greater than
-# pagination_max_limit, server will just return pagination_max_limit
-# of number of items.
-# pagination_max_limit = -1
-
-# Maximum number of DNS nameservers per subnet
-# max_dns_nameservers = 5
-
-# Maximum number of host routes per subnet
-# max_subnet_host_routes = 20
-
-# Maximum number of fixed ips per port
-# max_fixed_ips_per_port = 5
-
-# =========== items for agent management extension =============
-# Seconds to regard the agent as down; should be at least twice
-# report_interval, to be sure the agent is down for good
-agent_down_time = 75
-# =========== end of items for agent management extension =====
-
-# =========== items for agent scheduler extension =============
-# Driver to use for scheduling network to DHCP agent
-network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling router to a default L3 agent
-router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling a loadbalancer pool to an lbaas agent
-# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
-
-# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
-# networks to first DHCP agent which sends get_active_networks message to
-# neutron server
-# network_auto_schedule = True
-
-# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
-# routers to first L3 agent which sends sync_routers message to neutron server
-# router_auto_schedule = True
-
-# Number of DHCP agents scheduled to host a network. This enables redundant
-# DHCP agents for configured networks.
-# dhcp_agents_per_network = 1
-
-# =========== end of items for agent scheduler extension =====
-
-# =========== WSGI parameters related to the API server ==============
-# Number of separate worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as workers. The parent process manages them.
-api_workers = 8
-
-# Number of separate RPC worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as RPC workers. The parent process manages them.
-# This feature is experimental until issues are addressed and testing has been
-# enabled for various plugins for compatibility.
-rpc_workers = 8
-
-# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
-# starting API server. Not supported on OS X.
-# tcp_keepidle = 600
-
-# Number of seconds to keep retrying to listen
-# retry_until_window = 30
-
-# Number of backlog requests to configure the socket with.
-# backlog = 4096
-
-# Max header line to accommodate large tokens
-# max_header_line = 16384
-
-# Enable SSL on the API server
-# use_ssl = False
-
-# Certificate file to use when starting API server securely
-# ssl_cert_file = /path/to/certfile
-
-# Private key file to use when starting API server securely
-# ssl_key_file = /path/to/keyfile
-
-# CA certificate file to use when starting API server securely to
-# verify connecting clients. This is an optional parameter only required if
-# API clients need to authenticate to the API server using SSL certificates
-# signed by a trusted CA
-# ssl_ca_file = /path/to/cafile
-# ======== end of WSGI parameters related to the API server ==========
-
-
-# ======== neutron nova interactions ==========
-# Send notification to nova when port status is active.
-notify_nova_on_port_status_changes = True
-
-# Send notifications to nova when port data (fixed_ips/floatingips) change
-# so nova can update it's cache.
-notify_nova_on_port_data_changes = True
-
-# URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ compute_controller_host }}:8774/v2
-
-# Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = RegionOne
-
-# Username for connection to nova in admin context
-nova_admin_username = nova
-
-# The uuid of the admin nova tenant
-
-# Password for connection to nova in admin context.
-nova_admin_password = {{ NOVA_PASS }}
-
-# Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ identity_host }}:35357/v2.0
-
-# Number of seconds between sending events to nova if there are any events to send
-send_events_interval = 2
-
-# ======== end of neutron nova interactions ==========
-
-[quotas]
-# Default driver to use for quota checks
-quota_driver = neutron.db.quota_db.DbQuotaDriver
-
-# Resource name(s) that are supported in quota features
-quota_items = network,subnet,port
-
-# Default number of resource allowed per tenant. A negative value means
-# unlimited.
-default_quota = -1
-
-# Number of networks allowed per tenant. A negative value means unlimited.
-quota_network = 100
-
-# Number of subnets allowed per tenant. A negative value means unlimited.
-quota_subnet = 100
-
-# Number of ports allowed per tenant. A negative value means unlimited.
-quota_port = 8000
-
-# Number of security groups allowed per tenant. A negative value means
-# unlimited.
-quota_security_group = 1000
-
-# Number of security group rules allowed per tenant. A negative value means
-# unlimited.
-quota_security_group_rule = 1000
-
-# Number of vips allowed per tenant. A negative value means unlimited.
-# quota_vip = 10
-
-# Number of pools allowed per tenant. A negative value means unlimited.
-# quota_pool = 10
-
-# Number of pool members allowed per tenant. A negative value means unlimited.
-# The default is unlimited because a member is not a real resource consumer
-# on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_member = -1
-
-# Number of health monitors allowed per tenant. A negative value means
-# unlimited.
-# The default is unlimited because a health monitor is not a real resource
-# consumer on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_health_monitors = -1
-
-# Number of routers allowed per tenant. A negative value means unlimited.
-# quota_router = 10
-
-# Number of floating IPs allowed per tenant. A negative value means unlimited.
-# quota_floatingip = 50
-
-[agent]
-# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
-# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
-root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
-
-# =========== items for agent management extension =============
-# seconds between nodes reporting state to server; should be less than
-# agent_down_time, best if it is half or less than agent_down_time
-report_interval = 30
-
-# =========== end of items for agent management extension =====
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = neutron
-admin_password = {{ NEUTRON_PASS }}
-signing_dir = $state_path/keystone-signing
-
-[database]
-# This line MUST be changed to actually run the plugin.
-# Example:
-# connection = mysql://root:pass@127.0.0.1:3306/neutron
-# Replace 127.0.0.1 above with the IP address of the database used by the
-# main neutron server. (Leave it as is if the database runs on this host.)
-# connection = sqlite:////var/lib/neutron/neutron.sqlite
-#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
-
-# The SQLAlchemy connection string used to connect to the slave database
-slave_connection =
-
-# Database reconnection retry times - in event connectivity is lost
-# set to -1 implies an infinite retry count
-max_retries = 10
-
-# Database reconnection interval in seconds - if the initial connection to the
-# database fails
-retry_interval = 10
-
-# Minimum number of SQL connections to keep open in a pool
-min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool
-max_pool_size = 100
-
-# Timeout in seconds before idle sql connections are reaped
-idle_timeout = 3600
-
-# If set, use this value for max_overflow with sqlalchemy
-max_overflow = 100
-
-# Verbosity of SQL debugging information. 0=None, 100=Everything
-connection_debug = 0
-
-# Add python stack traces to SQL as comment strings
-connection_trace = False
-
-# If set, use this value for pool_timeout with sqlalchemy
-pool_timeout = 10
-
-[service_providers]
-# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
-# Must be in form:
-# service_provider=::[:default]
-# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
-# Combination of and must be unique; must also be unique
-# This is multiline option, example for default provider:
-# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
-# example of non-default provider:
-# service_provider=FIREWALL:name2:firewall_driver_path
-# --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
-# In order to activate Radware's lbaas driver you need to uncomment the next line.
-# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
-# Otherwise comment the HA Proxy line
-# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
-# uncomment the following line to make the 'netscaler' LBaaS provider available.
-# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
-# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
-# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
-# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
-# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
diff --git a/ansible/roles/nova-controller/templates/neutron.conf b/ansible/roles/nova-controller/templates/neutron.conf
deleted file mode 100644
index 28bb2ba..0000000
--- a/ansible/roles/nova-controller/templates/neutron.conf
+++ /dev/null
@@ -1,467 +0,0 @@
-[DEFAULT]
-# Print more verbose output (set logging level to INFO instead of default WARNING level).
-verbose = {{ VERBOSE }}
-
-# Print debugging output (set logging level to DEBUG instead of default WARNING level).
-debug = {{ VERBOSE }}
-
-# Where to store Neutron state files. This directory must be writable by the
-# user executing the agent.
-state_path = /var/lib/neutron
-
-# Where to store lock files
-lock_path = $state_path/lock
-
-# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
-# log_date_format = %Y-%m-%d %H:%M:%S
-
-# use_syslog -> syslog
-# log_file and log_dir -> log_dir/log_file
-# (not log_file) and log_dir -> log_dir/{binary_name}.log
-# use_stderr -> stderr
-# (not user_stderr) and (not log_file) -> stdout
-# publish_errors -> notification system
-
-# use_syslog = False
-# syslog_log_facility = LOG_USER
-
-# use_stderr = True
-# log_file =
-log_dir = /var/log/neutron
-
-# publish_errors = False
-
-# Address to bind the API server to
-bind_host = {{ network_server_host }}
-
-# Port the bind the API server to
-bind_port = 9696
-
-# Path to the extensions. Note that this can be a colon-separated list of
-# paths. For example:
-# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
-# The __path__ of neutron.extensions is appended to this, so if your
-# extensions are in there you don't need to specify them here
-# api_extensions_path =
-
-# (StrOpt) Neutron core plugin entrypoint to be loaded from the
-# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
-# plugins included in the neutron source distribution. For compatibility with
-# previous versions, the class name of a plugin can be specified instead of its
-# entrypoint name.
-#
-#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
-core_plugin = ml2
-# Example: core_plugin = ml2
-
-# (ListOpt) List of service plugin entrypoints to be loaded from the
-# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
-# the plugins included in the neutron source distribution. For compatibility
-# with previous versions, the class name of a plugin can be specified instead
-# of its entrypoint name.
-#
-# service_plugins =
-# Example: service_plugins = router,firewall,lbaas,vpnaas,metering
-service_plugins = router
-
-# Paste configuration file
-api_paste_config = api-paste.ini
-
-# The strategy to be used for auth.
-# Supported values are 'keystone'(default), 'noauth'.
-auth_strategy = keystone
-
-# Base MAC address. The first 3 octets will remain unchanged. If the
-# 4h octet is not 00, it will also be used. The others will be
-# randomly generated.
-# 3 octet
-# base_mac = fa:16:3e:00:00:00
-# 4 octet
-# base_mac = fa:16:3e:4f:00:00
-
-# Maximum amount of retries to generate a unique MAC address
-# mac_generation_retries = 16
-
-# DHCP Lease duration (in seconds)
-dhcp_lease_duration = 86400
-
-# Allow sending resource operation notification to DHCP agent
-# dhcp_agent_notification = True
-
-# Enable or disable bulk create/update/delete operations
-# allow_bulk = True
-# Enable or disable pagination
-# allow_pagination = False
-# Enable or disable sorting
-# allow_sorting = False
-# Enable or disable overlapping IPs for subnets
-# Attention: the following parameter MUST be set to False if Neutron is
-# being used in conjunction with nova security groups
-allow_overlapping_ips = True
-# Ensure that configured gateway is on subnet
-# force_gateway_on_subnet = False
-
-
-# RPC configuration options. Defined in rpc __init__
-# The messaging module to use, defaults to kombu.
-# rpc_backend = neutron.openstack.common.rpc.impl_kombu
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-# Size of RPC thread pool
-rpc_thread_pool_size = 240
-# Size of RPC connection pool
-rpc_conn_pool_size = 100
-# Seconds to wait for a response from call or multicall
-rpc_response_timeout = 300
-# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
-rpc_cast_timeout = 300
-# Modules of exceptions that are permitted to be recreated
-# upon receiving exception data from an rpc call.
-# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
-# AMQP exchange to connect to if using RabbitMQ or QPID
-# control_exchange = neutron
-
-# If passed, use a fake RabbitMQ provider
-# fake_rabbit = False
-
-# Configuration options if sending notifications via kombu rpc (these are
-# the defaults)
-# SSL version to use (valid only if SSL enabled)
-# kombu_ssl_version =
-# SSL key file (valid only if SSL enabled)
-# kombu_ssl_keyfile =
-# SSL cert file (valid only if SSL enabled)
-# kombu_ssl_certfile =
-# SSL certification authority file (valid only if SSL enabled)
-# kombu_ssl_ca_certs =
-# Port where RabbitMQ server is running/listening
-rabbit_port = 5672
-# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
-# rabbit_hosts = localhost:5672
-# User ID used for RabbitMQ connections
-rabbit_userid = guest
-# Location of a virtual RabbitMQ installation.
-# rabbit_virtual_host = /
-# Maximum retries with trying to connect to RabbitMQ
-# (the default of 0 implies an infinite retry count)
-# rabbit_max_retries = 0
-# RabbitMQ connection retry interval
-# rabbit_retry_interval = 1
-# Use HA queues in RabbitMQ (x-ha-policy: all). You need to
-# wipe RabbitMQ database when changing this option. (boolean value)
-# rabbit_ha_queues = false
-
-# QPID
-# rpc_backend=neutron.openstack.common.rpc.impl_qpid
-# Qpid broker hostname
-# qpid_hostname = localhost
-# Qpid broker port
-# qpid_port = 5672
-# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
-# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port'
-# qpid_hosts = localhost:5672
-# Username for qpid connection
-# qpid_username = ''
-# Password for qpid connection
-# qpid_password = ''
-# Space separated list of SASL mechanisms to use for auth
-# qpid_sasl_mechanisms = ''
-# Seconds between connection keepalive heartbeats
-# qpid_heartbeat = 60
-# Transport to use, either 'tcp' or 'ssl'
-# qpid_protocol = tcp
-# Disable Nagle algorithm
-# qpid_tcp_nodelay = True
-
-# ZMQ
-# rpc_backend=neutron.openstack.common.rpc.impl_zmq
-# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
-# The "host" option should point or resolve to this address.
-# rpc_zmq_bind_address = *
-
-# ============ Notification System Options =====================
-
-# Notifications can be sent when network/subnet/port are created, updated or deleted.
-# There are three methods of sending notifications: logging (via the
-# log_file directive), rpc (via a message queue) and
-# noop (no notifications sent, the default)
-
-# Notification_driver can be defined multiple times
-# Do nothing driver
-# notification_driver = neutron.openstack.common.notifier.no_op_notifier
-# Logging driver
-# notification_driver = neutron.openstack.common.notifier.log_notifier
-# RPC driver.
-notification_driver = neutron.openstack.common.notifier.rpc_notifier
-
-# default_notification_level is used to form actual topic name(s) or to set logging level
-default_notification_level = INFO
-
-# default_publisher_id is a part of the notification payload
-# host = myhost.com
-# default_publisher_id = $host
-
-# Defined in rpc_notifier, can be comma separated values.
-# The actual topic names will be %s.%(default_notification_level)s
-notification_topics = notifications
-
-# Default maximum number of items returned in a single response,
-# value == infinite and value < 0 means no max limit, and value must
-# be greater than 0. If the number of items requested is greater than
-# pagination_max_limit, server will just return pagination_max_limit
-# of number of items.
-# pagination_max_limit = -1
-
-# Maximum number of DNS nameservers per subnet
-# max_dns_nameservers = 5
-
-# Maximum number of host routes per subnet
-# max_subnet_host_routes = 20
-
-# Maximum number of fixed ips per port
-# max_fixed_ips_per_port = 5
-
-# =========== items for agent management extension =============
-# Seconds to regard the agent as down; should be at least twice
-# report_interval, to be sure the agent is down for good
-agent_down_time = 75
-# =========== end of items for agent management extension =====
-
-# =========== items for agent scheduler extension =============
-# Driver to use for scheduling network to DHCP agent
-network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling router to a default L3 agent
-router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
-# Driver to use for scheduling a loadbalancer pool to an lbaas agent
-# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
-
-# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
-# networks to first DHCP agent which sends get_active_networks message to
-# neutron server
-# network_auto_schedule = True
-
-# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
-# routers to first L3 agent which sends sync_routers message to neutron server
-# router_auto_schedule = True
-
-# Number of DHCP agents scheduled to host a network. This enables redundant
-# DHCP agents for configured networks.
-# dhcp_agents_per_network = 1
-
-# =========== end of items for agent scheduler extension =====
-
-# =========== WSGI parameters related to the API server ==============
-# Number of separate worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as workers. The parent process manages them.
-api_workers = 8
-
-# Number of separate RPC worker processes to spawn. The default, 0, runs the
-# worker thread in the current process. Greater than 0 launches that number of
-# child processes as RPC workers. The parent process manages them.
-# This feature is experimental until issues are addressed and testing has been
-# enabled for various plugins for compatibility.
-rpc_workers = 8
-
-# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
-# starting API server. Not supported on OS X.
-# tcp_keepidle = 600
-
-# Number of seconds to keep retrying to listen
-# retry_until_window = 30
-
-# Number of backlog requests to configure the socket with.
-# backlog = 4096
-
-# Max header line to accommodate large tokens
-# max_header_line = 16384
-
-# Enable SSL on the API server
-# use_ssl = False
-
-# Certificate file to use when starting API server securely
-# ssl_cert_file = /path/to/certfile
-
-# Private key file to use when starting API server securely
-# ssl_key_file = /path/to/keyfile
-
-# CA certificate file to use when starting API server securely to
-# verify connecting clients. This is an optional parameter only required if
-# API clients need to authenticate to the API server using SSL certificates
-# signed by a trusted CA
-# ssl_ca_file = /path/to/cafile
-# ======== end of WSGI parameters related to the API server ==========
-
-
-# ======== neutron nova interactions ==========
-# Send notification to nova when port status is active.
-notify_nova_on_port_status_changes = True
-
-# Send notifications to nova when port data (fixed_ips/floatingips) change
-# so nova can update it's cache.
-notify_nova_on_port_data_changes = True
-
-# URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ compute_controller_host }}:8774/v2
-
-# Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = RegionOne
-
-# Username for connection to nova in admin context
-nova_admin_username = nova
-
-# The uuid of the admin nova tenant
-nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }}
-
-# Password for connection to nova in admin context.
-nova_admin_password = {{ NOVA_PASS }}
-
-# Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ identity_host }}:35357/v2.0
-
-# Number of seconds between sending events to nova if there are any events to send
-send_events_interval = 2
-
-# ======== end of neutron nova interactions ==========
-
-[quotas]
-# Default driver to use for quota checks
-quota_driver = neutron.db.quota_db.DbQuotaDriver
-
-# Resource name(s) that are supported in quota features
-quota_items = network,subnet,port
-
-# Default number of resource allowed per tenant. A negative value means
-# unlimited.
-default_quota = -1
-
-# Number of networks allowed per tenant. A negative value means unlimited.
-quota_network = 100
-
-# Number of subnets allowed per tenant. A negative value means unlimited.
-quota_subnet = 100
-
-# Number of ports allowed per tenant. A negative value means unlimited.
-quota_port = 8000
-
-# Number of security groups allowed per tenant. A negative value means
-# unlimited.
-quota_security_group = 1000
-
-# Number of security group rules allowed per tenant. A negative value means
-# unlimited.
-quota_security_group_rule = 1000
-
-# Number of vips allowed per tenant. A negative value means unlimited.
-# quota_vip = 10
-
-# Number of pools allowed per tenant. A negative value means unlimited.
-# quota_pool = 10
-
-# Number of pool members allowed per tenant. A negative value means unlimited.
-# The default is unlimited because a member is not a real resource consumer
-# on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_member = -1
-
-# Number of health monitors allowed per tenant. A negative value means
-# unlimited.
-# The default is unlimited because a health monitor is not a real resource
-# consumer on Openstack. However, on back-end, a member is a resource consumer
-# and that is the reason why quota is possible.
-# quota_health_monitors = -1
-
-# Number of routers allowed per tenant. A negative value means unlimited.
-# quota_router = 10
-
-# Number of floating IPs allowed per tenant. A negative value means unlimited.
-# quota_floatingip = 50
-
-[agent]
-# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
-# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
-root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
-
-# =========== items for agent management extension =============
-# seconds between nodes reporting state to server; should be less than
-# agent_down_time, best if it is half or less than agent_down_time
-report_interval = 30
-
-# =========== end of items for agent management extension =====
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = neutron
-admin_password = {{ NEUTRON_PASS }}
-signing_dir = $state_path/keystone-signing
-
-[database]
-# This line MUST be changed to actually run the plugin.
-# Example:
-# connection = mysql://root:pass@127.0.0.1:3306/neutron
-# Replace 127.0.0.1 above with the IP address of the database used by the
-# main neutron server. (Leave it as is if the database runs on this host.)
-# connection = sqlite:////var/lib/neutron/neutron.sqlite
-#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
-
-# The SQLAlchemy connection string used to connect to the slave database
-slave_connection =
-
-# Database reconnection retry times - in event connectivity is lost
-# set to -1 implies an infinite retry count
-max_retries = 10
-
-# Database reconnection interval in seconds - if the initial connection to the
-# database fails
-retry_interval = 10
-
-# Minimum number of SQL connections to keep open in a pool
-min_pool_size = 1
-
-# Maximum number of SQL connections to keep open in a pool
-max_pool_size = 100
-
-# Timeout in seconds before idle sql connections are reaped
-idle_timeout = 3600
-
-# If set, use this value for max_overflow with sqlalchemy
-max_overflow = 100
-
-# Verbosity of SQL debugging information. 0=None, 100=Everything
-connection_debug = 0
-
-# Add python stack traces to SQL as comment strings
-connection_trace = False
-
-# If set, use this value for pool_timeout with sqlalchemy
-pool_timeout = 10
-
-[service_providers]
-# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
-# Must be in form:
-# service_provider=::[:default]
-# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
-# Combination of and must be unique; must also be unique
-# This is multiline option, example for default provider:
-# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
-# example of non-default provider:
-# service_provider=FIREWALL:name2:firewall_driver_path
-# --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
-# In order to activate Radware's lbaas driver you need to uncomment the next line.
-# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
-# Otherwise comment the HA Proxy line
-# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default
-# uncomment the following line to make the 'netscaler' LBaaS provider available.
-# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver
-# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver.
-# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
-# Uncomment the line below to use Embrane heleos as Load Balancer service provider.
-# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
diff --git a/ansible/roles/nova-controller/templates/neutron_init.sh b/ansible/roles/nova-controller/templates/neutron_init.sh
index b92e202..8ab4324 100644
--- a/ansible/roles/nova-controller/templates/neutron_init.sh
+++ b/ansible/roles/nova-controller/templates/neutron_init.sh
@@ -1,3 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 net-create ext-net --shared --router:external=True
# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 subnet-create ext-net --name ext-subnet --allocation-pool start={{ FLOATING_IP_START }},end={{ FLOATING_IP_END}} --disable-dhcp --gateway {{EXTERNAL_NETWORK_GATEWAY}} {{EXTERNAL_NETWORK_CIDR}}
diff --git a/ansible/roles/nova-controller/templates/nova.conf b/ansible/roles/nova-controller/templates/nova.conf
deleted file mode 100644
index dfb4b93..0000000
--- a/ansible/roles/nova-controller/templates/nova.conf
+++ /dev/null
@@ -1,68 +0,0 @@
-[DEFAULT]
-dhcpbridge_flagfile=/etc/nova/nova.conf
-dhcpbridge=/usr/bin/nova-dhcpbridge
-logdir=/var/log/nova
-state_path=/var/lib/nova
-lock_path=/var/lock/nova
-force_dhcp_release=True
-iscsi_helper=tgtadm
-libvirt_use_virtio_for_bridges=True
-connection_type=libvirt
-root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
-verbose={{ VERBOSE}}
-debug={{ DEBUG }}
-ec2_private_dns_show_ip=True
-api_paste_config=/etc/nova/api-paste.ini
-volumes_path=/var/lib/nova/volumes
-enabled_apis=ec2,osapi_compute,metadata
-
-vif_plugging_is_fatal: false
-vif_plugging_timeout: 0
-
-auth_strategy = keystone
-
-rpc_backend = rabbit
-rabbit_host = {{ rabbit_host }}
-rabbit_password = {{ RABBIT_PASS }}
-
-my_ip = {{ internal_ip }}
-vnc_enabled = True
-vncserver_listen = 0.0.0.0
-vncserver_proxyclient_address = {{ internal_ip }}
-novncproxy_base_url = http://{{ compute_controller_host }}:6080/vnc_auto.html
-
-novncproxy_host = {{ internal_ip }}
-novncproxy_port = 6080
-
-network_api_class = nova.network.neutronv2.api.API
-linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
-firewall_driver = nova.virt.firewall.NoopFirewallDriver
-security_group_api = neutron
-
-instance_usage_audit = True
-instance_usage_audit_period = hour
-notify_on_state_change = vm_and_task_state
-notification_driver = nova.openstack.common.notifier.rpc_notifier
-notification_driver = ceilometer.compute.nova_notifier
-
-[database]
-# The SQLAlchemy connection string used to connect to the database
-connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova
-
-[keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/2.0
-identity_uri = http://{{ identity_host }}:35357
-admin_tenant_name = service
-admin_user = nova
-admin_password = {{ NOVA_PASS }}
-
-[glance]
-host = {{ image_host }}
-
-[neutron]
-url = http://{{ network_server_host }}:9696
-auth_strategy = keystone
-admin_tenant_name = service
-admin_username = neutron
-admin_password = {{ NEUTRON_PASS }}
-admin_auth_url = http://{{ identity_host }}:35357/v2.0
diff --git a/ansible/roles/nova-controller/vars/Debian.yml b/ansible/roles/nova-controller/vars/Debian.yml
new file mode 100644
index 0000000..26178cf
--- /dev/null
+++ b/ansible/roles/nova-controller/vars/Debian.yml
@@ -0,0 +1,25 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - nova-api
+ - nova-cert
+ - nova-conductor
+ - nova-consoleauth
+ - nova-novncproxy
+ - nova-scheduler
+ - python-oslo.rootwrap
+
+services:
+ - nova-api
+ - nova-cert
+ - nova-conductor
+ - nova-consoleauth
+ - nova-novncproxy
+ - nova-scheduler
diff --git a/ansible/roles/nova-controller/vars/RedHat.yml b/ansible/roles/nova-controller/vars/RedHat.yml
new file mode 100644
index 0000000..62913f9
--- /dev/null
+++ b/ansible/roles/nova-controller/vars/RedHat.yml
@@ -0,0 +1,24 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - openstack-nova-api
+ - openstack-nova-cert
+ - openstack-nova-conductor
+ - openstack-nova-console
+ - openstack-nova-novncproxy
+ - openstack-nova-scheduler
+
+services:
+ - openstack-nova-api
+ - openstack-nova-cert
+ - openstack-nova-conductor
+ - openstack-nova-consoleauth
+ - openstack-nova-novncproxy
+ - openstack-nova-scheduler
diff --git a/ansible/roles/nova-controller/vars/main.yml b/ansible/roles/nova-controller/vars/main.yml
new file mode 100644
index 0000000..f6fef74
--- /dev/null
+++ b/ansible/roles/nova-controller/vars/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch: []
diff --git a/ansible/roles/odl_cluster/files/install_jdk8.tar b/ansible/roles/odl_cluster/files/install_jdk8.tar
new file mode 100755
index 0000000..faaaeb3
Binary files /dev/null and b/ansible/roles/odl_cluster/files/install_jdk8.tar differ
diff --git a/ansible/roles/odl_cluster/files/recover_network.py b/ansible/roles/odl_cluster/files/recover_network.py
new file mode 100755
index 0000000..8d48ac1
--- /dev/null
+++ b/ansible/roles/odl_cluster/files/recover_network.py
@@ -0,0 +1,65 @@
+import yaml
+import netaddr
+import os
+import log as logging
+
+LOG = logging.getLogger("net-recover")
+config_path = os.path.join(os.path.dirname(__file__), "network.cfg")
+
+def setup_bondings(bond_mappings):
+ print bond_mappings
+
+def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None):
+ LOG.info("add_ovs_port enter")
+ cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname)
+ if vlan_id:
+ cmd += " tag=%s" % vlan_id
+ cmd += " -- set Interface %s type=internal;" % ifname
+ cmd += "ip link set dev %s address `ip link show %s |awk '/link\/ether/{print $2}'`;" \
+ % (ifname, uplink)
+ cmd += "ip link set %s up;" % ifname
+ LOG.info("add_ovs_port: cmd=%s" % cmd)
+ os.system(cmd)
+
+def setup_ips(ip_settings, sys_intf_mappings):
+ LOG.info("setup_ips enter")
+ for intf_info in ip_settings.values():
+ network = netaddr.IPNetwork(intf_info["cidr"])
+ if sys_intf_mappings[intf_info["name"]]["type"] == "ovs":
+ intf_name = intf_info["name"]
+ else:
+ intf_name = intf_info["alias"]
+ if "gw" in intf_info:
+ cmd = "ip addr add %s/%s brd %s dev %s;" \
+ % (intf_info["ip"], intf_info["netmask"], str(network.broadcast),intf_name)
+ cmd += "route del default;"
+ cmd += "ip route add default via %s dev %s" % (intf_info["gw"], intf_name)
+ LOG.info("setup_ips: cmd=%s" % cmd)
+ os.system(cmd)
+
+def setup_intfs(sys_intf_mappings, uplink_map):
+ LOG.info("setup_intfs enter")
+ for intf_name, intf_info in sys_intf_mappings.items():
+ if intf_info["type"] == "ovs":
+ add_ovs_port(
+ intf_info["interface"],
+ intf_name,
+ uplink_map[intf_info["interface"]],
+ vlan_id=intf_info.get("vlan_tag"))
+ else:
+ pass
+
+def main(config):
+ uplink_map = {}
+ setup_bondings(config["bond_mappings"])
+ for provider_net in config["provider_net_mappings"]:
+ uplink_map[provider_net['name']] = provider_net['interface']
+
+ setup_intfs(config["sys_intf_mappings"], uplink_map)
+ setup_ips(config["ip_settings"], config["sys_intf_mappings"])
+
+
+if __name__ == "__main__":
+ os.system("service openvswitch-switch status|| service openvswitch-switch start")
+ config = yaml.load(open(config_path))
+ main(config)
diff --git a/ansible/roles/odl_cluster/files/recover_network_odl_l3.py b/ansible/roles/odl_cluster/files/recover_network_odl_l3.py
new file mode 100755
index 0000000..7bef105
--- /dev/null
+++ b/ansible/roles/odl_cluster/files/recover_network_odl_l3.py
@@ -0,0 +1,30 @@
+import yaml
+import netaddr
+import os
+import log as logging
+
+LOG = logging.getLogger("net-recover-odl-l3")
+config_path = os.path.join(os.path.dirname(__file__), "network.cfg")
+
+def setup_bondings(bond_mappings):
+ print bond_mappings
+
+def setup_ips_new(config):
+ LOG.info("setup_ips_new enter")
+ network = netaddr.IPNetwork(config["ip_settings"]["br-prv"]["cidr"])
+ intf_name = config["provider_net_mappings"][0]["interface"]
+ cmd = "ip link set br-ex up;"
+ cmd += "ip addr add %s/%s brd %s dev %s;" \
+ % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), 'br-ex')
+ cmd += "route del default;"
+ cmd += "ip route add default via %s dev %s" % (config["ip_settings"]["br-prv"]["gw"], 'br-ex')
+ LOG.info("setup_ips_new: cmd=%s" % cmd)
+ os.system(cmd)
+
+def main(config):
+ setup_ips_new(config)
+
+if __name__ == "__main__":
+ os.system("service openvswitch-switch status|| service openvswitch-switch start")
+ config = yaml.load(open(config_path))
+ main(config)
diff --git a/ansible/roles/odl_cluster/files/setup_networks_odl_l3.py b/ansible/roles/odl_cluster/files/setup_networks_odl_l3.py
new file mode 100644
index 0000000..2279741
--- /dev/null
+++ b/ansible/roles/odl_cluster/files/setup_networks_odl_l3.py
@@ -0,0 +1,91 @@
+import yaml
+import netaddr
+import os
+import log as logging
+
+LOG = logging.getLogger("net-init-l3")
+config_path = os.path.join(os.path.dirname(__file__), "network.cfg")
+
+def setup_bondings(bond_mappings):
+ print bond_mappings
+
+def add_vlan_link(interface, ifname, vlan_id):
+ LOG.info("add_vlan_link enter")
+ cmd = "ip link add link %s name %s type vlan id %s; " % (ifname, interface, vlan_id)
+ cmd += "ip link set %s up; ip link set %s up" % (interface, ifname)
+ LOG.info("add_vlan_link: cmd=%s" % cmd)
+ os.system(cmd)
+
+#def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None):
+# LOG.info("add_ovs_port enter")
+# cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname)
+# if vlan_id:
+# cmd += " tag=%s" % vlan_id
+# cmd += " -- set Interface %s type=internal;" % ifname
+# cmd += "ip link set dev %s address `ip link show %s |awk '/link\/ether/{print $2}'`;" \
+# % (ifname, uplink)
+# cmd += "ip link set %s up;" % ifname
+# LOG.info("add_ovs_port: cmd=%s" % cmd)
+# os.system(cmd)
+
+def setup_intfs(sys_intf_mappings, uplink_map):
+ LOG.info("setup_intfs enter")
+ for intf_name, intf_info in sys_intf_mappings.items():
+ if intf_info["type"] == "vlan":
+ add_vlan_link(intf_name, intf_info["interface"], intf_info["vlan_tag"])
+# elif intf_info["type"] == "ovs":
+# add_ovs_port(
+# intf_info["interface"],
+# intf_name,
+# uplink_map[intf_info["interface"]],
+# vlan_id=intf_info.get("vlan_tag"))
+ else:
+ pass
+
+def setup_ips(ip_settings, sys_intf_mappings):
+ LOG.info("setup_ips enter")
+ for intf_info in ip_settings.values():
+ network = netaddr.IPNetwork(intf_info["cidr"])
+ if sys_intf_mappings[intf_info["name"]]["type"] == "ovs":
+ intf_name = intf_info["name"]
+ else:
+ intf_name = intf_info["alias"]
+ if "gw" in intf_info:
+ continue
+ cmd = "ip addr add %s/%s brd %s dev %s;" \
+ % (intf_info["ip"], intf_info["netmask"], str(network.broadcast),intf_name)
+# if "gw" in intf_info:
+# cmd += "route del default;"
+# cmd += "ip route add default via %s dev %s" % (intf_info["gw"], intf_name)
+ LOG.info("setup_ips: cmd=%s" % cmd)
+ os.system(cmd)
+
+def setup_ips_new(config):
+ LOG.info("setup_ips_new enter")
+ network = netaddr.IPNetwork(config["ip_settings"]["br-prv"]["cidr"])
+ intf_name = config["provider_net_mappings"][0]["interface"]
+# cmd = "ip addr add %s/%s brd %s dev %s;" \
+# % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), intf_name)
+ cmd = "ip link set br-ex up;"
+ cmd += "ip addr add %s/%s brd %s dev %s;" \
+ % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), 'br-ex')
+ cmd += "route del default;"
+# cmd += "ip route add default via %s dev %s" % (config["ip_settings"]["br-prv"]["gw"], intf_name)
+ cmd += "ip route add default via %s dev %s" % (config["ip_settings"]["br-prv"]["gw"], 'br-ex')
+ LOG.info("setup_ips_new: cmd=%s" % cmd)
+ os.system(cmd)
+
+def main(config):
+ uplink_map = {}
+ setup_bondings(config["bond_mappings"])
+ for provider_net in config["provider_net_mappings"]:
+ uplink_map[provider_net['name']] = provider_net['interface']
+
+ setup_intfs(config["sys_intf_mappings"], uplink_map)
+ setup_ips(config["ip_settings"], config["sys_intf_mappings"])
+ setup_ips_new(config)
+
+if __name__ == "__main__":
+ os.system("service openvswitch-switch status|| service openvswitch-switch start")
+ config = yaml.load(open(config_path))
+ main(config)
diff --git a/ansible/roles/odl_cluster/handlers/main.yml b/ansible/roles/odl_cluster/handlers/main.yml
new file mode 100755
index 0000000..17b8c11
--- /dev/null
+++ b/ansible/roles/odl_cluster/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart odl service
+ service: name=opendaylight state=restarted
+ #command: su -s /bin/sh -c "{{ odl_home }}/bin/stop;{{ odl_home }}/bin/start;"
diff --git a/ansible/roles/odl_cluster/tasks/main.yml b/ansible/roles/odl_cluster/tasks/main.yml
new file mode 100755
index 0000000..441ec2e
--- /dev/null
+++ b/ansible/roles/odl_cluster/tasks/main.yml
@@ -0,0 +1,21 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+ tags:
+ - test_odl
+
+- name: Install ODL Cluster on Controller
+ include: odl_controller.yml
+ when: inventory_hostname in groups['odl']
+
+- name: Install ODL Cluster on Compute
+ include: openvswitch.yml
+ when: groups['odl']|length !=0 and inventory_hostname not in groups['odl']
+
diff --git a/ansible/roles/odl_cluster/tasks/odl_controller.yml b/ansible/roles/odl_cluster/tasks/odl_controller.yml
new file mode 100755
index 0000000..5c9b203
--- /dev/null
+++ b/ansible/roles/odl_cluster/tasks/odl_controller.yml
@@ -0,0 +1,250 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: install controller packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: controller_packages | union(controller_packages_noarch)
+
+- name: get image http server
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: http_server
+
+- name: download oracle-jdk8 package file
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_pkg_name }}" dest=/opt/{{ jdk8_pkg_name }}
+
+#"
+
+- name: upload install_jdk8 scripts
+ unarchive: src=install_jdk8.tar dest=/opt/
+
+- name: install install_jdk8 package
+ command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh"
+
+#- name: install opendaylight packages
+# apt: name={{ item }} state=present
+# with_items:
+# - openjdk-8-jdk
+
+#- name: create odl directories
+# file:
+# path: /opt/opendaylight-0.2.2
+# state: "directory"
+# group: root
+# owner: root
+# mode: 0755
+
+- name: create odl group
+ group: name=odl system=yes state=present
+
+- name: create odl user
+ user:
+ name: odl
+ group: odl
+ home: "{{ odl_home }}"
+ createhome: "yes"
+ system: "yes"
+ shell: "/bin/false"
+
+#- name: get image http server
+# shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+# register: http_server
+
+- name: download odl package
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/odl/{{ odl_pkg_url }}" dest=/opt/{{ odl_pkg_name }}
+
+# "
+
+#- name: download odl package
+# get_url: url={{ odl_pkg_url }} dest=/opt/{{ odl_pkg_name }}
+
+# TODO: unarchive doesn't support strip-component at the moment
+# TODO: switch to use untar after support is added.
+- name: extract odl package
+# unarchive: src=/opt/{{ odl_pkg_name }} dest={{ odl_home }} group=odl owner=odl mode=0775 copy=no
+ command: su -s /bin/sh -c "tar xzf /opt/{{ odl_pkg_name }} -C {{ odl_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files" odl
+# notify:
+# - restart odl service
+
+- name: opendaylight system file
+ template:
+ src: "{{ service_file.src }}"
+ dest: "{{ service_file.dst }}"
+ mode: 0755
+
+- name: set l3 fwd enable in custom.properties
+ template:
+ src: custom.properties
+ dest: "{{ odl_home }}/etc/custom.properties"
+ owner: odl
+ group: odl
+ mode: 0775
+ when: odl_l3_agent == "Enable"
+
+- name: create karaf config
+ template:
+ src: org.apache.karaf.features.cfg
+ dest: "{{ odl_home }}/etc/org.apache.karaf.features.cfg"
+ owner: odl
+ group: odl
+ mode: 0775
+
+- name: create tomcat config
+ template:
+ src: tomcat-server.xml
+ dest: "{{ odl_home }}/configuration/tomcat-server.xml"
+
+- name: install odl pip packages
+ pip: name={{ item }} state=present
+ with_items: odl_pip
+
+
+#- name: restart odl service
+# service: name=opendaylight state=started pattern="opendaylight"
+
+##########################################################################################################
+################################# OpenDayLight Cluster Configuration #################################
+##########################################################################################################
+#- name: create initial directory
+# shell: >
+# mkdir -p {{ odl_home }}/configuration/initial;
+
+#- name: create akka config
+# template:
+# src: akka.conf
+# dest: "{{ odl_home }}/configuration/initial/akka.conf"
+# notify:
+# - restart odl service
+
+
+#- name: create module-shards config
+# template:
+# src: module-shards.conf
+# dest: "{{ odl_home }}/configuration/initial/module-shards.conf"
+# notify:
+# - restart odl service
+
+#- name: copy Jolokia-OSGi config
+# shell: >
+# cp -r jolokia {{ odl_home }}system/org/;
+
+#- name: copy Jolokia-OSGi config
+# template:
+# src: jolokia
+# dest: "{{ odl_home }}/system/org/"
+# notify:
+# - restart odl service
+
+
+#- name: mkdir Jolokia-OSGi directory
+# shell: >
+# mkdir -p {{ odl_home }}system/org/jolokia;
+# mkdir -p {{ odl_home }}system/org/jolokia/jolokia-osgi;
+# mkdir -p {{ odl_home }}system/org/jolokia/jolokia-osgi/1.1.5;
+
+
+#- name: copy Jolokia-OSGi config
+# template: src={{ item.src }} dest={{ item.dest }}
+# with_items:
+# - src: "jolokia-osgi-1.1.5-features.xml"
+# dest: "{{ odl_home }}/system/org/jolokia/jolokia-osgi/1.1.5/jolokia-osgi-1.1.5-features.xml"
+# - src: "jolokia-osgi-1.1.5.jar.sha1"
+# dest: "{{ odl_home }}/system/org/jolokia/jolokia-osgi/1.1.5/jolokia-osgi-1.1.5.jar.sha1"
+# - src: "jolokia-osgi-1.1.5.jar"
+# dest: "{{ odl_home }}/system/org/jolokia/jolokia-osgi/1.1.5/jolokia-osgi-1.1.5.jar"
+
+#- name: copy Jolokia-OSGi jar config
+# copy: src=roles/odl_cluster/templates/jolokia-osgi-1.1.5.jar dest="{{ odl_home }}/system/org/jolokia/jolokia-osgi/1.1.5/"
+
+- name: remove karaf data directory
+ shell: rm -rf {{ odl_home }}/data/*;
+
+#- name: chown OpenDaylight Directory and Files
+# shell: >
+# chown -R odl:odl "{{ odl_home }}";
+# chown odl:odl "{{ service_file.dst }}";
+
+
+##########################################################################################################
+################################ OpenDayLight connect with OpenStack ################################
+##########################################################################################################
+- name: turn off neutron-server neutron-plugins-openvswitch-agent Daemon on control node
+ shell: >
+ sed -i '/{{ service_ovs_agent_name }}/d' /opt/service ;
+ sed -i '/neutron-server/d' /opt/service;
+ sed -i '/keepalived/d' /opt/service;
+
+- name: turn off neutron-server on control node
+ service: name=neutron-server state=stopped
+
+- name: turn off keepalived on control node
+ service: name=keepalived state=stopped
+ when: ansible_os_family == "Debian"
+
+- name: chown opendaylight directory and files
+ shell: >
+ chown -R odl:odl "{{ odl_home }}";
+ chown odl:odl "{{ service_file.dst }}";
+
+- name: start opendaylight
+ service: name=opendaylight state=started
+ when: ansible_os_family == "Debian"
+
+- name: set opendaylight autostart
+ shell: chkconfig opendaylight on
+ when: ansible_os_family == "RedHat"
+
+- name: start opendaylight
+ shell: service opendaylight start
+ when: ansible_os_family == "RedHat"
+
+- name: check if opendaylight running
+ shell: netstat -lpen --tcp | grep java | grep 6653; while [ $? -ne 0 ]; do sleep 10; netstat -lpen --tcp | grep java | grep 6653; done
+
+- name: run openvswitch script
+ include: openvswitch.yml
+
+#- name: Configure Neutron1
+# shell: >
+# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight;
+# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan;
+
+#- name: Create ML2 Configuration File
+# template:
+# src: ml2_conf.sh
+# dest: "/opt/ml2_conf.sh"
+# mode: 0777
+
+#- name: Execute ML2 Configuration File
+# command: su -s /bin/sh -c "/opt/ml2_conf.sh;"
+
+
+- name: configure l2 configuration
+ shell: crudini --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-prv;
+ when: odl_l3_agent == "Disable"
+
+- name: configure l3 configuration
+ shell: crudini --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-ex;
+ when: odl_l3_agent == "Enable"
+
+- name: configure odl l3 driver
+ shell: crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin;
+ when: odl_l3_agent == "Enable"
+
+
+
+- name: drop and recreate neutron database
+ shell: mysql -e "drop database if exists neutron;";
+ mysql -e "create database neutron character set utf8;";
+ mysql -e "grant all on neutron.* to 'neutron'@'%' identified by '{{ NEUTRON_DBPASS }}';";
+ su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron;
+ when: inventory_hostname == haproxy_hosts.keys()[0]
+ tags:
+ - test_odl
+
diff --git a/ansible/roles/odl_cluster/tasks/openvswitch.yml b/ansible/roles/odl_cluster/tasks/openvswitch.yml
new file mode 100755
index 0000000..9c476bf
--- /dev/null
+++ b/ansible/roles/odl_cluster/tasks/openvswitch.yml
@@ -0,0 +1,148 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+#- name: Install Crudini
+# apt: name={{ item }} state=present
+# with_items:
+# - crudini
+
+- name: install compute packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: compute_packages | union(compute_packages_noarch)
+
+- name: remove neutron-openvswitch-agent service daemon
+ shell: sed -i '/{{ service_ovs_agent_name }}/d' /opt/service ;
+
+- name: shut down and disable Neutron's openvswitch agent services
+ service: name={{ service_ovs_agent_name }} state=stopped enabled=no
+
+- name: remove Neutron's openvswitch agent services
+ shell: >
+ update-rc.d -f {{ service_ovs_agent_name }} remove;
+ mv /etc/init.d/{{ service_ovs_agent_name }} /home/{{ service_ovs_agent_name }};
+ mv /etc/init/{{ service_ovs_agent_name }}.conf /home/{{ service_ovs_agent_name }}.conf;
+ when: ansible_os_family == "Debian"
+
+
+- name: Stop the Open vSwitch service and clear existing OVSDB
+ shell: >
+ service {{ service_ovs_name }} stop ;
+ rm -rf /var/log/openvswitch/* ;
+ rm -rf /etc/openvswitch/conf.db ;
+ service {{ service_ovs_name }} start ;
+
+- name: set opendaylight as the manager
+ command: su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ internal_vip.ip }}:6640;"
+
+- name: check br-int
+ shell: ovs-vsctl list-br | grep br-int; while [ $? -ne 0 ]; do sleep 10; ovs-vsctl list-br | grep br-int; done
+
+- name: set local ip in openvswitch
+ shell: ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) other_config={'local_ip'=' {{ internal_ip }} '};
+
+#'
+
+##################################################################
+########### Recover External network for odl l3 #################
+##################################################################
+
+- name: check br-ex
+ shell: ovs-vsctl list-br | grep br-ex; while [ $? -ne 0 ]; do sleep 10; ovs-vsctl list-br | grep br-ex; done
+ when: odl_l3_agent == "Enable"
+
+- name: add ovs uplink
+ openvswitch_port: bridge=br-ex port={{ item["interface"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and odl_l3_agent == "Enable"
+
+- name: wait 10 seconds
+ shell: sleep 10
+ when: odl_l3_agent == "Enable"
+
+- name: set external nic in openvswitch
+ shell: ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) other_config:provider_mappings=br-ex:{{ item["interface"] }}
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and odl_l3_agent == "Enable"
+
+- name: copy recovery script
+ copy: src={{ item }} dest=/opt/setup_networks
+ with_items:
+ - recover_network_odl_l3.py
+ - setup_networks_odl_l3.py
+ when: odl_l3_agent == "Enable"
+
+- name: recover external script
+ shell: python /opt/setup_networks/recover_network_odl_l3.py
+ when: odl_l3_agent == "Enable"
+
+- name: update keepalived info
+ template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf
+ when: inventory_hostname in groups['odl'] and odl_l3_agent == "Enable"
+
+- name: modify net-init
+ shell: sed -i 's/setup_networks.py/setup_networks_odl_l3.py/g' /etc/init.d/net_init
+ when: odl_l3_agent == "Enable"
+
+##################################################################
+########### Recover External network for odl l2 #################
+##################################################################
+
+- name: add ovs bridge
+ openvswitch_bridge: bridge={{ item["name"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and odl_l3_agent == "Disable"
+
+- name: add ovs uplink
+ openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: item["type"] == "ovs" and odl_l3_agent == "Disable"
+
+- name: copy recovery script
+ copy: src={{ item }} dest=/opt/setup_networks
+ with_items:
+ - recover_network.py
+ when: odl_l3_agent == "Disable"
+
+- name: recover external script
+ shell: python /opt/setup_networks/recover_network.py
+ when: odl_l3_agent == "Disable"
+
+##################################################################
+
+
+- name: restart keepalived to recover external IP
+ shell: service keepalived restart
+ when: inventory_hostname in groups['odl']
+ ignore_errors: True
+
+
+
+##################################################################
+##################################################################
+##################################################################
+- name: configure opendaylight -> ml2
+ shell: >
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True;
+
+#- name: Adjust Service Daemon
+# shell: >
+# sed -i '/neutron-plugin-openvswitch-agent/d' /opt/service ;
+# echo opendaylight >> /opt/service ;
+
+- name: copy ml2 configuration script
+ template:
+ src: ml2_conf.sh
+ dest: "/opt/ml2_conf.sh"
+ mode: 0777
+
+- name: execute ml2 configuration script
+ command: su -s /bin/sh -c "/opt/ml2_conf.sh;"
diff --git a/ansible/roles/odl_cluster/templates/akka.conf b/ansible/roles/odl_cluster/templates/akka.conf
new file mode 100755
index 0000000..7779849
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/akka.conf
@@ -0,0 +1,105 @@
+
+odl-cluster-data {
+ bounded-mailbox {
+ mailbox-type = "org.opendaylight.controller.cluster.common.actor.MeteredBoundedMailbox"
+ mailbox-capacity = 1000
+ mailbox-push-timeout-time = 100ms
+ }
+
+ metric-capture-enabled = true
+
+ akka {
+ loglevel = "INFO"
+ loggers = ["akka.event.slf4j.Slf4jLogger"]
+
+ actor {
+
+ provider = "akka.cluster.ClusterActorRefProvider"
+ serializers {
+ java = "akka.serialization.JavaSerializer"
+ proto = "akka.remote.serialization.ProtobufSerializer"
+ }
+
+ serialization-bindings {
+ "com.google.protobuf.Message" = proto
+
+ }
+ }
+ remote {
+ log-remote-lifecycle-events = off
+ netty.tcp {
+ hostname = "{{ hostvars[inventory_hostname]['ansible_' + internal_nic].ipv4.address }}"
+ port = 2550
+ maximum-frame-size = 419430400
+ send-buffer-size = 52428800
+ receive-buffer-size = 52428800
+ }
+ }
+
+ cluster {
+ seed-nodes = [
+{% for host in groups['odl'] %}
+ {% if loop.last %}
+ "akka.tcp://opendaylight-cluster-data@{{ hostvars[host]['ansible_' + internal_nic].ipv4.address }}:2550"
+ {% else %}
+ "akka.tcp://opendaylight-cluster-data@{{ hostvars[host]['ansible_' + internal_nic].ipv4.address }}:2550",
+ {% endif %}
+{% endfor %}
+ ]
+
+ auto-down-unreachable-after = 10s
+
+ roles = [
+{% set key = 0 %}
+{% for host in groups['odl'] %}
+ {% set key = key + 1 %}
+ {% if hostvars[host]['ansible_' + internal_nic].ipv4.address == hostvars[inventory_hostname]['ansible_' + internal_nic].ipv4.address %}
+ "member-{{ key }}"
+ {% endif %}
+{% endfor %}
+ ]
+
+ }
+ }
+}
+
+odl-cluster-rpc {
+ bounded-mailbox {
+ mailbox-type = "org.opendaylight.controller.cluster.common.actor.MeteredBoundedMailbox"
+ mailbox-capacity = 1000
+ mailbox-push-timeout-time = 100ms
+ }
+
+ metric-capture-enabled = true
+
+ akka {
+ loglevel = "INFO"
+ loggers = ["akka.event.slf4j.Slf4jLogger"]
+
+ actor {
+ provider = "akka.cluster.ClusterActorRefProvider"
+
+ }
+ remote {
+ log-remote-lifecycle-events = off
+ netty.tcp {
+ hostname = "{{ hostvars[inventory_hostname]['ansible_' + internal_nic].ipv4.address }}"
+ port = 2551
+ }
+ }
+
+ cluster {
+ seed-nodes = [
+{% for host in groups['odl'] %}
+ {% if loop.last %}
+ "akka.tcp://odl-cluster-rpc@{{ hostvars[host]['ansible_' + internal_nic].ipv4.address }}:2551"
+ {% else %}
+ "akka.tcp://odl-cluster-rpc@{{ hostvars[host]['ansible_' + internal_nic].ipv4.address }}:2551",
+ {% endif %}
+{% endfor %}
+ ]
+
+ auto-down-unreachable-after = 10s
+ }
+ }
+}
diff --git a/ansible/roles/odl_cluster/templates/custom.properties b/ansible/roles/odl_cluster/templates/custom.properties
new file mode 100644
index 0000000..4eb8618
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/custom.properties
@@ -0,0 +1,135 @@
+# Extra packages to import from the boot class loader
+org.osgi.framework.system.packages.extra=org.apache.karaf.branding,sun.reflect,sun.reflect.misc,sun.misc,sun.nio.ch
+
+# https://bugs.eclipse.org/bugs/show_bug.cgi?id=325578
+# Extend the framework to avoid the resources to be presented with
+# a URL of type bundleresource: but to be presented as file:
+osgi.hook.configurators.include=org.eclipse.virgo.kernel.equinox.extensions.hooks.ExtensionsHookConfigurator
+
+# Embedded Tomcat configuration File
+org.eclipse.gemini.web.tomcat.config.path=configuration/tomcat-server.xml
+org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
+
+# Use Equinox as default OSGi Framework Implementation
+karaf.framework=equinox
+
+# Netconf startup configuration
+netconf.tcp.address=127.0.0.1
+netconf.tcp.port=8383
+
+netconf.tcp.client.address=127.0.0.1
+netconf.tcp.client.port=8383
+
+netconf.ssh.address=0.0.0.0
+netconf.ssh.port=1830
+# Use Linux style path
+netconf.ssh.pk.path = ./configuration/RSA.pk
+# Set security provider to BouncyCastle
+org.apache.karaf.security.providers = org.bouncycastle.jce.provider.BouncyCastleProvider
+
+
+netconf.config.persister.active=1
+
+netconf.config.persister.1.storageAdapterClass=org.opendaylight.controller.config.persist.storage.file.xml.XmlFileStorageAdapter
+netconf.config.persister.1.properties.fileStorage=etc/opendaylight/current/controller.currentconfig.xml
+netconf.config.persister.1.properties.numberOfBackups=1
+
+# logback configuration
+logback.configurationFile=configuration/logback.xml
+
+# Container configuration
+container.profile = Container
+
+# Connection manager configuration
+connection.scheme = ANY_CONTROLLER_ONE_MASTER
+
+# Open Flow related system parameters
+# TCP port on which the controller is listening (default 6633)
+# of.listenPort=6633
+# IP address of the controller (default: wild card)
+# of.address = 127.0.0.1
+# The time (in milliseconds) the controller will wait for a response after sending a Barrier Request or a Statistic Request message (default 2000 msec)
+# of.messageResponseTimer=2000
+# The switch liveness timeout value (default 60500 msec)
+# of.switchLivenessTimeout=60500
+# The size of the queue holding pending statistics requests (default 64). For large networks of n switches, it is recommended to set the queue size to n
+# of.statsQueueSize = 64
+# The flow statistics polling interval in second (default 10 sec)
+# of.flowStatsPollInterval=10
+# The port statistics polling interval in second (default 5 sec)
+# of.portStatsPollInterval=5
+# The description statistics polling interval in second (default 60 sec)
+# of.descStatsPollInterval=60
+# The table statistics polling interval in second (default 10 sec)
+# of.tableStatsPollInterval=10
+# The maximum number of asynchronous messages can be sent before sending a Barrier Request (default 100)
+# of.barrierMessagePriorCount=100
+# The interval which determines how often the discovery packets should be sent (default 300 sec)
+# of.discoveryInterval=300
+# The timeout multiple of discovery interval
+# of.discoveryTimeoutMultiple=2
+# For newly added ports, allow one more retry if the elapsed time exceeds this threshold (default 30 sec)
+# of.discoveryThreshold=30
+# The maximum number of ports handled in one discovery batch (default 512)
+# of.discoveryBatchMaxPorts=512
+
+# OVSDB configuration
+# ovsdb plugin supports both active and passive connections. It listens on port 6640 by default for Active connections.
+ovsdb.listenPort=6640
+
+# ovsdb creates Openflow nodes/bridges. This configuration configures the bridge's Openflow version.
+# default Openflow version = 1.0, we also support 1.3.
+# ovsdb.of.version=1.3
+
+# ovsdb can be configured with ml2 to perform l3 forwarding. The config below enables that functionality, which is
+# disabled by default.
+ovsdb.l3.fwd.enabled=yes
+
+# ovsdb can be configured with ml2 to perform arp responder, enabled by default.
+ovsdb.l3.arp.responder.disabled=no
+
+# ovsdb can be configured with ml2 to perform l3 forwarding. When used in that scenario, the mac address of the default
+# gateway --on the external subnet-- is expected to be resolved from its inet address. The config below overrides that
+# specific arp/neighDiscovery lookup.
+# ovsdb.l3gateway.mac=00:00:5E:00:02:01
+
+# TLS configuration
+# To enable TLS, set secureChannelEnabled=true and specify the location of controller Java KeyStore and TrustStore files.
+# The Java KeyStore contains controller's private key and certificate. The Java TrustStore contains the trusted certificate
+# entries, including switches' Certification Authority (CA) certificates. For example,
+# secureChannelEnabled=true
+# controllerKeyStore=./configuration/ctlKeyStore
+# controllerKeyStorePassword=xxxxxxxx (this password should match the password used for KeyStore generation and at least 6 characters)
+# controllerTrustStore=./configuration/ctlTrustStore
+# controllerTrustStorePassword=xxxxxxxx (this password should match the password used for TrustStore generation and at least 6 characters)
+
+secureChannelEnabled=false
+controllerKeyStore=
+controllerKeyStorePassword=
+controllerTrustStore=
+controllerTrustStorePassword=
+
+# User Manager configurations
+enableStrongPasswordCheck = false
+
+#Jolokia configurations
+#org.jolokia.listenForHttpService=false
+
+# Logging configuration for Tomcat-JUL logging
+java.util.logging.config.file=configuration/tomcat-logging.properties
+
+#Hosttracker hostsdb key scheme setting
+hosttracker.keyscheme=IP
+
+# LISP Flow Mapping configuration
+# Map-Register messages overwrite existing RLOC sets in EID-to-RLOC mappings (default: true)
+lisp.mappingOverwrite = true
+# Enable the Solicit-Map-Request (SMR) mechanism (default: true)
+lisp.smr = true
+# Choose policy for Explicit Locator Path (ELP) handling
+# There are three options:
+# default: don't add or remove locator records, return mapping as-is
+# both: keep the ELP, but add the next hop as a standalone non-LCAF locator with a lower priority
+# replace: remove the ELP, add the next hop as a standalone non-LCAF locator
+lisp.elpPolicy = default
+
diff --git a/ansible/roles/odl_cluster/templates/haproxy-odl.cfg b/ansible/roles/odl_cluster/templates/haproxy-odl.cfg
new file mode 100755
index 0000000..1f3bc9e
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/haproxy-odl.cfg
@@ -0,0 +1,24 @@
+listen odl-rest-api-1
+ bind {{ internal_vip.ip }}:8080
+ bind {{ public_vip.ip }}:8080
+ mode http
+ balance source
+ option httplog
+ option nolinger
+ timeout client 3m
+ timeout server 3m
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8080 weight 1 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+listen odl-rest-api-2
+ bind {{ internal_vip.ip }}:8181
+ bind {{ public_vip.ip }}:8181
+ mode http
+ balance source
+ option httplog
+ timeout client 3m
+ timeout server 3m
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8181 weight 1 check inter 2000 rise 2 fall 3
+{% endfor %}
diff --git a/ansible/roles/odl_cluster/templates/jetty.xml b/ansible/roles/odl_cluster/templates/jetty.xml
new file mode 100755
index 0000000..3ee3750
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/jetty.xml
@@ -0,0 +1,106 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 300000
+ 2
+ false
+ 8543
+ 20000
+ 5000
+
+
+
+
+
+
+
+
+
+
+
+
+ 300000
+ 2
+ false
+ 8443
+ 20000
+ 5000
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ karaf
+ karaf
+
+
+ - org.apache.karaf.jaas.boot.principal.RolePrincipal
+
+
+
+
+
+
+
+
+
+ default
+ karaf
+
+
+ - org.apache.karaf.jaas.boot.principal.RolePrincipal
+
+
+
+
+
+
+
+
diff --git a/ansible/roles/odl_cluster/templates/keepalived.conf b/ansible/roles/odl_cluster/templates/keepalived.conf
new file mode 100644
index 0000000..4ccf1c4
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/keepalived.conf
@@ -0,0 +1,47 @@
+global_defs {
+ router_id {{ inventory_hostname }}
+}
+
+vrrp_sync_group VG1 {
+ group {
+ internal_vip
+ public_vip
+ }
+}
+
+vrrp_instance internal_vip {
+ interface {{ internal_vip.interface }}
+ virtual_router_id {{ vrouter_id_internal }}
+ state BACKUP
+ nopreempt
+ advert_int 1
+ priority {{ 50 + (host_index[inventory_hostname] * 50) }}
+
+ authentication {
+ auth_type PASS
+ auth_pass 1234
+ }
+
+ virtual_ipaddress {
+ {{ internal_vip.ip }}/{{ internal_vip.netmask }} dev {{ internal_vip.interface }}
+ }
+}
+
+vrrp_instance public_vip {
+ interface br-ex
+ virtual_router_id {{ vrouter_id_public }}
+ state BACKUP
+ nopreempt
+ advert_int 1
+ priority {{ 50 + (host_index[inventory_hostname] * 50) }}
+
+ authentication {
+ auth_type PASS
+ auth_pass 4321
+ }
+
+ virtual_ipaddress {
+ {{ network_cfg.public_vip.ip }}/{{ network_cfg.public_vip.netmask }} dev br-ex
+ }
+
+}
diff --git a/ansible/roles/odl_cluster/templates/ml2_conf.sh b/ansible/roles/odl_cluster/templates/ml2_conf.sh
new file mode 100755
index 0000000..0d42e48
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/ml2_conf.sh
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+cat <> /etc/neutron/plugins/ml2/ml2_conf.ini
+[ml2_odl]
+password = admin
+username = admin
+url = http://{{ internal_vip.ip }}:8080/controller/nb/v2/neutron
+EOT
diff --git a/ansible/roles/odl_cluster/templates/module-shards.conf b/ansible/roles/odl_cluster/templates/module-shards.conf
new file mode 100755
index 0000000..9a5d4c3
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/module-shards.conf
@@ -0,0 +1,101 @@
+# This file describes which shards live on which members
+# The format for a module-shards is as follows,
+# {
+# name = ""
+# shards = [
+# {
+# name=""
+# replicas = [
+# ""
+# ]
+# ]
+# }
+#
+# For Helium we support only one shard per module. Beyond Helium
+# we will support more than 1
+# The replicas section is a collection of member names. This information
+# will be used to decide on which members replicas of a particular shard will be
+# located. Once replication is integrated with the distributed data store then
+# this section can have multiple entries.
+#
+#
+
+
+module-shards = [
+ {
+ name = "default"
+ shards = [
+ {
+ name="default"
+ replicas = [
+{% set key = 0 %}
+{% for host in groups['odl'] %}
+ {% set key = key + 1 %}
+ {% if loop.last %}
+ "member-{{ key }}"
+ {% else %}
+ "member-{{ key }}",
+ {% endif %}
+{% endfor %}
+ ]
+ }
+ ]
+ },
+ {
+ name = "topology"
+ shards = [
+ {
+ name="topology"
+ replicas = [
+{% set key = 0 %}
+{% for host in groups['odl'] %}
+ {% set key = key + 1 %}
+ {% if loop.last %}
+ "member-{{ key }}"
+ {% else %}
+ "member-{{ key }}",
+ {% endif %}
+{% endfor %}
+ ]
+ }
+ ]
+ },
+ {
+ name = "inventory"
+ shards = [
+ {
+ name="inventory"
+ replicas = [
+{% set key = 0 %}
+{% for host in groups['odl'] %}
+ {% set key = key + 1 %}
+ {% if loop.last %}
+ "member-{{ key }}"
+ {% else %}
+ "member-{{ key }}",
+ {% endif %}
+{% endfor %}
+ ]
+ }
+ ]
+ },
+ {
+ name = "toaster"
+ shards = [
+ {
+ name="toaster"
+ replicas = [
+{% set key = 0 %}
+{% for host in groups['odl'] %}
+ {% set key = key + 1 %}
+ {% if loop.last %}
+ "member-{{ key }}"
+ {% else %}
+ "member-{{ key }}",
+ {% endif %}
+{% endfor %}
+ ]
+ }
+ ]
+ }
+]
diff --git a/ansible/roles/odl_cluster/templates/opendaylight b/ansible/roles/odl_cluster/templates/opendaylight
new file mode 100755
index 0000000..90a267d
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/opendaylight
@@ -0,0 +1,31 @@
+#!/bin/bash
+# chkconfig: 345 98 2
+# description: ODL controller
+# OpenDaylight service controller script
+export JAVA_HOME=/usr/lib/jvm/java-8-oracle
+USER=odl
+
+cd /opt/opendaylight-0.3.0
+case "$1" in
+ start)
+ /bin/su -m $USER -s /bin/bash -c ./bin/start
+ ;;
+ stop)
+ /bin/su -m $USER -s /bin/bash -c ./bin/stop
+ ;;
+ status)
+ PID=`ps aux | grep java | grep karaf | awk '{print $2}'`
+ if test -z $PID
+ then
+ echo "ODL is down..."
+ exit 1
+ else
+ echo "ODL is running... PID $PID"
+ exit 0
+ fi
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|status}"
+ exit 1
+ ;;
+esac
diff --git a/ansible/roles/odl_cluster/templates/opendaylight.conf b/ansible/roles/odl_cluster/templates/opendaylight.conf
new file mode 100755
index 0000000..105bb26
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/opendaylight.conf
@@ -0,0 +1,42 @@
+
+# vim:set ft=upstart ts=2 et:
+description "OpenDaylight controller"
+author "mskalski@miranits.com"
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+
+#setgid odl
+#setuid odl
+
+env KARAF_HOME="/opt/opendaylight-0.3.0"
+#env JAVA_HOME="/usr/lib/jvm/java-7-openjdk-amd64"
+env JAVA_HOME="/usr/lib/jvm/java-8-oracle"
+env JAVA_OPTS="-server -Xms128M -Xmx4096M -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -XX:MaxPermSize=512M -Dcom.sun.management.jmxremote"
+env OPTS="-Dkaraf.startLocalConsole=true -Dkaraf.startRemoteShell=true"
+env MAIN="org.apache.karaf.main.Main"
+
+
+chdir /opt/opendaylight-0.3.0
+
+script
+ export KARAF_BASE="$KARAF_HOME"
+ export KARAF_DATA="$KARAF_BASE/data"
+ export KARAF_ETC="$KARAF_BASE/etc"
+ export LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:$KARAF_BASE/lib"
+ export JAVA_ENDORSED_DIRS="${JAVA_HOME}/jre/lib/endorsed:${JAVA_HOME}/lib/endorsed:${KARAF_HOME}/lib/endorsed"
+ export JAVA_EXT_DIRS="${JAVA_HOME}/jre/lib/ext:${JAVA_HOME}/lib/ext:${KARAF_HOME}/lib/ext"
+ export JAVA_SECURITY_PRO="${KARAF_HOME}/etc/odl.java.security"
+
+ for file in "$KARAF_HOME"/lib/karaf*.jar
+ do
+ if [ -z "$CLASSPATH" ]; then
+ CLASSPATH="$file"
+ else
+ CLASSPATH="$CLASSPATH:$file"
+ fi
+ done
+
+ exec $JAVA_HOME/bin/java -Djava.security.properties="${JAVA_SECURITY_PRO}" $JAVA_OPTS -Djava.endorsed.dirs="${JAVA_ENDORSED_DIRS}" -Djava.ext.dirs="${JAVA_EXT_DIRS}" -Dkaraf.instances="${KARAF_HOME}/instances" -Dkaraf.home="$KARAF_HOME" -Dkaraf.base="$KARAF_BASE" -Dkaraf.data="$KARAF_DATA" -Dkaraf.etc="$KARAF_ETC" -Djava.io.tmpdir="$KARAF_DATA/tmp" -Djava.util.logging.config.file="$KARAF_BASE/etc/java.util.logging.properties" $KARAF_OPTS $OPTS -classpath "$CLASSPATH" $MAIN
+
+end script
diff --git a/ansible/roles/odl_cluster/templates/org.apache.karaf.features.cfg b/ansible/roles/odl_cluster/templates/org.apache.karaf.features.cfg
new file mode 100755
index 0000000..df2035f
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/org.apache.karaf.features.cfg
@@ -0,0 +1,57 @@
+################################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+#
+# Defines if the startlvl should be respected during feature startup. The default value is true. The default
+# behavior for 2.x is false (!) for this property
+#
+# Be aware that this property is deprecated and will be removed in Karaf 4.0. So, if you need to
+# set this to false, please use this only as a temporary solution!
+#
+#respectStartLvlDuringFeatureStartup=true
+
+
+#
+# Defines if the startlvl should be respected during feature uninstall. The default value is true.
+# If true, means stop bundles respecting the descend order of start level in a certain feature.
+#
+#respectStartLvlDuringFeatureUninstall=true
+
+#
+# Comma separated list of features repositories to register by default
+#
+featuresRepositories = mvn:org.apache.karaf.features/standard/3.0.3/xml/features,mvn:org.apache.karaf.features/enterprise/3.0.3/xml/features,mvn:org.ops4j.pax.web/pax-web-features/3.1.4/xml/features,mvn:org.apache.karaf.features/spring/3.0.3/xml/features,mvn:org.opendaylight.integration/features-integration-index/0.4.0-Beryllium/xml/features
+#featuresRepositories = mvn:org.apache.karaf.features/standard/3.0.3/xml/features,mvn:org.apache.karaf.features/enterprise/3.0.3/xml/features,mvn:org.ops4j.pax.web/pax-web-features/3.1.4/xml/features,mvn:org.apache.karaf.features/spring/3.0.3/xml/features,mvn:org.opendaylight.integration/features-integration-index/0.4.0-Beryllium-RC1/xml/features
+#mvn:org.apache.karaf.features/standard/3.0.3/xml/features,mvn:org.apache.karaf.features/enterprise/3.0.3/xml/features,mvn:org.ops4j.pax.web/pax-web-features/3.1.4/xml/features,mvn:org.apache.karaf.features/spring/3.0.3/xml/features,mvn:org.opendaylight.integration/features-integration-index/0.3.3-Lithium-SR3/xml/features
+#mvn:org.apache.karaf.features/standard/3.0.3/xml/features,mvn:org.apache.karaf.features/enterprise/3.0.3/xml/features,mvn:org.ops4j.pax.web/pax-web-features/3.1.4/xml/features,mvn:org.apache.karaf.features/spring/3.0.3/xml/features,mvn:org.opendaylight.integration/features-integration-index/0.3.2-Lithium-SR2/xml/features
+
+#
+# Comma separated list of features to install at startup
+#
+featuresBoot=config,standard,region,package,kar,ssh,management,odl-ovsdb-openstack
+
+#,odl-restconf-all,odl-aaa-authn,odl-dlux-all
+
+# odl-base-all,odl-restconf,odl-ovsdb-openstack,odl-dlux-all,odl-mdsal-apidocs
+#,odl-mdsal-clustering,odl-openflowplugin-flow-services
+
+#
+# Defines if the boot features are started in asynchronous mode (in a dedicated thread)
+#
+featuresBootAsynchronous=false
diff --git a/ansible/roles/odl_cluster/templates/tomcat-server.xml b/ansible/roles/odl_cluster/templates/tomcat-server.xml
new file mode 100755
index 0000000..bc7ab13
--- /dev/null
+++ b/ansible/roles/odl_cluster/templates/tomcat-server.xml
@@ -0,0 +1,61 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/ansible/roles/odl_cluster/vars/Debian.yml b/ansible/roles/odl_cluster/vars/Debian.yml
new file mode 100755
index 0000000..a94d36c
--- /dev/null
+++ b/ansible/roles/odl_cluster/vars/Debian.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+controller_packages:
+# - openjdk-7-jdk
+ - crudini
+
+compute_packages:
+ - crudini
+
+service_ovs_name: openvswitch-switch
+service_ovs_agent_name: neutron-plugin-openvswitch-agent
+
+service_file:
+ src: opendaylight.conf
+ dst: /etc/init/opendaylight.conf
diff --git a/ansible/roles/odl_cluster/vars/RedHat.yml b/ansible/roles/odl_cluster/vars/RedHat.yml
new file mode 100755
index 0000000..4446ebc
--- /dev/null
+++ b/ansible/roles/odl_cluster/vars/RedHat.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+controller_packages:
+# - java-1.7.0-openjdk
+ - crudini
+
+compute_packages:
+ - crudini
+
+service_ovs_name: openvswitch
+service_ovs_agent_name: neutron-openvswitch-agent
+
+service_file:
+ src: opendaylight
+ dst: /etc/init.d/opendaylight
diff --git a/ansible/roles/odl_cluster/vars/main.yml b/ansible/roles/odl_cluster/vars/main.yml
new file mode 100755
index 0000000..eb6f9dd
--- /dev/null
+++ b/ansible/roles/odl_cluster/vars/main.yml
@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+odl_username: admin
+odl_password: admin
+odl_api_port: 8080
+
+#odl_pkg_url: https://nexus.opendaylight.org/content/groups/public/org/opendaylight/integration/distribution-karaf/0.3.0-Lithium/distribution-karaf-0.3.0-Lithium.tar.gz
+odl_pkg_url: karaf.tar.gz
+odl_pkg_name: karaf.tar.gz
+odl_home: "/opt/opendaylight-0.3.0/"
+odl_base_features: ['config', 'standard', 'region', 'package', 'kar', 'ssh', 'management', 'odl-restconf','odl-l2switch-switch','odl-openflowplugin-all','odl-mdsal-apidocs','odl-dlux-all','odl-adsal-northbound','odl-nsf-all','odl-ovsdb-openstack','odl-ovsdb-northbound','odl-dlux-core']
+odl_extra_features: ['odl-restconf-all','odl-mdsal-clustering','odl-openflowplugin-flow-services','http','jolokia-osgi']
+odl_features: "{{ odl_base_features + odl_extra_features }}"
+odl_api_port: 8080
+
+jdk8_pkg_name: jdk-8u51-linux-x64.tar.gz
+
+controller_packages_noarch: []
+compute_packages_noarch: []
+
+odl_pip:
+ - networking_odl
+
diff --git a/ansible/roles/odl_cluster_neutron/tasks/main.yml b/ansible/roles/odl_cluster_neutron/tasks/main.yml
new file mode 100755
index 0000000..751a02d
--- /dev/null
+++ b/ansible/roles/odl_cluster_neutron/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: restart neutron-server
+ service: name=neutron-server state=restarted enabled=yes
+ when: inventory_hostname in groups['odl']
+
+- name: add service daemon
+ shell: >
+ echo keepalived >> /opt/service ;
+ echo neutron-server >> /opt/service ;
+ when: inventory_hostname in groups['odl']
+
+- name: restart neutron-l3-agent server
+ service: name=neutron-l3-agent state=restarted
+ when: inventory_hostname in groups['odl']
+
+- name: restart neutron-dhcp-agent server
+ service: name=neutron-dhcp-agent state=restarted
+ when: inventory_hostname in groups['odl']
+
+- name: restart neutron-metadata-agent server
+ service: name=neutron-metadata-agent state=restarted
+ when: inventory_hostname in groups['odl']
diff --git a/ansible/roles/odl_cluster_post/tasks/main.yml b/ansible/roles/odl_cluster_post/tasks/main.yml
new file mode 100644
index 0000000..8432186
--- /dev/null
+++ b/ansible/roles/odl_cluster_post/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: restart opendaylight
+ shell: sleep 60; service opendaylight restart; sleep 300;
+ when: inventory_hostname in groups['odl']
+
+- name: add service daemon
+ shell: echo opendaylight >> /opt/service ;
+ when: inventory_hostname in groups['odl']
diff --git a/ansible/roles/onos_cluster/files/install_jdk8.tar b/ansible/roles/onos_cluster/files/install_jdk8.tar
new file mode 100755
index 0000000..faaaeb3
Binary files /dev/null and b/ansible/roles/onos_cluster/files/install_jdk8.tar differ
diff --git a/ansible/roles/onos_cluster/files/networking-onos.tar b/ansible/roles/onos_cluster/files/networking-onos.tar
new file mode 100644
index 0000000..9358199
Binary files /dev/null and b/ansible/roles/onos_cluster/files/networking-onos.tar differ
diff --git a/ansible/roles/onos_cluster/handlers/main.yml b/ansible/roles/onos_cluster/handlers/main.yml
new file mode 100755
index 0000000..e099fcf
--- /dev/null
+++ b/ansible/roles/onos_cluster/handlers/main.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart onos service
+ service: name=onos state=restarted enabled=yes
diff --git a/ansible/roles/onos_cluster/tasks/main.yml b/ansible/roles/onos_cluster/tasks/main.yml
new file mode 100755
index 0000000..64fff47
--- /dev/null
+++ b/ansible/roles/onos_cluster/tasks/main.yml
@@ -0,0 +1,53 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: remove neutron-plugin-openvswitch-agent auto start
+ shell: >
+ update-rc.d neutron-plugin-openvswitch-agent remove;
+ sed -i /neutron-plugin-openvswitch-agent/d /opt/service
+ when: groups['onos']|length !=0
+ ignore_errors: True
+
+- name: shut down and disable Neutron's agent services
+ service: name=neutron-plugin-openvswitch-agent state=stopped
+ when: groups['onos']|length !=0
+ ignore_errors: True
+
+- name: remove neutron-l3-agent auto start
+ shell: >
+ update-rc.d neutron-l3-agent remove;
+ sed -i /neutron-l3-agent/d /opt/service
+ when: inventory_hostname in groups['onos']
+ ignore_errors: True
+
+- name: shut down and disable Neutron's l3 agent services
+ service: name=neutron-l3-agent state=stopped
+ when: inventory_hostname in groups['onos']
+ ignore_errors: True
+
+- name: Stop the Open vSwitch service and clear existing OVSDB
+ shell: >
+ ovs-vsctl del-br br-int ;
+ ovs-vsctl del-br br-tun ;
+ ovs-vsctl del-manager ;
+ ip link delete onos_port1 type veth peer name onos_port2;
+ when: groups['onos']|length !=0
+ ignore_errors: True
+
+- name: Install ONOS Cluster on Controller
+ include: onos_controller.yml
+ when: inventory_hostname in groups['onos']
+
+- name: Install ONOS Cluster on Compute
+ include: openvswitch.yml
+ when: groups['onos']|length !=0
+# when: groups['onos']|length !=0 and inventory_hostname not in groups['onos']
+
diff --git a/ansible/roles/onos_cluster/tasks/onos_controller.yml b/ansible/roles/onos_cluster/tasks/onos_controller.yml
new file mode 100755
index 0000000..6d62a2e
--- /dev/null
+++ b/ansible/roles/onos_cluster/tasks/onos_controller.yml
@@ -0,0 +1,155 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: upload onos driver package
+ unarchive: src=networking-onos.tar dest=/opt/
+
+- name: install onos driver
+ command: su -s /bin/sh -c "/opt/networking-onos/install_driver.sh"
+
+- name: install onos required packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages
+
+- name: get image http server
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: http_server
+
+- name: download oracle-jdk8 package file
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_pkg_name }}" dest=/opt/{{ jdk8_pkg_name }}
+
+- name: upload install_jdk8 scripts
+ unarchive: src=install_jdk8.tar dest=/opt/
+
+- name: install install_jdk8 package
+ command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh"
+
+- name: create JAVA_HOME environment variable
+ shell: >
+ export J2SDKDIR=/usr/lib/jvm/java-8-oracle;
+ export J2REDIR=/usr/lib/jvm/java-8-oracle/jre;
+ export PATH=$PATH:/usr/lib/jvm/java-8-oracle/bin:/usr/lib/jvm/java-8-oracle/db/bin:/usr/lib/jvm/java-8-oracle/jre/bin;
+ export JAVA_HOME=/usr/lib/jvm/java-8-oracle;
+ export DERBY_HOME=/usr/lib/jvm/java-8-oracle/db;
+
+- name: create onos group
+ group: name=onos system=yes state=present
+
+- name: create onos user
+ user:
+ name: onos
+ group: onos
+ home: "{{ onos_home }}"
+ createhome: "yes"
+ system: "yes"
+ shell: "/bin/false"
+
+- name: download onos package
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_pkg_name }}" dest=/opt/{{ onos_pkg_name }}
+
+- name: create new jar repository
+ command: su -s /bin/sh -c "mkdir ~/.m2"
+ ignore_errors: True
+
+- name: download jar repository
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/repository.tar" dest=~/.m2/
+
+- name: extract jar repository
+ command: su -s /bin/sh -c "tar xvf ~/.m2/repository.tar -C ~/.m2/"
+
+- name: extract onos package
+ command: su -s /bin/sh -c "tar xzf /opt/{{ onos_pkg_name }} -C {{ onos_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files" onos
+
+- name: configure onos service
+ shell: >
+ echo 'export ONOS_OPTS=debug' > {{ onos_home }}/options;
+ echo 'export ONOS_USER=root' >> {{ onos_home }}/options;
+ mkdir {{ onos_home }}/var;
+ mkdir {{ onos_home }}/config;
+ sed -i '/pre-stop/i\env JAVA_HOME=/usr/lib/jvm/java-8-oracle' {{ onos_home }}/init/onos.conf;
+ cp -rf {{ onos_home }}/init/onos.conf /etc/init/;
+ cp -rf {{ onos_home }}/init/onos.conf /etc/init.d/;
+# notify:
+# - restart onos service
+
+- name: configure onos boot feature
+ shell: >
+ sed -i '/^featuresBoot=/c\featuresBoot={{ onos_boot_features }}' {{ onos_home }}/{{ karaf_dist }}/etc/org.apache.karaf.features.cfg;
+
+#- name: create cluster json
+# template:
+# src: cluster.json
+# dest: "{{ onos_home }}/config/cluster.json"
+# notify:
+# - restart onos service
+
+#- name: create tablets json
+# template:
+# src: tablets.json
+# dest: "{{ onos_home }}/config/tablets.json"
+# notify:
+# - restart onos service
+
+- name: wait for config time
+ shell: "sleep 10"
+
+- name: start onos service
+ service: name=onos state=started enabled=yes
+
+- name: wait for restart time
+ shell: "sleep 60"
+
+- name: start onos service
+ service: name=onos state=restarted enabled=yes
+
+- name: wait for onos start time
+ shell: "sleep 60"
+
+- name: start onos service
+ service: name=onos state=restarted enabled=yes
+
+- name: wait for onos start time
+ shell: "sleep 100"
+
+- name: add onos auto start
+ shell: >
+ echo "onos">>/opt/service
+
+##########################################################################################################
+################################ ONOS connect with OpenStack ################################
+##########################################################################################################
+#- name: Run OpenVSwitch Script
+# include: openvswitch.yml
+
+- name: Configure Neutron1
+ shell: >
+ crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins onos_router;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers onos_ml2;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan;
+ crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers vxlan
+
+- name: Create ML2 Configuration File
+ template:
+ src: ml2_conf.sh
+ dest: "/opt/ml2_conf.sh"
+ mode: 0777
+
+- name: Configure Neutron2
+ command: su -s /bin/sh -c "/opt/ml2_conf.sh;"
+
+
+- name: Configure Neutron3
+ shell: >
+ mysql -e "drop database if exists neutron_ml2;";
+ mysql -e "create database neutron_ml2 character set utf8;";
+ mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';";
+ su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron;
+
+- name: Restart neutron-server
+ service: name=neutron-server state=restarted
diff --git a/ansible/roles/onos_cluster/tasks/openvswitch.yml b/ansible/roles/onos_cluster/tasks/openvswitch.yml
new file mode 100755
index 0000000..47f0f6e
--- /dev/null
+++ b/ansible/roles/onos_cluster/tasks/openvswitch.yml
@@ -0,0 +1,103 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- name: remove neutron-plugin-openvswitch-agent auto start
+# shell: >
+# update-rc.d neutron-plugin-openvswitch-agent remove;
+# sed -i /neutron-plugin-openvswitch-agent/d /opt/service
+
+#- name: shut down and disable Neutron's agent services
+# service: name=neutron-plugin-openvswitch-agent state=stopped
+
+#- name: Stop the Open vSwitch service and clear existing OVSDB
+# shell: >
+# ovs-vsctl del-br br-int ;
+# ovs-vsctl del-br br-tun ;
+# ovs-vsctl del-manager ;
+
+#- name: get image http server
+# shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+# register: http_server
+#
+#- name: download ovs
+# get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/openvswitch.tar" dest=/opt/openvswitch.tar
+#
+#- name: extract ovs
+# command: su -s /bin/sh -c "tar xvf /opt/openvswitch.tar -C /opt/"
+#
+#- name: update ovs
+# shell: >
+# cd /opt/openvswitch;
+# dpkg -i openvswitch-common_2.3.0-1_amd64.deb;
+# dpkg -i openvswitch-switch_2.3.0-1_amd64.deb;
+
+#- name: start up onos-external nic
+# command: su -s /bin/sh -c "ifconfig eth2 0 up"
+- name: set veth port
+ shell: >
+ ip link add onos_port1 type veth peer name onos_port2;
+ ifconfig onos_port1 up;
+ ifconfig onos_port2 up;
+ ignore_errors: True
+
+- name: set veth to ovs
+ shell: >
+ export externamMac=`ifconfig eth1 | grep -Eo '\<[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'`;
+ ifconfig onos_port2 hw ether $externamMac;
+ ovs-vsctl add-port br-prv onos_port1;
+ ignore_errors: True
+
+#- name: wait for onos start time
+# shell: "sleep 200"
+
+- name: add ovsdatabase feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-ovsdatabase'";
+ when: inventory_hostname == groups['onos'][0]
+
+- name: add openflow-base feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-openflow-base'";
+ when: inventory_hostname in groups['onos']
+
+- name: add openflow feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-openflow'";
+ when: inventory_hostname in groups['onos']
+
+- name: add vtn feature
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-app-vtn-onosfw'";
+ when: inventory_hostname in groups['onos']
+
+- name: set public eth card start
+ command: su -s /bin/sh -c "/opt/onos/bin/onos 'externalportname-set -n onos_port2'"
+ when: inventory_hostname in groups['onos']
+
+- name: Set ONOS as the manager
+ command: su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ ip_settings[groups['onos'][0]]['mgmt']['ip'] }}:6640;"
+
+- name: create public network
+ shell: >
+ export OS_PASSWORD=console;
+ export OS_TENANT_NAME=admin;
+ export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0;
+ export OS_USERNAME=ADMIN;
+ neutron net-create ext-net --shared --router:external=True;
+ neutron subnet-create ext-net {{ public_net_info.floating_ip_cidr }} --name ext-subnet --allocation-pool start={{ public_net_info.floating_ip_start }},end={{ public_net_info.floating_ip_end }};
+ when: inventory_hostname == groups['controller'][0]
+
+- name: set gateway mac address
+ shell: >
+ ping -c 1 {{ ansible_default_ipv4.gateway }};
+ gatewayMac=`arp -a {{ ansible_default_ipv4.gateway }} | awk '{print $4}'`;
+ /opt/onos/bin/onos "externalgateway-update -m $gatewayMac";
+ when: inventory_hostname in groups['onos']
+
+- name: delete default gateway
+ shell: >
+ route delete default;
+ when: inventory_hostname not in groups['onos']
+ ignore_errors: True
diff --git a/ansible/roles/onos_cluster/templates/cluster.json b/ansible/roles/onos_cluster/templates/cluster.json
new file mode 100755
index 0000000..5982c43
--- /dev/null
+++ b/ansible/roles/onos_cluster/templates/cluster.json
@@ -0,0 +1,10 @@
+{ "ipPrefix": "{{ ip_settings[groups['onos'][0]]['mgmt']['cidr'] }}",
+ "nodes":[
+{% for host in groups['onos'] %}
+ {% if loop.last %}
+ { "id": "{{ ip_settings[host]['mgmt']['ip'] }}", "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", "tcpPort": 9876 }
+ {% else %}
+ { "id": "{{ ip_settings[host]['mgmt']['ip'] }}", "ip": "{{ ip_settings[host]['mgmt']['ip'] }}", "tcpPort": 9876 },
+ {% endif %}
+{% endfor %}
+]}
diff --git a/ansible/roles/onos_cluster/templates/ml2_conf.sh b/ansible/roles/onos_cluster/templates/ml2_conf.sh
new file mode 100755
index 0000000..8af03df
--- /dev/null
+++ b/ansible/roles/onos_cluster/templates/ml2_conf.sh
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+cat <> /etc/neutron/plugins/ml2/ml2_conf.ini
+[onos]
+password = admin
+username = admin
+url_path = http://{{ ip_settings[groups['onos'][0]]['mgmt']['ip'] }}:8181/onos/vtn
+EOT
+
diff --git a/ansible/roles/onos_cluster/templates/tablets.json b/ansible/roles/onos_cluster/templates/tablets.json
new file mode 100755
index 0000000..f71be71
--- /dev/null
+++ b/ansible/roles/onos_cluster/templates/tablets.json
@@ -0,0 +1,63 @@
+{
+ "nodes": [
+{% for host in groups['onos'] %}
+ {% if loop.last %}
+ {
+ "ip": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "id": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "tcpPort": 9876
+ }
+ {% else %}
+ {
+ "ip": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "id": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "tcpPort": 9876
+ },
+ {% endif %}
+{% endfor %}
+ ],
+ "partitions": {
+ {% set key = 1 %}
+ {% for host in groups['onos'] %}
+ {% if loop.last %}
+ "p{{ key }}":[
+ {% for host in groups['onos'] %}
+ {% if loop.last %}
+ {
+ "ip": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "id": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "tcpPort": 9876
+ }
+ {% else %}
+ {
+ "ip": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "id": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "tcpPort": 9876
+ },
+ {% endif %}
+ {% endfor %}
+ ]
+ {% set key = key + 1 %}
+ {% else %}
+ "p{{ key }}":[
+ {% for host in groups['onos'] %}
+ {% if loop.last %}
+ {
+ "ip": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "id": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "tcpPort": 9876
+ }
+ {% else %}
+ {
+ "ip": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "id": "{{ ip_settings[host]['mgmt']['ip'] }}",
+ "tcpPort": 9876
+ },
+ {% endif %}
+ {% endfor %}
+ ],
+ {% set key = key + 1 %}
+ {% endif %}
+ {% endfor %}
+}
+}
diff --git a/ansible/roles/onos_cluster/vars/Debian.yml b/ansible/roles/onos_cluster/vars/Debian.yml
new file mode 100755
index 0000000..59a4dbd
--- /dev/null
+++ b/ansible/roles/onos_cluster/vars/Debian.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - software-properties-common
+ - crudini
+
+services: []
diff --git a/ansible/roles/onos_cluster/vars/RedHat.yml b/ansible/roles/onos_cluster/vars/RedHat.yml
new file mode 100755
index 0000000..59a4dbd
--- /dev/null
+++ b/ansible/roles/onos_cluster/vars/RedHat.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - software-properties-common
+ - crudini
+
+services: []
diff --git a/ansible/roles/onos_cluster/vars/main.yml b/ansible/roles/onos_cluster/vars/main.yml
new file mode 100755
index 0000000..1cbc070
--- /dev/null
+++ b/ansible/roles/onos_cluster/vars/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+onos_pkg_url: http://downloads.onosproject.org/release/onos-1.3.0.tar.gz
+onos_pkg_name: onos-1.3.0.tar.gz
+onos_home: /opt/onos/
+karaf_dist: apache-karaf-3.0.3
+jdk8_pkg_name: jdk-8u51-linux-x64.tar.gz
+onos_boot_features: config,standard,region,package,kar,ssh,management,webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui,onos-openflow-base,onos-openflow,onos-ovsdatabase, onos-app-vtn-onosfw
diff --git a/ansible/roles/open-contrail/files/provision/cacert.pem b/ansible/roles/open-contrail/files/provision/cacert.pem
new file mode 100755
index 0000000..66f82c5
--- /dev/null
+++ b/ansible/roles/open-contrail/files/provision/cacert.pem
@@ -0,0 +1,70 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47)
+ Validity
+ Not Before: Sep 15 04:35:47 2015 GMT
+ Not After : Sep 12 04:35:47 2025 GMT
+ Subject: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47)
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:98:04:9b:9f:2e:e2:0b:4a:59:9d:00:74:dc:b4:
+ cb:fc:8d:c4:7d:32:35:e5:1c:ee:94:f0:13:e6:54:
+ 1c:2e:47:47:f0:bd:f2:7f:ae:cb:6a:2f:ec:74:5c:
+ 14:39:80:bf:7b:d1:83:90:ec:7a:7d:02:8c:fc:67:
+ de:99:53:69:1f:5c:61:d5:0a:7f:93:df:02:d4:16:
+ d3:55:b8:28:5c:fd:32:5b:6c:af:03:c1:23:92:00:
+ 0e:2b:eb:32:07:00:99:64:14:32:e4:f8:76:b3:06:
+ e1:d0:54:5a:fc:92:cd:5e:e5:b7:85:43:9e:b8:79:
+ e4:23:a6:3c:0c:42:78:f4:d3:7e:33:1c:f2:5a:24:
+ ac:24:61:2f:72:b3:b1:e7:99:4e:ef:2d:85:26:de:
+ b6:59:16:25:1a:65:ce:95:9c:fd:c7:3c:30:44:1d:
+ 4c:3b:34:dd:8d:ad:1f:ee:06:8e:b1:2d:b1:bb:a6:
+ 68:62:52:98:c2:2d:a3:14:75:a7:5f:24:10:4f:74:
+ 4f:94:0b:61:bd:c5:f1:6b:78:fa:48:89:27:3b:04:
+ 4d:25:50:d1:4f:63:3d:4b:3c:cc:fa:df:20:f1:0c:
+ 3f:1d:44:9d:c2:3e:d4:12:07:72:a4:6a:11:03:2f:
+ 1d:71:d5:b2:de:b4:a6:d8:ad:7a:ac:c9:c7:8e:12:
+ 4d:47
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: md5WithRSAEncryption
+ 28:3f:32:46:dd:a9:c0:30:46:9a:29:ec:90:36:14:aa:a7:0c:
+ dc:67:a0:ec:81:dc:f9:34:35:c5:e4:9b:48:dd:c6:5a:ed:30:
+ 78:99:6c:32:8c:60:59:ab:dc:7a:86:bb:94:8b:98:db:62:33:
+ bd:4f:16:40:50:12:db:e9:b6:0c:f2:0b:0d:90:9d:b7:7a:ae:
+ b4:36:46:33:c5:ea:6a:37:ec:fe:6e:12:f1:98:10:89:48:fe:
+ 8a:68:11:1c:96:37:92:d9:cc:8a:ef:93:c3:53:6c:61:f7:f0:
+ 0b:2c:78:49:8e:e3:19:46:2b:1d:1c:65:c5:d9:6d:5d:04:54:
+ e7:e0:c7:aa:49:78:7d:2d:35:11:7e:05:b1:47:e4:96:39:97:
+ b5:5b:2b:6e:06:51:86:32:85:6a:7b:5f:63:08:85:31:6e:c3:
+ 12:0e:a0:ad:3a:d0:3f:db:e2:1b:6d:24:3a:bb:e7:61:5b:ba:
+ 1f:34:eb:34:07:e5:09:fe:0b:ba:76:48:49:6e:57:d4:14:76:
+ 11:af:52:39:9e:73:a7:e3:2a:5a:5c:fa:79:d7:7f:81:fd:80:
+ a7:d4:92:07:ef:a6:05:60:f9:b4:81:cb:8e:cb:b5:9e:2c:5d:
+ 40:fb:dc:c1:63:95:82:0b:2f:aa:8c:38:1d:96:63:ed:c9:1b:
+ ce:d2:d2:e7
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAmACAQEwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
+YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE1IFNl
+cCAxNSAxMzozNTo0NykwHhcNMTUwOTE1MDQzNTQ3WhcNMjUwOTEyMDQzNTQ3WjCB
+gTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
+Y2gxETAPBgNVBAsTCHN3aXRjaGNhMTswOQYDVQQDEzJPVlMgc3dpdGNoY2EgQ0Eg
+Q2VydGlmaWNhdGUgKDIwMTUgU2VwIDE1IDEzOjM1OjQ3KTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAJgEm58u4gtKWZ0AdNy0y/yNxH0yNeUc7pTwE+ZU
+HC5HR/C98n+uy2ov7HRcFDmAv3vRg5Dsen0CjPxn3plTaR9cYdUKf5PfAtQW01W4
+KFz9MltsrwPBI5IADivrMgcAmWQUMuT4drMG4dBUWvySzV7lt4VDnrh55COmPAxC
+ePTTfjMc8lokrCRhL3KzseeZTu8thSbetlkWJRplzpWc/cc8MEQdTDs03Y2tH+4G
+jrEtsbumaGJSmMItoxR1p18kEE90T5QLYb3F8Wt4+kiJJzsETSVQ0U9jPUs8zPrf
+IPEMPx1EncI+1BIHcqRqEQMvHXHVst60ptiteqzJx44STUcCAwEAATANBgkqhkiG
+9w0BAQQFAAOCAQEAKD8yRt2pwDBGminskDYUqqcM3Geg7IHc+TQ1xeSbSN3GWu0w
+eJlsMoxgWavceoa7lIuY22IzvU8WQFAS2+m2DPILDZCdt3qutDZGM8Xqajfs/m4S
+8ZgQiUj+imgRHJY3ktnMiu+Tw1NsYffwCyx4SY7jGUYrHRxlxdltXQRU5+DHqkl4
+fS01EX4FsUfkljmXtVsrbgZRhjKFantfYwiFMW7DEg6grTrQP9viG20kOrvnYVu6
+HzTrNAflCf4LunZISW5X1BR2Ea9SOZ5zp+MqWlz6edd/gf2Ap9SSB++mBWD5tIHL
+jsu1nixdQPvcwWOVggsvqow4HZZj7ckbztLS5w==
+-----END CERTIFICATE-----
diff --git a/ansible/roles/open-contrail/files/provision/compute.filters.patch b/ansible/roles/open-contrail/files/provision/compute.filters.patch
new file mode 100755
index 0000000..04bf42f
--- /dev/null
+++ b/ansible/roles/open-contrail/files/provision/compute.filters.patch
@@ -0,0 +1,14 @@
+*** a/compute.filters Mon Sep 28 15:13:48 2015
+--- b/compute.filters Mon Sep 28 15:16:06 2015
+***************
+*** 83,88 ****
+--- 83,91 ----
+ # nova/network/linux_net.py: 'ovs-vsctl', ....
+ ovs-vsctl: CommandFilter, ovs-vsctl, root
+
++ # nova/virt/libvirt/vif.py: 'vrouter-port-control', ...
++ vrouter-port-control: CommandFilter, vrouter-port-control, root
++
+ # nova/network/linux_net.py: 'ovs-ofctl', ....
+ ovs-ofctl: CommandFilter, ovs-ofctl, root
+
diff --git a/ansible/roles/open-contrail/files/provision/model.py.patch b/ansible/roles/open-contrail/files/provision/model.py.patch
new file mode 100755
index 0000000..7f7f7c6
--- /dev/null
+++ b/ansible/roles/open-contrail/files/provision/model.py.patch
@@ -0,0 +1,12 @@
+*** a/model.py Mon Sep 28 15:05:29 2015
+--- b/model.py Mon Sep 28 15:17:32 2015
+***************
+*** 39,44 ****
+--- 39,45 ----
+ VIF_TYPE_HW_VEB = 'hw_veb'
+ VIF_TYPE_MLNX_DIRECT = 'mlnx_direct'
+ VIF_TYPE_MIDONET = 'midonet'
++ VIF_TYPE_VROUTER = 'vrouter'
+ VIF_TYPE_OTHER = 'other'
+
+ # Constants for dictionary keys in the 'vif_details' field in the VIF
diff --git a/ansible/roles/open-contrail/files/provision/test_vif.py.patch b/ansible/roles/open-contrail/files/provision/test_vif.py.patch
new file mode 100755
index 0000000..3e12c72
--- /dev/null
+++ b/ansible/roles/open-contrail/files/provision/test_vif.py.patch
@@ -0,0 +1,70 @@
+*** a/test_vif.py Mon Sep 28 15:12:56 2015
+--- b/test_vif.py Mon Sep 28 15:19:20 2015
+***************
+*** 235,240 ****
+--- 235,253 ----
+ subnets=[subnet_bridge_4],
+ interface='eth0')
+
++ network_vrouter = network_model.Network(id='network-id-xxx-yyy-zzz',
++ label=None,
++ bridge=None,
++ subnets=[subnet_bridge_4,
++ subnet_bridge_6],
++ interface='eth0')
++
++ vif_vrouter = network_model.VIF(id='vif-xxx-yyy-zzz',
++ address='ca:fe:de:ad:be:ef',
++ network=network_vrouter,
++ type=network_model.VIF_TYPE_VROUTER,
++ devname='tap-xxx-yyy-zzz')
++
+ vif_mlnx = network_model.VIF(id='vif-xxx-yyy-zzz',
+ address='ca:fe:de:ad:be:ef',
+ network=network_mlnx,
+***************
+*** 796,801 ****
+--- 809,851 ----
+ self.vif_mlnx)
+ self.assertEqual(0, execute.call_count)
+
++ def test_unplug_vrouter_with_details(self):
++ d = vif.LibvirtGenericVIFDriver()
++ with mock.patch.object(utils, 'execute') as execute:
++ d.unplug_vrouter(None, self.vif_vrouter)
++ execute.assert_called_once_with(
++ 'vrouter-port-control',
++ '--oper=delete --uuid=vif-xxx-yyy-zzz',
++ run_as_root=True)
++
++ def test_plug_vrouter_with_details(self):
++ d = vif.LibvirtGenericVIFDriver()
++ instance = mock.Mock()
++ instance.name = 'instance-name'
++ instance.uuid = '46a4308b-e75a-4f90-a34a-650c86ca18b2'
++ instance.project_id = 'b168ea26fa0c49c1a84e1566d9565fa5'
++ instance.display_name = 'instance1'
++ with mock.patch.object(utils, 'execute') as execute:
++ d.plug_vrouter(instance, self.vif_vrouter)
++ execute.assert_has_calls([
++ mock.call('ip', 'tuntap', 'add', 'tap-xxx-yyy-zzz', 'mode',
++ 'tap', run_as_root=True, check_exit_code=[0, 2, 254]),
++ mock.call('ip', 'link', 'set', 'tap-xxx-yyy-zzz', 'up',
++ run_as_root=True, check_exit_code=[0, 2, 254]),
++ mock.call('vrouter-port-control',
++ '--oper=add --uuid=vif-xxx-yyy-zzz '
++ '--instance_uuid=46a4308b-e75a-4f90-a34a-650c86ca18b2 '
++ '--vn_uuid=network-id-xxx-yyy-zzz '
++ '--vm_project_uuid=b168ea26fa0c49c1a84e1566d9565fa5 '
++ '--ip_address=0.0.0.0 '
++ '--ipv6_address=None '
++ '--vm_name=instance1 '
++ '--mac=ca:fe:de:ad:be:ef '
++ '--tap_name=tap-xxx-yyy-zzz '
++ '--port_type=NovaVMPort '
++ '--tx_vlan_id=-1 '
++ '--rx_vlan_id=-1', run_as_root=True)])
++
+ def test_ivs_ethernet_driver(self):
+ d = vif.LibvirtGenericVIFDriver(self._get_conn(ver=9010))
+ self._check_ivs_ethernet_driver(d,
diff --git a/ansible/roles/open-contrail/files/provision/vif.py.patch b/ansible/roles/open-contrail/files/provision/vif.py.patch
new file mode 100755
index 0000000..103f084
--- /dev/null
+++ b/ansible/roles/open-contrail/files/provision/vif.py.patch
@@ -0,0 +1,91 @@
+*** a/vif.py Mon Sep 28 15:13:30 2015
+--- b/vif.py Mon Sep 28 15:21:30 2015
+***************
+*** 332,337 ****
+--- 332,347 ----
+
+ return conf
+
++ def get_config_vrouter(self, instance, vif, image_meta,
++ inst_type, virt_type):
++ conf = self.get_base_config(instance, vif, image_meta,
++ inst_type, virt_type)
++ dev = self.get_vif_devname(vif)
++ designer.set_vif_host_backend_ethernet_config(conf, dev)
++
++ designer.set_vif_bandwidth_config(conf, inst_type)
++ return conf
++
+ def get_config(self, instance, vif, image_meta,
+ inst_type, virt_type):
+ vif_type = vif['type']
+***************
+*** 526,531 ****
+--- 536,580 ----
+ except processutils.ProcessExecutionError:
+ LOG.exception(_LE("Failed while plugging vif"), instance=instance)
+
++ def plug_vrouter(self, instance, vif):
++ """Plug into Contrail's network port
++ Bind the vif to a Contrail virtual port.
++ """
++ dev = self.get_vif_devname(vif)
++ ip_addr = '0.0.0.0'
++ ip6_addr = None
++ subnets = vif['network']['subnets']
++ for subnet in subnets:
++ if not subnet['ips']:
++ continue
++ ips = subnet['ips'][0]
++ if not ips['address']:
++ continue
++ if (ips['version'] == 4):
++ if ips['address'] is not None:
++ ip_addr = ips['address']
++ if (ips['version'] == 6):
++ if ips['address'] is not None:
++ ip6_addr = ips['address']
++
++ ptype = 'NovaVMPort'
++ if (cfg.CONF.libvirt.virt_type == 'lxc'):
++ ptype = 'NameSpacePort'
++
++ cmd_args = ("--oper=add --uuid=%s --instance_uuid=%s --vn_uuid=%s "
++ "--vm_project_uuid=%s --ip_address=%s --ipv6_address=%s"
++ " --vm_name=%s --mac=%s --tap_name=%s --port_type=%s "
++ "--tx_vlan_id=%d --rx_vlan_id=%d" % (vif['id'],
++ instance.uuid, vif['network']['id'],
++ instance.project_id, ip_addr, ip6_addr,
++ instance.display_name, vif['address'],
++ vif['devname'], ptype, -1, -1))
++ try:
++ linux_net.create_tap_dev(dev)
++ utils.execute('vrouter-port-control', cmd_args, run_as_root=True)
++ except processutils.ProcessExecutionError:
++ LOG.exception(_LE("Failed while plugging vif"), instance=instance)
++
+ def plug(self, instance, vif):
+ vif_type = vif['type']
+
+***************
+*** 679,684 ****
+--- 728,746 ----
+ LOG.exception(_LE("Failed while unplugging vif"),
+ instance=instance)
+
++ def unplug_vrouter(self, instance, vif):
++ """Unplug Contrail's network port
++ Unbind the vif from a Contrail virtual port.
++ """
++ dev = self.get_vif_devname(vif)
++ cmd_args = ("--oper=delete --uuid=%s" % (vif['id']))
++ try:
++ utils.execute('vrouter-port-control', cmd_args, run_as_root=True)
++ linux_net.delete_net_dev(dev)
++ except processutils.ProcessExecutionError:
++ LOG.exception(
++ _LE("Failed while unplugging vif"), instance=instance)
++
+ def unplug(self, instance, vif):
+ vif_type = vif['type']
+
diff --git a/ansible/roles/open-contrail/files/provision/vtep-cert.pem b/ansible/roles/open-contrail/files/provision/vtep-cert.pem
new file mode 100755
index 0000000..dc354d3
--- /dev/null
+++ b/ansible/roles/open-contrail/files/provision/vtep-cert.pem
@@ -0,0 +1,70 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47)
+ Validity
+ Not Before: Sep 15 04:36:00 2015 GMT
+ Not After : Sep 12 04:36:00 2025 GMT
+ Subject: C=US, ST=CA, O=Open vSwitch, OU=Open vSwitch certifier, CN=vtep id:b55b8c06-9593-4406-8a85-f7edd09a1ea9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ca:57:ec:4d:a3:79:6c:a4:cd:21:c7:52:a8:9f:
+ 61:85:ee:a5:91:79:4a:f3:80:ac:1b:ac:1a:6d:0b:
+ 96:b9:cf:1f:a6:23:1f:45:ff:62:de:35:8f:e8:8d:
+ 4a:63:23:70:d5:1e:78:72:86:04:08:e2:fd:66:04:
+ e0:1e:ce:57:03:98:f7:a5:92:5a:f1:cc:3c:24:37:
+ 22:4e:97:0d:65:4b:98:08:5b:cd:1c:eb:67:f5:9c:
+ c0:ba:86:94:2a:15:dc:5d:47:6e:45:49:03:62:a3:
+ 37:5f:54:58:42:49:6d:a3:4c:c6:21:f6:08:36:8c:
+ 69:20:6a:f8:7c:5d:82:30:14:1a:15:ad:b9:42:ba:
+ 5d:13:99:e2:6f:aa:10:e4:e1:25:58:90:66:a7:e7:
+ bc:c7:e4:5c:79:2a:1b:b2:b3:d1:7b:4d:78:a6:28:
+ 66:bc:ee:97:6b:b4:3d:a0:65:16:10:04:fb:e9:4e:
+ 82:ac:88:c2:6a:a4:0e:d6:e5:ad:ee:bc:50:a7:73:
+ 97:6d:12:96:46:cb:ee:4d:15:ad:d4:a3:b5:95:82:
+ 2e:e7:1b:69:70:1d:b5:c9:06:47:44:2b:55:84:23:
+ 5b:75:56:86:c4:a7:b9:1d:46:9e:fa:8a:a5:dc:f9:
+ 70:16:6a:87:ee:20:1b:02:d1:2d:83:65:e0:7c:24:
+ 99:e9
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: md5WithRSAEncryption
+ 50:bf:af:aa:b5:a7:3c:67:2e:34:92:8a:b8:cc:b9:96:a8:b8:
+ 16:cd:d5:5d:d3:b6:1c:44:b4:08:c5:89:ea:17:97:88:a4:e4:
+ 89:b9:69:2b:71:36:77:05:dc:0a:50:fe:2d:8f:8c:72:a5:b9:
+ b1:45:23:0d:d3:7a:80:c8:9e:66:74:e2:42:ee:96:19:e5:88:
+ 3d:e3:ea:3c:d4:51:1e:e0:34:1f:0c:d3:9a:f7:99:9b:af:0b:
+ 23:57:87:f0:dc:8c:32:1c:e9:63:65:f3:cd:e5:22:ed:ea:fe:
+ 4f:be:0e:23:0d:8e:3e:09:aa:5e:20:2b:1a:4f:70:92:4a:a9:
+ 24:6e:a0:c6:86:b5:14:7d:52:71:cf:b8:5c:75:d4:6a:92:06:
+ 30:cf:71:72:ff:44:63:22:10:79:38:53:ec:6f:19:3d:63:92:
+ 69:3f:f2:f4:28:d4:ef:dd:af:32:84:c5:a0:c0:c9:5f:1f:02:
+ 47:76:bd:85:85:4e:7c:58:61:1a:ce:4c:03:45:d7:5c:dd:59:
+ 6c:22:e0:cb:2c:2d:b1:44:4c:03:dd:21:ff:58:6e:f7:09:4f:
+ 34:e0:24:3a:67:b1:33:ae:4a:bc:85:db:4b:12:ef:21:66:6a:
+ f0:b9:ea:90:72:b1:0b:34:9a:8d:be:f3:d1:02:56:0f:d7:bb:
+ 0a:eb:c2:f1
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmgCAQIwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
+YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE1IFNl
+cCAxNSAxMzozNTo0NykwHhcNMTUwOTE1MDQzNjAwWhcNMjUwOTEyMDQzNjAwWjCB
+iTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
+Y2gxHzAdBgNVBAsTFk9wZW4gdlN3aXRjaCBjZXJ0aWZpZXIxNTAzBgNVBAMTLHZ0
+ZXAgaWQ6YjU1YjhjMDYtOTU5My00NDA2LThhODUtZjdlZGQwOWExZWE5MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylfsTaN5bKTNIcdSqJ9hhe6lkXlK
+84CsG6wabQuWuc8fpiMfRf9i3jWP6I1KYyNw1R54coYECOL9ZgTgHs5XA5j3pZJa
+8cw8JDciTpcNZUuYCFvNHOtn9ZzAuoaUKhXcXUduRUkDYqM3X1RYQklto0zGIfYI
+NoxpIGr4fF2CMBQaFa25QrpdE5nib6oQ5OElWJBmp+e8x+RceSobsrPRe014pihm
+vO6Xa7Q9oGUWEAT76U6CrIjCaqQO1uWt7rxQp3OXbRKWRsvuTRWt1KO1lYIu5xtp
+cB21yQZHRCtVhCNbdVaGxKe5HUae+oql3PlwFmqH7iAbAtEtg2XgfCSZ6QIDAQAB
+MA0GCSqGSIb3DQEBBAUAA4IBAQBQv6+qtac8Zy40koq4zLmWqLgWzdVd07YcRLQI
+xYnqF5eIpOSJuWkrcTZ3BdwKUP4tj4xypbmxRSMN03qAyJ5mdOJC7pYZ5Yg94+o8
+1FEe4DQfDNOa95mbrwsjV4fw3IwyHOljZfPN5SLt6v5Pvg4jDY4+CapeICsaT3CS
+SqkkbqDGhrUUfVJxz7hcddRqkgYwz3Fy/0RjIhB5OFPsbxk9Y5JpP/L0KNTv3a8y
+hMWgwMlfHwJHdr2FhU58WGEazkwDRddc3VlsIuDLLC2xREwD3SH/WG73CU804CQ6
+Z7Ezrkq8hdtLEu8hZmrwueqQcrELNJqNvvPRAlYP17sK68Lx
+-----END CERTIFICATE-----
diff --git a/ansible/roles/open-contrail/files/provision/vtep-privkey.pem b/ansible/roles/open-contrail/files/provision/vtep-privkey.pem
new file mode 100755
index 0000000..673f424
--- /dev/null
+++ b/ansible/roles/open-contrail/files/provision/vtep-privkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAylfsTaN5bKTNIcdSqJ9hhe6lkXlK84CsG6wabQuWuc8fpiMf
+Rf9i3jWP6I1KYyNw1R54coYECOL9ZgTgHs5XA5j3pZJa8cw8JDciTpcNZUuYCFvN
+HOtn9ZzAuoaUKhXcXUduRUkDYqM3X1RYQklto0zGIfYINoxpIGr4fF2CMBQaFa25
+QrpdE5nib6oQ5OElWJBmp+e8x+RceSobsrPRe014pihmvO6Xa7Q9oGUWEAT76U6C
+rIjCaqQO1uWt7rxQp3OXbRKWRsvuTRWt1KO1lYIu5xtpcB21yQZHRCtVhCNbdVaG
+xKe5HUae+oql3PlwFmqH7iAbAtEtg2XgfCSZ6QIDAQABAoIBAQCKDMya98J7PkD6
+H8ykYQEfaH+rrc5WLd6+joAFD9gI82hLaEEI98HTi0Wgyu0KkH6F2OEieY69JWjv
+NrpWKj8xpCap3x2PROFvb/JHHkW0a4vRgBiD95QY/ZZ8bB8gS4PqXDa+rJ7TqDm6
+H4iLyR81P8caGorl9Iww4uqfpwiQlZ7A/dMexufQgMQXKqDXSKk+TJ36CBRJyLlk
+U6GrHIF9obHZyGelNhkkMu/czT54U/gKiufL5tYpOVyjCr8H2a713ovEfYzEFxJq
+Z8C0ySIskXsyhZ/pC0+pviMB2R20Nh8kRXiKCvNNbFShEMujB5gUVo7rqUZKFKMz
+FCfbcXrRAoGBAPeRwU5zU5nbiSQlB7YQibtFC/sMDzbbOjulN46UeDvkcVh80j4r
+FIPYLAPvA/e9OtRV89B6Tc7rZSWYZotszvJVlObs0/ll+L1pUX7PAEligoZCXufR
+GUyT0gZunGO8+FEgYIu89S1xN77WIbqopjjEyGQJeN2UX9bPo9AGTU0VAoGBANE7
+5nwtdsR1hjgxBqzgAFEFqCggHR+D050OtQgkLjHkXRT1uHeJZZu4D0x6vEnJknYi
+/OCujz196KLDGEQbREIdARtgemy07GoJuBXTwPuvbkw9vjoqDrIKVtMeTf4HSyzO
+2ej2pm280A/VI6GyahDIFSUZmFBqMeTUzB5UXNaFAoGAe61RCMQMa7yE0o29QHMa
+m3du+MeZgioa+VkcXBpHxoPlK/OPhIc5BHSl6IErVkQuc41M9EVlQY3PRezQra55
+5A5lCMgfTWRn0xgeIl9/ISoZUsEtcFnBbcQbFCOF9T2eP8kQ8j4/raf11VxcFUfT
+YmDMS02AGBHbnxC0IWREkdECgYBDaXQyEAfS9jZ/RjRrYGRZtmPeQbKAY927HXDw
+JZAInRXsWdrMEKV/DUdIkca2U05v54fn7/XQjw9z2T2pO8u7LVMc+fGXspb09xqr
+VaU4seXshHwUi1ZewHwG2x2vubPbxO1qZIVsl8fFQhuPzkbkD0LYyC1Nw1k9692z
+6+RZbQKBgH/6OqqsHLnpzQD0drcOjbXws53g3/eECPXCMNzzw0AiSkyrGWzSonMD
++uSMrG0f7DwvHxZ09bn4qqFqCE7yhoCWWUYSBZKEDYzpxTq9krahPmaJznaBXyFi
+K2rfym1sYEZvDT9nS5TROtiIW0uANHOjI9yw+a8TQEyQu8CH2/C0
+-----END RSA PRIVATE KEY-----
diff --git a/ansible/roles/open-contrail/files/recover_network_opencontrail.py b/ansible/roles/open-contrail/files/recover_network_opencontrail.py
new file mode 100755
index 0000000..e829b65
--- /dev/null
+++ b/ansible/roles/open-contrail/files/recover_network_opencontrail.py
@@ -0,0 +1,33 @@
+import yaml
+import netaddr
+import os
+import log as logging
+
+LOG = logging.getLogger("net-recover-opencontrail")
+config_path = os.path.join(os.path.dirname(__file__), "network.cfg")
+
+def setup_bondings(bond_mappings):
+ print bond_mappings
+
+def setup_ips_new(config):
+ LOG.info("setup_ips_new enter")
+ network = netaddr.IPNetwork(config["ip_settings"]["br-prv"]["cidr"])
+ intf_name = config["provider_net_mappings"][0]["interface"]
+ cmd = "ip addr add %s/%s brd %s dev %s;" \
+ % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), intf_name)
+ #cmd = "ip link set br-ex up;"
+ #cmd += "ip addr add %s/%s brd %s dev %s;" \
+ # % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), 'br-ex')
+ cmd += "route del default;"
+ cmd += "ip route add default via %s dev %s" % (config["ip_settings"]["br-prv"]["gw"], intf_name)
+ #cmd += "ip route add default via %s dev %s" % (config["ip_settings"]["br-prv"]["gw"], 'br-ex')
+ LOG.info("setup_ips_new: cmd=%s" % cmd)
+ os.system(cmd)
+
+
+def main(config):
+ setup_ips_new(config)
+
+if __name__ == "__main__":
+ config = yaml.load(open(config_path))
+ main(config)
diff --git a/ansible/roles/open-contrail/files/setup_networks_opencontrail.py b/ansible/roles/open-contrail/files/setup_networks_opencontrail.py
new file mode 100755
index 0000000..fd7795a
--- /dev/null
+++ b/ansible/roles/open-contrail/files/setup_networks_opencontrail.py
@@ -0,0 +1,107 @@
+import yaml
+import netaddr
+import os
+import log as logging
+
+LOG = logging.getLogger("net-init-opencontrail")
+config_path = os.path.join(os.path.dirname(__file__), "network.cfg")
+
+def setup_bondings(bond_mappings):
+ print bond_mappings
+
+def add_vlan_link(interface, ifname, vlan_id):
+ LOG.info("add_vlan_link enter")
+ cmd = "ip link add link %s name %s type vlan id %s; " % (ifname, interface, vlan_id)
+ cmd += "ip link set %s up; ip link set %s up" % (interface, ifname)
+ LOG.info("add_vlan_link: cmd=%s" % cmd)
+ os.system(cmd)
+
+#def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None):
+# LOG.info("add_ovs_port enter")
+# cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname)
+# if vlan_id:
+# cmd += " tag=%s" % vlan_id
+# cmd += " -- set Interface %s type=internal;" % ifname
+# cmd += "ip link set dev %s address `ip link show %s |awk '/link\/ether/{print $2}'`;" \
+# % (ifname, uplink)
+# cmd += "ip link set %s up;" % ifname
+# LOG.info("add_ovs_port: cmd=%s" % cmd)
+# os.system(cmd)
+
+def setup_intfs(sys_intf_mappings, uplink_map):
+ LOG.info("setup_intfs enter")
+ for intf_name, intf_info in sys_intf_mappings.items():
+ if intf_info["type"] == "vlan":
+ add_vlan_link(intf_name, intf_info["interface"], intf_info["vlan_tag"])
+# elif intf_info["type"] == "ovs":
+# add_ovs_port(
+# intf_info["interface"],
+# intf_name,
+# uplink_map[intf_info["interface"]],
+# vlan_id=intf_info.get("vlan_tag"))
+ else:
+ pass
+
+def setup_ips(ip_settings, sys_intf_mappings):
+ LOG.info("setup_ips enter")
+ for intf_info in ip_settings.values():
+ network = netaddr.IPNetwork(intf_info["cidr"])
+ if sys_intf_mappings[intf_info["name"]]["type"] == "ovs":
+ intf_name = intf_info["name"]
+ else:
+ intf_name = intf_info["alias"]
+ if "gw" in intf_info:
+ continue
+ cmd = "ip addr add %s/%s brd %s dev %s;" \
+ % (intf_info["ip"], intf_info["netmask"], str(network.broadcast),intf_name)
+# if "gw" in intf_info:
+# cmd += "route del default;"
+# cmd += "ip route add default via %s dev %s" % (intf_info["gw"], intf_name)
+ LOG.info("setup_ips: cmd=%s" % cmd)
+ os.system(cmd)
+
+def setup_ips_new(config):
+ LOG.info("setup_ips_new enter")
+ network = netaddr.IPNetwork(config["ip_settings"]["br-prv"]["cidr"])
+ intf_name = config["provider_net_mappings"][0]["interface"]
+ cmd = "ip addr add %s/%s brd %s dev %s;" \
+ % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), intf_name)
+# cmd = "ip link set br-ex up;"
+# cmd += "ip addr add %s/%s brd %s dev %s;" \
+# % (config["ip_settings"]["br-prv"]["ip"], config["ip_settings"]["br-prv"]["netmask"], str(network.broadcast), 'br-ex')
+ cmd += "route del default;"
+ cmd += "ip route add default via %s dev %s" % (config["ip_settings"]["br-prv"]["gw"], intf_name)
+# cmd += "ip route add default via %s dev %s" % (config["ip_settings"]["br-prv"]["gw"], 'br-ex')
+ LOG.info("setup_ips_new: cmd=%s" % cmd)
+ os.system(cmd)
+
+def setup_default_router(config):
+ LOG.info("setup_ips_new enter")
+ network = netaddr.IPNetwork(config["ip_settings"]["br-prv"]["cidr"])
+ intf_name = config["provider_net_mappings"][0]["interface"]
+ cmd = "route del default;"
+ cmd += "ip route add default via %s dev %s" % (config["ip_settings"]["br-prv"]["gw"], "vhost0")
+ LOG.info("setup_default_router: cmd=%s" % cmd)
+ os.system(cmd)
+
+def remove_ovs_kernel_mod(config):
+ LOG.info("remove_ovs_kernel_mod enter")
+ cmd = "rmmod vport_vxlan; rmmod openvswitch;"
+ LOG.info("remove_ovs_kernel_mod: cmd=%s" % cmd)
+ os.system(cmd)
+
+def main(config):
+ uplink_map = {}
+ setup_bondings(config["bond_mappings"])
+ remove_ovs_kernel_mod(config)
+ for provider_net in config["provider_net_mappings"]:
+ uplink_map[provider_net['name']] = provider_net['interface']
+
+ setup_intfs(config["sys_intf_mappings"], uplink_map)
+ setup_ips(config["ip_settings"], config["sys_intf_mappings"])
+# setup_ips_new(config)
+ setup_default_router(config)
+
+if __name__ == "__main__":
+ config = yaml.load(open(config_path))
+ main(config)
diff --git a/ansible/roles/open-contrail/tasks/ext-net.yml b/ansible/roles/open-contrail/tasks/ext-net.yml
new file mode 100644
index 0000000..3ef327e
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/ext-net.yml
@@ -0,0 +1,47 @@
+---
+- name: add ext-network router of vgw on controller for open-contrail
+ shell: >
+ ip route add {{ public_net_info.floating_ip_cidr }} via {{ ip_settings[groups['compute'][0]]['br-prv']['ip'] }} dev {{ network_cfg.public_vip.interface }} ;
+ echo "ip route add {{ public_net_info.floating_ip_cidr }} via {{ ip_settings[groups['compute'][0]]['br-prv']['ip'] }} dev {{ network_cfg.public_vip.interface }}" >> /opt/contrail/bin/if-vhost0 ;
+ when: inventory_hostname in groups['opencontrail']
+
+
+- name: create vgw for open-contrail
+ shell: >
+ echo "lsof -ni :9090 ; while [ $? -ne 0 ]; do sleep 10; lsof -ni :9090; done" >> /etc/init.d/net_init;
+ echo "sleep 10" >> /etc/init.d/net_init;
+ echo "python /opt/contrail/utils/provision_vgw_interface.py --oper create --interface vgw1 --subnets {{ public_net_info.floating_ip_cidr }} --routes 0.0.0.0/0 --vrf default-domain:admin:{{ public_net_info.network }}:{{ public_net_info.network }}" >> /etc/init.d/net_init;
+ when: groups['opencontrail']|length !=0 and inventory_hostname == groups['compute'][0]
+
+
+- name: add vgw router on compute(without vgw) for open-contrail
+ shell: echo "ip route add {{ public_net_info.floating_ip_cidr }} via {{ ip_settings[groups['compute'][0]]['br-prv']['ip'] }} dev vhost0" >> /etc/init.d/net_init
+ when: groups['opencontrail']|length !=0 and inventory_hostname not in groups['opencontrail'] and inventory_hostname != groups['compute'][0]
+
+
+
+
+
+# create a file with vgw ip on CompassCore, so that Jumper Host could access this to get vgw ip
+- name: add vgw file on compass
+ local_action: file path=/home/opencontrail1.rc state=touch mode=0777
+ run_once: True
+ when: groups['opencontrail']|length !=0
+
+- name: update vgw file
+ local_action: lineinfile dest=/home/opencontrail1.rc line={{ ip_settings[groups['compute'][0]]['br-prv']['ip'] }}
+ run_once: True
+ when: groups['opencontrail']|length !=0
+
+- name: add vgw file on compass
+ local_action: file path=/home/opencontrail2.rc state=touch mode=0777
+ run_once: True
+ when: groups['opencontrail']|length !=0
+
+- name: update vgw file
+ local_action: lineinfile dest=/home/opencontrail2.rc line={{ public_net_info.floating_ip_cidr }}
+ run_once: True
+ when: groups['opencontrail']|length !=0
+
+
+
diff --git a/ansible/roles/open-contrail/tasks/install/install-collector.yml b/ansible/roles/open-contrail/tasks/install/install-collector.yml
new file mode 100755
index 0000000..d302289
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/install/install-collector.yml
@@ -0,0 +1,24 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: collector
+# sudo: yes
+# tasks:
+
+- name: "temporary disable supervisor analytics"
+ template:
+# src: "templates/override.j2"
+ src: "../../templates/install/override.j2"
+ dest: "/etc/init/supervisor-analytics.override"
+
+- name: "install contrail openstack analytics package"
+# apt:
+# name: "contrail-openstack-analytics"
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present force=yes"
+ with_items: collector_package
diff --git a/ansible/roles/open-contrail/tasks/install/install-common.yml b/ansible/roles/open-contrail/tasks/install/install-common.yml
new file mode 100755
index 0000000..e94621b
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/install/install-common.yml
@@ -0,0 +1,104 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: all
+# sudo: yes
+# tasks:
+#- name: "copy contrail install package temporary"
+# sudo: True
+# copy:
+# src: "{{ package }}"
+# dest: "/tmp/{{ package }}"
+
+- name: get image http server
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: http_server
+
+- name: download OpenContrail package file
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/open-contrail/{{ package }}" dest=/tmp/{{ package }}
+#"
+
+- name: "install contrail install package"
+# sudo: True
+ apt:
+ deb: "/tmp/{{ package }}"
+ force: yes
+
+- name: "delete temporary contrail install package"
+# sudo: True
+ file:
+ dest: "/tmp/{{ package }}"
+ state: "absent"
+
+- name: "make directory for contrail binary files"
+# sudo: True
+ file:
+ path: "/opt/contrail/bin"
+ state: "directory"
+
+- name: "make directory for contrail repository"
+# sudo: True
+ file:
+ path: "/opt/contrail/contrail_install_repo"
+ state: "directory"
+
+- name: "unarchive contrail packages"
+# sudo: True
+ unarchive:
+ src: "/opt/contrail/contrail_packages/contrail_debs.tgz"
+ dest: "/opt/contrail/contrail_install_repo"
+ copy: no
+
+- name: "find required packages in advance"
+# sudo: True
+ shell: "find /opt/contrail/contrail_install_repo -name binutils_*.deb -or -name make_*.deb -or -name libdpkg-perl_*.deb -or -name dpkg-dev_*.deb -or -name patch_*.deb -type f"
+ register: required_packages
+ changed_when: no
+
+- name: "install required packages"
+# sudo: True
+ apt:
+ deb: "{{ item }}"
+ force: yes
+ with_items: required_packages.stdout_lines
+ ignore_errors: True
+
+- name: modify source list
+# sudo: True
+ lineinfile:
+ dest: "/etc/apt/sources.list"
+ line: "deb file:/opt/contrail/contrail_install_repo ./"
+ insertbefore: "BOF"
+
+- name: "modify apt configuration"
+# sudo: True
+ lineinfile:
+ dest: "/etc/apt/apt.conf"
+ line: "APT::Get::AllowUnauthenticated \"true\";"
+ create: "yes"
+
+- name: "copy apt preferences file"
+# sudo: True
+ shell: "cp /opt/contrail/contrail_packages/preferences /etc/apt/preferences"
+ args:
+ creates: "/etc/apt/preferences"
+
+- name: create contrail packages list
+# sudo: True
+ shell: "dpkg-scanpackages . | gzip -9c > Packages.gz"
+ args:
+ chdir: "/opt/contrail/contrail_install_repo"
+ creates: "Packages.gz"
+
+- name: install contrail setup package
+ sudo: True
+ apt:
+ name: "contrail-setup"
+ update_cache: yes
+ force: yes
diff --git a/ansible/roles/open-contrail/tasks/install/install-compute.yml b/ansible/roles/open-contrail/tasks/install/install-compute.yml
new file mode 100755
index 0000000..4e4a5ad
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/install/install-compute.yml
@@ -0,0 +1,55 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: [compute, tsn]
+# sudo: yes
+# tasks:
+- name: "temporary disable supervisor vrouter"
+# sudo: True
+ template:
+ src: "../../templates/install/override.j2"
+ dest: "/etc/init/supervisor-vrouter.override"
+
+# - name: "install nova-compute for contrail package"
+# apt:
+# name: "nova-compute"
+# when: install_nova
+
+- name: "install contrail vrouter 3.13.0-40 package"
+# apt:
+# name: "contrail-vrouter-3.13.0-40-generic"
+# when: ansible_kernel == "3.13.0-40-generic"
+# sudo: True
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present force=yes"
+ with_items: vrouter_package
+ when: ansible_kernel == kernel_required
+
+- name: "install contrail vrouter dkms package"
+# apt:
+# name: "contrail-vrouter-dkms"
+# when: ansible_kernel != "3.13.0-40-generic"
+# sudo: True
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present force=yes"
+ with_items: dkms_package
+ when: ansible_kernel != kernel_required
+
+# - name: "install contrail vrouter common package"
+# apt:
+# name: "contrail-vrouter-common"
+
+# - name: "install contrail nova vif package"
+# apt:
+# name: "contrail-nova-vif"
+
+- name: "install contrail vrouter common & nova vif package"
+# sudo: True
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: compute_package | union(compute_package_noarch)
+
+
diff --git a/ansible/roles/open-contrail/tasks/install/install-config.yml b/ansible/roles/open-contrail/tasks/install/install-config.yml
new file mode 100755
index 0000000..b66e3e4
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/install/install-config.yml
@@ -0,0 +1,51 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: config
+# sudo: yes
+# tasks:
+- name: "temporary disable supervisor config"
+# sudo: True
+ template:
+# src: "templates/override.j2"
+ src: "../../templates/install/override.j2"
+ dest: "/etc/init/supervisor-config.override"
+
+- name: "temporary disable neutron server"
+# sudo: True
+ template:
+# src: "templates/override.j2"
+ src: "../../templates/install/override.j2"
+ dest: "/etc/init/neutron-server.override"
+
+###############################################
+################ workaround #################
+###############################################
+- name: "backup keepalived conf"
+ shell: mv /etc/keepalived/keepalived.conf /home/keepalived.conf
+
+- name: "uninstall keepalived"
+ action: "{{ ansible_pkg_mgr }} name=keepalived state=absent"
+
+- name: "install iproute"
+ action: "{{ ansible_pkg_mgr }} name=iproute state=present"
+
+- name: "install iproute"
+ action: "{{ ansible_pkg_mgr }} name=keepalived state=present"
+
+- name: "restore keepalived conf"
+ shell: mv /home/keepalived.conf /etc/keepalived/keepalived.conf
+###############################################
+
+- name: "install contrail openstack config package"
+# sudo: True
+# apt:
+# name: "contrail-openstack-config"
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present force=yes"
+ with_items: config_package
diff --git a/ansible/roles/open-contrail/tasks/install/install-control.yml b/ansible/roles/open-contrail/tasks/install/install-control.yml
new file mode 100755
index 0000000..ab7d4ad
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/install/install-control.yml
@@ -0,0 +1,32 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: control
+# sudo: yes
+# tasks:
+- name: "temporary disable supervisor control"
+# sudo: True
+ template:
+# src: "templates/override.j2"
+ src: "../../templates/install/override.j2"
+ dest: "/etc/init/supervisor-control.override"
+
+- name: "temporary disable supervisor dns"
+# sudo: True
+ template:
+# src: "templates/override.j2"
+ src: "../../templates/install/override.j2"
+ dest: "/etc/init/supervisor-dns.override"
+
+- name: "install contrail openstack control package"
+# sudo: True
+# apt:
+# name: "contrail-openstack-control"
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present force=yes"
+ with_items: control_package
diff --git a/ansible/roles/open-contrail/tasks/install/install-database.yml b/ansible/roles/open-contrail/tasks/install/install-database.yml
new file mode 100755
index 0000000..5c89ede
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/install/install-database.yml
@@ -0,0 +1,25 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: database
+# sudo: yes
+# tasks:
+- name: "temporary disable supervisor database"
+# sudo: True
+ template:
+# src: "templates/override.j2"
+ src: "../../templates/install/override.j2"
+ dest: "/etc/init/supervisor-database.override"
+
+- name: "install contrail openstack database package"
+# sudo: True
+# apt:
+# name: "contrail-openstack-database"
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present force=yes"
+ with_items: database_package
diff --git a/ansible/roles/open-contrail/tasks/install/install-interface.yml b/ansible/roles/open-contrail/tasks/install/install-interface.yml
new file mode 100755
index 0000000..3f7b43c
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/install/install-interface.yml
@@ -0,0 +1,34 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: all
+# sudo: yes
+# tasks:
+#- name: get last ip address
+# shell: expr substr `cat /etc/hostname` 5 1
+# register: lastip
+
+#- name: "configure interface"
+## sudo: True
+# lineinfile:
+# dest: "/etc/network/interfaces"
+# line: "{{ item }}"
+# with_items:
+# - "auto {{ contrail_vhost_device }}"
+# - "iface {{ contrail_vhost_device }} inet static"
+# - "\taddress {{ contrail_vhost_address }}"
+# - "\tnetmask {{ contrail_vhost_netmask }}"
+
+- name: "set interface address"
+# sudo: True
+ shell: "ifconfig {{ contrail_vhost_device }} {{ contrail_vhost_address }} netmask {{ contrail_vhost_netmask }}"
+
+- name: "up interface"
+# sudo: True
+ shell: "ifconfig {{ contrail_vhost_device }} up"
diff --git a/ansible/roles/open-contrail/tasks/install/install-kernel.yml b/ansible/roles/open-contrail/tasks/install/install-kernel.yml
new file mode 100755
index 0000000..be9a8ac
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/install/install-kernel.yml
@@ -0,0 +1,60 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: all
+# sudo: yes
+# tasks:
+
+- name: "install Ubuntu kernel"
+# sudo: True
+# apt:
+# name: "linux-headers-3.13.0-40"
+# name: "linux-headers-3.13.0-40-generic"
+# name: "linux-image-3.13.0-40-generic"
+# name: "linux-image-extra-3.13.0-40-generic"
+# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present force=yes"
+ with_items: kernel_package | union(kernel_package_noarch)
+ when: (kernel_install) and (ansible_kernel != kernel_required)
+
+- name: "setup grub"
+# sudo: True
+ lineinfile:
+ dest: "/etc/default/grub"
+ regexp: "GRUB_DEFAULT=.*"
+ line: "GRUB_DEFAULT='Advanced options for Ubuntu>Ubuntu, with Linux 3.13.0-40-generic'"
+# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+ when: (kernel_install) and (ansible_kernel != kernel_required)
+
+- name: "reflect grub"
+# sudo: True
+ shell: "update-grub2"
+# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+ when: (kernel_install) and (ansible_kernel != kernel_required)
+
+- name: "reboot Server"
+# sudo: True
+ shell: "shutdown -r now"
+ async: 0
+ poll: 0
+ ignore_errors: true
+ notify: Wait for server to come back
+# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+ when: (kernel_install) and (ansible_kernel != kernel_required)
+
+# handlers:
+- name: "Wait for server to come back"
+ local_action:
+ module: wait_for
+ host={{ inventory_hostname }}
+ port=22
+ delay=30
+ timeout=600
+# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+ when: (kernel_install) and (ansible_kernel != kernel_required)
diff --git a/ansible/roles/open-contrail/tasks/install/install-webui.yml b/ansible/roles/open-contrail/tasks/install/install-webui.yml
new file mode 100755
index 0000000..6dbe1e7
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/install/install-webui.yml
@@ -0,0 +1,26 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: webui
+# sudo: yes
+# tasks:
+
+- name: "temporary disable supervisor webui"
+# sudo: True
+ template:
+# src: "templates/override.j2"
+ src: "../../templates/install/override.j2"
+ dest: "/etc/init/supervisor-webui.override"
+
+- name: "install contrail openstack webui package"
+# sudo: True
+# apt:
+# name: "contrail-openstack-webui"
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present force=yes"
+ with_items: webui_package
diff --git a/ansible/roles/open-contrail/tasks/main.yml b/ansible/roles/open-contrail/tasks/main.yml
new file mode 100755
index 0000000..7d0f1a9
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/main.yml
@@ -0,0 +1,151 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: backup rabbitmq-server
+ shell: cp /etc/init.d/rabbitmq-server /home/rabbitmq-server
+ when: inventory_hostname in groups['opencontrail']
+
+- name: Disable Service Daemon
+ shell: if [ -f “\/opt\/service” ] ; then mv /opt/service /opt/service.bak ; fi
+ when: groups['opencontrail']|length !=0
+
+- name: Install common on all hosts for Open Contrail
+ include: install/install-common.yml
+ when: groups['opencontrail']|length !=0
+ # Compass install OpenStack with not only OpenContrail but also ODL or ONOS, and sometimes user just installs OpenStack, so item 'opencontrail_control' is kind of a mark that whether Compass install OpenContrail or not.
+
+#- name: Install kernal on all hosts for Open Contrail
+# include: install/install-kernel.yml
+# when: groups['opencontrail_control']|length !=0
+
+- name: Install database for Open Contrail
+ include: install/install-database.yml
+ when: inventory_hostname in groups['opencontrail']
+
+- name: Install config for Open Contrail
+ include: install/install-config.yml
+ when: inventory_hostname in groups['opencontrail']
+
+- name: Install config for Open Contrail
+ include: install/install-control.yml
+ when: inventory_hostname in groups['opencontrail']
+
+- name: Install collector for Open Contrail
+ include: install/install-collector.yml
+ when: inventory_hostname in groups['opencontrail']
+
+- name: Install webui for Open Contrail
+ include: install/install-webui.yml
+ when: inventory_hostname in groups['opencontrail']
+
+- name: Install compute for Open Contrail
+ include: install/install-compute.yml
+ when: groups['opencontrail']|length !=0 and inventory_hostname not in groups['opencontrail']
+# or inventory_hostname in groups['opencontrail_tsn']
+
+
+# change vhost0 on eth1
+#- name: Install interface on all hosts for Open Contrail
+# include: install/install-interface.yml
+# when: groups['opencontrail']|length !=0
+
+#- include: install/install-common.yml
+#- include: install/install-kernel.yml
+#- include: install/install-database.yml
+#- include: install/install-config.yml
+#- include: install/install-control.yml
+#- include: install/install-collector.yml
+#- include: install/install-webui.yml
+#- include: install/install-compute.yml
+#- include: install/install-interface.yml
+
+
+#- name: Provision route on all hosts for Open Contrail
+# include: provision/provision-route.yml
+# when: groups['opencontrail_control']|length !=0
+
+
+- name: Provision RabbitMQ on OpenContrail config nodes
+ include: provision/provision-rabbitmq.yml
+ when: inventory_hostname in groups['opencontrail']
+
+- name: Provision increase limits for Open Contrail
+ include: provision/provision-increase-limits.yml
+ when: inventory_hostname in groups['opencontrail']
+#or inventory_hostname in groups['opencontrail_config'] or inventory_hostname in groups['opencontrail_collector'] or inventory_hostname in groups['opencontrail_database']
+
+
+- name: Provision database for Open Contrail
+ include: provision/provision-database.yml
+ when: inventory_hostname in groups['opencontrail']
+
+
+- name: Provision config for Open Contrail
+ include: provision/provision-config.yml
+ when: inventory_hostname in groups['opencontrail']
+
+- name: Provision control for Open Contrail
+ include: provision/provision-control.yml
+ when: inventory_hostname in groups['opencontrail']
+
+
+- name: Provision collector for Open Contrail
+ include: provision/provision-collector.yml
+ when: inventory_hostname in groups['opencontrail']
+
+
+- name: Provision add nodes for Open Contrail
+ include: provision/provision-add-nodes.yml
+ when: inventory_hostname in groups['opencontrail']
+
+
+- name: Provision webui for Open Contrail
+ include: provision/provision-webui.yml
+ when: inventory_hostname in groups['opencontrail']
+
+
+- name: Provision compute for Open Contrail
+ include: provision/provision-compute.yml
+ when: groups['opencontrail']|length !=0 and inventory_hostname not in groups['opencontrail']
+
+- name: Remove openvswitch on compute
+ include: uninstall-openvswitch.yml
+ when: groups['opencontrail']|length !=0 and inventory_hostname not in groups['opencontrail']
+
+- name: Config ext-net network
+ include: ext-net.yml
+
+- name: Enable Service Daemon
+ shell: if [ -f “\/opt\/service.bak” ] ; then mv /opt/service.bak /opt/service ; fi
+ when: groups['opencontrail']|length !=0
+
+#- name: Provision tsn for Open Contrail
+# include: provision/provision-tsn.yml
+# when: inventory_hostname in groups['opencontrail_tsn']
+
+
+#- name: Provision toragent for Open Contrail
+# include: provision/provision-toragent.yml
+# when: inventory_hostname in groups['opencontrail_tsn']
+
+#- include: provision/provision-route.yml
+#- include: provision/provision-rabbitmq.yml
+#- include: provision/provision-increase-limits.yml
+#- include: provision/provision-database.yml
+#- include: provision/provision-config.yml
+#- include: provision/provision-control.yml
+#- include: provision/provision-collector.yml
+#- include: provision/provision-add-nodes.yml
+#- include: provision/provision-webui.yml
+#- include: provision/provision-compute.yml
+#- include: provision/provision-tsn.yml
+#- include: provision/provision-toragent.yml
diff --git a/ansible/roles/open-contrail/tasks/provision/-node-common.yml b/ansible/roles/open-contrail/tasks/provision/-node-common.yml
new file mode 100755
index 0000000..759f940
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/-node-common.yml
@@ -0,0 +1,28 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: "disable ufw"
+ ufw:
+ state: "disabled"
+
+- name: "change value of kernel.core_pattern"
+ sysctl:
+ name: "kernel.core_pattern"
+ value: "/var/crashes/core.%e.%p.%h.%t"
+
+- name: "change value of net.ipv4.ip_forward"
+ sysctl:
+ name: "net.ipv4.ip_forward"
+ value: "1"
+
+- name: "make crashes directory"
+ file:
+ path: "/var/crashes"
+ state: "directory"
+ mode: 0777
diff --git a/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml b/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml
new file mode 100644
index 0000000..ec6b2fe
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml
@@ -0,0 +1,30 @@
+---
+- name: 'stop rabbitmq server'
+ service:
+ name: 'rabbitmq-server'
+ state: 'stopped'
+
+- name: 'check beam process'
+ shell: 'ps ax | grep -v grep | grep beam'
+ register: beam_process
+ changed_when: no
+ ignore_errors: yes
+
+- name: 'kill beam processes'
+ shell: 'pkill -9 beam'
+ when: beam_process.stdout
+
+- name: 'check epmd process'
+ shell: 'ps ax | grep -v grep | grep epmd'
+ register: epmd_process
+ changed_when: no
+ ignore_errors: yes
+
+- name: 'kill epmd processes'
+ shell: 'pkill -9 epmd'
+ when: epmd_process.stdout
+
+- name: 'remove mnesia directory'
+ file:
+ name: '/var/lib/rabbitmq/mnesia'
+ state: 'absent'
diff --git a/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml b/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml
new file mode 100755
index 0000000..c4a6624
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml
@@ -0,0 +1,34 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: "stop redis server"
+ service:
+ name: "redis-server"
+ state: "stopped"
+
+- name: "modify redis server configuration"
+ replace:
+ dest: "/etc/redis/redis.conf"
+ regexp: "{{ item.regexp }}"
+ replace: "{{ item.replace }}"
+ with_items:
+ - { regexp: "^\\s*bind", replace: "#bind" }
+ - { regexp: "^\\s*save", replace: "#save" }
+ - { regexp: "^\\s*dbfilename", replace: "#dbfilename" }
+ - { regexp: "^\\s*lua-time-limit\\s*\\d*", replace: "lua-time-limit 15000" }
+
+- name: "delete redis dump"
+ file:
+ dest: "/var/lib/redis/dump.rdb"
+ state: "absent"
+
+- name: "start redis server"
+ service:
+ name: "redis-server"
+ state: "started"
diff --git a/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml b/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml
new file mode 100755
index 0000000..be1879a
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml
@@ -0,0 +1,115 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: "change owner nova log directory"
+ file:
+ dest: "/var/log/nova"
+ state: "directory"
+ owner: "nova"
+ group: "nova"
+ recurse: yes
+
+- name: "delete values from nova config"
+ ini_file:
+ dest: "/etc/nova/nova.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ with_items:
+ - { section: "DEFAULT", option: "sql_connection" }
+ - { section: "DEFAULT", option: "quantum_admin_tenant_name" }
+ - { section: "DEFAULT", option: "quantum_admin_username" }
+ - { section: "DEFAULT", option: "quantum_admin_password" }
+ - { section: "DEFAULT", option: "quantum_admin_auth_url" }
+ - { section: "DEFAULT", option: "quantum_auth_strategy" }
+ - { section: "DEFAULT", option: "quantum_url" }
+
+- name: "set values to nova config"
+ ini_file:
+ dest: "/etc/nova/nova.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+ - { section: "DEFAULT", option: "auth_strategy", value: "keystone" }
+ - { section: "DEFAULT", option: "libvirt_nonblocking", value: "True" }
+ - { section: "DEFAULT", option: "libvirt_inject_partition", value: "-1" }
+ - { section: "DEFAULT", option: "rabbit_host", value: "{{ contrail_haproxy_address }}" }
+ - { section: "DEFAULT", option: "rabbit_port", value: "5672" }
+ - { section: "DEFAULT", option: "glance_host", value: "{{ contrail_haproxy_address }}" }
+ - { section: "DEFAULT", option: "glance_port", value: "9292" }
+ - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" }
+ - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" }
+ - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" }
+ - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ contrail_haproxy_address }}:35357/v2.0/" }
+ - { section: "DEFAULT", option: "neutron_url", value: "http://{{ contrail_haproxy_address }}:9696/" }
+ - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" }
+ - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" }
+ - { section: "DEFAULT", option: "compute_driver", value: "libvirt.LibvirtDriver" }
+ - { section: "DEFAULT", option: "network_api_class", value: " nova_contrail_vif.contrailvif.ContrailNetworkAPI" }
+ - { section: "DEFAULT", option: "ec2_private_dns_show_ip", value: "False" }
+ - { section: "DEFAULT", option: "novncproxy_base_url", value: "http://{{ contrail_haproxy_address }}:5999/vnc_auto.html" }
+ - { section: "DEFAULT", option: "vncserver_enabled", value: "True" }
+ - { section: "DEFAULT", option: "vncserver_listen", value: "{{ contrail_address }}" }
+ - { section: "DEFAULT", option: "vncserver_proxyclient_address", value: "{{ contrail_address }}" }
+ - { section: "DEFAULT", option: "security_group_api", value: "neutron" }
+ - { section: "DEFAULT", option: "heal_instance_info_cache_interval", value: "0" }
+ - { section: "DEFAULT", option: "image_cache_manager_interval", value: "0" }
+ - { section: "DEFAULT", option: "libvirt_cpu_mode", value: "none" }
+ - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" }
+ - { section: "database", option: "connection", value: "mysql://nova:nova@{{ contrail_haproxy_address }}/nova?charset=utf8" }
+ - { section: "database", option: "idle_timeout", value: "180" }
+ - { section: "database", option: "max_retries", value: "-1" }
+ - { section: "keystone_authtoken", option: "admin_tenant_name", value: "service" }
+ - { section: "keystone_authtoken", option: "admin_user", value: "nova" }
+ - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" }
+ - { section: "keystone_authtoken", option: "auth_protocol", value: "http" }
+ - { section: "keystone_authtoken", option: "auth_host", value: "{{ contrail_haproxy_address }}" }
+ - { section: "keystone_authtoken", option: "signing_dir", value: "/tmp/keystone-signing-nova" }
+
+
+
+#- { section: "DEFAULT", option: "rabbit_host", value: "{{ hostvars[groups['config'][0]]['contrail_address'] }}" }
+#- { section: "DEFAULT", option: "glance_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" }
+#- { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_address'] }}:35357/v2.0/" }
+#- { section: "DEFAULT", option: "neutron_url", value: "http://{{ hostvars[groups['config'][0]]['contrail_address'] }}:9696/" }
+#- { section: "DEFAULT", option: "novncproxy_base_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_mgmt_address'] }}:5999/vnc_auto.html" }
+#- { section: "database", option: "connection", value: "mysql://nova:nova@{{ hostvars[groups['openstack'][0]]['contrail_address'] }}/nova?charset=utf8" }
+#- { section: "keystone_authtoken", option: "auth_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" }
+
+
+
+- name: "change database address if same node as first openstack node"
+ ini_file:
+ dest: "/etc/nova/nova.conf"
+ section: "database"
+ option: "connection"
+ value: "mysql://nova:nova@127.0.0.1/nova?charset=utf8"
+ when: groups['openstack'][0] == inventory_hostname
+
+- name: "add respawn to nova compute config"
+ lineinfile:
+ dest: "/etc/init/nova-compute.conf"
+ line: "respawn"
+ insertbefore: "pre-start script"
+
+- name: "add respawn limit to nova compute config"
+ lineinfile:
+ dest: "/etc/init/nova-compute.conf"
+ line: "respawn limit 10 90"
+ insertafter: "respawn"
+
+- name: "restart nova compute"
+ service:
+ name: "nova-compute"
+ state: "restarted"
+
+- name: "delete nova sqlite database"
+ file:
+ dest: "/var/lib/nova/nova.sqlite"
+ state: "absent"
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml b/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml
new file mode 100755
index 0000000..91517b3
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml
@@ -0,0 +1,86 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: config
+# sudo: yes
+# tasks:
+
+#- name: "recover rabbitmq-server service script"
+# shell: cp /home/rabbitmq-server /etc/init.d/rabbitmq-server
+
+#- name: "restart rabbitmq-server"
+# service:
+# name: "rabbitmq-server"
+# state: "restarted"
+
+#- name: "wait rabbitmq-server start"
+# shell: sleep 5
+
+- name: "restart contrail-discovery"
+ service:
+ name: "contrail-discovery"
+ state: "restarted"
+
+- name: "wait contrail-discovery"
+ shell: sleep 5
+
+- name: "restart contrail-api"
+ service:
+ name: "contrail-api"
+ state: "restarted"
+
+- name: "check contrail-api"
+ shell: lsof -ni :8082 ; while [ $? -ne 0 ]; do sleep 10; lsof -ni :8082; done; sleep 20;
+
+- name: "wait contrail-api"
+ shell: sleep 20
+
+- name: "provision config node"
+ shell: "python /opt/contrail/utils/provision_config_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+# when: inventory_hostname in groups['opencontrail_config']
+
+#- hosts: database
+# sudo: yes
+# tasks:
+- name: "provision database node"
+ shell: "python /opt/contrail/utils/provision_database_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+# when: inventory_hostname in groups['opencontrail_database']
+
+
+#- hosts: collector
+# sudo: yes
+# tasks:
+- name: "provision collector node"
+ shell: "python /opt/contrail/utils/provision_analytics_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+# when: inventory_hostname in groups['opencontrail_collector']
+
+#- hosts: control
+# sudo: yes
+# tasks:
+- name: "provision control node"
+ shell: "python /opt/contrail/utils/provision_control.py --api_server_ip {{ contrail_haproxy_address }} --api_server_port 8082 --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_asn {{ contrail_router_asn }}"
+# when: inventory_hostname in groups['opencontrail_control']
+
+#- hosts: config
+# sudo: yes
+# tasks:
+- name: "provision metadata services"
+ shell: "python /opt/contrail/utils/provision_linklocal.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --ipfabric_service_ip 10.84.50.1 --ipfabric_service_port 8775 --linklocal_service_name metadata --linklocal_service_ip 169.254.169.254 --linklocal_service_port 80"
+ run_once: yes
+# when: inventory_hostname in groups['opencontrail_config']
+
+
+#- hosts: config
+# sudo: yes
+# tasks:
+- name: "provision encap"
+ shell: "python /opt/contrail/utils/provision_encap.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --oper add --encap_priority MPLSoUDP,MPLSoGRE,VXLAN"
+ run_once: yes
+# when: inventory_hostname in groups['opencontrail_config']
+
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-collector.yml b/ansible/roles/open-contrail/tasks/provision/provision-collector.yml
new file mode 100755
index 0000000..b09f83a
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-collector.yml
@@ -0,0 +1,106 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: collector
+# sudo: yes
+# tasks:
+
+- name: "enable supervisor analytics"
+ file:
+ path: "/etc/init/supervisor-analytics.override"
+ state: "absent"
+
+
+- name: "redis-setup"
+ include: -redis-setup.yml
+
+
+- name: "node-common"
+ include: -node-common.yml
+
+
+- name: "fix up contrail collector config"
+ template:
+ src: "../../templates/provision/contrail-collector-conf.j2"
+ dest: "/etc/contrail/contrail-collector.conf"
+
+
+- name: "fix up contrail query engine config"
+ template:
+ src: "../../templates/provision/contrail-query-engine-conf.j2"
+ dest: "/etc/contrail/contrail-query-engine.conf"
+
+
+- name: "fix up contrail analytics api config"
+ template:
+ src: "../../templates/provision/contrail-analytics-api-conf.j2"
+ dest: "/etc/contrail/contrail-analytics-api.conf"
+
+
+- name: "modify contrail analytics nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-analytics-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+
+- name: "fix up contrail keystone auth config"
+ template:
+ src: "../../templates/provision/contrail-keystone-auth-conf.j2"
+ dest: "/etc/contrail/contrail-keystone-auth.conf"
+ force: no
+
+
+- name: "delete contrail alarm gen supervisord config file"
+ file:
+ dest: "/etc/contrail/supervisord_analytics_files/contrail-alarm-gen.ini"
+ state: "absent"
+
+
+- name: "modify contrail snmp collector config file"
+ ini_file:
+ dest: "/etc/contrail/contrail-snmp-collector.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+ - { section: "DEFAULTS", option: "zookeeper", value: "{{ contrail_address }}:2181" }
+ - { section: "DISCOVERY", option: "disc_server_ip", value: "{{ contrail_haproxy_address }}" }
+ - { section: "DISCOVERY", option: "disc_server_port", value: "5998" }
+
+
+- name: "modify contrail snmp collector ini file"
+ ini_file:
+ dest: "/etc/contrail/supervisord_analytics_files/contrail-snmp-collector.ini"
+ section: "program:contrail-snmp-collector"
+ option: "command"
+ value: "/usr/bin/contrail-snmp-collector --conf_file /etc/contrail/contrail-snmp-collector.conf --conf_file /etc/contrail/contrail-keystone-auth.conf"
+
+
+- name: "modify contrail topology config file"
+ ini_file:
+ dest: "/etc/contrail/contrail-topology.conf"
+ section: "DEFAULTS"
+ option: "zookeeper"
+ value: "{{ contrail_address }}"
+
+
+- name: "modify contrail topology ini file"
+ ini_file:
+ dest: "/etc/contrail/supervisord_analytics_files/contrail-topology.ini"
+ section: "program:contrail-topology"
+ option: "command"
+ value: "/usr/bin/contrail-topology --conf_file /etc/contrail/contrail-topology.conf"
+
+
+- name: "restart supervisor analytics"
+ service:
+ name: "supervisor-analytics"
+ state: "restarted"
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-compute.yml b/ansible/roles/open-contrail/tasks/provision/provision-compute.yml
new file mode 100755
index 0000000..d9258ef
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-compute.yml
@@ -0,0 +1,262 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: compute
+# sudo: yes
+# tasks:
+- name: "enable supervisor vrouter"
+ file:
+ path: "/etc/init/supervisor-vrouter.override"
+ state: "absent"
+
+- include: -node-common.yml
+
+- name: "check cgroup device acl in qemu conf"
+ shell: "grep -q '^\\s*cgroup_device_acl' /etc/libvirt/qemu.conf"
+ register: deviceacl
+ ignore_errors: yes
+ changed_when: no
+
+- name: "create cgroup device acl for qemu conf"
+ template:
+ src: "../../templates/provision/qemu-device-acl-conf.j2"
+ dest: "/tmp/qemu-device-acl.conf"
+ when: deviceacl | failed
+
+- name: "combination of the qemu configuration"
+ shell: "cat /tmp/qemu-device-acl.conf >> /etc/libvirt/qemu.conf"
+ when: deviceacl | failed
+
+- name: "delete temporary configuration file"
+ file:
+ dest: "/tmp/qemu-device-acl.conf"
+ state: "absent"
+ when: deviceacl | failed
+
+- name: "fix up vrouter nodemgr param"
+ template:
+ src: "../../templates/provision/vrouter-nodemgr-param.j2"
+ dest: "/etc/contrail/vrouter_nodemgr_param"
+
+- name: "set contrail device name for ansible"
+ set_fact:
+ contrail_ansible_device: "ansible_{{ contrail_vhost_device }}"
+
+- name: "fix up default pmac"
+ template:
+ src: "../../templates/provision/default-pmac.j2"
+ dest: "/etc/contrail/default_pmac"
+
+- name: "copy agent param config from template"
+ shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param"
+
+- name: "modify agent param config"
+ lineinfile:
+ dest: "/etc/contrail/agent_param"
+ regexp: "dev=__DEVICE__"
+ line: "dev={{ contrail_vhost_device }}"
+
+#- name: "get last ip address"
+# shell: expr substr `cat /etc/hostname` 5 1
+# register: lastip
+
+- name: "fix up contrail vrouter agent config"
+ template:
+ src: "../../templates/provision/contrail-vrouter-agent-conf.j2"
+ dest: "/etc/contrail/contrail-vrouter-agent.conf"
+
+- name: "delete lines for contrail interface"
+ shell: "{{ item }}"
+ with_items:
+ - "sed -e '/auto {{ contrail_vhost_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+ - "sed -n -e '/auto {{ contrail_vhost_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+ - "sed -i -e '/auto {{ contrail_vhost_device }}/d' /tmp/contrail-interfaces-bottom"
+ - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+ - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "delete lines for vrouter interface"
+ shell: "{{ item }}"
+ with_items:
+ - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+ - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+ - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom"
+ - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+ - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+#- name: get last ip address
+# shell: expr substr `cat /etc/hostname` 5 1
+# register: lastip
+
+- name: "configure interface"
+ lineinfile:
+ dest: "/etc/network/interfaces"
+ line: "{{ item }}"
+ state: "present"
+ with_items:
+ - "auto {{ contrail_vhost_device }}"
+ - "iface {{ contrail_vhost_device }} inet manual"
+ - "\tpre-up ifconfig {{ contrail_vhost_device }} up"
+ - "\tpost-down ifconfig {{ contrail_vhost_device }} down"
+ - "auto vhost0"
+ - "iface vhost0 inet static"
+ - "\tpre-up /opt/contrail/bin/if-vhost0"
+ - "\tnetwork_name application"
+ - "\taddress {{ contrail_vhost_address }}"
+ - "\tnetmask {{ contrail_vhost_netmask }}"
+
+##################################################################################
+
+- name: "copy vrouter script to compute"
+ template:
+ src: "../../templates/vrouter-functions.sh"
+ dest: "/opt/contrail/bin/vrouter-functions.sh"
+
+- name: "load vrouter driver"
+ command: su -s /bin/sh -c "insmod /var/lib/dkms/vrouter/2.21/build/vrouter.ko"
+ ignore_errors: true
+
+- name: "run vhost0 script"
+ command: su -s /bin/sh -c "/opt/contrail/bin/if-vhost0"
+ ignore_errors: true
+
+##################################################################################
+
+- name: "delete temporary files"
+ file:
+ dest: "{{ item }}"
+ state: "absent"
+ with_items:
+ - "/tmp/contrail-interfaces-top"
+ - "/tmp/contrail-interfaces-bottom"
+
+##################################################################################
+
+- name: "fix up contrail vrouter nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-vrouter-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+
+##################################################################################
+########################### restart vrouter services ###########################
+
+- name: "restart supervisor service"
+ service:
+ name: "supervisor"
+ state: "restarted"
+
+- name: "restart vrouter nodemgr"
+ shell: ps aux | grep contrail-nodemgr | grep -v grep | awk '{print $2}' | xargs kill -9;
+
+- name: "restart vrouter agent"
+ service:
+ name: "contrail-vrouter-agent"
+ state: "restarted"
+
+
+##################################################################################
+
+
+- name: "restart libvirt bin"
+ service:
+ name: "libvirt-bin"
+ state: "restarted"
+
+#- name: "set value of nova to nova config"
+# template:
+# src: "provision/nova.j2"
+# dest: "/etc/nova/nova.conf"
+# when: install_nova
+
+#- name: "delete values from nova config"
+# ini_file:
+# dest: "/etc/nova/nova.conf"
+# section: "{{ item.section }}"
+# option: "{{ item.option }}"
+# with_items:
+# - { section: "DEFAULT", option: "quantum_auth_strategy" }
+# - { section: "DEFAULT", option: "quantum_admin_auth_url" }
+# - { section: "DEFAULT", option: "quantum_admin_tenant_name" }
+# - { section: "DEFAULT", option: "quantum_admin_username" }
+# - { section: "DEFAULT", option: "quantum_admin_password" }
+# - { section: "DEFAULT", option: "quantum_url" }
+
+#- name: "set values of neutron to nova config"
+# ini_file:
+# dest: "/etc/nova/nova.conf"
+# section: "{{ item.section }}"
+# option: "{{ item.option }}"
+# value: "{{ item.value }}"
+# state: "present"
+# with_items:
+# - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ contrail_keystone_address }}:5000/v2.0" }
+# - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" }
+# - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" }
+# - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" }
+# - { section: "DEFAULT", option: "neutron_url", value: "http://{{ contrail_haproxy_address }}:9696/" }
+# - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" }
+# - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" }
+# - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" }
+
+- name: "set values to nova config"
+ ini_file:
+ dest: "/etc/nova/nova.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+ - { section: "DEFAULT", option: "network_api_class", value: "nova_contrail_vif.contrailvif.ContrailNetworkAPI" }
+
+
+
+#######################################################################
+###################### nova plugin workaround #######################
+#######################################################################
+
+- name: "copy nova plugs on compute"
+ copy:
+ src: "../../templates/nova_contrail_vif.tar.gz"
+ dest: "/opt/nova_contrail_vif.tar.gz"
+
+- name: "unzip nova plugs"
+ command: su -s /bin/sh -c "tar xzf /opt/nova_contrail_vif.tar.gz -C /opt/"
+
+- name: "remove original nova plugs"
+ shell: rm -rf /usr/lib/python2.7/dist-packages/nova_contrail_vif/
+
+- name: "use new nova plugs"
+ shell: mv /opt/nova_contrail_vif/ /usr/lib/python2.7/dist-packages/nova_contrail_vif/
+
+#################################################
+
+- name: "restart nova compute"
+ service:
+ name: "nova-compute"
+ state: "restarted"
+
+- name: "add vrouter to contrail"
+ shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+
+#- name: "reboot Server"
+# shell: "shutdown -r now"
+# async: 0
+# poll: 0
+# ignore_errors: true
+# notify: Wait for server to come back
+#
+#handlers:
+#- name: "Wait for server to come back"
+# local_action:
+# module: wait_for
+# host={{ inventory_hostname }}
+# port=22
+# delay=30
+# timeout=600
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-config.yml b/ansible/roles/open-contrail/tasks/provision/provision-config.yml
new file mode 100755
index 0000000..3214247
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-config.yml
@@ -0,0 +1,343 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: config
+# sudo: yes
+# tasks:
+- name: "enable supervisor config"
+ file:
+ path: "/etc/init/supervisor-config.override"
+ state: "absent"
+
+- name: "enable neutron server"
+ file:
+ path: "/etc/init/neutron-server.override"
+ state: "absent"
+
+# Compass is using this
+#- name: "enable haproxy"
+# replace:
+# dest: "/etc/default/haproxy"
+# regexp: "^ENABLED\\s*=.*$"
+# replace: "ENABLED=1"
+
+# Compass is using this
+#- name: "modify haproxy global configuration"
+# lineinfile:
+# dest: "/etc/haproxy/haproxy.cfg"
+# regexp: "{{ item.regexp }}"
+# line: "{{ item.line }}"
+# insertafter: "^global"
+# with_items:
+# - { regexp: "^\\s*tune.bufsize", line: "\ttune.bufsize 16384" }
+# - { regexp: "^\\s*tune.maxrewrite", line: "\ttune.maxrewrite 1024" }
+
+#chenshuai, add later
+#- name: "delete haproxy configuration for contrail"
+# shell: "sed -i -e '/^#contrail-marker-start/,/^#contrail-marker-end/d' /etc/haproxy/haproxy.cfg"
+
+#chenshuai, add later
+#- name: "create haproxy configuration for contrail"
+# template:
+# src: "provision/haproxy-contrail-cfg.j2"
+# src: "../../templates/provision/haproxy-contrail-cfg.j2"
+# dest: "/tmp/haproxy-contrail.cfg"
+
+#chenshuai, add later
+#- name: "combination of the haproxy configuration"
+# shell: "cat /tmp/haproxy-contrail.cfg >> /etc/haproxy/haproxy.cfg"
+
+#chenshuai, add later
+#- name: "delete temporary configuration file"
+# file:
+# dest: "/tmp/haproxy-contrail.cfg"
+# state: "absent"
+
+#chenshuai, add later
+#- name: "restart haproxy"
+# service:
+# name: "haproxy"
+# state: "restarted"
+
+# Compass is using this
+#- name: "create keepalived configuration"
+# template:
+# src: "../../templates/provision/keepalived-conf.j2"
+# dest: "/etc/keepalived/keepalived.conf"
+# with_indexed_items: groups['opencontrail_config']
+# when: contrail_keepalived and item.1 == inventory_hostname
+
+#- name: "restart keepalived"
+# service:
+# name: "keepalived"
+# state: "restarted"
+# when: contrail_keepalived
+
+- name: "node-common"
+ include: -node-common.yml
+
+- name: "fix up contrail keystone auth config"
+ template:
+ src: "../../templates/provision/contrail-keystone-auth-conf.j2"
+ dest: "/etc/contrail/contrail-keystone-auth.conf"
+
+- name: "fix up ifmap server log4j properties"
+ template:
+ src: "../../templates/provision/ifmap-log4j-properties.j2"
+ dest: "/etc/ifmap-server/log4j.properties"
+
+- name: "fix up ifmap server authorization properties"
+ template:
+ src: "../../templates/provision/ifmap-authorization-properties.j2"
+ dest: "/etc/ifmap-server/authorization.properties"
+
+- name: "fix up ifmap server basicauthusers properties"
+ template:
+ src: "../../templates/provision/ifmap-basicauthusers-properties.j2"
+ dest: "/etc/ifmap-server/basicauthusers.properties"
+
+- name: "fix up ifmap server publisher properties"
+ template:
+ src: "../../templates/provision/ifmap-publisher-properties.j2"
+ dest: "/etc/ifmap-server/publisher.properties"
+
+- name: "fix up contrail api config"
+ template:
+ src: "../../templates/provision/contrail-api-conf.j2"
+ dest: "/etc/contrail/contrail-api.conf"
+
+- name: "fix up contrail api supervisord config"
+ template:
+ src: "../../templates/provision/contrail-api-supervisord-conf.j2"
+ dest: "/etc/contrail/supervisord_config_files/contrail-api.ini"
+
+- name: "modify contrail api init script"
+ lineinfile:
+ dest: "/etc/init.d/contrail-api"
+ regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock"
+ line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`"
+
+- name: "fix up contrail schema config"
+ template:
+ src: "../../templates/provision/contrail-schema-conf.j2"
+ dest: "/etc/contrail/contrail-schema.conf"
+
+- name: "fix up contrail device manager config"
+ template:
+ src: "../../templates/provision/contrail-device-manager-conf.j2"
+ dest: "/etc/contrail/contrail-device-manager.conf"
+
+- name: "fix up contrail svc monitor config"
+ template:
+ src: "../../templates/provision/contrail-svc-monitor-conf.j2"
+ dest: "/etc/contrail/contrail-svc-monitor.conf"
+
+- name: "fix up contrail discovery supervisord config"
+ template:
+ src: "../../templates/provision/contrail-discovery-supervisord-conf.j2"
+ dest: "/etc/contrail/supervisord_config_files/contrail-discovery.ini"
+
+- name: "fix up contrail discovery config"
+ template:
+ src: "../../templates/provision/contrail-discovery-conf.j2"
+ dest: "/etc/contrail/contrail-discovery.conf"
+
+- name: "modify contrail discovery init script"
+ lineinfile:
+ dest: "/etc/init.d/contrail-discovery"
+ regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock"
+ line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`"
+
+- name: "fix up contrail vnc api library config"
+ template:
+ src: "../../templates/provision/contrail-vnc-api-lib-ini.j2"
+ dest: "/etc/contrail/vnc_api_lib.ini"
+
+- name: "fix up contrail config nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-config-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+- name: "fix up contrail sudoers"
+ template:
+ src: "../../templates/provision/contrail-sudoers.j2"
+ dest: "/etc/sudoers.d/contrail_sudoers"
+ mode: 0440
+
+- name: "create directory for neutron plugins"
+ file:
+ dest: "/etc/neutron/plugins/opencontrail"
+ state: "directory"
+
+- name: "fix up contrail plugin for nuetron"
+ template:
+ src: "../../templates/provision/neutron-contrail-plugin-ini.j2"
+ dest: "/etc/neutron/plugins/opencontrail/ContrailPlugin.ini"
+
+- name: "modify neutron server configuration"
+ lineinfile:
+ dest: "/etc/default/neutron-server"
+ regexp: "NEUTRON_PLUGIN_CONFIG="
+ line: "NEUTRON_PLUGIN_CONFIG=\"/etc/neutron/plugins/opencontrail/ContrailPlugin.ini\""
+
+#- name: "change owner neutron log directory"
+# file:
+# dest: "/var/log/neutron"
+# state: "directory"
+# owner: "neutron"
+# group: "neutron"
+# recurse: yes
+
+- name: "set values to neutron config"
+ ini_file:
+ dest: "/etc/neutron/neutron.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+# - { section: "DEFAULT", option: "bind_port", value: "9697" }
+# - { section: "DEFAULT", option: "auth_strategy", value: "keystone" }
+# - { section: "DEFAULT", option: "allow_overlapping_ips", value: "True" }
+ - { section: "DEFAULT", option: "core_plugin", value: "neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2" }
+ - { section: "DEFAULT", option: "api_extensions_path", value: "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions" }
+# - { section: "DEFAULT", option: "rabbit_host", value: "{{ contrail_haproxy_address }}" }
+# - { section: "DEFAULT", option: "rabbit_port", value: "5673" }
+# - { section: "DEFAULT", option: "service_plugins", value: "neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin" }
+ - { section: "DEFAULT", option: "service_plugins", value: " " }
+ - { section: "DEFAULT", option: "notify_nova_on_port_data_changes", value: "False" }
+ - { section: "service_providers", option: "service_provider", value: "LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default" }
+ - { section: "quotas", option: "quota_driver", value: "neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver" }
+# - { section: "quotas", option: "quota_network", value: "-1" }
+# - { section: "quotas", option: "quota_subnet", value: "-1" }
+# - { section: "quotas", option: "quota_port", value: "-1" }
+# - { section: "keystone_authtoken", option: "admin_tenant_name", value: "admin" }
+# - { section: "keystone_authtoken", option: "admin_user", value: "{{ contrail_admin_user }}" }
+# - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" }
+# - { section: "keystone_authtoken", option: "auth_host", value: "{{ contrail_keystone_address }}" }
+# - { section: "keystone_authtoken", option: "auth_protocol", value: "http" }
+
+#- name: "add respawn to neutron server config"
+# lineinfile:
+# dest: "/etc/init/neutron-server.conf"
+# line: "respawn"
+# insertbefore: "pre-start script"
+
+#- name: "add respawn limit to neutron server config"
+# lineinfile:
+# dest: "/etc/init/neutron-server.conf"
+# line: "respawn limit 10 90"
+# insertafter: "respawn"
+
+- name: "restart supervisor config"
+ service:
+ name: "supervisor-config"
+ state: "restarted"
+
+
+
+###########################################################
+############# neutron plugins workaround ##################
+###########################################################
+
+- name: "copy neutron plugs on controller"
+ copy:
+ src: "../../templates/neutron_plugin_contrail.tar.gz"
+ dest: "/opt/neutron_plugin_contrail.tar.gz"
+
+- name: "unzip neutron plugs"
+ command: su -s /bin/sh -c "tar xzf /opt/neutron_plugin_contrail.tar.gz -C /opt/"
+
+- name: "remove original neutron plugs"
+ shell: rm -rf /usr/lib/python2.7/dist-packages/neutron_plugin_contrail/
+
+- name: "use new neutron plugs"
+ shell: mv /opt/neutron_plugin_contrail/ /usr/lib/python2.7/dist-packages/neutron_plugin_contrail/
+
+###########################################################
+
+
+
+- name: "restart neutron-server"
+ service:
+ name: "neutron-server"
+ state: "restarted"
+
+# Compass configured
+#- name: "add neutron service"
+# shell: "keystone service-get 'neutron' || keystone service-create --name 'neutron' --type 'network' --description 'Neutron Network Service'"
+# environment:
+# OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0"
+# OS_USERNAME: "{{ contrail_admin_user }}"
+# OS_PASSWORD: "{{ contrail_admin_password }}"
+# OS_TENANT_NAME: "admin"
+# run_once: yes
+# when: keystone_provision
+#
+#
+# Compass configured
+#- name: "add neutron endpoint"
+# shell: "keystone endpoint-list | grep -q $(keystone service-get 'neutron' | grep '| *id *|' | awk '{print $4}') || keystone endpoint-create --region 'RegionOne' --service 'neutron' --publicurl 'http://{{ contrail_haproxy_address }}:9696' --internal 'http://{{ contrail_haproxy_address }}:9696' --adminurl 'http://{{ contrail_haproxy_address }}:9696'"
+# environment:
+# OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0"
+# OS_USERNAME: "{{ contrail_admin_user }}"
+# OS_PASSWORD: "{{ contrail_admin_password }}"
+# OS_TENANT_NAME: "admin"
+# run_once: yes
+# when: keystone_provision
+#
+#- name: "add neutron user"
+# keystone_user:
+# user: "neutron"
+# password: "{{ contrail_admin_password }}"
+# email: "neutron@example.com"
+# tenant: "service"
+# endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0"
+# login_user: "{{ contrail_admin_user }}"
+# login_password: "{{ contrail_admin_password }}"
+# login_tenant_name: "admin"
+# run_once: yes
+# when: keystone_provision
+#
+#- name: "apply role to user"
+# keystone_user:
+# tenant: "service"
+# user: "neutron"
+# role: "admin"
+# endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0"
+# login_user: "{{ contrail_admin_user }}"
+# login_password: "{{ contrail_admin_password }}"
+# login_tenant_name: "admin"
+# run_once: yes
+# when: keystone_provision
+
+
+
+#- name: "set values to nova config"
+# ini_file:
+# dest: "/etc/nova/nova.conf"
+# section: "{{ item.section }}"
+# option: "{{ item.option }}"
+# value: "{{ item.value }}"
+# with_items:
+# - { section: "DEFAULT", option: "network_api_class", value: "nova_contrail_vif.contrailvif.ContrailNetworkAPI" }
+
+
+#- name: "restart nova-server"
+# service:
+# name: "{{ item }}"
+# state: "restarted"
+# with_items:
+# - nova-api
+# - nova-cert
+# - nova-conductor
+# - nova-consoleauth
+# - nova-novncproxy
+# - nova-scheduler
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-control.yml b/ansible/roles/open-contrail/tasks/provision/provision-control.yml
new file mode 100755
index 0000000..e719a46
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-control.yml
@@ -0,0 +1,69 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: control
+# sudo: yes
+# tasks:
+- name: "enable supervisor control"
+ file:
+ path: "/etc/init/supervisor-control.override"
+ state: "absent"
+
+- name: "enable supervisor dns"
+ file:
+ path: "/etc/init/supervisor-dns.override"
+ state: "absent"
+
+- name: "modify ifmap server basicauthusers properties for control"
+ lineinfile:
+ dest: "/etc/ifmap-server/basicauthusers.properties"
+# line: "{{ hostvars[item]['contrail_address' ] }}:{{ hostvars[item]['contrail_address' ] }}"
+ line: "{{ ip_settings[item]['br-prv']['ip'] }}:{{ ip_settings[item]['br-prv']['ip'] }}"
+ with_items: groups['opencontrail']
+
+- name: "modify ifmap server basicauthusers properties for dns"
+ lineinfile:
+ dest: "/etc/ifmap-server/basicauthusers.properties"
+# line: "{{ hostvars[item]['contrail_address' ] }}.dns:{{ hostvars[item]['contrail_address' ] }}.dns"
+ line: "{{ ip_settings[item]['br-prv']['ip'] }}.dns:{{ ip_settings[item]['br-prv']['ip'] }}.dns"
+ with_items: groups['opencontrail']
+
+- name: "node-common"
+ include: -node-common.yml
+
+- name: "fix up contrail control config"
+ template:
+ src: "../../templates/provision/contrail-control-conf.j2"
+ dest: "/etc/contrail/contrail-control.conf"
+
+- name: "fix up contrail dns config"
+ template:
+ src: "../../templates/provision/contrail-dns-conf.j2"
+ dest: "/etc/contrail/contrail-dns.conf"
+
+- name: "fix up contrail control nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-control-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+- name: "modify dns configuration"
+ replace:
+ dest: "/etc/contrail/dns/{{ item }}"
+ regexp: "secret \"secret123\""
+ replace: "secret \"xvysmOR8lnUQRBcunkC6vg==\""
+ with_items:
+ - "contrail-rndc.conf"
+ - "contrail-named.conf"
+
+- name: "restart supervisor control"
+ service:
+ name: "supervisor-control"
+ state: "restarted"
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-database.yml b/ansible/roles/open-contrail/tasks/provision/provision-database.yml
new file mode 100755
index 0000000..9c99270
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-database.yml
@@ -0,0 +1,209 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: database
+# sudo: yes
+# tasks:
+
+
+- name: "enable supervisor database"
+# sudo: True
+ file:
+ path: "/etc/init/supervisor-database.override"
+ state: "absent"
+
+
+- name: "-node-common"
+# sudo: True
+ include: -node-common.yml
+
+
+- name: "update hosts"
+# sudo: True
+ lineinfile:
+ dest: "/etc/hosts"
+# regexp: "^{{ contrail_address }}\t{{ ansible_hostname }}( .*)?$"
+# line: "{{ contrail_address }}\t{{ ansible_hostname }}\\1"
+ regexp: "^{{ contrail_address }}\t{{ inventory_hostname }}( .*)?$"
+ line: "{{ contrail_address }}\t{{ inventory_hostname }}\\1"
+ backrefs: yes
+
+
+- name: "make directory for contrail analytics"
+# sudo: True
+ file:
+ path: "/var/lib/cassandra/data/ContrailAnalytics"
+ state: "directory"
+
+
+- name: "modify cassandra conf"
+# sudo: True
+ lineinfile:
+ dest: "/etc/cassandra/cassandra.yaml"
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ with_items:
+ - { regexp: "^(#(\\s*)?)?listen_address:", line: "listen_address: {{ contrail_address }}"}
+ - { regexp: "^(#(\\s*)?)?cluster_name:", line: "cluster_name: \"Contrail\"" }
+ - { regexp: "^(#(\\s*)?)?rpc_address:", line: "rpc_address: {{ contrail_address }}" }
+ - { regexp: "^(#(\\s*)?)?num_tokens:", line: "num_tokens: 256" }
+ - { regexp: "^(#(\\s*)?)?initial_token:", line: "# initial_token:" }
+
+
+
+- name: "set first database host seed"
+# sudo: True
+ set_fact:
+# dbseeds: "{{ hostvars[item.1][ contrail_address ] }}"
+ dbseeds: "{{ ip_settings[item.1]['br-prv']['ip'] }}"
+ with_indexed_items: groups['opencontrail']
+ when: item.0 == 0
+
+
+
+
+
+- name: "set second database host seed"
+# sudo: True
+ set_fact:
+# dbseeds: "{{ dbseeds }},{{ hostvars[item.1]['contrail_address'] }}"
+ dbseeds: "{{ dbseeds }},{{ ip_settings[item.1]['br-prv']['ip'] }}"
+ with_indexed_items: groups['opencontrail']
+ when: item.0 == 1
+
+
+- name: "modify seeds list in cassandra conf"
+# sudo: True
+ replace:
+ dest: "/etc/cassandra/cassandra.yaml"
+ regexp: "- seeds:.*$"
+ replace: "- seeds: {{ dbseeds }}"
+
+
+- name: "modify cassandra env"
+# sudo: True
+ replace:
+ dest: "/etc/cassandra/cassandra-env.sh"
+ regexp: "{{ item.regexp }}"
+ replace: "{{ item.replace }}"
+ with_items:
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDetails\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDetails\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xss\\d+k\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xss512k\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDateStamps\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDateStamps\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintHeapAtGC\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintHeapAtGC\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintTenuringDistribution\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintTenuringDistribution\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCApplicationStoppedTime\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCApplicationStoppedTime\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintPromotionFailure\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintPromotionFailure\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:PrintFLSStatistics=1\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:PrintFLSStatistics=1\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date \\+%s`\\.log\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date +%s`.log\"" }
+
+
+- name: "modify zookeeper conf"
+# sudo: True
+ lineinfile:
+ dest: "/etc/zookeeper/conf/zoo.cfg"
+ line: "{{ item }}"
+ with_items:
+ - "maxSessionTimeout=120000"
+ - "autopurge.purgeInterval=3"
+
+
+- name: "modify zookeeper log4j properties"
+# sudo: True
+ lineinfile:
+ dest: "/etc/zookeeper/conf/log4j.properties"
+ regexp: "(log4j.appender.ROLLINGFILE.MaxBackupIndex=.*)$"
+ line: "\\1"
+ backrefs: yes
+
+
+- name: "add server addresses to zookeeper config"
+# sudo: True
+ lineinfile:
+ dest: "/etc/zookeeper/conf/zoo.cfg"
+ regexp: "server.{{ item.0 + 1 }}="
+# line: "server.{{ item.0 + 1 }}={{ hostvars[item.1]['contrail_address'] }}:2888:3888"
+ line: "server.{{ item.0 + 1 }}={{ ip_settings[item.1]['br-prv']['ip'] }}:2888:3888"
+ with_indexed_items: groups['opencontrail']
+
+
+- name: "set zookeeper unique id"
+# sudo: True
+ template:
+ src: "../../templates/provision/zookeeper-unique-id.j2"
+ dest: "/var/lib/zookeeper/myid"
+ with_indexed_items: groups['opencontrail']
+ when: item.1 == inventory_hostname
+
+
+- name: "remove kafka ini file"
+# sudo: True
+ file:
+ path: "/etc/contrail/supervisord_database_files/kafka.ini"
+ state: "absent"
+
+
+- name: "set first zookeeper host address"
+# sudo: True
+ set_fact:
+# zkaddrs: "{{ hostvars[item.1]['contrail_address'] }}:2181"
+ zkaddrs: "{{ ip_settings[item.1]['br-prv']['ip'] }}:2181"
+ with_indexed_items: groups['opencontrail']
+ when: item.0 == 0
+
+
+- name: "set second or more zookeeper host addresses"
+# sudo: True
+ set_fact:
+# zkaddrs: "{{ zkaddrs }},{{ hostvars[item.1]['contrail_address'] }}:2181"
+ zkaddrs: "{{ zkaddrs }},{{ ip_settings[item.1]['br-prv']['ip'] }}:2181"
+ with_indexed_items: groups['opencontrail']
+ when: item.0 > 0
+
+
+- name: "modify zookeeper host addresses in kafka properties"
+# sudo: True
+ lineinfile:
+ dest: "/usr/share/kafka/config/server.properties"
+ regexp: "zookeeper.connect="
+ line: "zookeeper.connect={{ zkaddrs }}"
+
+
+- name: "modify kafka properties"
+# sudo: True
+ lineinfile:
+ dest: "/usr/share/kafka/config/server.properties"
+ regexp: "default.replication.factor="
+ line: "default.replication.factor=2"
+
+
+- name: "fix up contrail database nodemgr config"
+# sudo: True
+ ini_file:
+ dest: "/etc/contrail/contrail-database-nodemgr.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+ - { section: "DEFAULT", option: "hostip", value: "{{ contrail_address }}" }
+ - { section: "DISCOVERY", option: "server", value: "{{ contrail_haproxy_address }}" }
+
+
+- name: "restart zookeeper"
+# sudo: True
+ service:
+ name: "zookeeper"
+ state: "restarted"
+
+
+- name: "restart supervisor database"
+# sudo: True
+ service:
+ name: "supervisor-database"
+ state: "restarted"
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml b/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml
new file mode 100755
index 0000000..89a4966
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml
@@ -0,0 +1,60 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: [database, config, control, collector]
+# sudo: yes
+# tasks:
+- name: "delete line"
+# sudo: True
+ lineinfile:
+ dest: "/etc/limits.conf"
+ regexp: "^root\\s*soft\\s*nproc\\s*.*"
+ state: "absent"
+
+- name: "check EOF"
+# sudo: True
+ lineinfile:
+ dest: "/etc/security/limits.conf"
+ regexp: "^# End of file"
+ line: "# End of file"
+
+- name: "add lines"
+# sudo: True
+ lineinfile:
+ dest: "/etc/security/limits.conf"
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ insertbefore: "^# End of file"
+ with_items:
+ - { regexp: "^root\\s*hard\\s*nofile\\s*.*", line: "root hard nofile 65535" }
+ - { regexp: "^root\\s*soft\\s*nofile\\s*.*", line: "root soft nofile 65535" }
+ - { regexp: "^\\*\\s*hard\\s*nofile\\s*.*", line: "* hard nofile 65535" }
+ - { regexp: "^\\*\\s*soft\\s*nofile\\s*.*", line: "* soft nofile 65535" }
+ - { regexp: "^\\*\\s*hard\\s*nproc\\s*.*", line: "* hard nproc 65535" }
+ - { regexp: "^\\*\\s*soft\\s*nproc\\s*.*", line: "* soft nproc 65535" }
+
+- name: change value of sysctl fs.file-max
+# sudo: True
+ sysctl:
+ name: "fs.file-max"
+ value: "65535"
+
+- name: "find supervisord conf files"
+# sudo: True
+ shell: "find /etc/contrail -name supervisor*.conf -type f"
+ register: supervisordconfs
+ changed_when: no
+
+- name: "modify supervisord conf"
+# sudo: True
+ replace:
+ dest: "{{ item }}"
+ regexp: "^minfds=\\d*"
+ replace: "minfds=10240"
+ with_items: supervisordconfs.stdout_lines
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml b/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml
new file mode 100644
index 0000000..d342659
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml
@@ -0,0 +1,87 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: config
+# sudo: yes
+# tasks:
+- name: turn off rabbitmq server on control node
+ shell: sed -i '/rabbitmq-server/d' /opt/service ;
+
+- name: "start supervisor support service"
+ service:
+ name: "supervisor-support-service"
+ state: "started"
+
+- name: "stop rabbitmq server via supervisor"
+ supervisorctl:
+ name: "rabbitmq-server"
+ state: "stopped"
+ server_url: "unix:///tmp/supervisord_support_service.sock"
+
+- include: -rabbitmq-stop.yml
+
+- name: "update hosts"
+ lineinfile:
+ dest: "/etc/hosts"
+ line: "{{ ip_settings[item]['br-prv']['ip'] }}\t{{ hostvars[item]['ansible_hostname'] }} {{ hostvars[item]['ansible_hostname'] }}-ctrl"
+ with_items: groups['opencontrail']
+
+- name: "fix up rabbitmq env"
+ template:
+ src: "../../templates/provision/rabbitmq-env-conf.j2"
+ dest: "/etc/rabbitmq/rabbitmq-env.conf"
+
+- name: "fix up rabbitmq config for single node"
+ template:
+ src: "../../templates/provision/rabbitmq-conf-single.j2"
+ dest: "/etc/rabbitmq/rabbitmq.config"
+ when: groups['opencontrail'][1] is not defined
+
+- name: fix up rabbitmq config for multi nodes
+ template:
+ src: "../../templates/provision/rabbitmq-conf.j2"
+ dest: "/etc/rabbitmq/rabbitmq.config"
+ when: groups['opencontrail'][1] is defined
+
+- include: -rabbitmq-stop.yml
+
+#- name: "create cookie uuid temporary"
+# local_action:
+# module: "template"
+# src: "templates/rabbitmq-cookie.j2"
+# dest: "/tmp/tmp-rabbitmq-cookie"
+# run_once: yes
+#
+#- name: "update cookie uuid"
+# copy:
+# src: "/tmp/tmp-rabbitmq-cookie"
+# dest: "/var/lib/rabbitmq/.erlang.cookie"
+# owner: "rabbitmq"
+# group: "rabbitmq"
+# mode: 0400
+#
+#- name: "delete temporary cookie uuid"
+# local_action:
+# module: "file"
+# dest: "/tmp/tmp-rabbitmq-cookie"
+# state: "absent"
+# run_once: yes
+
+- name: "start rabbitmq server"
+ service:
+ name: "rabbitmq-server"
+ state: "started"
+
+- name: add rabbitmq user
+ shell: >
+ rabbitmqctl add_user {{ RABBIT_USER }} {{ RABBIT_PASS }} ;
+ rabbitmqctl set_permissions {{ RABBIT_USER }} ".*" ".*" ".*" ;
+
+- name: "check rabbitmq server"
+ shell: netstat -lpen --tcp | grep beam | grep 5672; while [ $? -ne 0 ]; do sleep 10; netstat -lpen --tcp | grep beam | grep 5672; done
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-route.yml b/ansible/roles/open-contrail/tasks/provision/provision-route.yml
new file mode 100755
index 0000000..0168728
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-route.yml
@@ -0,0 +1,50 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: all
+# sudo: yes
+# tasks:
+- name: "delete existing route file"
+# sudo: True
+ file:
+ path: "/etc/network/if-up.d/routes"
+ state: absent
+ when: contrail_route
+
+- name: "create route file"
+# sudo: True
+ file:
+ path: "/etc/network/if-up.d/routes"
+ owner: "root"
+ mode: 0755
+ state: touch
+ when: contrail_route
+
+
+- name: "add template"
+# sudo: True
+ lineinfile:
+ dest: "/etc/network/if-up.d/routes"
+ line: "{{ item }}"
+ with_items:
+ - "#!/bin/bash"
+ - "[ \"$IFACE\" != {{ contrail_route[0].device }} ] && exit 0"
+ when: contrail_route
+
+
+- name: "add static route"
+# sudo: True
+ lineinfile:
+ dest: "/etc/network/if-up.d/routes"
+ line: "ip route add {{ item.ip }} via {{ item.gw }} dev {{ item.device }}"
+ state: "present"
+ with_items:
+ - "{{ contrail_route }}"
+ when: contrail_route
+
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml b/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml
new file mode 100755
index 0000000..3ae0bec
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml
@@ -0,0 +1,85 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: tsn
+# sudo: yes
+# tasks:
+- name: "create temporary directory for ssl files"
+ local_action:
+ module: "file"
+ dest: "/tmp/tmp-toragent-{{ item }}"
+ state: "directory"
+ with_items:
+ - "certs"
+ - "private"
+ run_once: yes
+
+- name: "create ssl files"
+ local_action: "shell openssl req -new -x509 -days 3650 -text -sha256 -newkey rsa:4096 -nodes -subj \"/C=US/ST=Global/O={{ item.1.vendor_name }}/CN={{ ansible_fqdn }}\" -keyout /tmp/tmp-toragent-private/tor.{{ item.0 }}.privkey.pem -out /tmp/tmp-toragent-certs/tor.{{ item.0 }}.cert.pem"
+ with_indexed_items: contrail_tor_agents
+ run_once: yes
+
+- name: "set tor agent list"
+ set_fact:
+ toragent_index: "{{ item.0 }}"
+ toragent_params: "{{ item.1 }}"
+ register: contrail_toragent_list
+ with_indexed_items: contrail_tor_agents
+ when: inventory_hostname in item.1.tsn_names
+
+- name: "fix up tor agent conf"
+ template:
+ src: "templates/contrail-tor-agent-conf.j2"
+ dest: "/etc/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.conf"
+ with_items: contrail_toragent_list.results
+
+- name: "fix up tor agent ini"
+ template:
+ src: "provision/contrail-tor-agent-ini.j2"
+ dest: "/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.ini"
+ with_items: contrail_toragent_list.results
+
+- name: "copy init script"
+ shell: "cp /etc/init.d/contrail-vrouter-agent /etc/init.d/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}"
+ with_items: contrail_toragent_list.results
+
+- name: "copy ssl certs"
+ copy:
+ src: "/tmp/tmp-toragent-certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem"
+ dest: "/etc/contrail/ssl/certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem"
+ with_items: contrail_toragent_list.results
+
+- name: "copy ssl private"
+ copy:
+ src: "/tmp/tmp-toragent-private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem"
+ dest: "/etc/contrail/ssl/private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem"
+ with_items: contrail_toragent_list.results
+
+- name: "copy ca cert"
+ copy:
+ src: "files/cacert.pem"
+ dest: "/etc/contrail/ssl/certs/cacert.pem"
+
+- name: "delete temporary directory"
+ local_action:
+ module: "file"
+ dest: "/tmp/tmp-toragent-{{ item }}"
+ state: "absent"
+ with_items:
+ - "certs"
+ - "private"
+ run_once: yes
+
+- name: "add tor agent to contrail"
+ shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ inventory_hostname }}-{{ item.ansible_facts.toragent_index }} --host_ip {{ contrail_address }} --router_type tor-agent"
+ with_items: contrail_toragent_list.results
+
+- name: "add device to contrail"
+ shell: "python /opt/contrail/utils/provision_physical_device.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --device_name {{ item.ansible_facts.toragent_params.name }} --vendor_name {{ item.ansible_facts.toragent_params.vendor_name }} --product_name {{ item.ansible_facts.toragent_params.product_name }} --device_mgmt_ip {{ item.ansible_facts.toragent_params.address }} --device_tunnel_ip {{ item.ansible_facts.toragent_params.tunnel_address }} --device_tor_agent {{ inventory_hostname }}-{{ item.ansible_facts.toragent_index }} --device_tsn {{ inventory_hostname }}"
+ with_items: contrail_toragent_list.results
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml b/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml
new file mode 100755
index 0000000..8bd6dc0
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml
@@ -0,0 +1,104 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: tsn
+# sudo: yes
+# tasks:
+
+- name: "enable supervisor vrouter"
+ file:
+ path: "/etc/init/supervisor-vrouter.override"
+ state: "absent"
+
+- include: -node-common.yml
+
+- name: "fix up vrouter nodemgr param"
+ template:
+ src: "provision/vrouter-nodemgr-param.j2"
+ dest: "/etc/contrail/vrouter_nodemgr_param"
+
+- name: "set contrail device name for ansible"
+ set_fact:
+ contrail_ansible_device: "ansible_{{ contrail_vhost_device }}"
+
+- name: "fix up default pmac"
+ template:
+ src: "provision/default-pmac.j2"
+ dest: "/etc/contrail/default_pmac"
+
+- name: "copy agent param config from template"
+ shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param"
+
+- name: "modify agent param config"
+ lineinfile:
+ dest: "/etc/contrail/agent_param"
+ regexp: "dev=__DEVICE__"
+ line: "dev={{ contrail_vhost_device }}"
+
+- name: "set vrouter agent mode"
+ set_fact:
+ contrail_vrouter_mode: "tsn"
+
+- name: "fix up contrail vrouter agent config"
+ template:
+ src: "../../templates/provision/contrail-vrouter-agent-conf.j2"
+ dest: "/etc/contrail/contrail-vrouter-agent.conf"
+
+- name: "delete lines for contrail interface"
+ shell: "{{ item }}"
+ with_items:
+ - "sed -e '/auto {{ contrail_vhost_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+ - "sed -n -e '/auto {{ contrail_vhost_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+ - "sed -i -e '/auto {{ contrail_vhost_device }}/d' /tmp/contrail-interfaces-bottom"
+ - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+ - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "delete lines for vrouter interface"
+ shell: "{{ item }}"
+ with_items:
+ - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+ - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+ - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom"
+ - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+ - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "configure interface"
+ lineinfile:
+ dest: "/etc/network/interfaces"
+ line: "{{ item }}"
+ state: "present"
+ with_items:
+ - "auto {{ contrail_vhost_device }}"
+ - "iface {{ contrail_vhost_device }} inet manual"
+ - "\tpre-up ifconfig {{ contrail_vhost_device }} up"
+ - "\tpost-down ifconfig {{ contrail_vhost_device }} down"
+ - "auto vhost0"
+ - "iface vhost0 inet static"
+ - "\tpre-up /opt/contrail/bin/if-vhost0"
+ - "\tnetwork_name application"
+ - "\taddress {{ contrail_vhost_address }}"
+ - "\tnetmask {{ contrail_vhost_netmask }}"
+
+- name: "delete temporary files"
+ file:
+ dest: "{{ item }}"
+ state: "absent"
+ with_items:
+ - "/tmp/contrail-interfaces-top"
+ - "/tmp/contrail-interfaces-bottom"
+
+- name: "fix up contrail vrouter nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-vrouter-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+- name: "add tsn to contrail"
+ shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_type tor-service-node"
diff --git a/ansible/roles/open-contrail/tasks/provision/provision-webui.yml b/ansible/roles/open-contrail/tasks/provision/provision-webui.yml
new file mode 100755
index 0000000..99441b6
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/provision/provision-webui.yml
@@ -0,0 +1,74 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#- hosts: webui
+# sudo: yes
+# tasks:
+
+- name: "enable supervisor webui"
+ file:
+ path: "/etc/init/supervisor-webui.override"
+ state: "absent"
+
+- name: "redis-setup"
+ include: -redis-setup.yml
+
+- name: "node-common"
+ include: -node-common.yml
+
+- name: "set first cassandra host address"
+ set_fact:
+# cassandra_addrs: "'{{ hostvars[item.1]['contrail_address'] }}'"
+ cassandra_addrs: "'{{ ip_settings[item.1]['br-prv']['ip'] }}'"
+ with_indexed_items: groups['opencontrail']
+ when: item.0 == 0
+
+- name: "set second or more cassandra host addresses"
+ set_fact:
+# cassandra_addrs: "{{ cassandra_addrs }}, '{{ hostvars[item.1]['contrail_address'] }}'"
+ cassandra_addrs: "{{ cassandra_addrs }}, '{{ ip_settings[item.1]['br-prv']['ip'] }}'"
+ with_indexed_items: groups['opencontrail']
+ when: item.0 > 0
+
+- name: "modify webui global js"
+ lineinfile:
+ dest: "/etc/contrail/config.global.js"
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ with_items:
+ - { regexp: "^\\s*config.networkManager.ip", line: "config.networkManager.ip = '{{ contrail_haproxy_address }}';" }
+ - { regexp: "^\\s*config.imageManager.ip", line: "config.imageManager.ip = '{{ contrail_keystone_address }}';" }
+ - { regexp: "^\\s*config.computeManager.ip", line: "config.computeManager.ip = '{{ contrail_keystone_address }}';" }
+ - { regexp: "^\\s*config.identityManager.ip", line: "config.identityManager.ip = '{{ contrail_keystone_address }}';" }
+ - { regexp: "^\\s*config.storageManager.ip", line: "config.storageManager.ip = '{{ contrail_keystone_address }}';" }
+ - { regexp: "^\\s*config.cnfg.server_ip", line: "config.cnfg.server_ip = '{{ contrail_haproxy_address }}';" }
+ - { regexp: "^\\s*config.analytics.server_ip", line: "config.analytics.server_ip = '{{ contrail_haproxy_address }}';" }
+ - { regexp: "^\\s*config.cassandra.server_ips", line: "config.cassandra.server_ips = [{{ cassandra_addrs }}];" }
+
+- name: "modify webui userauth js"
+ lineinfile:
+ dest: "/etc/contrail/contrail-webui-userauth.js"
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ with_items:
+ - { regexp: "^\\s*auth.admin_user", line: "auth.admin_user = '{{ contrail_admin_user }}';" }
+ - { regexp: "^\\s*auth.admin_password", line: "auth.admin_password = '{{ contrail_admin_password }}';" }
+ - { regexp: "^\\s*auth.admin_tenant_name", line: "auth.admin_tenant_name = 'admin';" }
+
+- name: "create symbolic link from nodejs to node"
+ file:
+ src: "/usr/bin/node"
+ dest: "/usr/bin/nodejs"
+ state: "link"
+
+- name: "restart supervisor webui"
+ service:
+ name: "supervisor-webui"
+ state: "restarted"
+
diff --git a/ansible/roles/open-contrail/tasks/uninstall-openvswitch.yml b/ansible/roles/open-contrail/tasks/uninstall-openvswitch.yml
new file mode 100755
index 0000000..0714d2e
--- /dev/null
+++ b/ansible/roles/open-contrail/tasks/uninstall-openvswitch.yml
@@ -0,0 +1,46 @@
+---
+- name: del ovs bridge
+ shell: ovs-vsctl del-br br-int; ovs-vsctl del-br br-tun; ovs-vsctl del-br br-prv;
+
+- name: remove ovs and ovs-plugin daeman
+ shell: >
+ sed -i '/neutron-plugin-openvswitch-agent/d' /opt/service ;
+ sed -i '/openvswitch-switch/d' /opt/service ;
+
+- name: stop ovs and ovs-plugin
+ shell: service openvswitch-switch stop; service neutron-plugin-openvswitch-agent stop;
+
+- name: remove ovs and ovs-plugin files
+ shell: >
+ update-rc.d -f neutron-plugin-openvswitch-agent remove;
+ mv /etc/init.d/neutron-plugin-openvswitch-agent /home/neutron-plugin-openvswitch-agent;
+ mv /etc/init/neutron-plugin-openvswitch-agent.conf /home/neutron-plugin-openvswitch-agent.conf;
+ update-rc.d -f openvswitch-switch remove ;
+ mv /etc/init.d/openvswitch-switch /home/openvswitch-switch ;
+ mv /etc/init/openvswitch-switch.conf /home/openvswitch-switch.conf ;
+ update-rc.d -f neutron-ovs-cleanup remove ;
+ mv /etc/init.d/neutron-ovs-cleanup /home/neutron-ovs-cleanup ;
+ mv /etc/init/neutron-ovs-cleanup.conf /home/neutron-ovs-cleanup.conf ;
+
+- name: remove ovs kernel module
+ shell: rmmod vport_vxlan; rmmod openvswitch;
+ ignore_errors: True
+
+- name: copy recovery script
+ copy: src={{ item }} dest=/opt/setup_networks
+ with_items:
+# - recover_network_opencontrail.py
+ - setup_networks_opencontrail.py
+
+#- name: recover external script
+# shell: python /opt/setup_networks/recover_network_opencontrail.py
+
+- name: modify net-init
+ shell: sed -i 's/setup_networks.py/setup_networks_opencontrail.py/g' /etc/init.d/net_init
+
+- name: resolve dual NIC problem
+ shell: >
+ echo "net.ipv4.conf.all.arp_ignore=1" >> /etc/sysctl.conf ;
+ /sbin/sysctl -p ;
+ echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore ;
+
diff --git a/ansible/roles/open-contrail/templates/install/override.j2 b/ansible/roles/open-contrail/templates/install/override.j2
new file mode 100755
index 0000000..2905494
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/install/override.j2
@@ -0,0 +1 @@
+manual
diff --git a/ansible/roles/open-contrail/templates/neutron_plugin_contrail.tar.gz b/ansible/roles/open-contrail/templates/neutron_plugin_contrail.tar.gz
new file mode 100644
index 0000000..0807704
Binary files /dev/null and b/ansible/roles/open-contrail/templates/neutron_plugin_contrail.tar.gz differ
diff --git a/ansible/roles/open-contrail/templates/nova_contrail_vif.tar.gz b/ansible/roles/open-contrail/templates/nova_contrail_vif.tar.gz
new file mode 100644
index 0000000..78dac03
Binary files /dev/null and b/ansible/roles/open-contrail/templates/nova_contrail_vif.tar.gz differ
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2
new file mode 100755
index 0000000..21fb733
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2
@@ -0,0 +1,31 @@
+[DEFAULTS]
+host_ip = {{ contrail_haproxy_address }}
+rest_api_ip = {{ contrail_haproxy_address }}
+rest_api_port = 8081
+#cassandra_server_list = {% for cur_host in groups['controller'] %}{{ ip_settings[cur_host]['mgmt']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+#chenshuai: This kind of written is also correct, but the following is better, this as record
+cassandra_server_list = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+collectors = {{ contrail_haproxy_address }}:8086
+http_server_port = 8090
+log_file = /var/log/contrail/contrail-analytics-api.log
+log_level = SYS_NOTICE
+log_local = 1
+
+# Time-to-live in hours of the various data stored by collector into
+# cassandra
+# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl
+analytics_data_ttl = 48
+analytics_config_audit_ttl = -1
+analytics_statistics_ttl = -1
+analytics_flow_ttl = -1
+
+[DISCOVERY]
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+
+[REDIS]
+redis_server_port = 6379
+redis_query_port = 6379
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2
new file mode 100755
index 0000000..19004ce
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2
@@ -0,0 +1,29 @@
+[DEFAULTS]
+listen_ip_addr = {{ contrail_haproxy_address }}
+listen_port = 8082
+ifmap_server_ip = {{ contrail_haproxy_address }}
+ifmap_server_port = 8443
+ifmap_username = api-server
+ifmap_password = api-server
+zk_server_ip = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+rabbit_server = {{ contrail_haproxy_address }}
+rabbit_port = 5672
+rabbit_user = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+multi_tenancy = True
+list_optimization_enabled = True
+log_file = /var/log/contrail/contrail-api.log
+log_level = SYS_NOTICE
+log_local = 1
+auth = keystone
+
+[SECURITY]
+use_certs = False
+keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile = /etc/contrail/ssl/certs/apiserver.pem
+ca_certs = /etc/contrail/ssl/certs/ca.pem
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2
new file mode 100755
index 0000000..ad3e038
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2
@@ -0,0 +1,12 @@
+[program:contrail-api]
+command=/usr/bin/contrail-api --conf_file /etc/contrail/contrail-api.conf --conf_file /etc/contrail/contrail-keystone-auth.conf --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-api-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=440
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2
new file mode 100755
index 0000000..1150960
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2
@@ -0,0 +1,86 @@
+[DEFAULT]
+# Everything in this section is optional
+
+# Time-to-live in hours of the various data stored by collector into
+# cassandra
+# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl
+analytics_data_ttl = 48
+analytics_config_audit_ttl = -1
+analytics_statistics_ttl = -1
+analytics_flow_ttl = -1
+
+# IP address and port to be used to connect to cassandra.
+# Multiple IP:port strings separated by space can be provided
+cassandra_server_list = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+
+# IP address and port to be used to connect to kafka.
+# Multiple IP:port strings separated by space can be provided
+kafka_broker_list =
+
+# IP address of analytics node. Resolved IP of 'hostname'
+hostip = {{ contrail_address }}
+
+# Hostname of analytics node. If this is not configured value from `hostname`
+# will be taken
+# hostname =
+
+# Http server port for inspecting collector state (useful for debugging)
+http_server_port = 8089
+
+# Category for logging. Default value is '*'
+# log_category =
+
+# Local log file name
+log_file = /var/log/contrail/contrail-collector.log
+
+# Maximum log file rollover index
+# log_files_count = 10
+
+# Maximum log file size
+# log_file_size = 1048576 # 1MB
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+log_level = SYS_NOTICE
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and
+# 1 (enable)
+log_local = 1
+
+# TCP and UDP ports to listen on for receiving syslog messages. -1 to disable.
+syslog_port = -1
+
+# UDP port to listen on for receiving sFlow messages. -1 to disable.
+# sflow_port = 6343
+
+# UDP port to listen on for receiving ipfix messages. -1 to disable.
+# ipfix_port = 4739
+
+[COLLECTOR]
+# Everything in this section is optional
+
+# Port to listen on for receiving Sandesh messages
+port = 8086
+
+# IP address to bind to for listening
+# server = 0.0.0.0
+
+# UDP port to listen on for receiving Google Protocol Buffer messages
+# protobuf_port = 3333
+
+[DISCOVERY]
+# Port to connect to for communicating with discovery server
+# port = 5998
+
+# IP address of discovery server
+server = {{ contrail_haproxy_address }}
+
+[REDIS]
+# Port to connect to for communicating with redis-server
+port = 6379
+
+# IP address of redis-server
+server = 127.0.0.1
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2
new file mode 100755
index 0000000..83792b2
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2
@@ -0,0 +1,15 @@
+[DEFAULT]
+hostip = {{ contrail_address }}
+hostname = {{ ansible_hostname }}
+log_file = /var/log/contrail/contrail-control.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[DISCOVERY]
+server = {{ contrail_haproxy_address }}
+port = 5998
+
+[IFMAP]
+certs_store =
+user = {{ contrail_address }}
+password = {{ contrail_address }}
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2
new file mode 100755
index 0000000..a13a00b
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2
@@ -0,0 +1,16 @@
+[DEFAULTS]
+api_server_ip = {{ contrail_haproxy_address }}
+api_server_port = 8082
+zk_server_ip = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+rabbit_server = {{ contrail_haproxy_address }}
+rabbit_port = 5672
+rabbit_user = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+log_file = /var/log/contrail/contrail-device-manager.log
+log_level = SYS_NOTICE
+log_local = 1
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2
new file mode 100755
index 0000000..f54fdc9
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2
@@ -0,0 +1,43 @@
+[DEFAULTS]
+listen_ip_addr = {{ contrail_haproxy_address }}
+listen_port = 5998
+zk_server_ip = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}{% if not loop.last %}, {% endif %}{% endfor %}
+
+zk_server_port = 2181
+cassandra_server_list = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+log_file = /var/log/contrail/contrail-discovery.log
+log_level = SYS_NOTICE
+log_local = 1
+
+# minimim time to allow client to cache service information (seconds)
+ttl_min = 300
+
+# maximum time to allow client to cache service information (seconds)
+ttl_max = 1800
+
+# health check ping interval < = 0 for disabling
+hc_interval = 5
+
+# maximum hearbeats to miss before server will declare publisher out of
+# service.
+hc_max_miss = 3
+
+# use short TTL for agressive rescheduling if all services are not up
+ttl_short = 1
+
+# for DNS service, we use fixed policy
+# even when the cluster has more than two control nodes, only two of these
+# should provide the DNS service
+[DNS-SERVER]
+policy = fixed
+
+######################################################################
+# Other service specific knobs ...
+
+# use short TTL for agressive rescheduling if all services are not up
+# ttl_short = 1
+
+# specify policy to use when assigning services
+# policy = [load-balance | round-robin | fixed]
+######################################################################
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2
new file mode 100755
index 0000000..541568d
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2
@@ -0,0 +1,12 @@
+[program:contrail-discovery]
+command=/usr/bin/contrail-discovery --conf_file /etc/contrail/contrail-discovery.conf --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-discovery-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=430
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2
new file mode 100755
index 0000000..9d41556
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2
@@ -0,0 +1,15 @@
+[DEFAULT]
+hostip = {{ contrail_address }}
+hostname = {{ inventory_hostname }}
+log_file = /var/log/contrail/contrail-dns.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[DISCOVERY]
+server = {{ contrail_haproxy_address }}
+port = 5998
+
+[IFMAP]
+certs_store =
+user = {{ contrail_address }}.dns
+password = {{ contrail_address }}.dns
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2
new file mode 100755
index 0000000..f362ef4
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2
@@ -0,0 +1,9 @@
+[KEYSTONE]
+auth_protocol = http
+auth_host = {{ contrail_keystone_address }}
+auth_port = 35357
+admin_tenant_name = admin
+admin_user = {{ contrail_admin_user }}
+admin_password = {{ contrail_admin_password }}
+insecure = False
+
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2
new file mode 100755
index 0000000..d947add
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2
@@ -0,0 +1,18 @@
+[DEFAULT]
+hostip = {{ contrail_address }}
+
+
+#cassandra_server_list = {% for cur_host in groups['controller'] %}{{ ip_settings[cur_host]['mgmt']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+
+cassandra_server_list = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+collectors = {{ contrail_haproxy_address }}:8086
+http_server_port = 8091
+log_file = /var/log/contrail/contrail-query-engine.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[REDIS]
+server = 127.0.0.1
+port = 6379
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2
new file mode 100755
index 0000000..d112dbe
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2
@@ -0,0 +1,22 @@
+[DEFAULTS]
+ifmap_server_ip = {{ contrail_haproxy_address }}
+ifmap_server_port = 8443
+ifmap_username = schema-transformer
+ifmap_password = schema-transformer
+api_server_ip = {{ contrail_haproxy_address }}
+api_server_port = 8082
+zk_server_ip = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+log_file = /var/log/contrail/contrail-schema.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[SECURITY]
+use_certs = False
+keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile = /etc/contrail/ssl/certs/apiserver.pem
+ca_certs = /etc/contrail/ssl/certs/ca.pem
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2 b/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2
new file mode 100755
index 0000000..1ff4356
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2
@@ -0,0 +1,5 @@
+Defaults:contrail !requiretty
+
+Cmnd_Alias CONFIGRESTART = /usr/sbin/service supervisor-config restart
+
+contrail ALL = (root) NOPASSWD:CONFIGRESTART
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2
new file mode 100755
index 0000000..0c6bfc0
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2
@@ -0,0 +1,31 @@
+[DEFAULTS]
+ifmap_server_ip = {{ contrail_haproxy_address }}
+ifmap_server_port = 8443
+ifmap_username = svc-monitor
+ifmap_password = svc-monitor
+api_server_ip = {{ contrail_haproxy_address }}
+api_server_port = 8082
+zk_server_ip = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail'] %}{{ ip_settings[cur_host]['br-prv']['ip'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+rabbit_server = {{ contrail_haproxy_address }}
+rabbit_port = 5672
+rabbit_user = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+region_name = RegionOne
+log_file = /var/log/contrail/contrail-svc-monitor.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[SECURITY]
+use_certs = False
+keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile = /etc/contrail/ssl/certs/apiserver.pem
+ca_certs = /etc/contrail/ssl/certs/ca.pem
+
+[SCHEDULER]
+analytics_server_ip = {{ contrail_haproxy_address }}
+analytics_server_port = 8081
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2
new file mode 100755
index 0000000..8d336e5
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2
@@ -0,0 +1,111 @@
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (optional)
+# server = 10.0.0.1 10.0.0.2
+
+[DEFAULT]
+agent_name = {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }}
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors = 127.0.0.1:8086
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug = 0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout = 0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname =
+
+# Category for logging. Default value is '*'
+# log_category =
+
+# Local log file name
+log_file = /var/log/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+# log_level = SYS_DEBUG
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+# log_local = 0
+
+# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable)
+# log_flow = 0
+
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type =
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode =
+
+# Define agent mode. Only supported value is "tor"
+agent_mode = tor
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port = 8085
+http_server_port = {{ item.ansible_facts.toragent_params.http_server_port }}
+
+[DISCOVERY]
+#If DEFAULT.collectors and/or CONTROL-NODE and/or DNS is not specified this
+#section is mandatory. Else this section is optional
+
+# IP address of discovery server
+server = {{ contrail_haproxy_address }}
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+# max_control_nodes = 1
+
+[DNS]
+# IP address to be used to connect to dns-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server = 10.0.0.1 10.0.0.2
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip = {{ contrail_haproxy_address }}
+
+[TOR]
+# IP address of the TOR to manage
+tor_ip = {{ item.ansible_facts.toragent_params.address }}
+
+# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
+tor_id = {{ item.ansible_facts.toragent_index }}
+
+# ToR management scheme is based on this type. Only supported value is "ovs"
+tor_type = ovs
+
+# OVS server port number on the ToR
+tor_ovs_port = {{ item.ansible_facts.toragent_params.ovs_port }}
+
+# IP-Transport protocol used to connect to tor. Supported values are "tcp", "pssl"
+tor_ovs_protocol = {{ item.ansible_facts.toragent_params.ovs_protocol }}
+
+# Path to ssl certificate for tor-agent, needed for pssl
+ssl_cert = /etc/contrail/ssl/certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem
+
+# Path to ssl private-key for tor-agent, needed for pssl
+ssl_privkey = /etc/contrail/ssl/private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem
+
+# Path to ssl cacert for tor-agent, needed for pssl
+ssl_cacert = /etc/contrail/ssl/certs/cacert.pem
+
+tsn_ip = {{ contrail_address }}
+
+# OVS keep alive timer interval in milliseconds
+tor_keepalive_interval = 10000
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2 b/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2
new file mode 100755
index 0000000..db6944c
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2
@@ -0,0 +1,12 @@
+[program:contrail-tor-agent-{{ item.ansible_facts.toragent_index }}]
+command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.conf
+priority=420
+autostart=true
+killasgroup=true
+stopsignal=KILL
+stdout_capture_maxbytes=1MB
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}-stdout.log
+stderr_logfile=/dev/null
+startsecs=5
+exitcodes=0 ; 'expected' exit codes for process (default 0,2)
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2 b/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2
new file mode 100755
index 0000000..85a7b63
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2
@@ -0,0 +1,11 @@
+[global]
+WEB_SERVER=127.0.0.1
+WEB_PORT=8082 ; connection to api-server directly
+BASE_URL=/
+
+[auth]
+AUTHN_TYPE=keystone
+AUTHN_PROTOCOL=http
+AUTHN_SERVER={{ contrail_keystone_address }}
+AUTHN_PORT=35357
+AUTHN_URL=/v2.0/tokens
diff --git a/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2 b/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2
new file mode 100755
index 0000000..d64cc21
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2
@@ -0,0 +1,177 @@
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server = 10.0.0.1 10.0.0.2
+
+[DEFAULT]
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors = 127.0.0.1:8086
+
+# Agent mode : can be vrouter / tsn / tor (default is vrouter)
+{% if contrail_vrouter_mode is defined %}agent_mode = {{ contrail_vrouter_mode }}
+{% else %}# agent_mode =
+{% endif %}
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug = 0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout = 0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname =
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port = 8085
+
+# Category for logging. Default value is '*'
+# log_category =
+
+# Local log file name
+log_file = /var/log/contrail/contrail-vrouter-agent.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+log_level = SYS_NOTICE
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+log_local = 1
+
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type =
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode =
+
+# DHCP relay mode (true or false) to determine if a DHCP request in fabric
+# interface with an unconfigured IP should be relayed or not
+# dhcp_relay_mode =
+
+# DPDK or legacy work mode
+platform = default
+
+# Physical address of PCI used by dpdk
+physical_interface_address =
+
+# MAC address of device used by dpdk
+physical_interface_mac = {{ hostvars[inventory_hostname]['ansible_'+contrail_vhost_device]['macaddress'] }}
+
+[DISCOVERY]
+# If COLLECTOR and/or CONTROL-NODE and/or DNS is not specified this section is
+# mandatory. Else this section is optional
+
+# IP address of discovery server
+server = {{ contrail_haproxy_address }}
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+max_control_nodes = {{ groups['opencontrail'] | length }}
+
+[DNS]
+# IP address and port to be used to connect to dns-node. Maximum of 2 IP
+# addresses (separated by a space) can be provided. If no IP is configured then
+# the value provided by discovery service will be used.
+# server = 10.0.0.1:53 10.0.0.2:53
+
+[HYPERVISOR]
+# Everything in this section is optional
+
+# Hypervisor type. Possible values are kvm, xen and vmware
+type = kvm
+vmware_mode =
+
+# Link-local IP address and prefix in ip/prefix_len format (for xen)
+# xen_ll_ip =
+
+# Link-local interface name when hypervisor type is Xen
+# xen_ll_interface =
+
+# Physical interface name when hypervisor type is vmware
+vmware_physical_interface =
+
+[FLOWS]
+# Everything in this section is optional
+
+# Maximum flows allowed per VM (given as % of maximum system flows)
+# max_vm_flows = 100
+# Maximum number of link-local flows allowed across all VMs
+# max_system_linklocal_flows = 4096
+# Maximum number of link-local flows allowed per VM
+# max_vm_linklocal_flows = 1024
+
+[METADATA]
+# Shared secret for metadata proxy service (Optional)
+# metadata_proxy_secret = contrail
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip = {{ contrail_haproxy_address }}
+
+[VIRTUAL-HOST-INTERFACE]
+# Everything in this section is mandatory
+
+# name of virtual host interface
+name = vhost0
+
+# IP address and prefix in ip/prefix_len format
+ip = {{ contrail_vhost_address }}/{{ contrail_prefixlen }}
+
+# Gateway IP address for virtual host
+gateway = {{ contrail_vhost_gateway }}
+
+# Physical interface name to which virtual host interface maps to
+physical_interface = {{ contrail_vhost_device }}
+
+# We can have multiple gateway sections with different indices in the
+# following format
+# [GATEWAY-0]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance = default-domain:admin:public:public
+
+# Gateway interface name
+# interface = vgw
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks = 1.1.1.1/24
+
+# [GATEWAY-1]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance = default-domain:admin:public1:public1
+
+# Gateway interface name
+# interface = vgw1
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks = 2.2.1.0/24 2.2.2.0/24
+
+# Routes to be exported in routing_instance. Each route is represented as
+# ip/prefix. Multiple routes are represented by separating each with a space
+# routes = 10.10.10.1/24 11.11.11.1/24
+
+[SERVICE-INSTANCE]
+# Path to the script which handles the netns commands
+netns_command = /usr/bin/opencontrail-vrouter-netns
+
+# Number of workers that will be used to start netns commands
+#netns_workers = 1
+
+# Timeout for each netns command, when the timeout is reached, the netns
+# command is killed.
+#netns_timeout = 30
diff --git a/ansible/roles/open-contrail/templates/provision/default-pmac.j2 b/ansible/roles/open-contrail/templates/provision/default-pmac.j2
new file mode 100755
index 0000000..dac56d1
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/default-pmac.j2
@@ -0,0 +1 @@
+{{ hostvars[inventory_hostname][contrail_ansible_device]['macaddress'] }}
diff --git a/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2 b/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2
new file mode 100755
index 0000000..0119636
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2
@@ -0,0 +1,78 @@
+#contrail-marker-start
+
+listen contrail-stats
+# bind *:5937
+ bind {{ internal_vip.ip }}:5937
+ bind {{ public_vip.ip }}:5937
+ mode http
+ stats enable
+ stats uri /
+ stats auth haproxy:contrail123
+
+# compass has bind neutron-server
+#listen neutron-server
+# bind *:9696
+# balance roundrobin
+# option nolinger
+#{% for host,ip in haproxy_hosts.items() %}
+# server {{ host }} {{ ip }}:9697 weight 1 check inter 2000 rise 2 fall 3
+#{% endfor %}
+
+
+
+listen contrail-api
+# bind *:8082
+ bind {{ internal_vip.ip }}:8082
+ bind {{ public_vip.ip }}:8082
+ balance roundrobin
+ option nolinger
+ timeout client 3m
+ timeout server 3m
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8082 weight 1 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+
+
+listen contrail-discovery
+# bind *:5998
+ bind {{ internal_vip.ip }}:5998
+ bind {{ public_vip.ip }}:5998
+ balance roundrobin
+ option nolinger
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:5998 weight 1 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+
+
+listen contrail-analytics-api
+# bind *:8081
+ bind {{ internal_vip.ip }}:8081
+ bind {{ public_vip.ip }}:8081
+ balance roundrobin
+ option nolinger
+ option tcp-check
+ tcp-check connect port 6379
+ default-server error-limit 1 on-error mark-down
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8081 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+
+# compass doesn't use ha for rabbitmq, but use cluster mode
+#listen rabbitmq
+# bind *:5673
+# mode tcp
+# balance roundrobin
+# maxconn 10000
+# option tcplog
+# option tcpka
+# option redispatch
+# timeout client 48h
+# timeout server 48h
+{% for host,ip in haproxy_hosts.items() %}
+# server {{ host }} {{ ip }}:5672 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+#contrail-marker-end
diff --git a/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2 b/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2
new file mode 100755
index 0000000..41a1c64
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2
@@ -0,0 +1,2 @@
+# The MAPC with basic auth username 'reader' has read only access.
+reader=ro
diff --git a/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2 b/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2
new file mode 100755
index 0000000..6ca38a2
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2
@@ -0,0 +1,30 @@
+test:test
+test2:test2
+test3:test3
+dhcp:dhcp
+visual:visual
+sensor:sensor
+
+# compliance testsuite users
+mapclient:mapclient
+helper:mapclient
+
+# This is a read-only MAPC
+reader:reader
+
+# OpenContrail users
+api-server:api-server
+schema-transformer:schema-transformer
+svc-monitor:svc-monitor
+
+control-user:control-user-passwd
+control-node-1:control-node-1
+control-node-2:control-node-2
+control-node-3:control-node-3
+control-node-4:control-node-4
+control-node-5:control-node-5
+control-node-6:control-node-6
+control-node-7:control-node-7
+control-node-8:control-node-8
+control-node-9:control-node-9
+control-node-10:control-node-10
diff --git a/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2 b/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2
new file mode 100755
index 0000000..ebd0b48
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2
@@ -0,0 +1,26 @@
+# Set root logger level to DEBUG and its only appender to CONSOLE
+log4j.rootLogger=TRACE, CONSOLE
+log4j.error
+
+log4j.logger.de.fhhannover.inform.irond.proc=TRACE, A1, A2
+log4j.additivity.de.fhhannover.inform.irond.proc=false
+
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.appender.A2=org.apache.log4j.FileAppender
+log4j.appender.A2.File=/var/log/contrail/ifmap-server.log
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.logger.de.fhhannover.inform.irond.rawrequests=TRACE, A3
+log4j.additivity.de.fhhannover.inform.irond.rawrequests=false
+log4j.appender.A3=org.apache.log4j.FileAppender
+log4j.appender.A3.file=irond_raw.log
+log4j.appender.A3.layout=org.apache.log4j.PatternLayout
+log4j.appender.A3.layout.ConversionPattern=%d %-5p %x - %m%n
+
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%-8r [%t] %-5p %C{1} %x - %m%n
diff --git a/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2 b/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2
new file mode 100755
index 0000000..90d2a88
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2
@@ -0,0 +1,16 @@
+#Sun May 27 15:47:44 PDT 2012
+visual=visual--1877135140-1
+test=test--1870931913-1
+test2=test2--1870931914-1
+test3=test3--1870931915-1
+api-server=api-server-1--0000000001-1
+control-node-1=control-node-1--1870931921-1
+control-node-2=control-node-1--1870931922-1
+control-node-3=control-node-1--1870931923-1
+control-node-4=control-node-1--1870931924-1
+control-node-5=control-node-1--1870931925-1
+control-node-6=control-node-1--1870931926-1
+control-node-7=control-node-1--1870931927-1
+control-node-8=control-node-1--1870931928-1
+control-node-9=control-node-1--1870931929-1
+control-node-10=control-node-10--1870931930-1
diff --git a/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2 b/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2
new file mode 100755
index 0000000..b16c4a2
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2
@@ -0,0 +1,29 @@
+vrrp_script chk_haproxy {
+ script "killall -0 haproxy"
+ interval 1
+ timeout 3
+ rise 2
+ fall 2
+}
+
+vrrp_instance INTERNAL_1 {
+ interface {{ contrail_device }}
+ state MASTER
+ preemt_delay 7
+ grap_master_delay 5
+ grap_master_repeat 3
+ grap_master_refresh 1
+ advert_int 1
+ virtual_router_id 85
+ vmac_xmit_base
+ priority 10{{ item.0 }}
+ virtual_ipaddress {
+ {{ contrail_haproxy_address }} dev {{ contrail_device }}
+ }
+ track_script {
+ chk_haproxy
+ }
+ track_interface {
+ {{ contrail_device }}
+ }
+}
diff --git a/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2 b/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2
new file mode 100755
index 0000000..13e5965
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2
@@ -0,0 +1,15 @@
+[APISERVER]
+api_server_ip={{ contrail_haproxy_address }}
+api_server_port=8082
+multi_tenancy=True
+contrail_extensions=ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None
+
+[COLLECTOR]
+analytics_api_ip={{ contrail_haproxy_address }}
+analytics_api_port=8081
+
+[KEYSTONE]
+auth_url=http://{{ contrail_keystone_address }}:35357/v2.0
+admin_tenant_name=admin
+admin_user={{ contrail_admin_user }}
+admin_password={{ contrail_admin_password }}
diff --git a/ansible/roles/open-contrail/templates/provision/nova.j2 b/ansible/roles/open-contrail/templates/provision/nova.j2
new file mode 100755
index 0000000..ea4dbba
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/nova.j2
@@ -0,0 +1,58 @@
+[DEFAULT]
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+logdir=/var/log/nova
+state_path=/var/lib/nova
+lock_path=/var/lib/nova/tmp
+force_dhcp_release=True
+libvirt_use_virtio_for_bridges=True
+verbose=True
+ec2_private_dns_show_ip=False
+auth_strategy = keystone
+libvirt_nonblocking = True
+libvirt_inject_partition = -1
+compute_driver = libvirt.LibvirtDriver
+novncproxy_base_url = http://{{ contrail_keystone_address }}:6080/vnc_auto.html
+vncserver_enabled = true
+vncserver_listen = {{ contrail_address }}
+vncserver_proxyclient_address = {{ contrail_address }}
+security_group_api = neutron
+heal_instance_info_cache_interval = 0
+image_cache_manager_interval = 0
+libvirt_cpu_mode = none
+libvirt_vif_driver = nova_contrail_vif.contrailvif.VRouterVIFDriver
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+glance_host = {{ contrail_keystone_address }}
+glance_port = 9292
+glance_num_retries = 10
+rabbit_host = {{ contrail_keystone_address }}
+rabbit_port = 5672
+rabbit_password = {{ rabbit_password }}
+rabbit_retry_interval = 1
+rabbit_retry_backoff = 2
+rabbit_max_retries = 0
+rabbit_ha_queues = True
+rpc_cast_timeout = 30
+rpc_conn_pool_size = 40
+rpc_response_timeout = 60
+rpc_thread_pool_size = 70
+report_interval = 15
+novncproxy_port = 6080
+vnc_port = 5900
+vnc_port_total = 100
+resume_guests_state_on_host_boot = True
+service_down_time = 300
+periodic_fuzzy_delay = 30
+disable_process_locking = True
+neutron_admin_auth_url =
+
+[keystone_authtoken]
+admin_tenant_name = service
+admin_user = nova
+admin_password = {{ contrail_admin_password }}
+auth_host = {{ contrail_keystone_address }}
+auth_protocol = http
+auth_port = 5000
+signing_dir = /tmp/keystone-signing-nova
+
+
diff --git a/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2 b/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2
new file mode 100755
index 0000000..53dfbba
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2
@@ -0,0 +1,6 @@
+cgroup_device_acl = [
+ "/dev/null", "/dev/full", "/dev/zero",
+ "/dev/random", "/dev/urandom",
+ "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+ "/dev/rtc", "/dev/hpet","/dev/net/tun"
+]
diff --git a/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2 b/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2
new file mode 100644
index 0000000..cce01c7
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2
@@ -0,0 +1,6 @@
+[
+ {rabbit, [ {tcp_listeners, [{"{{ internal_ip }}", 5672}]},
+ {loopback_users, []},
+ {log_levels,[{connection, info},{mirroring, info}]} ]
+ }
+].
diff --git a/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2 b/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2
new file mode 100644
index 0000000..f0d09c4
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2
@@ -0,0 +1,25 @@
+[
+ {rabbit, [ {tcp_listeners, [{"{{ contrail_address }}", 5672}]}, {cluster_partition_handling, autoheal},{loopback_users, []},
+ {cluster_nodes, {[{% for cur_host in groups['opencontrail'] %}'rabbit@{{ cur_host }}'{% if not loop.last %}, {% endif %}{% endfor %}], disc}},
+ {vm_memory_high_watermark, 0.4},
+ {disk_free_limit,50000000},
+ {log_levels,[{connection, info},{mirroring, info}]},
+ {heartbeat,10},
+ {delegate_count,20},
+ {channel_max,5000},
+ {tcp_listen_options,
+ [binary,
+ {packet, raw},
+ {reuseaddr, true},
+ {backlog, 128},
+ {nodelay, true},
+ {exit_on_close, false},
+ {keepalive, true}
+ ]
+ },
+ {collect_statistics_interval, 60000}
+ ]
+ },
+ {rabbitmq_management_agent, [ {force_fine_statistics, true} ] },
+ {kernel, [{net_ticktime, 30}]}
+].
diff --git a/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2 b/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2
new file mode 100644
index 0000000..838d033
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2
@@ -0,0 +1 @@
+{{ ansible_date_time.iso8601_micro | to_uuid }}
diff --git a/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2 b/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2
new file mode 100644
index 0000000..6a3b476
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2
@@ -0,0 +1,2 @@
+NODE_IP_ADDRESS={{ internal_ip }}
+NODENAME=rabbit@{{ ansible_hostname }}-ctrl
diff --git a/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2 b/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2
new file mode 100755
index 0000000..ee5dcbd
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2
@@ -0,0 +1 @@
+DISCOVERY={{ ip_settings['host1']['br-prv']['ip'] }}
diff --git a/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2 b/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2
new file mode 100755
index 0000000..ec0033b
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2
@@ -0,0 +1 @@
+{{ item.0 + 1 }}
diff --git a/ansible/roles/open-contrail/templates/vrouter-functions.sh b/ansible/roles/open-contrail/templates/vrouter-functions.sh
new file mode 100755
index 0000000..69af7b2
--- /dev/null
+++ b/ansible/roles/open-contrail/templates/vrouter-functions.sh
@@ -0,0 +1,223 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+source /etc/contrail/agent_param
+
+function pkt_setup () {
+ for f in /sys/class/net/$1/queues/rx-*
+ do
+ q="$(echo $f | cut -d '-' -f2)"
+ r=$(($q%32))
+ s=$(($q/32))
+ ((mask=1<<$r))
+ str=(`printf "%x" $mask`)
+ if [ $s -gt 0 ]; then
+ for ((i=0; i < $s; i++))
+ do
+ str+=,00000000
+ done
+ fi
+ echo $str > $f/rps_cpus
+ done
+}
+
+function insert_vrouter() {
+ if cat $CONFIG | grep '^\s*platform\s*=\s*dpdk\b' &>/dev/null; then
+ vrouter_dpdk_start
+ return $?
+ fi
+
+ grep $kmod /proc/modules 1>/dev/null 2>&1
+ if [ $? != 0 ]; then
+ insmod /var/lib/dkms/vrouter/2.21/build/vrouter.ko
+ if [ $? != 0 ]
+ then
+ echo "$(date) : Error inserting vrouter module"
+ return 1
+ fi
+
+ if [ -f /sys/class/net/pkt1/queues/rx-0/rps_cpus ]; then
+ pkt_setup pkt1
+ fi
+ if [ -f /sys/class/net/pkt2/queues/rx-0/rps_cpus ]; then
+ pkt_setup pkt2
+ fi
+ if [ -f /sys/class/net/pkt3/queues/rx-0/rps_cpus ]; then
+ pkt_setup pkt3
+ fi
+ fi
+
+ # check if vhost0 is not present, then create vhost0 and $dev
+ if [ ! -L /sys/class/net/vhost0 ]; then
+ echo "$(date): Creating vhost interface: $DEVICE."
+ # for bonding interfaces
+ loops=0
+ while [ ! -f /sys/class/net/$dev/address ]
+ do
+ sleep 1
+ loops=$(($loops + 1))
+ if [ $loops -ge 60 ]; then
+ echo "Unable to look at /sys/class/net/$dev/address"
+ return 1
+ fi
+ done
+
+ DEV_MAC=$(cat /sys/class/net/$dev/address)
+ vif --create $DEVICE --mac $DEV_MAC
+ if [ $? != 0 ]; then
+ echo "$(date): Error creating interface: $DEVICE"
+ fi
+
+
+ echo "$(date): Adding $dev to vrouter"
+ DEV_MAC=$(cat /sys/class/net/$dev/address)
+ vif --add $dev --mac $DEV_MAC --vrf 0 --vhost-phys --type physical
+ if [ $? != 0 ]; then
+ echo "$(date): Error adding $dev to vrouter"
+ fi
+
+ vif --add $DEVICE --mac $DEV_MAC --vrf 0 --type vhost --xconnect $dev
+ if [ $? != 0 ]; then
+ echo "$(date): Error adding $DEVICE to vrouter"
+ fi
+ fi
+ return 0
+}
+
+function vrouter_dpdk_start() {
+ # wait for vRouter/DPDK to start
+ echo "$(date): Waiting for vRouter/DPDK to start..."
+ service ${VROUTER_SERVICE} start
+ loops=0
+ while ! is_vrouter_dpdk_running
+ do
+ sleep 1
+ loops=$(($loops + 1))
+ if [ $loops -ge 60 ]; then
+ echo "No vRouter/DPDK running."
+ echo "Please check if ${VROUTER_SERVICE} service is up and running."
+ return 1
+ fi
+ done
+
+ # TODO: at the moment we have no interface deletion, so this loop might
+ # be unnecessary in the future
+ echo "$(date): Waiting for Agent to configure $DEVICE..."
+ loops=0
+ while [ ! -L /sys/class/net/vhost0 ]
+ do
+ sleep 1
+ loops=$(($loops + 1))
+ if [ $loops -ge 10 ]; then
+ break
+ fi
+ done
+
+ # check if vhost0 is not present, then create vhost0 and $dev
+ if [ ! -L /sys/class/net/vhost0 ]; then
+ echo "$(date): Creating vhost interface: $DEVICE."
+ agent_conf_read
+
+ DEV_MAC=${physical_interface_mac}
+ DEV_PCI=${physical_interface_address}
+
+ if [ -z "${DEV_MAC}" -o -z "${DEV_PCI}" ]; then
+ echo "No device configuration found in ${CONFIG}"
+ return 1
+ fi
+
+ # TODO: the vhost creation is happening later in vif --add
+# vif --create $DEVICE --mac $DEV_MAC
+# if [ $? != 0 ]; then
+# echo "$(date): Error creating interface: $DEVICE"
+# fi
+
+ echo "$(date): Adding $dev to vrouter"
+ # add DPDK ethdev 0 as a physical interface
+ vif --add 0 --mac $DEV_MAC --vrf 0 --vhost-phys --type physical --pmd --id 0
+ if [ $? != 0 ]; then
+ echo "$(date): Error adding $dev to vrouter"
+ fi
+
+ # TODO: vif --xconnect seems does not work without --id parameter?
+ vif --add $DEVICE --mac $DEV_MAC --vrf 0 --type vhost --xconnect 0 --pmd --id 1
+ if [ $? != 0 ]; then
+ echo "$(date): Error adding $DEVICE to vrouter"
+ fi
+ fi
+ return 0
+}
+
+DPDK_BIND=/opt/contrail/bin/dpdk_nic_bind.py
+VROUTER_SERVICE="supervisor-vrouter"
+
+function is_vrouter_dpdk_running() {
+ # check for NetLink TCP socket
+ lsof -ni:20914 -sTCP:LISTEN > /dev/null
+
+ return $?
+}
+
+function agent_conf_read() {
+ eval `cat ${CONFIG} | grep -E '^\s*physical_\w+\s*='`
+}
+
+function vrouter_dpdk_if_bind() {
+ if [ ! -s /sys/class/net/${dev}/address ]; then
+ echo "No ${dev} device found."
+ ${DPDK_BIND} --status
+ return 1
+ fi
+
+ modprobe igb_uio
+ # multiple kthreads for port monitoring
+ modprobe rte_kni kthread_mode=multiple
+
+ ${DPDK_BIND} --force --bind=igb_uio $dev
+ ${DPDK_BIND} --status
+}
+
+function vrouter_dpdk_if_unbind() {
+ if [ -s /sys/class/net/${dev}/address ]; then
+ echo "Device ${dev} is already unbinded."
+ ${DPDK_BIND} --status
+ return 1
+ fi
+
+ agent_conf_read
+
+ DEV_PCI=${physical_interface_address}
+ DEV_DRIVER=`lspci -vmmks ${DEV_PCI} | grep 'Module:' | cut -d $'\t' -f 2`
+
+ if [ -z "${DEV_DRIVER}" -o -z "${DEV_PCI}" ]; then
+ echo "No device ${dev} configuration found in ${AGENT_DPDK_PARAMS_FILE}"
+ return 1
+ fi
+
+ # wait for vRouter/DPDK to stop
+ echo "$(date): Waiting for vRouter/DPDK to stop..."
+ loops=0
+ while is_vrouter_dpdk_running
+ do
+ sleep 1
+ loops=$(($loops + 1))
+ if [ $loops -ge 60 ]; then
+ echo "vRouter/DPDK is still running."
+ echo "Please try to stop ${VROUTER_SERVICE} service."
+ return 1
+ fi
+ done
+
+ ${DPDK_BIND} --force --bind=${DEV_DRIVER} ${DEV_PCI}
+ ${DPDK_BIND} --status
+
+ rmmod rte_kni
+ rmmod igb_uio
+}
diff --git a/ansible/roles/open-contrail/vars/Debian.yml b/ansible/roles/open-contrail/vars/Debian.yml
new file mode 100755
index 0000000..845aa78
--- /dev/null
+++ b/ansible/roles/open-contrail/vars/Debian.yml
@@ -0,0 +1,48 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+package: "contrail-install-packages_2.21-102-ubuntu-14-04juno_all.deb"
+
+common_package:
+ - contrail-setup
+
+kernel_package:
+ - linux-headers-3.13.0-40
+ - linux-headers-3.13.0-40-generic
+ - linux-image-3.13.0-40-generic
+ - linux-image-extra-3.13.0-40-generic
+
+kernel_required: "3.13.0-40-generic"
+
+database_package:
+ - contrail-openstack-database
+
+config_package:
+ - contrail-openstack-config
+
+control_package:
+ - contrail-openstack-control
+
+collector_package:
+ - contrail-openstack-analytics
+
+webui_package:
+ - contrail-openstack-webui
+
+vrouter_package:
+ - contrail-vrouter-3.13.0-40-generic
+
+dkms_package:
+ - contrail-vrouter-dkms
+
+compute_package:
+ - contrail-vrouter-common
+ - contrail-nova-vif
+
diff --git a/ansible/roles/open-contrail/vars/RedHat.yml b/ansible/roles/open-contrail/vars/RedHat.yml
new file mode 100755
index 0000000..d760b4e
--- /dev/null
+++ b/ansible/roles/open-contrail/vars/RedHat.yml
@@ -0,0 +1,9 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
diff --git a/ansible/roles/open-contrail/vars/main.yml b/ansible/roles/open-contrail/vars/main.yml
new file mode 100755
index 0000000..6facb47
--- /dev/null
+++ b/ansible/roles/open-contrail/vars/main.yml
@@ -0,0 +1,86 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+#package: "contrail-install-packages_2.21-102~juno_all.deb" # mv to {os}.yml
+kernel_install: no
+#ansible_ssh_user: "root"
+#ansible_ssh_pass: "root"
+
+#contrail_keystone_address: "{{ internal_vip.ip }}"
+contrail_keystone_address: "{{ public_vip.ip }}"
+contrail_admin_user: "admin"
+contrail_admin_password: "console"
+
+
+# network infor adapter for compass
+# contrail_address: "{{ internal_ip }}"
+contrail_address: "{{ ip_settings[inventory_hostname]['br-prv']['ip'] }}"
+#contrail_device: # compass openstack device
+contrail_netmask: "255.255.255.0"
+#contrail_gateway: "10.84.50.254"
+contrail_gateway:
+#contrail_mgmt_address: "172.27.113.91"
+
+
+
+###########################################################
+### we make an independent NIC for OpenContrail vRouter ###
+###########################################################
+contrail_vhost_device: "{{ network_cfg['provider_net_mappings'][0]['interface'] }}"
+contrail_vhost_address: "{{ ip_settings[inventory_hostname]['br-prv']['ip'] }}"
+contrail_vhost_gateway: "{{ ip_settings[inventory_hostname]['br-prv']['gw'] }}"
+contrail_vhost_netmask: "{{ ip_settings[inventory_hostname]['br-prv']['netmask'] }}"
+###########################################################
+###########################################################
+###########################################################
+
+
+
+
+contrail_keepalived: no
+#contrail_haproxy_address: "10.0.0.22" # 10.0.0.80
+#contrail_haproxy_address: "{{ internal_vip.ip }}"
+contrail_haproxy_address: "{{ public_vip.ip }}"
+contrail_netmask: "255.255.255.0"
+contrail_prefixlen: "24"
+contrail_gateway: "10.0.0.1"
+
+contrail_router_asn: "64512"
+
+### Modify when need openstack provisioning
+keystone_provision: no
+install_nova: no
+#rabbit_password: {{ RABBIT_PASS }}
+
+contrail_tor_agents:
+ - name: "test01"
+ address: "10.0.0.81"
+ ovs_protocol: "pssl"
+ ovs_port: "9991"
+ tunnel_address: "10.0.0.81"
+ http_server_port: "9011"
+ vendor_name: "Juniper"
+ product_name: "QFX5100"
+ tsn_names: [ "system002" ]
+ - name: "test02"
+ address: "10.0.0.82"
+ ovs_protocol: "pssl"
+ ovs_port: "9992"
+ tunnel_address: "10.0.0.82"
+ http_server_port: "9012"
+ vendor_name: "Juniper"
+ product_name: "QFX5100"
+ tsn_names: [ "system002" ]
+
+
+# adapter for compass
+kernel_package_noarch: []
+
+compute_package_noarch: []
+
diff --git a/ansible/roles/plumgrid-plugin/tasks/main.yml b/ansible/roles/plumgrid-plugin/tasks/main.yml
deleted file mode 100644
index 7784be0..0000000
--- a/ansible/roles/plumgrid-plugin/tasks/main.yml
+++ /dev/null
@@ -1,148 +0,0 @@
-#
-# Copyright (c) 2012-2015, PLUMgrid, http://plumgrid.com
-#
-
-# Create a PLUMgrid sources.list
-- name: Create plumgrid sources.list
- lineinfile:
- dest: /etc/apt/sources.list.d/plumgrid.list
- line: "deb {{ plumgrid_repo }}/plumgrid ./"
- state: present
- create: yes
-
-# Point to LCM repo create a PLUMgrid sources.list
-- name: Add plumgrid-images to repo
- lineinfile:
- dest: /etc/apt/sources.list.d/plumgrid.list
- line: "deb {{ plumgrid_repo }}/plumgrid-images ./"
- state: present
-
-# Update repositories
-- name: Running apt-update
- apt:
- update_cache: yes
-
-# Install package neutron-plugin-plumgrid
-- name: Install neutron-plugin-plumgrid
- apt:
- name: neutron-plugin-plumgrid
- state: present
-
-# Install package plumgrid-pythonlib
-- name: Install plumgrid-pythonlib
- apt:
- name: plumgrid-pythonlib
- state: present
-
-# Modify template fies
-- name: Setup plumgrid.ini
- template: >
- src=plumgrid.ini
- dest=/etc/neutron/plugins/plumgrid/plumgrid.ini
- owner={{ system_group }}
- group={{ system_user }}
-
-- name: Replace plugin.ini reference
- replace:
- dest: /etc/default/neutron-server
- regexp: "^NEUTRON_PLUGIN_CONFIG.*"
- replace: "NEUTRON_PLUGIN_CONFIG=\"/etc/neutron/plugins/plumgrid/plumgrid.ini\""
-
-# Modify neutron configuration
-- name: Add plumlib template
- template: >
- src=plumlib.py
- dest=/usr/lib/python2.7/dist-packages/neutron/plugins/plumgrid/drivers/plumlib.py
- owner={{ system_group }}
- group={{ system_user }}
-
-- name: Replace plugin with Plumgrid
- replace:
- dest: /etc/neutron/neutron.conf
- regexp: '^core_plugin.*'
- replace: 'core_plugin = neutron.plugins.plumgrid.plumgrid_plugin.plumgrid_plugin.NeutronPluginPLUMgridV2'
-
-- name: Replace mysql connection spec
- replace:
- dest: /etc/neutron/neutron.conf
- regexp: '^connection.*'
- replace: 'connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/ovs_neutron'
-
-- name: Comment service_plugins
- replace:
- dest: /etc/neutron/neutron.conf
- regexp: '^service_plugins'
- replace: '#service_plugins'
-
-- name: Update nova.conf
- lineinfile:
- dest: "/etc/nova/nova.conf"
- insertafter: "DEFAULT"
- state: present
- create: yes
- line: "{{ item }}"
- with_items:
- - libvirt_cpu_mode=none
- - libvirt_vif_type=ethernet
- - scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
-
-- name: Add plumgrid_plugin template
- template: >
- src=plumgrid_plugin.py
- dest=/usr/lib/python2.7/dist-packages/neutron/plugins/plumgrid/plumgrid_plugin/plumgrid_plugin.py
- owner={{ system_group }}
- group={{ system_user }}
-
-- name: Add plumlib filters
- template: >
- src=plumlib.filters
- dest=/etc/neutron/rootwrap.d/plumlib.filters
- owner={{ system_group }}
- group={{ system_user }}
-
-- name: Update Plumlib authentication
- replace:
- dest: /etc/neutron/plugins/plumgrid/plumlib.ini
- regexp: '#admin_user = admin_username'
- replace: 'admin_user = neutron'
-
-- replace:
- dest: /etc/neutron/plugins/plumgrid/plumlib.ini
- regexp: '#admin_password = admin_password'
- replace: 'admin_password = {{ neutron_service_password }}'
-
-- replace:
- dest: /etc/neutron/plugins/plumgrid/plumlib.ini
- regexp: '#auth_uri = http://127.0.0.1:35357/v2.0/'
- replace: 'auth_uri = http://{{ internal_lb_vip_address }}:5000/v2.0'
-
-- replace:
- dest: /etc/neutron/plugins/plumgrid/plumlib.ini
- regexp: '#admin_tenant_name = admin_tenant_name'
- replace: 'admin_tenant_name = service'
-
-# Enable Metadata
-- name: Enable Metadata
- replace:
- dest: /etc/neutron/plugins/plumgrid/plumlib.ini
- regexp: 'enable_pg_metadata = False'
- replace: 'enable_pg_metadata = True'
- when: enable_pg_metadata == True
-
-- name: Enable Metadata mode
- replace:
- dest: /etc/neutron/plugins/plumgrid/plumlib.ini
- regexp: 'metadata_mode = tunnel'
- replace: 'metadata_mode = local'
- when: enable_pg_metadata == True
-
-- name: Replace plugin config file
- replace:
- dest: /etc/init/neutron-server.conf
- regexp: '/etc/neutron/plugins/ml2/ml2_conf.ini'
- replace: '/etc/neutron/plugins/plumgrid/plumgrid.ini'
-
-- name: Start neutron server
- service: name=neutron-server state=restarted
- register: service_started
- failed_when: "'msg' in service_started and 'FAIL' in service_started.msg|upper"
diff --git a/ansible/roles/plumgrid-plugin/templates/plumgrid.ini b/ansible/roles/plumgrid-plugin/templates/plumgrid.ini
deleted file mode 100644
index 49d6ce5..0000000
--- a/ansible/roles/plumgrid-plugin/templates/plumgrid.ini
+++ /dev/null
@@ -1,14 +0,0 @@
-# Config file for Neutron PLUMgrid Plugin
-
-[plumgriddirector]
-# This line should be pointing to the PLUMgrid Director,
-# for the PLUMgrid platform.
-director_server={{ pg_vip }}
-director_server_port=443
-# Authentification parameters for the Director.
-# These are the admin credentials to manage and control
-# the PLUMgrid Director server.
-username=plumgrid
-password=plumgrid
-servertimeout=70
-connection = mysql://neutron:{{ neutron_container_mysql_password }}@{{ internal_lb_vip_address }}/neutron?charset=utf8
diff --git a/ansible/roles/plumgrid-plugin/templates/plumgrid_plugin.py b/ansible/roles/plumgrid-plugin/templates/plumgrid_plugin.py
deleted file mode 100644
index dde32bb..0000000
--- a/ansible/roles/plumgrid-plugin/templates/plumgrid_plugin.py
+++ /dev/null
@@ -1,811 +0,0 @@
-# Copyright 2013 PLUMgrid, Inc. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# @author: Fawad Khaliq, fawad@plumgrid.com, PLUMgrid, Inc.
-
-"""
-Neutron Plug-in for PLUMgrid Virtual Networking Infrastructure (VNI)
-This plugin will forward authenticated REST API calls
-to the PLUMgrid Network Management System called Director
-"""
-
-import netaddr
-from oslo.config import cfg
-from sqlalchemy.orm import exc as sa_exc
-
-from neutron.api.v2 import attributes
-from neutron.common import constants
-from neutron.common import utils
-from neutron.db import db_base_plugin_v2
-from neutron.db import external_net_db
-from neutron.db import extraroute_db
-from neutron.db import l3_db
-from neutron.db import portbindings_db
-from neutron.db import quota_db # noqa
-from neutron.db import securitygroups_db
-from neutron.extensions import portbindings
-from neutron.extensions import extraroute
-from neutron.extensions import securitygroup as sec_grp
-from neutron.openstack.common import importutils
-from neutron.openstack.common import log as logging
-from neutron.plugins.plumgrid.common import exceptions as plum_excep
-from neutron.plugins.plumgrid.plumgrid_plugin.plugin_ver import VERSION
-
-LOG = logging.getLogger(__name__)
-
-director_server_opts = [
- cfg.StrOpt('director_server', default='localhost',
- help=_("PLUMgrid Director server to connect to")),
- cfg.StrOpt('director_server_port', default='8080',
- help=_("PLUMgrid Director server port to connect to")),
- cfg.StrOpt('username', default='username',
- help=_("PLUMgrid Director admin username")),
- cfg.StrOpt('password', default='password', secret=True,
- help=_("PLUMgrid Director admin password")),
- cfg.IntOpt('servertimeout', default=5,
- help=_("PLUMgrid Director server timeout")),
- cfg.StrOpt('driver',
- default="neutron.plugins.plumgrid.drivers.plumlib.Plumlib",
- help=_("PLUMgrid Driver")), ]
-
-cfg.CONF.register_opts(director_server_opts, "plumgriddirector")
-
-
-class NeutronPluginPLUMgridV2(db_base_plugin_v2.NeutronDbPluginV2,
- external_net_db.External_net_db_mixin,
- extraroute_db.ExtraRoute_db_mixin,
- l3_db.L3_NAT_db_mixin,
- portbindings_db.PortBindingMixin,
- securitygroups_db.SecurityGroupDbMixin):
-
- supported_extension_aliases = ["binding", "external-net", "provider",
- "quotas", "router", "security-group", "extraroute"]
-
- binding_view = "extension:port_binding:view"
- binding_set = "extension:port_binding:set"
-
- def __init__(self):
- LOG.info(_('Neutron PLUMgrid Director: Starting Plugin'))
-
- super(NeutronPluginPLUMgridV2, self).__init__()
- self.plumgrid_init()
-
- LOG.debug(_('Neutron PLUMgrid Director: Neutron server with '
- 'PLUMgrid Plugin has started'))
-
- def plumgrid_init(self):
- """PLUMgrid initialization."""
- director_plumgrid = cfg.CONF.plumgriddirector.director_server
- director_port = cfg.CONF.plumgriddirector.director_server_port
- director_admin = cfg.CONF.plumgriddirector.username
- director_password = cfg.CONF.plumgriddirector.password
- timeout = cfg.CONF.plumgriddirector.servertimeout
- plum_driver = cfg.CONF.plumgriddirector.driver
-
- # PLUMgrid Director info validation
- LOG.info(_('Neutron PLUMgrid Director: %s'), director_plumgrid)
- self._plumlib = importutils.import_object(plum_driver)
- self._plumlib.director_conn(director_plumgrid, director_port, timeout,
- director_admin, director_password)
-
- def create_network(self, context, network):
- """Create Neutron network.
-
- Creates a PLUMgrid-based bridge.
- """
-
- LOG.debug(_('Neutron PLUMgrid Director: create_network() called'))
-
- # Plugin DB - Network Create and validation
- tenant_id = self._get_tenant_id_for_create(context,
- network["network"])
- self._network_admin_state(network)
-
- with context.session.begin(subtransactions=True):
- net_db = super(NeutronPluginPLUMgridV2,
- self).create_network(context, network)
- # Propagate all L3 data into DB
- self._process_l3_create(context, net_db, network['network'])
- self._ensure_default_security_group(context, tenant_id)
-
- try:
- LOG.debug(_('PLUMgrid Library: create_network() called'))
- self._plumlib.create_network(tenant_id, net_db, network)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- # Return created network
- return net_db
-
- def update_network(self, context, net_id, network):
- """Update Neutron network.
-
- Updates a PLUMgrid-based bridge.
- """
-
- LOG.debug(_("Neutron PLUMgrid Director: update_network() called"))
- self._network_admin_state(network)
- tenant_id = self._get_tenant_id_for_create(context, network["network"])
-
- with context.session.begin(subtransactions=True):
- # Plugin DB - Network Update
- net_db = super(
- NeutronPluginPLUMgridV2, self).update_network(context,
- net_id, network)
- self._process_l3_update(context, net_db, network['network'])
-
- try:
- LOG.debug(_("PLUMgrid Library: update_network() called"))
- self._plumlib.update_network(tenant_id, net_id, network)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- # Return updated network
- return net_db
-
- def delete_network(self, context, net_id):
- """Delete Neutron network.
-
- Deletes a PLUMgrid-based bridge.
- """
-
- LOG.debug(_("Neutron PLUMgrid Director: delete_network() called"))
- net_db = super(NeutronPluginPLUMgridV2,
- self).get_network(context, net_id)
-
- with context.session.begin(subtransactions=True):
- # Plugin DB - Network Delete
- super(NeutronPluginPLUMgridV2, self).delete_network(context,
- net_id)
-
- try:
- LOG.debug(_("PLUMgrid Library: update_network() called"))
- self._plumlib.delete_network(net_db, net_id)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- @utils.synchronized('plumlib', external=True)
- def create_port(self, context, port):
- """Create Neutron port.
-
- Creates a PLUMgrid-based port on the specific Virtual Network
- Function (VNF).
- """
- LOG.debug(_("Neutron PLUMgrid Director: create_port() called"))
-
- # Port operations on PLUMgrid Director is an automatic operation
- # from the VIF driver operations in Nova.
- # It requires admin_state_up to be True
-
- port["port"]["admin_state_up"] = True
- port_data = port["port"]
-
- with context.session.begin(subtransactions=True):
- # Plugin DB - Port Create and Return port
- port_db = super(NeutronPluginPLUMgridV2, self).create_port(context,
- port)
- # Update port security
- port_data.update(port_db)
-
- self._ensure_default_security_group_on_port(context, port)
-
- port_data[sec_grp.SECURITYGROUPS] = (
- self._get_security_groups_on_port(context, port))
-
- self._process_port_create_security_group(
- context, port_db, port_data[sec_grp.SECURITYGROUPS])
-
- self._process_portbindings_create_and_update(context,
- port_data, port_db)
-
- device_id = port_db["device_id"]
- if port_db["device_owner"] == constants.DEVICE_OWNER_ROUTER_GW:
- router_db = self._get_router(context, device_id)
- else:
- router_db = None
-
- try:
- LOG.debug(_("PLUMgrid Library: create_port() called"))
- self._plumlib.create_port(port_db, router_db)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- # Plugin DB - Port Create and Return port
- return self._port_viftype_binding(context, port_db)
-
- @utils.synchronized('plumlib', external=True)
- def update_port(self, context, port_id, port):
- """Update Neutron port.
-
- Updates a PLUMgrid-based port on the specific Virtual Network
- Function (VNF).
- """
- LOG.debug(_("Neutron PLUMgrid Director: update_port() called"))
-
- with context.session.begin(subtransactions=True):
- # Plugin DB - Port Create and Return port
- port_db = super(NeutronPluginPLUMgridV2, self).update_port(
- context, port_id, port)
- device_id = port_db["device_id"]
- if port_db["device_owner"] == constants.DEVICE_OWNER_ROUTER_GW:
- router_db = self._get_router(context, device_id)
- else:
- router_db = None
-
- if (self._check_update_deletes_security_groups(port) or
- self._check_update_has_security_groups(port)):
- self._delete_port_security_group_bindings(context,
- port_db["id"])
- sg_ids = self._get_security_groups_on_port(context, port)
- self._process_port_create_security_group(context,
- port_db,
- sg_ids)
-
- self._process_portbindings_create_and_update(context,
- port['port'],
- port_db)
-
- try:
- LOG.debug(_("PLUMgrid Library: create_port() called"))
- self._plumlib.update_port(port_db, router_db)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- # Plugin DB - Port Update
- return self._port_viftype_binding(context, port_db)
-
- @utils.synchronized('plumlib', external=True)
- def delete_port(self, context, port_id, l3_port_check=True):
- """Delete Neutron port.
-
- Deletes a PLUMgrid-based port on the specific Virtual Network
- Function (VNF).
- """
-
- LOG.debug(_("Neutron PLUMgrid Director: delete_port() called"))
-
- with context.session.begin(subtransactions=True):
- # Plugin DB - Port Create and Return port
- port_db = super(NeutronPluginPLUMgridV2,
- self).get_port(context, port_id)
- router_ids = self.disassociate_floatingips(
- context, port_id, do_notify=False)
- super(NeutronPluginPLUMgridV2, self).delete_port(context, port_id)
-
- if port_db["device_owner"] == constants.DEVICE_OWNER_ROUTER_GW:
- device_id = port_db["device_id"]
- router_db = self._get_router(context, device_id)
- else:
- router_db = None
- try:
- LOG.debug(_("PLUMgrid Library: delete_port() called"))
- self._plumlib.delete_port(port_db, router_db)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- # now that we've left db transaction, we are safe to notify
- self.notify_routers_updated(context, router_ids)
-
- def get_port(self, context, id, fields=None):
- with context.session.begin(subtransactions=True):
- port_db = super(NeutronPluginPLUMgridV2,
- self).get_port(context, id, fields)
-
- self._port_viftype_binding(context, port_db)
- return self._fields(port_db, fields)
-
- def get_ports(self, context, filters=None, fields=None):
- with context.session.begin(subtransactions=True):
- ports_db = super(NeutronPluginPLUMgridV2,
- self).get_ports(context, filters, fields)
- for port_db in ports_db:
- self._port_viftype_binding(context, port_db)
- return [self._fields(port, fields) for port in ports_db]
-
- def create_subnet(self, context, subnet):
- """Create Neutron subnet.
-
- Creates a PLUMgrid-based DHCP and NAT Virtual Network
- Functions (VNFs).
- """
-
- LOG.debug(_("Neutron PLUMgrid Director: create_subnet() called"))
-
- with context.session.begin(subtransactions=True):
- # Plugin DB - Subnet Create
- net_db = super(NeutronPluginPLUMgridV2, self).get_network(
- context, subnet['subnet']['network_id'], fields=None)
- s = subnet['subnet']
- ipnet = netaddr.IPNetwork(s['cidr'])
-
- # PLUMgrid Director reserves the last IP address for GW
- # when is not defined
- if s['gateway_ip'] is attributes.ATTR_NOT_SPECIFIED:
- gw_ip = str(netaddr.IPAddress(ipnet.last - 1))
- subnet['subnet']['gateway_ip'] = gw_ip
-
- # PLUMgrid reserves the first IP
- if s['allocation_pools'] == attributes.ATTR_NOT_SPECIFIED:
- allocation_pool = self._allocate_pools_for_subnet(context, s)
- subnet['subnet']['allocation_pools'] = allocation_pool
-
- sub_db = super(NeutronPluginPLUMgridV2, self).create_subnet(
- context, subnet)
-
- try:
- LOG.debug(_("PLUMgrid Library: create_subnet() called"))
- self._plumlib.create_subnet(sub_db, net_db, ipnet)
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- return sub_db
-
- def delete_subnet(self, context, subnet_id):
- """Delete subnet core Neutron API."""
-
- LOG.debug(_("Neutron PLUMgrid Director: delete_subnet() called"))
- # Collecting subnet info
- sub_db = self._get_subnet(context, subnet_id)
- net_id = sub_db["network_id"]
- net_db = self.get_network(context, net_id)
- tenant_id = net_db["tenant_id"]
-
- with context.session.begin(subtransactions=True):
- # Plugin DB - Subnet Delete
- super(NeutronPluginPLUMgridV2, self).delete_subnet(
- context, subnet_id)
- try:
- LOG.debug(_("PLUMgrid Library: delete_subnet() called"))
- self._plumlib.delete_subnet(tenant_id, net_db, net_id)
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- def update_subnet(self, context, subnet_id, subnet):
- """Update subnet core Neutron API."""
-
- LOG.debug(_("update_subnet() called"))
- # Collecting subnet info
- orig_sub_db = self._get_subnet(context, subnet_id)
-
- with context.session.begin(subtransactions=True):
- # Plugin DB - Subnet Update
- new_sub_db = super(NeutronPluginPLUMgridV2,
- self).update_subnet(context, subnet_id, subnet)
- ipnet = netaddr.IPNetwork(new_sub_db['cidr'])
-
- try:
- # PLUMgrid Server does not support updating resources yet
- LOG.debug(_("PLUMgrid Library: update_network() called"))
- self._plumlib.update_subnet(orig_sub_db, new_sub_db, ipnet)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- return new_sub_db
-
- def create_router(self, context, router):
- """
- Create router extension Neutron API
- """
- LOG.debug(_("Neutron PLUMgrid Director: create_router() called"))
-
- tenant_id = self._get_tenant_id_for_create(context, router["router"])
-
- with context.session.begin(subtransactions=True):
-
- # Create router in DB
- router_db = super(NeutronPluginPLUMgridV2,
- self).create_router(context, router)
- # Create router on the network controller
- try:
- # Add Router to VND
- LOG.debug(_("PLUMgrid Library: create_router() called"))
- self._plumlib.create_router(tenant_id, router_db)
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- # Return created router
- return router_db
-
- def update_router(self, context, router_id, router):
-
- LOG.debug(_("Neutron PLUMgrid Director: update_router() called"))
-
- with context.session.begin(subtransactions=True):
- router_db = super(NeutronPluginPLUMgridV2,
- self).update_router(context, router_id, router)
- try:
- LOG.debug(_("PLUMgrid Library: update_router() called"))
- self._plumlib.update_router(router_db, router_id)
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- # Return updated router
- return router_db
-
- def delete_router(self, context, router_id):
- LOG.debug(_("Neutron PLUMgrid Director: delete_router() called"))
-
- with context.session.begin(subtransactions=True):
- orig_router = self._get_router(context, router_id)
- tenant_id = orig_router["tenant_id"]
-
- super(NeutronPluginPLUMgridV2, self).delete_router(context,
- router_id)
-
- try:
- LOG.debug(_("PLUMgrid Library: delete_router() called"))
- self._plumlib.delete_router(tenant_id, router_id)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- def add_router_interface(self, context, router_id, interface_info):
-
- LOG.debug(_("Neutron PLUMgrid Director: "
- "add_router_interface() called"))
- with context.session.begin(subtransactions=True):
- # Validate args
- router_db = self._get_router(context, router_id)
- tenant_id = router_db['tenant_id']
-
- # Create interface in DB
- int_router = super(NeutronPluginPLUMgridV2,
- self).add_router_interface(context,
- router_id,
- interface_info)
- port_db = self._get_port(context, int_router['port_id'])
- subnet_id = port_db["fixed_ips"][0]["subnet_id"]
- subnet_db = super(NeutronPluginPLUMgridV2,
- self)._get_subnet(context, subnet_id)
- ipnet = netaddr.IPNetwork(subnet_db['cidr'])
-
- # Create interface on the network controller
- try:
- LOG.debug(_("PLUMgrid Library: add_router_interface() called"))
- self._plumlib.add_router_interface(tenant_id, router_id,
- port_db, ipnet)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- return int_router
-
- def remove_router_interface(self, context, router_id, int_info):
-
- LOG.debug(_("Neutron PLUMgrid Director: "
- "remove_router_interface() called"))
- with context.session.begin(subtransactions=True):
- # Validate args
- router_db = self._get_router(context, router_id)
- tenant_id = router_db['tenant_id']
- if 'port_id' in int_info:
- port = self._get_port(context, int_info['port_id'])
- net_id = port['network_id']
-
- elif 'subnet_id' in int_info:
- subnet_id = int_info['subnet_id']
- subnet = self._get_subnet(context, subnet_id)
- net_id = subnet['network_id']
-
- # Remove router in DB
- del_int_router = super(NeutronPluginPLUMgridV2,
- self).remove_router_interface(context,
- router_id,
- int_info)
-
- try:
- LOG.debug(_("PLUMgrid Library: "
- "remove_router_interface() called"))
- self._plumlib.remove_router_interface(tenant_id,
- net_id, router_id)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- return del_int_router
-
- def create_floatingip(self, context, floatingip):
- LOG.debug(_("Neutron PLUMgrid Director: create_floatingip() called"))
-
- try:
- floating_ip = None
- floating_ip = super(NeutronPluginPLUMgridV2,
- self).create_floatingip(context, floatingip)
- LOG.debug(_("PLUMgrid Library: create_floatingip() called"))
- self._plumlib.create_floatingip(floating_ip)
-
- return floating_ip
- except Exception as err_message:
- if floating_ip is not None:
- self.delete_floatingip(context, floating_ip["id"])
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- def update_floatingip(self, context, id, floatingip):
- LOG.debug(_("Neutron PLUMgrid Director: update_floatingip() called"))
-
- try:
- floating_ip_orig = super(NeutronPluginPLUMgridV2,
- self).get_floatingip(context, id)
- floating_ip = super(NeutronPluginPLUMgridV2,
- self).update_floatingip(context, id,
- floatingip)
- LOG.debug(_("PLUMgrid Library: update_floatingip() called"))
- self._plumlib.update_floatingip(floating_ip_orig, floating_ip,
- id)
-
- return floating_ip
- except Exception as err_message:
- if floatingip['floatingip']['port_id']:
- self.disassociate_floatingips(context,
- floatingip['floatingip']['port_id'],
- do_notify=False)
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- def delete_floatingip(self, context, id):
- LOG.debug(_("Neutron PLUMgrid Director: delete_floatingip() called"))
-
- floating_ip_orig = super(NeutronPluginPLUMgridV2,
- self).get_floatingip(context, id)
- try:
- LOG.debug(_("PLUMgrid Library: delete_floatingip() called"))
- self._plumlib.delete_floatingip(floating_ip_orig, id)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- super(NeutronPluginPLUMgridV2, self).delete_floatingip(context, id)
-
- def disassociate_floatingips(self, context, port_id, do_notify=True):
- LOG.debug(_("Neutron PLUMgrid Director: disassociate_floatingips() "
- "called"))
-
- try:
- fip_qry = context.session.query(l3_db.FloatingIP)
- floating_ip = fip_qry.filter_by(fixed_port_id=port_id).one()
-
- LOG.debug(_("PLUMgrid Library: disassociate_floatingips()"
- " called"))
- self._plumlib.disassociate_floatingips(floating_ip, port_id)
-
- except sa_exc.NoResultFound:
- pass
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- return super(NeutronPluginPLUMgridV2,
- self).disassociate_floatingips(
- context, port_id, do_notify=do_notify)
-
- def create_security_group(self, context, security_group, default_sg=False):
- """Create a security group
-
- Create a new security group, including the default security group
- """
- LOG.debug("Neutron PLUMgrid Director: create_security_group()"
- " called")
-
- with context.session.begin(subtransactions=True):
-
- sg = security_group.get('security_group')
-
- tenant_id = self._get_tenant_id_for_create(context, sg)
- if not default_sg:
- self._ensure_default_security_group(context, tenant_id)
-
- sg_db = super(NeutronPluginPLUMgridV2,
- self).create_security_group(context, security_group,
- default_sg)
- try:
- LOG.debug("PLUMgrid Library: create_security_group()"
- " called")
- self._plumlib.create_security_group(sg_db)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- return sg_db
-
- def update_security_group(self, context, sg_id, security_group):
- """Update a security group
-
- Update security group name/description in Neutron and PLUMgrid
- platform
- """
- with context.session.begin(subtransactions=True):
- sg_db = (super(NeutronPluginPLUMgridV2,
- self).update_security_group(context,
- sg_id,
- security_group))
- if ('name' in security_group['security_group'] and
- sg_db['name'] != 'default'):
- try:
- LOG.debug("PLUMgrid Library: update_security_group()"
- " called")
- self._plumlib.update_security_group(sg_db)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
- return sg_db
-
- def delete_security_group(self, context, sg_id):
- """Delete a security group
-
- Delete security group from Neutron and PLUMgrid Platform
-
- :param sg_id: security group ID of the rule to be removed
- """
- with context.session.begin(subtransactions=True):
-
- sg = super(NeutronPluginPLUMgridV2, self).get_security_group(
- context, sg_id)
- if not sg:
- raise sec_grp.SecurityGroupNotFound(id=sg_id)
-
- if sg['name'] == 'default' and not context.is_admin:
- raise sec_grp.SecurityGroupCannotRemoveDefault()
-
- sec_grp_ip = sg['id']
- filters = {'security_group_id': [sec_grp_ip]}
- if super(NeutronPluginPLUMgridV2,
- self)._get_port_security_group_bindings(context,
- filters):
- raise sec_grp.SecurityGroupInUse(id=sec_grp_ip)
-
- sec_db = super(NeutronPluginPLUMgridV2,
- self).delete_security_group(context, sg_id)
- try:
- LOG.debug("PLUMgrid Library: delete_security_group()"
- " called")
- self._plumlib.delete_security_group(sg)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- return sec_db
-
- def create_security_group_rule(self, context, security_group_rule):
- """Create a security group rule
-
- Create a security group rule in Neutron and PLUMgrid Platform
- """
- LOG.debug("Neutron PLUMgrid Director: create_security_group_rule()"
- " called")
- bulk_rule = {'security_group_rules': [security_group_rule]}
- return self.create_security_group_rule_bulk(context, bulk_rule)[0]
-
- def create_security_group_rule_bulk(self, context, security_group_rule):
- """Create security group rules
-
- Create security group rules in Neutron and PLUMgrid Platform
-
- :param security_group_rule: list of rules to create
- """
- sg_rules = security_group_rule.get('security_group_rules')
-
- with context.session.begin(subtransactions=True):
- sg_id = super(NeutronPluginPLUMgridV2,
- self)._validate_security_group_rules(
- context, security_group_rule)
-
- # Check to make sure security group exists
- security_group = super(NeutronPluginPLUMgridV2,
- self).get_security_group(context,
- sg_id)
-
- if not security_group:
- raise sec_grp.SecurityGroupNotFound(id=sg_id)
-
- # Check for duplicate rules
- self._check_for_duplicate_rules(context, sg_rules)
-
- sec_db = (super(NeutronPluginPLUMgridV2,
- self).create_security_group_rule_bulk_native(
- context, security_group_rule))
- try:
- LOG.debug(_("PLUMgrid Library: create_security_"
- "group_rule_bulk() called"))
- self._plumlib.create_security_group_rule_bulk(sec_db)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- return sec_db
-
- def delete_security_group_rule(self, context, sgr_id):
- """Delete a security group rule
-
- Delete a security group rule in Neutron and PLUMgrid Platform
- """
-
- LOG.debug("Neutron PLUMgrid Director: delete_security_group_rule()"
- " called")
-
- sgr = (super(NeutronPluginPLUMgridV2,
- self).get_security_group_rule(context, sgr_id))
-
- if not sgr:
- raise sec_grp.SecurityGroupRuleNotFound(id=sgr_id)
-
- super(NeutronPluginPLUMgridV2,
- self).delete_security_group_rule(context, sgr_id)
- try:
- LOG.debug("PLUMgrid Library: delete_security_"
- "group_rule() called")
- self._plumlib.delete_security_group_rule(sgr)
-
- except Exception as err_message:
- raise plum_excep.PLUMgridException(err_msg=err_message)
-
- """
- Internal PLUMgrid Functions
- """
-
- def _get_plugin_version(self):
- return VERSION
-
- def _port_viftype_binding(self, context, port):
- port[portbindings.VIF_TYPE] = portbindings.VIF_TYPE_IOVISOR
- port[portbindings.VIF_DETAILS] = {
- # TODO(rkukura): Replace with new VIF security details
- portbindings.CAP_PORT_FILTER:
- 'security-group' in self.supported_extension_aliases}
- return port
-
- def _network_admin_state(self, network):
- if network["network"].get("admin_state_up") is False:
- LOG.warning("Networks with admin_state_up=False are not "
- "supported by PLUMgrid plugin yet.")
- return network
-
- def _allocate_pools_for_subnet(self, context, subnet):
- """Create IP allocation pools for a given subnet
-
- Pools are defined by the 'allocation_pools' attribute,
- a list of dict objects with 'start' and 'end' keys for
- defining the pool range.
- Modified from Neutron DB based class
-
- """
-
- pools = []
- # Auto allocate the pool around gateway_ip
- net = netaddr.IPNetwork(subnet['cidr'])
- boundary = int(netaddr.IPAddress(subnet['gateway_ip'] or net.last))
- potential_dhcp_ip = int(net.first + 1)
- if boundary == potential_dhcp_ip:
- first_ip = net.first + 3
- boundary = net.first + 2
- else:
- first_ip = net.first + 2
- last_ip = net.last - 1
- # Use the gw_ip to find a point for splitting allocation pools
- # for this subnet
- split_ip = min(max(boundary, net.first), net.last)
- if split_ip > first_ip:
- pools.append({'start': str(netaddr.IPAddress(first_ip)),
- 'end': str(netaddr.IPAddress(split_ip - 1))})
- if split_ip < last_ip:
- pools.append({'start': str(netaddr.IPAddress(split_ip + 1)),
- 'end': str(netaddr.IPAddress(last_ip))})
- # return auto-generated pools
- # no need to check for their validity
- return pools
diff --git a/ansible/roles/plumgrid-plugin/templates/plumlib.filters b/ansible/roles/plumgrid-plugin/templates/plumlib.filters
deleted file mode 100644
index 2ea6713..0000000
--- a/ansible/roles/plumgrid-plugin/templates/plumlib.filters
+++ /dev/null
@@ -1,23 +0,0 @@
-# neutron-rootwrap command filters for nodes on which neutron is
-# expected to control network
-#
-# This file should be owned by (and only-writeable by) the root user
-
-# format seems to be
-# cmd-name: filter-name, raw-command, user, args
-
-[Filters]
-
-# neutron/agent/linux/iptables_manager.py
-# "iptables-save", ...
-python: CommandFilter, python, root
-ip: CommandFilter, ip, root
-kill: CommandFilter, kill, root
-rm: CommandFilter, rm, root
-ifc_ctl: CommandFilter, /opt/pg/bin/ifc_ctl, root, ifc_ctl
-neutron-ns-metadata-proxy: CommandFilter, /usr/bin/neutron-ns-metadata-proxy, root
-pg-local-metadata: CommandFilter, /usr/local/bin/pg-local-metadata, pg-local-metadata, root
-pg-tunnel-metadata: CommandFilter, /usr/local/bin/pg-tunnel-metadata, pg-tunnel-metadata, root
-ping: RegExpFilter, /bin/ping, root, ping, -w, \d+, -c, \d+, [0-9\.]+
-ping: IpNetnsExecFilter, ping, root
-ping: CommandFilter, ping, root
diff --git a/ansible/roles/plumgrid-plugin/templates/plumlib.py b/ansible/roles/plumgrid-plugin/templates/plumlib.py
deleted file mode 100644
index b06145e..0000000
--- a/ansible/roles/plumgrid-plugin/templates/plumlib.py
+++ /dev/null
@@ -1,118 +0,0 @@
-# Copyright 2013 PLUMgrid, Inc. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# @author: Fawad Khaliq, fawad@plumgrid.com, PLUMgrid, Inc.
-
-"""
-Neutron Plug-in for PLUMgrid Virtual Networking Infrastructure (VNI)
-This plugin will forward authenticated REST API calls
-to the PLUMgrid Network Management System called Director
-"""
-
-from plumgridlib import plumlib
-
-from neutron.openstack.common import log as logging
-
-LOG = logging.getLogger(__name__)
-
-
-class Plumlib(object):
- """
- Class PLUMgrid Python Library. This library is a third-party tool
- needed by PLUMgrid plugin to implement all core API in Neutron.
- """
-
- def __init__(self):
- LOG.info(_('Python PLUMgrid Library Started '))
-
- def director_conn(self, director_plumgrid, director_port, timeout,
- director_admin, director_password):
- self.plumlib = plumlib.Plumlib(director_plumgrid,
- director_port,
- timeout,
- director_admin,
- director_password)
-
- def create_network(self, tenant_id, net_db, network):
- self.plumlib.create_network(tenant_id, net_db, network)
-
- def update_network(self, tenant_id, net_id, network):
- self.plumlib.update_network(tenant_id, net_id, network)
-
- def delete_network(self, net_db, net_id):
- self.plumlib.delete_network(net_db, net_id)
-
- def create_subnet(self, sub_db, net_db, ipnet):
- self.plumlib.create_subnet(sub_db, net_db, ipnet)
-
- def update_subnet(self, orig_sub_db, new_sub_db, ipnet):
- self.plumlib.update_subnet(orig_sub_db, new_sub_db, ipnet)
-
- def delete_subnet(self, tenant_id, net_db, net_id):
- self.plumlib.delete_subnet(tenant_id, net_db, net_id)
-
- def create_port(self, port_db, router_db):
- self.plumlib.create_port(port_db, router_db)
-
- def update_port(self, port_db, router_db):
- self.plumlib.update_port(port_db, router_db)
-
- def delete_port(self, port_db, router_db):
- self.plumlib.delete_port(port_db, router_db)
-
- def create_router(self, tenant_id, router_db):
- self.plumlib.create_router(tenant_id, router_db)
-
- def update_router(self, router_db, router_id):
- self.plumlib.update_router(router_db, router_id)
-
- def delete_router(self, tenant_id, router_id):
- self.plumlib.delete_router(tenant_id, router_id)
-
- def add_router_interface(self, tenant_id, router_id, port_db, ipnet):
- self.plumlib.add_router_interface(tenant_id, router_id, port_db, ipnet)
-
- def remove_router_interface(self, tenant_id, net_id, router_id):
- self.plumlib.remove_router_interface(tenant_id, net_id, router_id)
-
- def create_floatingip(self, floating_ip):
- self.plumlib.create_floatingip(floating_ip)
-
- def update_floatingip(self, floating_ip_orig, floating_ip, id):
- self.plumlib.update_floatingip(floating_ip_orig, floating_ip, id)
-
- def delete_floatingip(self, floating_ip_orig, id):
- self.plumlib.delete_floatingip(floating_ip_orig, id)
-
- def disassociate_floatingips(self, floating_ip, port_id):
- self.plumlib.disassociate_floatingips(floating_ip, port_id)
-
- def create_security_group(self, sg_db):
- self.plumlib.create_security_group(sg_db)
-
- def update_security_group(self, sg_db):
- self.plumlib.update_security_group(sg_db)
-
- def delete_security_group(self, sg_db):
- self.plumlib.delete_security_group(sg_db)
-
- def create_security_group_rule(self, sg_rule_db):
- self.plumlib.create_security_group_rule(sg_rule_db)
-
- def create_security_group_rule_bulk(self, sg_rule_db):
- self.plumlib.create_security_group_rule_bulk(sg_rule_db)
-
- def delete_security_group_rule(self, sg_rule_db):
- self.plumlib.delete_security_group_rule(sg_rule_db)
-
diff --git a/ansible/roles/plumgrid/tasks/main.yml b/ansible/roles/plumgrid/tasks/main.yml
deleted file mode 100644
index 121f24c..0000000
--- a/ansible/roles/plumgrid/tasks/main.yml
+++ /dev/null
@@ -1,156 +0,0 @@
-#
-# Copyright (c) 2012-2015, PLUMgrid, http://plumgrid.com
-#
-
-#- include: plumgrid_packages.yml
-# when: enable_plumgrid == True
-
-# Create a PLUMgrid sources.list
-- name: Create plumgrid sources.list
- lineinfile:
- dest: /etc/apt/sources.list.d/plumgrid.list
- line: "deb {{ plumgrid_repo }}/plumgrid ./"
- state: present
- create: yes
-
-# Create a PLUMgrid sources.list
-- name: Add plumgrid-images to repo
- lineinfile:
- dest: /etc/apt/sources.list.d/plumgrid.list
- line: "deb {{ plumgrid_repo }}/plumgrid-images ./"
- state: present
-
-# Copy GPG-key file to target nodes
-- name: Copy Plumgrid GPG-key file
- command: apt-key adv --keyserver keyserver.ubuntu.com --recv 63F65885554E46B2
-
-# Update repositories
-- name: Running apt-update
- apt:
- update_cache: yes
-
-# for compute hosts
-- name: Create nova ifc_ctl_sudoers file
- lineinfile:
- dest: /etc/sudoers.d/ifc_ctl_sudoers
- line: "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *"
- state: present
- create: yes
- owner: root
- mode: "644"
- when: inventory_hostname in groups['compute']
-
-# Install package iovisor-dkms
-- name: Install iovisor
- apt:
- name: iovisor-dkms
- state: present
- force: yes
-
-# Install package plumgrid-lxc
-- name: Install plumgrid-lxc
- apt:
- name: plumgrid-lxc
- state: present
- force: yes
-
-# Install package nova-network
-- name: Install nova-network
- apt:
- name: nova-network
- state: present
- force: yes
- when: inventory_hostname in groups['compute']
-
-- name: Disable nova-network
- service:
- name: nova-network
- enabled: no
- when: inventory_hostname in groups['compute']
-
-- name: Stop nova-network
- service:
- name: nova-network
- state: stopped
- when: inventory_hostname in groups['compute']
-
-# Remove openvswitch
-- name: Remove openvswitch
- apt:
- state: absent
- force: yes
- name: "{{ item }}"
- with_items:
- - openvswitch-common
- - openvswitch-datapath-dkms
-
-# Modify template fies
-- name: Setup Keepalived Config on Controller
- template:
- src: keepalived.conf
- dest: /var/lib/libvirt/filesystems/plumgrid/etc/keepalived/keepalived.conf
- when: inventory_hostname in groups['controller']
-
-- name: Setup nginx Config
- template:
- src: default.conf
- dest: /var/lib/libvirt/filesystems/plumgrid/opt/pg/sal/nginx/conf.d/default.conf
-
-- name: Setup plumgrid Conf
- template:
- src: plumgrid.conf
- dest: /var/lib/libvirt/filesystems/plumgrid/opt/pg/etc/plumgrid.conf
-
-- name: Update qemu settings for compute hosts
- template:
- src: qemu.conf
- dest: /etc/libvirt/qemu.conf
- when: inventory_hostname in groups['compute']
-
-# Update hostname
-- name: Update Plumgrid hostname
- replace:
- dest: "/var/lib/libvirt/filesystems/plumgrid-data/conf/etc/hostname"
- replace: "pg-{{ inventory_hostname }}"
- regexp: "plumgrid"
-
-# Update hosts
-- name: Update /etc/hosts
- replace:
- dest: "/var/lib/libvirt/filesystems/plumgrid-data/conf/etc/hosts"
- replace: "pg-{{ inventory_hostname }}"
- regexp: "plumgrid"
-
-- name: Create ifcs file
- lineinfile:
- dest: "/var/lib/libvirt/filesystems/plumgrid-data/conf/pg/ifcs.conf"
- line: "{{ fabric_interface }} = fabric_core host"
- create: yes
-
-- name: Add gateway int to network node
- lineinfile:
- dest: "/var/lib/libvirt/filesystems/plumgrid-data/conf/pg/ifcs.conf"
- line: "{{ ext_interface }} = access_phys"
- create: yes
- when: inventory_hostname in groups['network']
-
-- name: Set mtu to 1580 in config file
- lineinfile:
- dest: "/etc/network/interfaces"
- line: " mtu 1580"
- create: yes
- insertafter: "^iface {{ fabric_interface }}"
-
-- name: Set mtu to 1580 now
- command: "ifconfig {{ fabric_interface }} mtu 1580"
-
-- name: Ensure PLUMgrid services are started
- service:
- name: plumgrid
- state: started
-
-- name: Restart libvirt-bin
- service:
- name: libvirt-bin
- state: restarted
- pattern: libvirt-bin
diff --git a/ansible/roles/plumgrid/templates/default.conf b/ansible/roles/plumgrid/templates/default.conf
deleted file mode 100644
index 5652c44..0000000
--- a/ansible/roles/plumgrid/templates/default.conf
+++ /dev/null
@@ -1,143 +0,0 @@
-upstream sal {
- server unix:/opt/pg/tmp/sal-web.socket;
- keepalive 16;
-}
-
-upstream websocket {
- server unix:/opt/pg/tmp/sal-ws.socket;
- keepalive 16;
-}
-
-upstream pgCli {
- server {{ nginx_virtual_ip }}:3000;
-}
-
-map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
-}
-
-lua_socket_log_errors off;
-#lua_code_cache off;
-lua_shared_dict rest_servers 16K;
-lua_shared_dict apache_servers 16K;
-lua_shared_dict tc_servers 16K;
-init_by_lua 'lb = require "lb"
-init_servers = {
- ["{{ real1 }}"] = true,
-{% if real2 is defined %}
- ["{{ real2 }}"] = true,
-{% endif %}
-{% if real3 is defined %}
- ["{{ real3 }}"] = true,
-{% endif %}
-}';
-
-# Redirect http to https
-server {
- listen {{ nginx_virtual_ip }}:9080;
- server_name $hostname;
- return 301 https://$host$request_uri;
-}
-
-server {
- listen {{ nginx_virtual_ip }}:443 ssl;
- ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
- ssl_certificate /opt/pg/sal/nginx/ssl/default.crt;
- ssl_certificate_key /opt/pg/sal/nginx/ssl/default.key;
- #ssl_session_cache shared:SSL:10m;
- #ssl_session_timeout 10m;
-
- server_name $hostname;
- root /opt/pg/web;
- index login.html;
-
- location /cli/ {
- proxy_pass http://pgCli/;
- proxy_redirect off;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- }
-
- location /vtap/ {
- alias /opt/pg/vtap;
- }
-
- # REST API calls start with /v[0-9]/, a keyword, or a capital letter.
- # Note: Regular expressions have higher precedence than prefix matches
- # so don't combine with /0/...
- location ~ ^/(v[0-9]/|pg/|docs|api-docs|[A-Z]) {
- set $active_upstream "http://sal";
- access_by_lua 'if ngx.req.get_uri_args()["server"]~=nil then
- if ngx.req.get_uri_args()["server"]~=ngx.var.host then
- ngx.var.active_upstream = "https://"..ngx.req.get_uri_args()["server"]..ngx.var.request_uri
- end
- end';
-
- proxy_pass $active_upstream;
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-
- location /0/ {
- set $active_upstream "http://sal";
- access_by_lua 'if ngx.req.get_uri_args()["server"]~=nil then
- if ngx.req.get_uri_args()["server"]~=ngx.var.host then
- ngx.var.active_upstream = "https://"..ngx.req.get_uri_args()["server"]..ngx.var.request_uri
- end
- end';
-
- proxy_pass $active_upstream;
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-
- location /0/websocket {
- set $active_upstream "http://websocket";
- access_by_lua 'if ngx.req.get_uri_args()["server"]~=nil then
- if ngx.req.get_uri_args()["server"]~=ngx.var.host then
- ngx.var.active_upstream = "https://"..ngx.req.get_uri_args()["server"]..ngx.var.request_uri
- end
- end';
- proxy_pass $active_upstream;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- }
-}
-
-server {
- listen unix:/opt/pg/tmp/sal-rest.socket;
-
- # debug socket
- listen 127.0.0.1:9080;
-
- location / {
- set $active_upstream "";
- access_by_lua 'ngx.var.active_upstream = find_next(ngx.shared.rest_servers, {{ rest_port }})';
- proxy_pass http://$active_upstream:{{ rest_port }};
- }
-
- location /_debug/rest_servers {
- access_by_lua 'find_next(ngx.shared.rest_servers, {{ rest_port }})';
- content_by_lua '
- for _, ip in pairs(ngx.shared.rest_servers:get_keys()) do
- ngx.say(ip.."="..ngx.shared.rest_servers:get(ip))
- end
- ';
- }
-
- location /_debug/tc_servers {
- access_by_lua 'find_next(ngx.shared.tc_servers, 12349)';
- content_by_lua '
- for _, ip in pairs(ngx.shared.tc_servers:get_keys()) do
- ngx.say(ip.."="..ngx.shared.tc_servers:get(ip))
- end
- ';
- }
-}
diff --git a/ansible/roles/plumgrid/templates/keepalived.conf b/ansible/roles/plumgrid/templates/keepalived.conf
deleted file mode 100644
index b2b638d..0000000
--- a/ansible/roles/plumgrid/templates/keepalived.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-global_defs {
- router_id {{ hostname }}
-}
-
-vrrp_script chk_nginx {
- script "killall -0 nginx"
- interval 2
-}
-
-vrrp_instance nos {
- virtual_router_id {{ keepalived_router_id }}
-
- # for electing MASTER, highest priority wins.
- priority {{ keepalived_priority }}
- state BACKUP
- nopreempt
-
- interface {{ management_bridge }}
-
- virtual_ipaddress {
- {{ pg_vip }} dev {{ management_bridge }} label {{ management_bridge }}:1
- }
- track_script {
- chk_nginx
- }
- authentication {
- auth_type PASS
- auth_pass {{ keepalived_password }}
- }
-}
diff --git a/ansible/roles/plumgrid/templates/plumgrid.conf b/ansible/roles/plumgrid/templates/plumgrid.conf
deleted file mode 100644
index 6fa3cc0..0000000
--- a/ansible/roles/plumgrid/templates/plumgrid.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-plumgrid_ip={{ plumgrid_ip }}
-plumgrid_port={{ plumgrid_port }}
-mgmt_dev={{ management_bridge }}
-label={{ inventory_hostname }}
-plumgrid_rsync_port=2222
-plumgrid_rest_addr=0.0.0.0:{{ rest_port }}
-fabric_mode={{ fabric_mode }}
-start_plumgrid_iovisor=yes
-start_plumgrid=`/opt/pg/scripts/pg_is_director.sh $plumgrid_ip`
-location=
diff --git a/ansible/roles/plumgrid/templates/qemu.conf b/ansible/roles/plumgrid/templates/qemu.conf
deleted file mode 100644
index d486a79..0000000
--- a/ansible/roles/plumgrid/templates/qemu.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# This file is managed by Managed by Ansible
-
-# This is the basic set of devices allowed / required by
-# all virtual machines.
-#
-cgroup_device_acl = [
- "/dev/null", "/dev/full", "/dev/zero",
- "/dev/random", "/dev/urandom",
- "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
- "/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
- "/dev/net/tun"
-]
-
-# If clear_emulator_capabilities is enabled, libvirt will drop all
-# privileged capabilities of the QEmu/KVM emulator. This is enabled by
-# default.
-clear_emulator_capabilities=0
-
-# The user for QEMU processes run by the system instance. It can be
-# specified as a user name or as a user id. The qemu driver will try to
-# parse this value first as a name and then, if the name doesn't exist,
-# as a user id.
-#
-user="root"
-
-# The group for QEMU processes run by the system instance.
-group="root"
diff --git a/ansible/roles/secgroup/handlers/main.yml b/ansible/roles/secgroup/handlers/main.yml
new file mode 100644
index 0000000..e4e11ec
--- /dev/null
+++ b/ansible/roles/secgroup/handlers/main.yml
@@ -0,0 +1,18 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart controller relation service
+ service: name={{ item }} state=restarted enabled=yes
+ ignore_errors: True
+ with_items: controller_services
+
+- name: restart compute relation service
+ service: name={{ item }} state=restarted enabled=yes
+ ignore_errors: True
+ with_items: compute_services
diff --git a/ansible/roles/secgroup/tasks/main.yml b/ansible/roles/secgroup/tasks/main.yml
new file mode 100644
index 0000000..43a3f7f
--- /dev/null
+++ b/ansible/roles/secgroup/tasks/main.yml
@@ -0,0 +1,20 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+ tags: secgroup
+
+- debug: msg={{ enable_secgroup }}
+ tags: secgroup
+
+- include: secgroup.yml
+ when: '{{ enable_secgroup }} == False'
+ tags: secgroup
+
+- meta: flush_handlers
diff --git a/ansible/roles/secgroup/tasks/secgroup.yml b/ansible/roles/secgroup/tasks/secgroup.yml
new file mode 100644
index 0000000..5e8684d
--- /dev/null
+++ b/ansible/roles/secgroup/tasks/secgroup.yml
@@ -0,0 +1,35 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: make sure template dir exits
+ file: path=/opt/os_templates state=directory mode=0755
+ tags: secgroup
+
+- name: copy configs
+ template: src={{ item.src}} dest=/opt/os_templates
+ with_items: "{{ configs_templates }}"
+ tags: secgroup
+
+- name: update controller configs
+ shell: '[ -f {{ item.1 }} ] && crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }} || /bin/true'
+ tags: secgroup
+ with_subelements:
+ - configs_templates
+ - dest
+ notify: restart controller relation service
+ when: inventory_hostname in "{{ groups['controller'] }}"
+
+- name: update compute configs
+ shell: '[ -f {{ item.1 }} ] && crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }} || /bin/true'
+ tags: secgroup
+ with_subelements:
+ - configs_templates
+ - dest
+ notify: restart compute relation service
+ when: inventory_hostname in "{{ groups['compute'] }}"
diff --git a/ansible/roles/secgroup/templates/neutron.j2 b/ansible/roles/secgroup/templates/neutron.j2
new file mode 100644
index 0000000..7b39e18
--- /dev/null
+++ b/ansible/roles/secgroup/templates/neutron.j2
@@ -0,0 +1,4 @@
+[securitygroup]
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = False
+
diff --git a/ansible/roles/secgroup/templates/nova.j2 b/ansible/roles/secgroup/templates/nova.j2
new file mode 100644
index 0000000..91fa6cd
--- /dev/null
+++ b/ansible/roles/secgroup/templates/nova.j2
@@ -0,0 +1,3 @@
+[DEFAULT]
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+security_group_api = nova
diff --git a/ansible/roles/secgroup/vars/Debian.yml b/ansible/roles/secgroup/vars/Debian.yml
new file mode 100644
index 0000000..a666908
--- /dev/null
+++ b/ansible/roles/secgroup/vars/Debian.yml
@@ -0,0 +1,35 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+configs_templates:
+ - src: nova.j2
+ dest:
+ - /etc/nova/nova.conf
+ - src: neutron.j2
+ dest:
+ - /etc/neutron/plugins/ml2/ml2_conf.ini
+ - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+ - /etc/neutron/plugins/ml2/restproxy.ini
+
+controller_services:
+ - nova-api
+ - nova-cert
+ - nova-conductor
+ - nova-consoleauth
+ - nova-novncproxy
+ - nova-scheduler
+ - neutron-server
+ - neutron-plugin-openvswitch-agent
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-metadata-agent
+
+compute_services:
+ - nova-compute
+ - neutron-plugin-openvswitch-agent
diff --git a/ansible/roles/secgroup/vars/RedHat.yml b/ansible/roles/secgroup/vars/RedHat.yml
new file mode 100644
index 0000000..4c04f6d
--- /dev/null
+++ b/ansible/roles/secgroup/vars/RedHat.yml
@@ -0,0 +1,35 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+configs_templates:
+ - src: nova.j2
+ dest:
+ - /etc/nova/nova.conf
+ - src: neutron.j2
+ dest:
+ - /etc/neutron/plugins/ml2/ml2_conf.ini
+ - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+ - /etc/neutron/plugins/ml2/restproxy.ini
+
+controller_services:
+ - openstack-nova-api
+ - openstack-nova-cert
+ - openstack-nova-conductor
+ - openstack-nova-consoleauth
+ - openstack-nova-novncproxy
+ - openstack-nova-scheduler
+ - neutron-openvswitch-agent
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-metadata-agent
+ - neutron-server
+
+compute_services:
+ - openstack-nova-compute
+ - neutron-openvswitch-agent
diff --git a/ansible/roles/secgroup/vars/main.yml b/ansible/roles/secgroup/vars/main.yml
new file mode 100644
index 0000000..209e1e0
--- /dev/null
+++ b/ansible/roles/secgroup/vars/main.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+metering_secret: 1c5df72079b31fb47747
diff --git a/ansible/roles/setup-network/files/setup_networks/log.py b/ansible/roles/setup-network/files/setup_networks/log.py
new file mode 100644
index 0000000..fffeb58
--- /dev/null
+++ b/ansible/roles/setup-network/files/setup_networks/log.py
@@ -0,0 +1,41 @@
+import logging
+import os
+loggers = {}
+log_dir="/var/log/setup_network"
+try:
+ os.makedirs(log_dir)
+except:
+ pass
+
+def getLogger(name):
+ if name in loggers:
+ return loggers[name]
+
+ logger = logging.getLogger(name)
+ logger.setLevel(logging.DEBUG)
+
+ # create file handler which logs even debug messages
+ log_file = "%s/%s.log" % (log_dir, name)
+ try:
+ os.remove(log_file)
+ except:
+ pass
+
+ fh = logging.FileHandler(log_file)
+ fh.setLevel(logging.DEBUG)
+
+ # create console handler with a higher log level
+ ch = logging.StreamHandler()
+ ch.setLevel(logging.ERROR)
+
+ # create formatter and add it to the handlers
+ formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
+ ch.setFormatter(formatter)
+ fh.setFormatter(formatter)
+
+ # add the handlers to logger
+ logger.addHandler(ch)
+ logger.addHandler(fh)
+
+ loggers[name] = logger
+ return logger
diff --git a/ansible/roles/setup-network/files/setup_networks/net_init b/ansible/roles/setup-network/files/setup_networks/net_init
new file mode 100755
index 0000000..c27a8bf
--- /dev/null
+++ b/ansible/roles/setup-network/files/setup_networks/net_init
@@ -0,0 +1,20 @@
+#!/bin/bash
+## BEGIN INIT INFO
+# Provides: anamon.init
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
+# Required-Start: $network
+# Short-Description: Starts the cobbler anamon boot notification program
+# Description: anamon runs the first time a machine is booted after
+# installation.
+## END INIT INFO
+
+#
+# anamon.init: Starts the cobbler post-install boot notification program
+#
+# chkconfig: 35 0 6
+#
+# description: anamon runs the first time a machine is booted after
+# installation.
+#
+python /opt/setup_networks/setup_networks.py
diff --git a/ansible/roles/setup-network/files/setup_networks/setup_networks.py b/ansible/roles/setup-network/files/setup_networks/setup_networks.py
new file mode 100644
index 0000000..e58d6c7
--- /dev/null
+++ b/ansible/roles/setup-network/files/setup_networks/setup_networks.py
@@ -0,0 +1,73 @@
+import yaml
+import netaddr
+import os
+import log as logging
+
+LOG = logging.getLogger("net-init")
+config_path = os.path.join(os.path.dirname(__file__), "network.cfg")
+
+def setup_bondings(bond_mappings):
+ print bond_mappings
+
+def add_vlan_link(interface, ifname, vlan_id):
+ LOG.info("add_vlan_link enter")
+ cmd = "ip link add link %s name %s type vlan id %s; " % (ifname, interface, vlan_id)
+ cmd += "ip link set %s up; ip link set %s up" % (interface, ifname)
+ LOG.info("add_vlan_link: cmd=%s" % cmd)
+ os.system(cmd)
+
+def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None):
+ LOG.info("add_ovs_port enter")
+ cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname)
+ if vlan_id:
+ cmd += " tag=%s" % vlan_id
+ cmd += " -- set Interface %s type=internal;" % ifname
+ cmd += "ip link set dev %s address `ip link show %s |awk '/link\/ether/{print $2}'`;" \
+ % (ifname, uplink)
+ cmd += "ip link set %s up;" % ifname
+ LOG.info("add_ovs_port: cmd=%s" % cmd)
+ os.system(cmd)
+
+def setup_intfs(sys_intf_mappings, uplink_map):
+ LOG.info("setup_intfs enter")
+ for intf_name, intf_info in sys_intf_mappings.items():
+ if intf_info["type"] == "vlan":
+ add_vlan_link(intf_name, intf_info["interface"], intf_info["vlan_tag"])
+ elif intf_info["type"] == "ovs":
+ add_ovs_port(
+ intf_info["interface"],
+ intf_name,
+ uplink_map[intf_info["interface"]],
+ vlan_id=intf_info.get("vlan_tag"))
+ else:
+ pass
+
+def setup_ips(ip_settings, sys_intf_mappings):
+ LOG.info("setup_ips enter")
+ for intf_info in ip_settings.values():
+ network = netaddr.IPNetwork(intf_info["cidr"])
+ if sys_intf_mappings[intf_info["name"]]["type"] == "ovs":
+ intf_name = intf_info["name"]
+ else:
+ intf_name = intf_info["alias"]
+ cmd = "ip addr add %s/%s brd %s dev %s;" \
+ % (intf_info["ip"], intf_info["netmask"], str(network.broadcast),intf_name)
+ if "gw" in intf_info:
+ cmd += "route del default;"
+ cmd += "ip route add default via %s dev %s" % (intf_info["gw"], intf_name)
+ LOG.info("setup_ips: cmd=%s" % cmd)
+ os.system(cmd)
+
+def main(config):
+ uplink_map = {}
+ setup_bondings(config["bond_mappings"])
+ for provider_net in config["provider_net_mappings"]:
+ uplink_map[provider_net['name']] = provider_net['interface']
+
+ setup_intfs(config["sys_intf_mappings"], uplink_map)
+ setup_ips(config["ip_settings"], config["sys_intf_mappings"])
+
+if __name__ == "__main__":
+ os.system("service openvswitch-switch status|| service openvswitch-switch start")
+ config = yaml.load(open(config_path))
+ main(config)
diff --git a/ansible/roles/setup-network/tasks/main.yml b/ansible/roles/setup-network/tasks/main.yml
new file mode 100644
index 0000000..727b24e
--- /dev/null
+++ b/ansible/roles/setup-network/tasks/main.yml
@@ -0,0 +1,62 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: disable NetworkManager
+ service: name=NetworkManager state=stopped enabled=no
+ when: ansible_os_family == 'RedHat'
+
+- name: enable network service
+ service: name=network state=started enabled=yes
+ when: ansible_os_family == 'RedHat'
+
+- name: add ovs bridge
+ openvswitch_bridge: bridge={{ item["name"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: 'item["type"] == "ovs"'
+
+- name: add ovs uplink
+ openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} state=present
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: 'item["type"] == "ovs"'
+
+- name: add ovs uplink
+ shell: ip link set {{ item["interface"] }} up
+ with_items: "{{ network_cfg['provider_net_mappings'] }}"
+ when: 'item["type"] == "ovs"'
+
+- name: ensure script dir exist
+ shell: mkdir -p /opt/setup_networks
+
+- name: copy scripts
+ copy: src={{ item }} dest=/opt/setup_networks
+ with_items:
+ - setup_networks/log.py
+ - setup_networks/setup_networks.py
+
+- name: copy boot scripts
+ copy: src={{ item }} dest=/etc/init.d/ mode=0755
+ with_items:
+ - setup_networks/net_init
+
+- name: copy config files
+ template: src=network.cfg dest=/opt/setup_networks
+
+- name: make sure python lib exist
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - python-yaml
+ - python-netaddr
+
+- name: run scripts
+ shell: python /opt/setup_networks/setup_networks.py
+
+- name: add to boot scripts
+ service: name=net_init enabled=yes
+
+- meta: flush_handlers
diff --git a/ansible/roles/setup-network/templates/my_configs.debian b/ansible/roles/setup-network/templates/my_configs.debian
new file mode 100644
index 0000000..5ab1519
--- /dev/null
+++ b/ansible/roles/setup-network/templates/my_configs.debian
@@ -0,0 +1,14 @@
+{%- for alias, intf in host_ip_settings.items() %}
+
+auto {{ alias }}
+iface {{ alias }} inet static
+ address {{ intf["ip"] }}
+ netmask {{ intf["netmask"] }}
+{% if "gw" in intf %}
+ gateway {{ intf["gw"] }}
+{% endif %}
+{% if intf["name"] == alias %}
+ pre-up ip link set {{ sys_intf_mappings[alias]["interface"] }} up
+ pre-up ip link add link {{ sys_intf_mappings[alias]["interface"] }} name {{ alias }} type vlan id {{ sys_intf_mappings[alias]["vlan_tag"] }}
+{% endif %}
+{% endfor %}
diff --git a/ansible/roles/setup-network/templates/network.cfg b/ansible/roles/setup-network/templates/network.cfg
new file mode 100644
index 0000000..75ba90c
--- /dev/null
+++ b/ansible/roles/setup-network/templates/network.cfg
@@ -0,0 +1,5 @@
+bond_mappings: {{ network_cfg["bond_mappings"] }}
+ip_settings: {{ ip_settings[inventory_hostname] }}
+sys_intf_mappings: {{ sys_intf_mappings }}
+provider_net_mappings: {{ network_cfg["provider_net_mappings"] }}
+
diff --git a/ansible/roles/storage/files/create_img.sh b/ansible/roles/storage/files/create_img.sh
new file mode 100755
index 0000000..0039292
--- /dev/null
+++ b/ansible/roles/storage/files/create_img.sh
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+seek_num=`echo $1 | sed -e 's/.* //g'`
+if [ ! -f /var/storage.img ]; then
+ dd if=/dev/zero of=/var/storage.img bs=1 count=0 seek=$seek_num
+fi
diff --git a/ansible/roles/storage/files/get_var_size.sh b/ansible/roles/storage/files/get_var_size.sh
new file mode 100755
index 0000000..9d679f9
--- /dev/null
+++ b/ansible/roles/storage/files/get_var_size.sh
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+size=`df /var | awk '$3 ~ /[0-9]+/ { print $4 }'`;
+if [ $size -gt 2000000000 ]; then
+ echo -n 2000000000000;
+else
+ echo -n $((size * 1000 / 512 * 512));
+fi
diff --git a/ansible/roles/storage/files/loop.yml b/ansible/roles/storage/files/loop.yml
new file mode 100755
index 0000000..776cf8c
--- /dev/null
+++ b/ansible/roles/storage/files/loop.yml
@@ -0,0 +1,9 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+physical_device: /dev/loop0
diff --git a/ansible/roles/storage/files/losetup.sh b/ansible/roles/storage/files/losetup.sh
new file mode 100755
index 0000000..8a22a62
--- /dev/null
+++ b/ansible/roles/storage/files/losetup.sh
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+loop_dev=`losetup -a |grep "/var/storage.img"|awk -F':' '{print $1}'`
+if [ -z $loop_dev ]; then
+ losetup -f --show /var/storage.img
+else
+ echo $loop_dev
+fi
+
diff --git a/ansible/roles/storage/files/storage b/ansible/roles/storage/files/storage
new file mode 100755
index 0000000..775e8fd
--- /dev/null
+++ b/ansible/roles/storage/files/storage
@@ -0,0 +1,2 @@
+#! /bin/bash
+loop_dev=`sh /opt/setup_storage/losetup.sh`
diff --git a/ansible/roles/storage/files/storage.service b/ansible/roles/storage/files/storage.service
new file mode 100644
index 0000000..924db25
--- /dev/null
+++ b/ansible/roles/storage/files/storage.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Storage Service
+Before=runlevel2.target runlevel3.target runlevel4.target runlevel5.target shutdown.target
+After=remote-fs.target nss-lookup.target network-online.target time-sync.target network-online.target net_init.service
+Before=ceph.service
+Wants=network-online.target
+Conflicts=shutdown.target
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/etc/init.d/storage"
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/ansible/roles/storage/tasks/loop.yml b/ansible/roles/storage/tasks/loop.yml
new file mode 100755
index 0000000..21b393d
--- /dev/null
+++ b/ansible/roles/storage/tasks/loop.yml
@@ -0,0 +1,31 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: get available /var partition size
+ script: get_var_size.sh
+ register: part_size
+
+- name: create image file if not exitst
+ script: create_img.sh \"{{ part_size.stdout }}\"
+
+- name: do a losetup on storage volumes
+ script: losetup.sh
+ register: loop_device
+
+- name: debug loop device
+ debug: msg={{ loop_device.stdout }}
+
+- name: get device
+ shell: echo '{{ loop_device.stdout }}' | sed ':a;N;$!ba;s/.*\n\(\/dev\)/\1/g'
+ register: loop_device_filterd
+
+- name: create physical and group volumes
+ lvg: vg=storage-volumes pvs={{ loop_device_filterd.stdout }}
+ vg_options=--force
diff --git a/ansible/roles/storage/tasks/main.yml b/ansible/roles/storage/tasks/main.yml
new file mode 100755
index 0000000..b48e676
--- /dev/null
+++ b/ansible/roles/storage/tasks/main.yml
@@ -0,0 +1,57 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: check if physical device exists
+ stat: path={{ physical_device }}
+ register: status
+ tags:
+ - storage
+
+- name: load loop.yml
+ include: loop.yml
+ when: status.stat.exists == False or status.stat.isblk == False
+ tags:
+ - storage
+
+- name: load real.yml
+ include: real.yml
+ when: status.stat.exists == True and status.stat.isblk == True
+ tags:
+ - storage
+
+- name: make setup_storage directory
+ file: path=/opt/setup_storage state=directory mode=0755
+ tags:
+ - storage
+
+- name: copy setup storage scripts
+ copy: src={{ item }} dest=/opt/setup_storage mode=0755
+ with_items:
+ - losetup.sh
+ tags:
+ - storage
+
+- name: set autostart file
+ copy: src=storage dest=/etc/init.d/storage mode=0755
+ tags:
+ - storage
+
+- name: set autostart file for centos
+ copy: src=storage.service dest=/usr/lib/systemd/system/storage.service mode=0755
+ when: ansible_os_family == "RedHat"
+ tags:
+ - storage
+
+
+- name: enable service
+ service: name=storage enabled=yes
+ tags:
+ - storage
+
+- meta: flush_handlers
diff --git a/ansible/roles/storage/tasks/real.yml b/ansible/roles/storage/tasks/real.yml
new file mode 100755
index 0000000..e99f185
--- /dev/null
+++ b/ansible/roles/storage/tasks/real.yml
@@ -0,0 +1,16 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: destroy GPT lable
+ shell: dd if=/dev/urandom of={{ physical_device }} bs=4M count=1
+ ignore_errors: True
+
+- name: create physical and group volumes
+ lvg: vg=storage-volumes pvs={{ physical_device }}
+ vg_options=--force
diff --git a/ansible/roles/tacker/tasks/main.yml b/ansible/roles/tacker/tasks/main.yml
new file mode 100755
index 0000000..2759e96
--- /dev/null
+++ b/ansible/roles/tacker/tasks/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Install Tacker on Controller
+ include: tacker_controller.yml
+ when: inventory_hostname in groups['controller'] and ansible_os_family == "Debian"
diff --git a/ansible/roles/tacker/tasks/tacker_controller.yml b/ansible/roles/tacker/tasks/tacker_controller.yml
new file mode 100755
index 0000000..7bdc32e
--- /dev/null
+++ b/ansible/roles/tacker/tasks/tacker_controller.yml
@@ -0,0 +1,128 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: get http server
+ shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+ register: http_server
+
+- name: creat tacker_home, tacker_client_home, tacker_horizon_home
+ shell: >
+ mkdir -p /opt/tacker
+ mkdir -p /opt/tacker_client
+ mkdir -p /opt/tacker_horizon
+
+- name: download tacker package
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/tacker/{{ tacker_pkg_name }}" dest=/opt/{{ tacker_pkg_name }}
+
+- name: download tacker_client package
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/tacker/{{ tacker_client_pkg_name }}" dest=/opt/{{ tacker_client_pkg_name }}
+
+- name: download tacker_horizon package
+ get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/tacker/{{ tacker_horizon_pkg_name }}" dest=/opt/{{ tacker_horizon_pkg_name }}
+
+- name: extract tacker package
+ command: su -s /bin/sh -c "tar xzf /opt/{{ tacker_pkg_name }} -C {{ tacker_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files"
+
+- name: extract tacker_client package
+ command: su -s /bin/sh -c "tar xzf /opt/{{ tacker_client_pkg_name }} -C {{ tacker_client_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files"
+
+- name: extract tacker_horizon package
+ command: su -s /bin/sh -c "tar xzf /opt/{{ tacker_horizon_pkg_name }} -C {{ tacker_horizon_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files"
+
+- name: edit ml2_conf.ini
+ shell: crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security;
+
+- name: Restart neutron-server
+ service: name=neutron-server state=restarted
+
+- name: "create haproxy configuration for tacker"
+ template:
+ src: "haproxy-tacker-cfg.j2"
+ dest: "/tmp/haproxy-tacker.cfg"
+
+- name: "combination of the haproxy configuration"
+ shell: "cat /tmp/haproxy-tacker.cfg >> /etc/haproxy/haproxy.cfg"
+
+- name: "delete temporary configuration file"
+ file:
+ dest: "/tmp/haproxy-tacker.cfg"
+ state: "absent"
+
+- name: "restart haproxy"
+ service:
+ name: "haproxy"
+ state: "restarted"
+
+- name: drop and recreate tacker database
+ shell: mysql -e "drop database if exists tacker;";
+ mysql -e "create database tacker character set utf8;";
+ mysql -e "grant all on tacker.* to 'tacker'@'%' identified by 'TACKER_DBPASS';";
+ when: inventory_hostname == haproxy_hosts.keys()[0]
+
+- name: create tacker user with admin privileges
+ shell: . /opt/admin-openrc.sh; openstack user create --password console tacker; openstack role add --project service --user tacker admin;
+ when: inventory_hostname == haproxy_hosts.keys()[0]
+
+- name: creat tacker service
+ shell: >
+ . /opt/admin-openrc.sh; openstack service create --name tacker --description "Tacker Project" nfv-orchestration
+ when: inventory_hostname == haproxy_hosts.keys()[0]
+
+- name: provide an endpoint to tacker service
+ shell: >
+ . /opt/admin-openrc.sh; openstack endpoint create --region regionOne \
+ --publicurl 'http://{{ public_vip.ip }}:8888/' \
+ --adminurl 'http://{{ internal_vip.ip }}:8888/' \
+ --internalurl 'http://{{ internal_vip.ip }}:8888/' tacker
+ when: inventory_hostname == haproxy_hosts.keys()[0]
+
+- name: install tacker
+ shell: >
+ . /opt/admin-openrc.sh; pip install tosca-parser; cd {{ tacker_home }}; python setup.py install
+
+# - name: create 'tacker' directory in '/var/cache', set ownership and permissions
+# shell: >
+# sudo mkdir /var/cache/tacker
+# sudo chown :root /var/cache/tacker
+# sudo chmod 700 /var/cache/tacker
+
+- name: create 'tacker' directory in '/var/log'
+ shell: mkdir -p /var/log/tacker
+
+- name: copy tacker configs
+ template: src={{ item.src }} dest=/opt/os_templates
+ with_items: "{{ tacker_configs_templates }}"
+
+- name: edit tacker configuration file
+ shell: crudini --merge /usr/local/etc/tacker/tacker.conf < /opt/os_templates/tacker.j2
+
+#- name: populate tacker database
+# shell: >
+# . /opt/admin-openrc.sh; /usr/local/bin/tacker-db-manage --config-file /usr/local/etc/tacker/tacker.conf upgrade head
+
+- name: install tacker client
+ shell: >
+ . /opt/admin-openrc.sh; cd {{ tacker_client_home }}; python setup.py install
+
+- name: install tacker horizon
+ shell: >
+ . /opt/admin-openrc.sh; cd {{ tacker_horizon_home }}; python setup.py install
+
+- name: enable tacker horizon in dashboard
+ shell: >
+ cp {{ tacker_horizon_home }}/openstack_dashboard_extensions/* /usr/share/openstack-dashboard/openstack_dashboard/enabled/
+
+- name: restart apache server
+ shell: service apache2 restart
+
+- name: launch tacker-server
+ shell: >
+ . /opt/admin-openrc.sh; python /usr/local/bin/tacker-server --config-file /usr/local/etc/tacker/tacker.conf --log-file /var/log/tacker/tacker.log
+ async: 9999999999999
+ poll: 0
diff --git a/ansible/roles/tacker/templates/haproxy-tacker-cfg.j2 b/ansible/roles/tacker/templates/haproxy-tacker-cfg.j2
new file mode 100644
index 0000000..93bbe79
--- /dev/null
+++ b/ansible/roles/tacker/templates/haproxy-tacker-cfg.j2
@@ -0,0 +1,10 @@
+listen proxy-tacker_api_cluster
+ bind {{ internal_vip.ip }}:8888
+ bind {{ public_vip.ip }}:8888
+ mode tcp
+ option tcp-check
+ option tcplog
+ balance source
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:8888 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
diff --git a/ansible/roles/tacker/templates/ml2_conf.j2 b/ansible/roles/tacker/templates/ml2_conf.j2
new file mode 100644
index 0000000..a5ccdaf
--- /dev/null
+++ b/ansible/roles/tacker/templates/ml2_conf.j2
@@ -0,0 +1,2 @@
+[ml2]
+extension_drivers = port_security
diff --git a/ansible/roles/tacker/templates/tacker.j2 b/ansible/roles/tacker/templates/tacker.j2
new file mode 100644
index 0000000..2e51496
--- /dev/null
+++ b/ansible/roles/tacker/templates/tacker.j2
@@ -0,0 +1,29 @@
+[DEFAULT]
+bind_host = {{ internal_ip }}
+bind_port = 8888
+auth_strategy = keystone
+policy_file = /usr/local/etc/tacker/policy.json
+debug = True
+verbose = True
+use_syslog = False
+state_path = /var/lib/tacker
+
+[keystone_authtoken]
+password = console
+auth_uri = http://{{ internal_vip.ip }}:5000
+auth_url = http://{{ internal_vip.ip }}:35357
+project_name = service
+
+[agent]
+root_helper = sudo /usr/local/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf
+
+[DATABASE]
+connection = mysql://tacker:TACKER_DBPASS@{{ internal_vip.ip }}:3306/tacker?charset=utf8
+
+[servicevm_nova]
+password = console
+auth_url = http://{{ internal_vip.ip }}:35357
+
+[servicevm_heat]
+heat_uri = http://{{ internal_vip.ip }}:8004/v1
+
diff --git a/ansible/roles/tacker/vars/Debian.yml b/ansible/roles/tacker/vars/Debian.yml
new file mode 100755
index 0000000..59a4dbd
--- /dev/null
+++ b/ansible/roles/tacker/vars/Debian.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - software-properties-common
+ - crudini
+
+services: []
diff --git a/ansible/roles/tacker/vars/RedHat.yml b/ansible/roles/tacker/vars/RedHat.yml
new file mode 100755
index 0000000..59a4dbd
--- /dev/null
+++ b/ansible/roles/tacker/vars/RedHat.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+ - software-properties-common
+ - crudini
+
+services: []
diff --git a/ansible/roles/tacker/vars/main.yml b/ansible/roles/tacker/vars/main.yml
new file mode 100755
index 0000000..2df4ca3
--- /dev/null
+++ b/ansible/roles/tacker/vars/main.yml
@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+tacker_pkg_name: tacker-2014.2.0.dev206.tar.gz
+tacker_client_pkg_name: python-tackerclient-0.0.1.dev85.tar.gz
+tacker_horizon_pkg_name: tacker-horizon-0.0.1.dev687.tar.gz
+tacker_home: /opt/tacker/
+tacker_client_home: /opt/tacker_client/
+tacker_horizon_home: /opt/tacker_horizon/
+
+tacker_configs_templates:
+ - src: tacker.j2
+ dest:
+ - /usr/local/etc/tacker/tacker.conf
diff --git a/cobbler/conf/modules.conf b/cobbler/conf/modules.conf
index 8087910..fde469c 100644
--- a/cobbler/conf/modules.conf
+++ b/cobbler/conf/modules.conf
@@ -1,7 +1,7 @@
# cobbler module configuration file
# =================================
-# authentication:
+# authentication:
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
# authn_denyall -- no one (default)
@@ -22,7 +22,7 @@
[authentication]
module = authn_configfile
-# authorization:
+# authorization:
# once a user has been cleared by the WebUI/XMLRPC, what can they do?
# choices:
# authz_allowall -- full access for all authneticated users (default)
@@ -64,7 +64,7 @@ module = manage_bind
# NOTE: more configuration is still required in /etc/cobbler
# for more information:
# https://github.com/cobbler/cobbler/wiki/Dhcp-management
-
+
[dhcp]
module = manage_isc
@@ -76,7 +76,7 @@ module = manage_isc
# manage_in_tftpd -- default, uses the system's tftp server
# manage_tftpd_py -- uses cobbler's tftp server
#
-
+
[tftpd]
module = manage_in_tftpd
diff --git a/cobbler/conf/settings b/cobbler/conf/settings
index be8bddb..f6d0b96 100644
--- a/cobbler/conf/settings
+++ b/cobbler/conf/settings
@@ -52,8 +52,8 @@ build_reporting_smtp_server: "localhost"
build_reporting_subject: ""
# Cheetah-language kickstart templates can import Python modules.
-# while this is a useful feature, it is not safe to allow them to
-# import anything they want. This whitelists which modules can be
+# while this is a useful feature, it is not safe to allow them to
+# import anything they want. This whitelists which modules can be
# imported through Cheetah. Users can expand this as needed but
# should never allow modules such as subprocess or those that
# allow access to the filesystem as Cheetah templates are evaluated
@@ -91,13 +91,13 @@ default_ownership:
# systems that reference this variable. The factory
# default is "cobbler" and cobbler check will warn if
# this is not changed.
-# The simplest way to change the password is to run
+# The simplest way to change the password is to run
# openssl passwd -1
# and put the output between the "" below.
default_password_crypted: "$1$huawei$9OkoVJwO4W8vavlXd1bUS/"
# the default template type to use in the absence of any
-# other detected template. If you do not specify the template
+# other detected template. If you do not specify the template
# with '#template=' on the first line of your
# templates/snippets, cobbler will assume try to use the
# following template engine to parse the templates.
@@ -126,8 +126,8 @@ default_virt_ram: 512
default_virt_type: xenpv
# enable gPXE booting? Enabling this option will cause cobbler
-# to copy the undionly.kpxe file to the tftp root directory,
-# and if a profile/system is configured to boot via gpxe it will
+# to copy the undionly.kpxe file to the tftp root directory,
+# and if a profile/system is configured to boot via gpxe it will
# chain load off pxelinux.0.
# Default: 0
enable_gpxe: 0
@@ -137,13 +137,13 @@ enable_gpxe: 0
# basis when adding/editing profiles with --enable-menu=0/1. Users
# should ordinarily leave this setting enabled unless they are concerned
# with accidental reinstalls from users who select an entry at the PXE
-# boot menu. Adding a password to the boot menus templates
+# boot menu. Adding a password to the boot menus templates
# may also be a good solution to prevent unwanted reinstallations
enable_menu: 0
# enable Func-integration? This makes sure each installed machine is set up
# to use func out of the box, which is a powerful way to script and control
-# remote machines.
+# remote machines.
# Func lives at http://fedorahosted.org/func
# read more at https://github.com/cobbler/cobbler/wiki/Func-integration
# you will need to mirror Fedora/EPEL packages for this feature, so see
@@ -190,7 +190,7 @@ ldap_tls_keyfile: ''
ldap_tls_certfile: ''
# cobbler has a feature that allows for integration with config management
-# systems such as Puppet. The following parameters work in conjunction with
+# systems such as Puppet. The following parameters work in conjunction with
# --mgmt-classes and are described in furhter detail at:
# https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system
mgmt_classes: []
@@ -279,7 +279,7 @@ power_management_default_type: 'ipmitool'
power_template_dir: "/etc/cobbler/power"
# if this setting is set to 1, cobbler systems that pxe boot
-# will request at the end of their installation to toggle the
+# will request at the end of their installation to toggle the
# --netboot-enabled record in the cobbler system record. This eliminates
# the potential for a PXE boot loop if the system is set to PXE
# first in it's BIOS order. Enable this if PXE is first in your BIOS
@@ -291,7 +291,7 @@ pxe_just_once: 1
# from what directory?
pxe_template_dir: "/etc/cobbler/pxe"
-# Path to where system consoles are
+# Path to where system consoles are
consoles: "/var/consoles"
# Are you using a Red Hat management platform in addition to Cobbler?
@@ -313,12 +313,12 @@ redhat_management_server: "xmlrpc.rhn.redhat.com"
# specify the default Red Hat authorization key to use to register
# system. If left blank, no registration will be attempted. Similarly
-# you can set the --redhat-management-key to blank on any system to
+# you can set the --redhat-management-key to blank on any system to
# keep it from trying to register.
redhat_management_key: ""
-# if using authn_spacewalk in modules.conf to let cobbler authenticate
-# against Satellite/Spacewalk's auth system, by default it will not allow per user
+# if using authn_spacewalk in modules.conf to let cobbler authenticate
+# against Satellite/Spacewalk's auth system, by default it will not allow per user
# access into Cobbler Web and Cobbler XMLRPC.
# in order to permit this, the following setting must be enabled HOWEVER
# doing so will permit all Spacewalk/Satellite users of certain types to edit all
@@ -369,7 +369,7 @@ run_install_triggers: 1
# enables a trigger which version controls all changes to /var/lib/cobbler
# when add, edit, or sync events are performed. This can be used
# to revert to previous database versions, generate RSS feeds, or for
-# other auditing or backup purposes. "git" and "hg" are currently suported,
+# other auditing or backup purposes. "git" and "hg" are currently suported,
# but git is the recommend SCM for use with this feature.
scm_track_enabled: 0
scm_track_mode: "git"
@@ -436,7 +436,7 @@ yum_post_install_mirror: 1
# if yum-priorities plugin is used. 1=maximum. Tweak with caution.
yum_distro_priority: 1
-# Flags to use for yumdownloader. Not all versions may support
+# Flags to use for yumdownloader. Not all versions may support
# --resolve.
yumdownloader_flags: "--resolve"
diff --git a/cobbler/conf/tftpd.template b/cobbler/conf/tftpd.template
index 31f4d36..98c1e9a 100644
--- a/cobbler/conf/tftpd.template
+++ b/cobbler/conf/tftpd.template
@@ -13,7 +13,7 @@ service tftp
user = $user
server = $binary
server_args = -B 1380 -v -s $args
- instances = 1000
+ instances = 1000
per_source = 1000
cps = 1000 2
flags = IPv4
diff --git a/cobbler/kickstarts/default.ks b/cobbler/kickstarts/default.ks
index cac02a3..ecd877b 100644
--- a/cobbler/kickstarts/default.ks
+++ b/cobbler/kickstarts/default.ks
@@ -85,7 +85,7 @@ $SNIPPET('kickstart_pre_anamon')
# Packages
%packages --nobase
-@core
+@core
iproute
ntp
openssh-clients
@@ -93,10 +93,11 @@ wget
yum-plugin-priorities
json-c
libestr
-libgt
-liblogging
rsyslog
parted
+vim
+lsof
+strace
#if $os_version == "rhel7"
net-tools
#end if
diff --git a/cobbler/kickstarts/default.seed b/cobbler/kickstarts/default.seed
index 7461f83..f65b20b 100644
--- a/cobbler/kickstarts/default.seed
+++ b/cobbler/kickstarts/default.seed
@@ -13,6 +13,11 @@ d-i debian-installer/locale string en_US
d-i debian-installer/country string US
d-i debian-installer/language string en
+d-i debian-installer/splash boolean false
+d-i debian-installer/quiet boolean false
+d-i debian-installer/framebuffer boolean true
+d-i hw-detect/load_firmware boolean true
+
# Keyboard selection.
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
@@ -132,6 +137,8 @@ d-i cdrom-detect/eject boolean false
# packages and run commands in the target system.
# d-i preseed/late_command string [command]
d-i preseed/late_command string \
+in-target sed -i '$a UseDNS no' /etc/ssh/sshd_config; \
+in-target sed -i 's/.*GSSAPIAuthentication.*/GSSAPIAuthentication no/g' /etc/ssh/sshd_config; \
wget -O- \
http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_late_default | \
chroot /target /bin/sh -s; cp /target/etc/network/interfaces /etc/network/interfaces
diff --git a/cobbler/snippets/hosts.xml b/cobbler/snippets/hosts.xml
index e3b578f..7fd4ab6 100644
--- a/cobbler/snippets/hosts.xml
+++ b/cobbler/snippets/hosts.xml
@@ -22,4 +22,4 @@
#end for
#end if
-
+
diff --git a/cobbler/snippets/kdump.xml b/cobbler/snippets/kdump.xml
index f03c988..0cffe97 100644
--- a/cobbler/snippets/kdump.xml
+++ b/cobbler/snippets/kdump.xml
@@ -3,33 +3,33 @@
true
256M-2G:64M,2G-:128M
-
+
file:///var/crash
true
64
4
-
+
compressed
31
-
+
-
+
-
+
yes
3
-
+
diff --git a/cobbler/snippets/keep_cfengine_keys b/cobbler/snippets/keep_cfengine_keys
index 78116ab..d2c5622 100644
--- a/cobbler/snippets/keep_cfengine_keys
+++ b/cobbler/snippets/keep_cfengine_keys
@@ -11,8 +11,8 @@ keys_found=no
# /var could be a separate partition
SHORTDIR=${SEARCHDIR#/var}
if [ $SHORTDIR = $SEARCHDIR ]; then
- SHORTDIR=''
-fi
+ SHORTDIR=''
+fi
insmod /lib/jbd.o
insmod /lib/ext3.o
@@ -32,13 +32,13 @@ function findkeys
# Copy current host keys out to be reused
if [ -d /tmp/$tmpdir$SEARCHDIR ] && cp -a /tmp/$tmpdir$SEARCHDIR/${PATTERN}* /tmp/$TEMPDIR; then
keys_found="yes"
- umount /tmp/$tmpdir
- rm -r /tmp/$tmpdir
- break
- elif [ -n "$SHORTDIR" ] && [ -d /tmp/$tmpdir$SHORTDIR ] && cp -a /tmp/$tmpdir$SHORTDIR/${PATTERN}* /tmp/$TEMPDIR; then
- keys_found="yes"
umount /tmp/$tmpdir
- rm -r /tmp/$tmpdir
+ rm -r /tmp/$tmpdir
+ break
+ elif [ -n "$SHORTDIR" ] && [ -d /tmp/$tmpdir$SHORTDIR ] && cp -a /tmp/$tmpdir$SHORTDIR/${PATTERN}* /tmp/$TEMPDIR; then
+ keys_found="yes"
+ umount /tmp/$tmpdir
+ rm -r /tmp/$tmpdir
break
fi
umount /tmp/$tmpdir
@@ -71,9 +71,9 @@ if [ "$keys_found" = "no" ]; then
# Activate any VG we found
lvm vgchange -ay $vg
done
-
+
DISKS=$(lvm lvs | tail -n +2 | awk '{ print "/dev/" $2 "/" $1 }')
- findkeys
+ findkeys
# And clean up..
for vg in $vgs; do
diff --git a/cobbler/snippets/keep_files b/cobbler/snippets/keep_files
index 858db5d..d0e5e07 100644
--- a/cobbler/snippets/keep_files
+++ b/cobbler/snippets/keep_files
@@ -12,9 +12,9 @@
##
#if $getVar('$preserve_files','') != ''
- #set $preserve_files = $getVar('$preserve_files','')
- preserve_files = $preserve_files
-
+ #set $preserve_files = $getVar('$preserve_files','')
+ preserve_files = $preserve_files
+
#raw
# Nifty trick to restore keys without using a nochroot %post
@@ -31,19 +31,19 @@ function findkeys
mkdir -p /tmp/$tmpdir
mount $disk /tmp/$tmpdir
if [ $? -ne 0 ]; then # Skip to the next partition if the mount fails
- rm -rf /tmp/$tmpdir
- continue
- fi
+ rm -rf /tmp/$tmpdir
+ continue
+ fi
# Copy current host keys out to be reused
if [ -d /tmp/$tmpdir$SEARCHDIR ] && cp -a /tmp/$tmpdir$SEARCHDIR/${PATTERN}* /tmp/$TEMPDIR; then
keys_found="yes"
- umount /tmp/$tmpdir
- rm -r /tmp/$tmpdir
- break
+ umount /tmp/$tmpdir
+ rm -r /tmp/$tmpdir
+ break
elif [ -n "$SHORTDIR" ] && [ -d /tmp/$tmpdir$SHORTDIR ] && cp -a /tmp/$tmpdir$SHORTDIR/${PATTERN}* /tmp/$TEMPDIR; then
- keys_found="yes"
+ keys_found="yes"
umount /tmp/$tmpdir
- rm -r /tmp/$tmpdir
+ rm -r /tmp/$tmpdir
break
fi
umount /tmp/$tmpdir
@@ -62,8 +62,8 @@ function search_for_keys
# /var could be a separate partition
SHORTDIR=${SEARCHDIR#/var}
if [ $SHORTDIR = $SEARCHDIR ]; then
- SHORTDIR=''
- fi
+ SHORTDIR=''
+ fi
mkdir -p /tmp/$TEMPDIR
@@ -92,9 +92,9 @@ function search_for_keys
# Activate any VG we found
lvm vgchange -ay $vg
done
-
+
DISKS=$(lvm lvs | tail -n +2 | awk '{ print "/dev/" $2 "/" $1 }')
- findkeys
+ findkeys
# And clean up..
for vg in $vgs; do
diff --git a/cobbler/snippets/keep_rhn_keys b/cobbler/snippets/keep_rhn_keys
index 59bfc5d..46f7c99 100644
--- a/cobbler/snippets/keep_rhn_keys
+++ b/cobbler/snippets/keep_rhn_keys
@@ -48,7 +48,7 @@ if [ "$rhn_keys_found" = "no" ]; then
# Activate any VG we found
lvm vgchange -ay $vg
done
-
+
lvs=$(lvm lvs | tail -n +2 | awk '{ print "/dev/" $2 "/" $1 }')
for lv in $lvs; do
tmpdir=$(mktemp -d findkeys.XXXXXX)
@@ -67,7 +67,7 @@ if [ "$rhn_keys_found" = "no" ]; then
umount /tmp/${tmpdir}
rm -r /tmp/${tmpdir}
done
-
+
# And clean up..
for vg in $vgs; do
lvm vgchange -an $vg
diff --git a/cobbler/snippets/keep_ssh_host_keys b/cobbler/snippets/keep_ssh_host_keys
index 2c01c69..7597047 100644
--- a/cobbler/snippets/keep_ssh_host_keys
+++ b/cobbler/snippets/keep_ssh_host_keys
@@ -11,8 +11,8 @@ keys_found=no
# /var could be a separate partition
SHORTDIR=${SEARCHDIR#/var}
if [ $SHORTDIR = $SEARCHDIR ]; then
- SHORTDIR=''
-fi
+ SHORTDIR=''
+fi
insmod /lib/jbd.o
insmod /lib/ext3.o
@@ -27,19 +27,19 @@ function findkeys
mkdir -p /tmp/$tmpdir
mount $disk /tmp/$tmpdir
if [ $? -ne 0 ]; then # Skip to the next partition if the mount fails
- rm -rf /tmp/$tmpdir
- continue
- fi
+ rm -rf /tmp/$tmpdir
+ continue
+ fi
# Copy current host keys out to be reused
- if [ -d /tmp/$tmpdir$SEARCHDIR ] && cp -a /tmp/$tmpdir$SEARCHDIR/${PATTERN}* /tmp/$TEMPDIR; then
+ if [ -d /tmp/$tmpdir$SEARCHDIR ] && cp -a /tmp/$tmpdir$SEARCHDIR/${PATTERN}* /tmp/$TEMPDIR; then
keys_found="yes"
- umount /tmp/$tmpdir
- rm -r /tmp/$tmpdir
- break
- elif [ -n "$SHORTDIR" ] && [ -d /tmp/$tmpdir$SHORTDIR ] && cp -a /tmp/$tmpdir$SHORTDIR/${PATTERN}* /tmp/$TEMPDIR; then
- keys_found="yes"
+ umount /tmp/$tmpdir
+ rm -r /tmp/$tmpdir
+ break
+ elif [ -n "$SHORTDIR" ] && [ -d /tmp/$tmpdir$SHORTDIR ] && cp -a /tmp/$tmpdir$SHORTDIR/${PATTERN}* /tmp/$TEMPDIR; then
+ keys_found="yes"
umount /tmp/$tmpdir
- rm -r /tmp/$tmpdir
+ rm -r /tmp/$tmpdir
break
fi
umount /tmp/$tmpdir
@@ -60,7 +60,7 @@ if [ "$keys_found" = "no" ]; then
if mdadm -As; then
DISKS=$(awk '/md/{print "/dev/"$1}' /proc/mdstat)
findkeys
- # unmount and deactivate all md
+ # unmount and deactivate all md
for md in $DISKS ; do
umount $md
mdadm -S $md
@@ -77,9 +77,9 @@ if [ "$keys_found" = "no" ]; then
# Activate any VG we found
lvm vgchange -ay $vg
done
-
+
DISKS=$(lvm lvs | tail -n +2 | awk '{ print "/dev/" $2 "/" $1 }')
- findkeys
+ findkeys
# And clean up..
for vg in $vgs; do
diff --git a/cobbler/snippets/kickstart_chef_run.sh b/cobbler/snippets/kickstart_chef_run.sh
index fef691a..6b2e030 100644
--- a/cobbler/snippets/kickstart_chef_run.sh
+++ b/cobbler/snippets/kickstart_chef_run.sh
@@ -32,8 +32,8 @@ PIDFILE=/tmp/chef_client_run.pid
if [ -f \\$PIDFILE ]; then
pid=\\$(cat \\$PIDFILE)
if [ -f /proc/\\$pid/exe ]; then
- echo "there are chef_client_run.sh running with pid \\$pid" >> /var/log/chef.log 2>&1
- exit 1
+ echo "there are chef_client_run.sh running with pid \\$pid" >> /var/log/chef.log 2>&1
+ exit 1
fi
fi
echo \\$$ > \\$PIDFILE
@@ -53,7 +53,7 @@ while true; do
let all_nodes_success=1
for node in \\$nodes; do
mkdir -p /var/log/chef/\\$node
- if [ ! -f /etc/chef/\\$node.json ]; then
+ if [ ! -f /etc/chef/\\$node.json ]; then
cat << EOL > /etc/chef/\\$node.json
{
"local_repo": "$local_repo_url",
diff --git a/cobbler/snippets/kickstart_client.rb b/cobbler/snippets/kickstart_client.rb
index e6495d0..568ba46 100644
--- a/cobbler/snippets/kickstart_client.rb
+++ b/cobbler/snippets/kickstart_client.rb
@@ -12,7 +12,7 @@ chef_server_url 'https://$server'
validation_client_name 'chef-validator'
json_attribs nil
pid_file '/var/run/chef-client.pid'
-# Using default node name (fqdn)
+# Using default node name (fqdn)
no_lazy_load true
ssl_verify_mode :verify_none
#if $os_version == "rhel7"
@@ -33,7 +33,7 @@ mkdir -p /etc/chef/trusted_certs
cat << EOF > /etc/chef/trusted_certs/$filename
#echo $f.read()
EOF
- #silent $f.close()
+ #silent $f.close()
#end if
#end for
#end if
diff --git a/cobbler/snippets/kickstart_knife.rb b/cobbler/snippets/kickstart_knife.rb
index 94d4528..e4ab081 100644
--- a/cobbler/snippets/kickstart_knife.rb
+++ b/cobbler/snippets/kickstart_knife.rb
@@ -29,7 +29,7 @@ mkdir -p /root/.chef/trusted_certs
cat << EOF > /root/.chef/trusted_certs/$filename
#echo $f.read()
EOF
- #silent $f.close()
+ #silent $f.close()
#end if
#end for
#end if
diff --git a/cobbler/snippets/kickstart_limits.conf b/cobbler/snippets/kickstart_limits.conf
index 0b116f3..00cf861 100644
--- a/cobbler/snippets/kickstart_limits.conf
+++ b/cobbler/snippets/kickstart_limits.conf
@@ -48,7 +48,7 @@ cat << EOF > /etc/security/limits.conf
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
-* - nofile 100000
+* - nofile 100000
# End of file
#end raw
EOF
diff --git a/cobbler/snippets/kickstart_network_config b/cobbler/snippets/kickstart_network_config
index 6de06e5..c4bb47e 100644
--- a/cobbler/snippets/kickstart_network_config
+++ b/cobbler/snippets/kickstart_network_config
@@ -1,6 +1,6 @@
## start of cobbler network_config generated code
#if $getVar("system_name","") != ""
-# Using "new" style networking config, by matching networking information to the physical interface's
+# Using "new" style networking config, by matching networking information to the physical interface's
# MAC-address
%include /tmp/pre_install_network_config
#end if
diff --git a/cobbler/snippets/kickstart_ntp b/cobbler/snippets/kickstart_ntp
index 120a311..2cbf75e 100644
--- a/cobbler/snippets/kickstart_ntp
+++ b/cobbler/snippets/kickstart_ntp
@@ -7,10 +7,10 @@ cat << EOF > /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
-# Include the option tinker panic 0 at the top of your ntp.conf file.
+# Include the option tinker panic 0 at the top of your ntp.conf file.
# By default, the NTP daemon sometimes panics and exits if the underlying clock
-# appears to be behaving erratically. This option causes the daemon to keep
-# running instead of panicking.
+# appears to be behaving erratically. This option causes the daemon to keep
+# running instead of panicking.
tinker panic 0
driftfile /var/lib/ntp/drift
@@ -23,7 +23,7 @@ restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
-restrict 127.0.0.1
+restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
@@ -36,16 +36,16 @@ restrict -6 ::1
# server 2.centos.pool.ntp.org
server $ntp_server
-# broadcast 192.168.1.255 autokey # broadcast server
-# broadcastclient # broadcast client
-# broadcast 224.0.1.1 autokey # multicast server
-# multicastclient 224.0.1.1 # multicast client
-# manycastserver 239.255.254.254 # manycast server
+# broadcast 192.168.1.255 autokey # broadcast server
+# broadcastclient # broadcast client
+# broadcast 224.0.1.1 autokey # multicast server
+# multicastclient 224.0.1.1 # multicast client
+# manycastserver 239.255.254.254 # manycast server
# manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
-# and when no outside source of synchronized time is available.
-server 127.127.1.0 # local clock
+# and when no outside source of synchronized time is available.
+server 127.127.1.0 # local clock
# Enable public key cryptography.
# crypto
@@ -53,7 +53,7 @@ server 127.127.1.0 # local clock
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
-# with symmetric key cryptography.
+# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
diff --git a/cobbler/snippets/kickstart_post_anamon b/cobbler/snippets/kickstart_post_anamon
index 9fbf1bf..699e830 100644
--- a/cobbler/snippets/kickstart_post_anamon
+++ b/cobbler/snippets/kickstart_post_anamon
@@ -87,3 +87,5 @@ test -d /selinux && restorecon /etc/init.d/set_state
## enable the script
chkconfig set_state on
+
+echo "compass_server=$server" >> /etc/compass.conf
diff --git a/cobbler/snippets/kickstart_post_install_network_config b/cobbler/snippets/kickstart_post_install_network_config
index c22225a..2c089f9 100644
--- a/cobbler/snippets/kickstart_post_install_network_config
+++ b/cobbler/snippets/kickstart_post_install_network_config
@@ -25,7 +25,7 @@ fi
exit \$RC
#end raw
EOF
-chmod +x /sbin/ifup-local
+chmod +x /sbin/ifup-local
#if $hostname != ""
# set the hostname in the network configuration file
@@ -147,18 +147,18 @@ for logical_interface in \${!logical_interface_mapping[@]}; do
physical_interface=\${logical_interface_mapping[\${logical_interface}]}
if [ -z "\${physical_interface}" ]; then
# check if the same name physical interface is mapped
- mapped_logical_interface=\${physical_interface_mapping[\${logical_interface}]}
- if [ -z "\${mapped_logical_interface}" ]; then
+ mapped_logical_interface=\${physical_interface_mapping[\${logical_interface}]}
+ if [ -z "\${mapped_logical_interface}" ]; then
# check if the same name physical interface exists
if [ ! -z "\${physical_interfaces[\${logical_interface}]}" ]; then
logical_interface_mapping[\${logical_interface}]=\${logical_interface}
- physical_interface_mapping[\${logical_interface}]=\${logical_interface}
- else
- echo "ignore logical interface \${logical_interface} since the same name physical interface does not exist" >> /tmp/network_log
+ physical_interface_mapping[\${logical_interface}]=\${logical_interface}
+ else
+ echo "ignore logical interface \${logical_interface} since the same name physical interface does not exist" >> /tmp/network_log
fi
- else
- echo "ignore logical interface \${logical_interface} since the same name physical interface is mapped by logical interface \${mapped_logical_interface}" >> /tmp/network_log
- fi
+ else
+ echo "ignore logical interface \${logical_interface} since the same name physical interface is mapped by logical interface \${mapped_logical_interface}" >> /tmp/network_log
+ fi
else
echo "ignore logical interface \${logical_interface} since it is mapped to physical interface \${physical_interface}" >> /tmp/network_log
fi
@@ -235,22 +235,22 @@ if [ \${#sorted_unset_logical_interfaces[@]} -gt 0 ]; then
# get all available logical interfaces which the same name physical interface is not used
for logical_interface in \${logical_interfaces[@]}; do
mapped_logical_interface=\${physical_interface_mapping[\${logical_interface}]}
- if [ -z "\${mapped_logical_interface}" ]; then
- available_logical_interfaces[\${logical_interface}]=\${logical_interface}
- else
- echo "ignore logical interface \${logical_interface} since the same name physical interface mapped to logical interface \${mapped_logical_interface}" >> /tmp/network_log
- fi
+ if [ -z "\${mapped_logical_interface}" ]; then
+ available_logical_interfaces[\${logical_interface}]=\${logical_interface}
+ else
+ echo "ignore logical interface \${logical_interface} since the same name physical interface mapped to logical interface \${mapped_logical_interface}" >> /tmp/network_log
+ fi
done
#first map logical interface to the same name physical interface if that physical interface name is not used
for logical_interface in \${sorted_unset_logical_interfaces[@]}; do
available_logical_interface=\${available_logical_interfaces[\${logical_interface}]}
- if [ ! -z "\${available_logical_interface}" ]; then
- unset unset_logical_interfaces[\${logical_interface}]
- unset available_logical_interfaces[\${available_logical_interface}]
- logical_interface_mapping[\${logical_interface}]=\${available_logical_interface}
- physical_interface_mapping[\${available_logical_interface}]=\${logical_interface}
- fi
+ if [ ! -z "\${available_logical_interface}" ]; then
+ unset unset_logical_interfaces[\${logical_interface}]
+ unset available_logical_interfaces[\${available_logical_interface}]
+ logical_interface_mapping[\${logical_interface}]=\${available_logical_interface}
+ physical_interface_mapping[\${available_logical_interface}]=\${logical_interface}
+ fi
done
echo "finish mapping ramaining unmapped logical interfaces to the same name physical interface" >> /tmp/network_log
@@ -272,14 +272,14 @@ if [ \${#sorted_unset_logical_interfaces[@]} -gt 0 ]; then
echo "sorted available logical interfaces: \${sorted_available_logical_interfaces[@]}" >> /tmp/network_log
while [ \${#sorted_unset_logical_interfaces[@]} -gt 0 -a \${#sorted_available_logical_interfaces[@]} -gt 0 ]; do
logical_interface=\${sorted_unset_logical_interfaces[0]}
- available_logical_interface=\${sorted_available_logical_interfaces[0]}
- echo "map logical interface \${logical_interface} to unused physical interface \${available_logical_interface}" >> /tmp/network_log
+ available_logical_interface=\${sorted_available_logical_interfaces[0]}
+ echo "map logical interface \${logical_interface} to unused physical interface \${available_logical_interface}" >> /tmp/network_log
unset sorted_unset_logical_interfaces[0]
- unset unset_logical_interfaces[\${logical_interface}]
- unset sorted_available_logical_interfaces[0]
- unset available_logical_interfaces[\${available_logical_interface}]
- logical_interface_mapping[\${logical_interface}]=\${available_logical_interface}
- physical_interface_mapping[\${available_logical_interface}]=\${logical_interface}
+ unset unset_logical_interfaces[\${logical_interface}]
+ unset sorted_available_logical_interfaces[0]
+ unset available_logical_interfaces[\${available_logical_interface}]
+ logical_interface_mapping[\${logical_interface}]=\${available_logical_interface}
+ physical_interface_mapping[\${available_logical_interface}]=\${logical_interface}
done
fi
@@ -302,22 +302,22 @@ if [ \${#sorted_unset_physical_interfaces[@]} -gt 0 ]; then
# get all available physical interfaces which the same name logical interface is not used
for physical_interface in \${physical_interfaces[@]}; do
mapped_physical_interface=\${logical_interface_mapping[\${physical_interface}]}
- if [ -z "\${mapped_physical_interface}" ]; then
- available_physical_interfaces[\${physical_interface}]=\${physical_interface}
- else
- echo "ignore physical interface \${physical_interface} since the same name logical interface mapped to physical interface \${mapped_physical_interface}" >> /tmp/network_log
- fi
+ if [ -z "\${mapped_physical_interface}" ]; then
+ available_physical_interfaces[\${physical_interface}]=\${physical_interface}
+ else
+ echo "ignore physical interface \${physical_interface} since the same name logical interface mapped to physical interface \${mapped_physical_interface}" >> /tmp/network_log
+ fi
done
#first map physical interface to the same name logical interface if that logical interface name is not used
for physical_interface in \${sorted_unset_physical_interfaces[@]}; do
available_physical_interface=\${available_physical_interfaces[\${physical_interface}]}
- if [ ! -z "\${available_physical_interface}" ]; then
- unset unset_physical_interfaces[\${physical_interface}]
- unset available_physical_interfaces[\${available_physical_interface}]
- logical_interface_mapping[\${available_physical_interface}]=\${physical_interface}
- physical_interface_mapping[\${physical_interface}]=\${available_physical_interface}
- fi
+ if [ ! -z "\${available_physical_interface}" ]; then
+ unset unset_physical_interfaces[\${physical_interface}]
+ unset available_physical_interfaces[\${available_physical_interface}]
+ logical_interface_mapping[\${available_physical_interface}]=\${physical_interface}
+ physical_interface_mapping[\${physical_interface}]=\${available_physical_interface}
+ fi
done
echo "finish mapping ramaining unmapped physical interfaces to the same name logical interface" >> /tmp/network_log
for key in \${!logical_interface_mapping[@]}; do
@@ -338,14 +338,14 @@ if [ \${#sorted_unset_physical_interfaces[@]} -gt 0 ]; then
echo "sorted available physical interfaces: \${sorted_available_physical_interfaces[@]}" >> /tmp/network_log
while [ \${#sorted_unset_physical_interfaces[@]} -gt 0 -a \${#sorted_available_physical_interfaces[@]} -gt 0 ]; do
physical_interface=\${sorted_unset_physical_interfaces[0]}
- available_physical_interface=\${sorted_available_physical_interfaces[0]}
- echo "map physical interface \${physical_interface} to unused logical interface \${available_physical_interface}" >> /tmp/network_log
+ available_physical_interface=\${sorted_available_physical_interfaces[0]}
+ echo "map physical interface \${physical_interface} to unused logical interface \${available_physical_interface}" >> /tmp/network_log
unset sorted_unset_physical_interfaces[0]
- unset unset_physical_interfaces[\${physical_interface}]
- unset sorted_available_physical_interfaces[0]
- unset available_physical_interfaces[\${available_physical_interface}]
- physical_interface_mapping[\${available_physical_interface}]=\${physical_interface}
- logical_interface_mapping[\${physical_interface}]=\${available_physical_interface}
+ unset unset_physical_interfaces[\${physical_interface}]
+ unset sorted_available_physical_interfaces[0]
+ unset available_physical_interfaces[\${available_physical_interface}]
+ physical_interface_mapping[\${available_physical_interface}]=\${physical_interface}
+ logical_interface_mapping[\${physical_interface}]=\${available_physical_interface}
done
fi
@@ -385,7 +385,7 @@ for key in \${!logical_interface_mapping[@]}; do
if [ ! -z "\${physical_mac}" ]; then
physical_mac=\${physical_mac,,}
echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"\${physical_mac}\", ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"\$key\"" >> /etc/udev/rules.d/\${udev_network_rule_filename}.new
- echo "add network interface \$key mac \$physical_mac into udev rules" >> /tmp/network_log
+ echo "add network interface \$key mac \$physical_mac into udev rules" >> /tmp/network_log
else
echo "network interface \$key does not find mac address to add to udev rules" >> /tmp/network_log
fi
@@ -508,7 +508,7 @@ echo "GATEWAY=$if_gateway" >> $devfile
#end if
#if $netmask == ""
- ## Default to 255.255.255.0?
+ ## Default to 255.255.255.0?
#set $netmask = "255.255.255.0"
#end if
echo "NETMASK=$netmask" >> $devfile
@@ -538,9 +538,9 @@ echo "MTU=$mtu" >> $devfile
#set $nct = $nct + 1
echo "DNS$nct=$nameserver" >> $devfile
#end for
- #set $nameserver_set = 1
+ #set $nameserver_set = 1
#end if
- #end if
+ #end if
#for $route in $static_routes
#set routepattern = $re.compile("[0-9/.]+:[0-9.]+")
diff --git a/cobbler/snippets/kickstart_pre_install_network_config b/cobbler/snippets/kickstart_pre_install_network_config
index 8c24dc3..34d670f 100644
--- a/cobbler/snippets/kickstart_pre_install_network_config
+++ b/cobbler/snippets/kickstart_pre_install_network_config
@@ -33,7 +33,7 @@ get_ifname() {
#set ikeys = $interfaces.keys()
#for $iname in $ikeys
#set $idata = $interfaces[$iname]
- #set $management = $idata["management"]
+ #set $management = $idata["management"]
#if $management
#set $management_nic = $iname
#end if
@@ -67,10 +67,10 @@ then
#end if
#set $netinfo = "--bootproto=static --ip=%s --netmask=%s" % ($ip, $netmask)
#if $gateway != ""
- #set $netinfo = "%s --gateway=%s" % ($netinfo, $gateway)
- #end if
- #if $len($name_servers) > 0
- #set $netinfo = "%s --nameserver=%s" % ($netinfo, $name_servers[0])
+ #set $netinfo = "%s --gateway=%s" % ($netinfo, $gateway)
+ #end if
+ #if $len($name_servers) > 0
+ #set $netinfo = "%s --nameserver=%s" % ($netinfo, $name_servers[0])
#end if
#else if not $static
#set $netinfo = "--bootproto=dhcp"
diff --git a/cobbler/snippets/kickstart_pre_partition_disks b/cobbler/snippets/kickstart_pre_partition_disks
index 07108ac..6b1c9ce 100644
--- a/cobbler/snippets/kickstart_pre_partition_disks
+++ b/cobbler/snippets/kickstart_pre_partition_disks
@@ -34,14 +34,14 @@ if [ -e /dev/disk/by-path ]; then
#end if
path_name=\$(basename \$1)
disk_name=\$(basename \$2)
- let disk_mapping_offset=\$disk_mapping_offset+1
+ let disk_mapping_offset=\$disk_mapping_offset+1
shift 2
if [ \$found_disk_type -gt 0 ]; then
disk_mapping[\${disk_name}]="/dev/disk/by-path/\${path_name}"
- disk_mapping[\${path_name}]="/dev/disk/by-path/\${path_name}"
- disk_path_mapping[\${disk_name}]="/dev/\${disk_name}"
- disk_path_mapping[\${path_name}]="/dev/\${disk_name}"
+ disk_mapping[\${path_name}]="/dev/disk/by-path/\${path_name}"
+ disk_path_mapping[\${disk_name}]="/dev/\${disk_name}"
+ disk_path_mapping[\${path_name}]="/dev/\${disk_name}"
else
ignore_disk_mapping[\${disk_name}]="/dev/disk/by-path/\${path_name}"
ignore_disk_mapping[\${path_name}]="/dev/disk/by-path/\${path_name}"
@@ -61,7 +61,7 @@ else
echo "/dev/disk/by-path does not exist" >> /tmp/log
fi
-declare -A partition_disks
+declare -A partition_disks
declare -A disks
set \$(list-harddrives)
let disk_nums=\$#/2
@@ -108,13 +108,13 @@ while [ \$disk_offset -lt \$disk_nums ]; do
if [ \${found_disk} -gt 0 ]; then
echo "add disk \${disk_name} in partitioning list" >> /tmp/log
partition_disks[\${found_disk_offset}]=\$disk
- let found_disk_offset=\${found_disk_offset}+1
+ let found_disk_offset=\${found_disk_offset}+1
fi
done
echo "partition disks \${partition_disks[@]}" >> /tmp/log
echo "disks \${disks[@]}" >> /tmp/log
-#if $getVar('sort_disks', '0') != "0"
+#if $getVar('sort_disks', '0') != "0"
sorted_disks=(\$(printf '%s\n' \${partition_disks[@]} | sort))
#else
sorted_disks=(\${partition_disks[@]})
@@ -192,16 +192,16 @@ for disk_partition in \${disk_partitions}; do
for remove_disk in \${remove_disks[@]}; do
#if $getVar('partition_by_path', '0') != "0"
path_name=\$(basename \${remove_disk})
- remove_disk_path=\${remove_disk}
+ remove_disk_path=\${remove_disk}
remove_disk=\${disk_path_mapping[\${path_name}]}
#else
disk_name=\$(basename \${remove_disk})
remove_disk_path=\${disk_mapping[\${disk_name}]}
#end if
if [ -z "\${remove_disk}" ]; then
- continue
- fi
- if [ -z "\${remove_disk_path}" ]; then
+ continue
+ fi
+ if [ -z "\${remove_disk_path}" ]; then
continue
fi
if expr match "\${disk_partition}" "\${remove_disk_path}.*"; then
@@ -216,9 +216,9 @@ for disk_partition in \${disk_partitions}; do
else
echo "partition \${disk_partition} does not match \${remove_disk}.*" >> /tmp/log
fi
- if [[ "\$vg" == "$vgname" ]]; then
+ if [[ "\$vg" == "$vgname" ]]; then
remove_vg="\$vg"
- remove_partition="\${disk_partition}"
+ remove_partition="\${disk_partition}"
fi
done
if [ ! -z "\${remove_vg}" ]; then
@@ -240,15 +240,15 @@ for disk_partition in \${disk_partitions}; do
if [ -z "\${remove_partitions}" ]; then
remove_partitions="\${remove_partition}"
else
- pv_removed=0
- for pv in ${remove_partitions}; do
- if [[ "\$pv" == "\${remove_partition}" ]]; then
- pv_removed=1
- fi
- done
- if [ \${pv_removed} -eq 0 ]; then
+ pv_removed=0
+ for pv in ${remove_partitions}; do
+ if [[ "\$pv" == "\${remove_partition}" ]]; then
+ pv_removed=1
+ fi
+ done
+ if [ \${pv_removed} -eq 0 ]; then
remove_partitions="\${remove_partitions} \${remove_partition}"
- fi
+ fi
fi
fi
done
@@ -269,17 +269,17 @@ declare -A reserve_disks_size
#for disk_and_size in $disk_sizes
#set disk_name, size = $disk_and_size.split(' ', 1)
#set disk_name = $disk_name.strip()
- #if $size.endswith('K')
- #set disk_size = $int($size[:-1]) / 1000
- #elif size.endswith('M')
- #set disk_size = $int($size[:-1])
- #elif $size.endswith('G')
- #set disk_size = $int($size[:-1]) * 1000
- #elif $size.endswith('T')
- #set disk_size = $int($size[:-1]) * 1000000
- #else
- #set disk_size = $int($size)
- #end if
+ #if $size.endswith('K')
+ #set disk_size = $int($size[:-1]) / 1000
+ #elif size.endswith('M')
+ #set disk_size = $int($size[:-1])
+ #elif $size.endswith('G')
+ #set disk_size = $int($size[:-1]) * 1000
+ #elif $size.endswith('T')
+ #set disk_size = $int($size[:-1]) * 1000000
+ #else
+ #set disk_size = $int($size)
+ #end if
reserve_disks_size[${disk_name}]=${disk_size}
#end for
#end if
@@ -303,17 +303,17 @@ declare -A max_disks_size
#for disk_and_size in $disk_sizes
#set disk_name, size = $disk_and_size.split(' ', 1)
#set disk_name = $disk_name.strip()
- #if $size.endswith('K')
- #set disk_size = $int($size[:-1]) / 1000
- #elif $size.endswith('M')
- #set disk_size = $int($size[:-1])
- #elif $size.endswith('G')
- #set disk_size = $int($size[:-1]) * 1000
- #elif $size.endswith('T')
- #set disk_size = $int($size[:-1]) * 1000000
- #else
- #set disk_size = $int($size)
- #end if
+ #if $size.endswith('K')
+ #set disk_size = $int($size[:-1]) / 1000
+ #elif $size.endswith('M')
+ #set disk_size = $int($size[:-1])
+ #elif $size.endswith('G')
+ #set disk_size = $int($size[:-1]) * 1000
+ #elif $size.endswith('T')
+ #set disk_size = $int($size[:-1]) * 1000000
+ #else
+ #set disk_size = $int($size)
+ #end if
max_disks_size[${disk_name}]=${disk_size}
#end for
#end if
@@ -341,14 +341,14 @@ declare -A partitions_maxsize
#for vol_and_size in $vol_sizes
#set vol, vol_size = $vol_and_size.split(' ', 1)
#set vol = $vol.strip()
- #if $vol == '/'
- #set volname = 'root'
- #elif $vol == 'swap'
- #set volname = 'swap'
- #elif $vol.startswith('/')
+ #if $vol == '/'
+ #set volname = 'root'
+ #elif $vol == 'swap'
+ #set volname = 'swap'
+ #elif $vol.startswith('/')
#set volname = $vol[1:].replace('/', '_')
- #else
- #set volname = ''
+ #else
+ #set volname = ''
# $vol is not starts with /
#continue
#end if
@@ -358,17 +358,17 @@ partitions_name[$vol]=$volname
#set vol_percent = $vol_size[:-1]
partitions_percentage[$vol]=${vol_percent}
#else
- #if $vol_size.endswith('K')
- #set vol_min_size = $int($vol_size[:-1]) / 1000
- #elif $vol_size.endswith('M')
- #set vol_min_size = $int($vol_size[:-1])
- #elif $vol_size.endswith('G')
- #set vol_min_size = $int($vol_size[:-1]) * 1000
- #elif $vol_size.endswith('T')
- #set vol_min_size = $int($vol_size[:-1]) * 1000000
- #else
- #set vol_min_size = $int($vol_size)
- #end if
+ #if $vol_size.endswith('K')
+ #set vol_min_size = $int($vol_size[:-1]) / 1000
+ #elif $vol_size.endswith('M')
+ #set vol_min_size = $int($vol_size[:-1])
+ #elif $vol_size.endswith('G')
+ #set vol_min_size = $int($vol_size[:-1]) * 1000
+ #elif $vol_size.endswith('T')
+ #set vol_min_size = $int($vol_size[:-1]) * 1000000
+ #else
+ #set vol_min_size = $int($vol_size)
+ #end if
partitions_size[$vol]=${vol_min_size}
#end if
#end for
@@ -379,17 +379,17 @@ partitions_size[$vol]=${vol_min_size}
#for vol_and_size in $vol_sizes
#set vol, vol_size = $vol_and_size.split(' ', 1)
#set vol = $vol.strip()
- #if $vol_size.endswith('K')
- #set vol_min_size = $int($vol_size[:-1]) / 1000
- #elif $vol_size.endswith('M')
- #set vol_min_size = $int($vol_size[:-1])
- #elif $vol_size.endswith('G')
- #set vol_min_size = $int($vol_size[:-1]) * 1000
- #elif $vol_size.endswith('T')
- #set vol_min_size = $int($vol_size[:-1]) * 1000000
- #else
- #set vol_min_size = $int($vol_size)
- #end if
+ #if $vol_size.endswith('K')
+ #set vol_min_size = $int($vol_size[:-1]) / 1000
+ #elif $vol_size.endswith('M')
+ #set vol_min_size = $int($vol_size[:-1])
+ #elif $vol_size.endswith('G')
+ #set vol_min_size = $int($vol_size[:-1]) * 1000
+ #elif $vol_size.endswith('T')
+ #set vol_min_size = $int($vol_size[:-1]) * 1000000
+ #else
+ #set vol_min_size = $int($vol_size)
+ #end if
partitions_size[$vol]=${vol_min_size}
#end for
#end if
@@ -399,17 +399,17 @@ partitions_size[$vol]=${vol_min_size}
#for vol_and_size in $vol_sizes
#set vol, vol_size = $vol_and_size.split(' ', 1)
#set vol = $vol.strip()
- #if $vol_size.endswith('K')
- #set vol_max_size = $int($vol_size[:-1]) / 1000
- #elif $vol_size.endswith('M')
- #set vol_max_size = $int($vol_size[:-1])
- #elif $vol_size.endswith('G')
- #set vol_max_size = $int($vol_size[:-1]) * 1000
- #elif $vol_size.endswith('T')
- #set vol_max_size = $int($vol_size[:-1]) * 1000000
- #else
- #set vol_max_size = $int($vol_size)
- #end if
+ #if $vol_size.endswith('K')
+ #set vol_max_size = $int($vol_size[:-1]) / 1000
+ #elif $vol_size.endswith('M')
+ #set vol_max_size = $int($vol_size[:-1])
+ #elif $vol_size.endswith('G')
+ #set vol_max_size = $int($vol_size[:-1]) * 1000
+ #elif $vol_size.endswith('T')
+ #set vol_max_size = $int($vol_size[:-1]) * 1000000
+ #else
+ #set vol_max_size = $int($vol_size)
+ #end if
partitions_maxsize[$vol]=${vol_max_size}
#end for
#end if
@@ -522,7 +522,7 @@ for key in \${sorted_partitions[@]}; do
partition_percentage=\${partitions_percentage[\$key]}
if [[ x"\${partition_percentage}" != x"" ]]; then
percentage_param="--percent=\${partition_percentage}"
- grow_param="--grow"
+ grow_param="--grow"
else
percentage_param=""
fi
@@ -530,7 +530,7 @@ for key in \${sorted_partitions[@]}; do
if [[ x"\${partition_size}" != x"" ]]; then
size_param="--size=\${partition_size}"
else
- size_param="--size=1"
+ size_param=""
fi
partition_maxsize=\${partitions_maxsize[\$key]}
if [[ x"\${partition_maxsize}" != x"" ]]; then
diff --git a/cobbler/snippets/kickstart_rsyslog.conf b/cobbler/snippets/kickstart_rsyslog.conf
index 8711acf..33af044 100644
--- a/cobbler/snippets/kickstart_rsyslog.conf
+++ b/cobbler/snippets/kickstart_rsyslog.conf
@@ -1,6 +1,6 @@
cat << EOL > /etc/rsyslog.conf
\#\#\#\# MODULES \#\#\#\##
-
+
\\$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
\\$ModLoad imfile
diff --git a/cobbler/snippets/kickstart_ssh b/cobbler/snippets/kickstart_ssh
index 9900294..2ffedaa 100644
--- a/cobbler/snippets/kickstart_ssh
+++ b/cobbler/snippets/kickstart_ssh
@@ -9,7 +9,7 @@
mkdir -p $home/.ssh
chmod 700 -R $home/.ssh
#set $firstline = True
- #for $ssh_key in $ssh_keys.split(',')
+ #for $ssh_key in $ssh_keys.split(',')
#if not $ssh_key
#continue
#end if
diff --git a/cobbler/snippets/kickstart_sysctl.conf b/cobbler/snippets/kickstart_sysctl.conf
index b814dfd..c227ecf 100644
--- a/cobbler/snippets/kickstart_sysctl.conf
+++ b/cobbler/snippets/kickstart_sysctl.conf
@@ -38,9 +38,9 @@ kernel.shmall = 4294967296
# increase TCP max buffer size settable using setsockopt()
net.core.rmem_max = 16777216
-net.core.wmem_max = 16777216
+net.core.wmem_max = 16777216
-# increase Linux autotuning TCP buffer limit
+# increase Linux autotuning TCP buffer limit
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
@@ -48,7 +48,7 @@ net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_max_syn_backlog = 4096
-# recommended default congestion control is htcp
+# recommended default congestion control is htcp
net.ipv4.tcp_congestion_control=htcp
# recommended for hosts with jumbo frames enabled
@@ -60,12 +60,12 @@ net.ipv4.tcp_fin_timeout=30
# fast cycling of sockets in time_wait state and re-using them
net.ipv4.tcp_tw_recycle = 1
-net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_tw_reuse = 1
# increase the maximum number of requests queued to a listen socket
net.core.somaxconn = 8192
-# avoid caching tcp network transfer statistics
+# avoid caching tcp network transfer statistics
net.ipv4.route.flush=1
#end raw
EOF
diff --git a/cobbler/snippets/kickstart_yum b/cobbler/snippets/kickstart_yum
index dc4026f..c33ba0f 100644
--- a/cobbler/snippets/kickstart_yum
+++ b/cobbler/snippets/kickstart_yum
@@ -36,7 +36,7 @@ mv -f /etc/yum.repos.d/* /root/repo_backup/
#set os_info = $profile_name.split('-')
#set osname = $os_info[0].lower()
#set osversion = $os_info[1]
-#set osversion_flat = $osversion.replace('.', '_')
+#set osversion_flat = $osversion.replace('.', '_')
cat << EOF > /etc/yum.repos.d/${osname}_${osversion_flat}_os_repo.repo
[${osname}_${osversion_flat}_os_repo]
diff --git a/cobbler/snippets/limits_conf.xml b/cobbler/snippets/limits_conf.xml
index 2f33be5..80caaf4 100644
--- a/cobbler/snippets/limits_conf.xml
+++ b/cobbler/snippets/limits_conf.xml
@@ -51,7 +51,7 @@
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
-* - nofile 100000
+* - nofile 100000
# End of file
#end raw
]]>
diff --git a/cobbler/snippets/networking.xml b/cobbler/snippets/networking.xml
index 2290d9f..c9428a4 100644
--- a/cobbler/snippets/networking.xml
+++ b/cobbler/snippets/networking.xml
@@ -3,11 +3,11 @@
#set $hostname = $getVar("system_name","cobbler")
#end if
#if $getVar("dns_name_eth0","") != ""
- #set $my_hostname = $hostname.split('.',1)[:1][0]
- #set $my_domainname = $dns_name_eth0.split('.',1)[1:][0]
+ #set $my_hostname = $hostname.split('.',1)[:1][0]
+ #set $my_domainname = $dns_name_eth0.split('.',1)[1:][0]
#else
- #set $my_hostname = $hostname
- #set $my_domainname = "site"
+ #set $my_hostname = $hostname
+ #set $my_domainname = "site"
#end if
diff --git a/cobbler/snippets/preseed_apt_repo_config b/cobbler/snippets/preseed_apt_repo_config
index bbc4cee..e28dd80 100644
--- a/cobbler/snippets/preseed_apt_repo_config
+++ b/cobbler/snippets/preseed_apt_repo_config
@@ -1,7 +1,7 @@
# Uncomment this if you don't want to use a network mirror
d-i apt-setup/use_mirror boolean false
d-i apt-setup/services-select multiselect
-d-i apt-setup/security_host string $http_server
+d-i apt-setup/security_host string $http_server
d-i apt-setup/security_path string $install_source_directory
# Additional repositories, local[0-9] available
#set $cur=0
diff --git a/cobbler/snippets/preseed_chef_run.sh b/cobbler/snippets/preseed_chef_run.sh
index ade6215..19d7eee 100644
--- a/cobbler/snippets/preseed_chef_run.sh
+++ b/cobbler/snippets/preseed_chef_run.sh
@@ -32,8 +32,8 @@ PIDFILE=/tmp/chef_client_run.pid
if [ -f \\$PIDFILE ]; then
pid=\\$(cat \\$PIDFILE)
if [ -f /proc/\\$pid/exe ]; then
- echo "there are chef_client_run.sh running with pid \\$pid" >> /var/log/chef.log 2>&1
- exit 1
+ echo "there are chef_client_run.sh running with pid \\$pid" >> /var/log/chef.log 2>&1
+ exit 1
fi
fi
echo \\$$ > \\$PIDFILE
diff --git a/cobbler/snippets/preseed_client.rb b/cobbler/snippets/preseed_client.rb
index d4dc2bf..e6c60a4 100644
--- a/cobbler/snippets/preseed_client.rb
+++ b/cobbler/snippets/preseed_client.rb
@@ -11,7 +11,7 @@ chef_server_url 'https://$server'
validation_client_name 'chef-validator'
json_attribs nil
pid_file '/var/run/chef-client.pid'
-# Using default node name (fqdn)
+# Using default node name (fqdn)
no_lazy_load true
ssl_verify_mode :verify_none
EOL
@@ -29,7 +29,7 @@ mkdir -p /etc/chef/trusted_certs
cat << EOF > /etc/chef/trusted_certs/$filename
#echo $f.read()
EOF
- #silent $f.close()
+ #silent $f.close()
#end if
#end for
#end if
diff --git a/cobbler/snippets/preseed_knife.rb b/cobbler/snippets/preseed_knife.rb
index 0cb6bbc..32047bb 100644
--- a/cobbler/snippets/preseed_knife.rb
+++ b/cobbler/snippets/preseed_knife.rb
@@ -26,7 +26,7 @@ mkdir -p /root/.chef/trusted_certs
cat << EOF > /root/.chef/trusted_certs/$filename
#echo $f.read()
EOF
- #silent $f.close()
+ #silent $f.close()
#end if
#end for
#end if
diff --git a/cobbler/snippets/preseed_limits.conf b/cobbler/snippets/preseed_limits.conf
index 0b116f3..00cf861 100644
--- a/cobbler/snippets/preseed_limits.conf
+++ b/cobbler/snippets/preseed_limits.conf
@@ -48,7 +48,7 @@ cat << EOF > /etc/security/limits.conf
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
-* - nofile 100000
+* - nofile 100000
# End of file
#end raw
EOF
diff --git a/cobbler/snippets/preseed_ntp b/cobbler/snippets/preseed_ntp
index dda5ef5..83b3055 100644
--- a/cobbler/snippets/preseed_ntp
+++ b/cobbler/snippets/preseed_ntp
@@ -6,10 +6,10 @@ cat << EOF > /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
-# Include the option tinker panic 0 at the top of your ntp.conf file.
+# Include the option tinker panic 0 at the top of your ntp.conf file.
# By default, the NTP daemon sometimes panics and exits if the underlying clock
-# appears to be behaving erratically. This option causes the daemon to keep
-# running instead of panicking.
+# appears to be behaving erratically. This option causes the daemon to keep
+# running instead of panicking.
tinker panic 0
driftfile /var/lib/ntp/drift
@@ -22,7 +22,7 @@ restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
-restrict 127.0.0.1
+restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
@@ -35,16 +35,16 @@ restrict -6 ::1
# server 2.ubuntu.pool.ntp.org
server $ntp_server
-# broadcast 192.168.1.255 autokey # broadcast server
-# broadcastclient # broadcast client
-# broadcast 224.0.1.1 autokey # multicast server
-# multicastclient 224.0.1.1 # multicast client
-# manycastserver 239.255.254.254 # manycast server
+# broadcast 192.168.1.255 autokey # broadcast server
+# broadcastclient # broadcast client
+# broadcast 224.0.1.1 autokey # multicast server
+# multicastclient 224.0.1.1 # multicast client
+# manycastserver 239.255.254.254 # manycast server
# manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
-# and when no outside source of synchronized time is available.
-server 127.127.1.0 # local clock
+# and when no outside source of synchronized time is available.
+server 127.127.1.0 # local clock
# Enable public key cryptography.
# crypto
@@ -52,7 +52,7 @@ server 127.127.1.0 # local clock
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
-# with symmetric key cryptography.
+# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
diff --git a/cobbler/snippets/preseed_post_anamon b/cobbler/snippets/preseed_post_anamon
index 4bd3c89..6d889bb 100644
--- a/cobbler/snippets/preseed_post_anamon
+++ b/cobbler/snippets/preseed_post_anamon
@@ -76,3 +76,5 @@ chmod 755 /etc/init.d/set_state
test -d /selinux && restorecon /etc/init.d/set_state
update-rc.d set_state defaults 99 99
+
+echo "compass_server=$server" >> /etc/compass.conf
diff --git a/cobbler/snippets/preseed_post_apt_repo_config b/cobbler/snippets/preseed_post_apt_repo_config
index d9b5792..6ea56c5 100644
--- a/cobbler/snippets/preseed_post_apt_repo_config
+++ b/cobbler/snippets/preseed_post_apt_repo_config
@@ -21,7 +21,6 @@ Acquire::http::Proxy::${local_repo_server} DIRECT;
#end if
EOF
-rm -f /etc/apt/sources.list
#if $getVar("local_repo", "") == "" or $getVar("local_repo_only","1") == "0"
#set repos_snippet = 'apt.repos.d/%s/%s/preseed_repos' % ($osname, $osversion)
@@ -34,6 +33,7 @@ $SNIPPET($repos_snippet)
#set $rarch = "[arch=%s]" % $arch
#end if
+rm -f /etc/apt/sources.list
cat << EOF >> /etc/apt/sources.list
deb ${rarch} $tree $os_version main restricted
EOF
@@ -61,8 +61,7 @@ cat << EOF >> /etc/apt/sources.list
deb ${rarch} $local_repo/$compass_repo/ local_repo main
EOF
-
- #if $getVar("local_repo_only","1") != "0"
-apt-get -y update
+ #if $getVar("local_repo_only","1") != "0"
+apt-get -y update
#end if
#end if
diff --git a/cobbler/snippets/preseed_post_install_network_config b/cobbler/snippets/preseed_post_install_network_config
index 90f6e2b..3e57783 100644
--- a/cobbler/snippets/preseed_post_install_network_config
+++ b/cobbler/snippets/preseed_post_install_network_config
@@ -153,13 +153,13 @@ for logical_interface in \${logical_interfaces}; do
eval "mapped_logical_interface=\\${physical_interface_mapping_\${logical_interface}}"
if [ ! -z "\${mapped_logical_interface}" ]; then
echo "ignore logical interface \${logical_interface} since the same name physical interface is mapped by logical interface \${mapped_logical_interface}" >> /tmp/network_log
- continue
+ continue
fi
# check if the same name physical interface exists
eval "mapped_logical_interface=\\${physical_interface_\${logical_interface}}"
if [ -z "\${mapped_logical_interface}" ]; then
echo "ignore logical interface \${logical_interface} since the same name physical interface does not exist" >> /tmp/network_log
- continue
+ continue
fi
eval "logical_interface_mapping_\${logical_interface}=\${logical_interface}"
eval "physical_interface_mapping_\${logical_interface}=\${logical_interface}"
@@ -225,16 +225,16 @@ for logical_interface in \${sorted_unset_logical_interfaces}; do
physical_interface=\$1
shift 1
sorted_unset_physical_interfaces="\$@"
- echo "map unset logical interface \${logical_interface} to unset physical interface \${physical_interface}" >> /tmp/network_log
+ echo "map unset logical interface \${logical_interface} to unset physical interface \${physical_interface}" >> /tmp/network_log
eval "physical_interface_mapping_\${physical_interface}=\${logical_interface}"
eval "logical_interface_mapping_\${logical_interface}=\${physical_interface}"
else
echo "remain unset logical interface \${logical_interface} since there is no remain unset physical interfaces" >> /tmp/network_log
- if [ -z "\${unset_logical_interfaces}" ]; then
- unset_logical_interfaces="\${logical_interface}"
- else
- unset_logical_interfaces="\${unset_logical_interfaces} \${logical_interface}"
- fi
+ if [ -z "\${unset_logical_interfaces}" ]; then
+ unset_logical_interfaces="\${logical_interface}"
+ else
+ unset_logical_interfaces="\${unset_logical_interfaces} \${logical_interface}"
+ fi
fi
done
sorted_unset_logical_interfaces=\${unset_logical_interfaces}
@@ -260,16 +260,16 @@ if [ ! -z "\${sorted_unset_logical_interfaces}" ]; then
available_logical_interfaces=""
for logical_interface in \${logical_interfaces}; do
eval "mapped_logical_interface=\\${physical_interface_mapping_\${logical_interface}}"
- if [ -z "\${mapped_logical_interface}" ]; then
- eval "available_logical_interface_\${logical_interface}=\${logical_interface}"
- if [ -z "\${available_logical_interfaces}" ]; then
- available_logical_interfaces="\${logical_interface}"
- else
- available_logical_interfaces="\${available_logical_interfaces} \${logical_interface}"
- fi
- else
- echo "ignore logical interface \${logical_interface} since the same name physical interface mapped to logical interface \${mapped_logical_interface}" >> /tmp/network_log
- fi
+ if [ -z "\${mapped_logical_interface}" ]; then
+ eval "available_logical_interface_\${logical_interface}=\${logical_interface}"
+ if [ -z "\${available_logical_interfaces}" ]; then
+ available_logical_interfaces="\${logical_interface}"
+ else
+ available_logical_interfaces="\${available_logical_interfaces} \${logical_interface}"
+ fi
+ else
+ echo "ignore logical interface \${logical_interface} since the same name physical interface mapped to logical interface \${mapped_logical_interface}" >> /tmp/network_log
+ fi
done
# add extra logical interfaces name to physical interfaces
@@ -287,12 +287,12 @@ if [ ! -z "\${sorted_unset_logical_interfaces}" ]; then
if [ ! -z "\${available_logical_interface}" ]; then
eval "physical_interface_mapping_\${available_logical_interface}=\${logical_interface}"
eval "logical_interface_mapping_\${logical_interface}=\${available_logical_interface}"
- else
- if [ -z "\${unset_logical_interfaces}" ]; then
- unset_logical_interfaces="\${logical_interface}"
- else
- unset_logical_interfaces="\${unset_logical_interfaces} \${logical_interface}"
- fi
+ else
+ if [ -z "\${unset_logical_interfaces}" ]; then
+ unset_logical_interfaces="\${logical_interface}"
+ else
+ unset_logical_interfaces="\${unset_logical_interfaces} \${logical_interface}"
+ fi
fi
done
sorted_unset_logical_interfaces=\${unset_logical_interfaces}
@@ -300,13 +300,13 @@ if [ ! -z "\${sorted_unset_logical_interfaces}" ]; then
# map remain unset logical interfaces to available logical interface names
for logical_interface in \${sorted_unset_logical_interfaces}; do
for available_logical_interface in \${available_logical_interfaces}; do
- eval "mapped_logical_interface=\\${physical_interface_mapping_\${available_logical_interface}}"
- if [ -z "\${mapped_logical_interface}" ]; then
- eval "physical_interface_mapping_\${available_logical_interface}=\${logical_interface}"
- eval "logical_interface_mapping_\${logical_interface}=\${available_logical_interface}"
- break
- fi
- done
+ eval "mapped_logical_interface=\\${physical_interface_mapping_\${available_logical_interface}}"
+ if [ -z "\${mapped_logical_interface}" ]; then
+ eval "physical_interface_mapping_\${available_logical_interface}=\${logical_interface}"
+ eval "logical_interface_mapping_\${logical_interface}=\${available_logical_interface}"
+ break
+ fi
+ done
done
fi
unset_logical_interfaces=""
@@ -329,16 +329,16 @@ if [ ! -z "\${sorted_unset_physical_interfaces}" ]; then
available_physical_interfaces=""
for physical_interface in \${physical_interfaces}; do
eval "mapped_physical_interface=\\${logical_interface_mapping_\${physical_interface}}"
- if [ -z "\${mapped_physical_interface}" ]; then
- eval "available_physical_interface_\${physical_interface}=\${physical_interface}"
- if [ -z "\${available_physical_interfaces}" ]; then
- available_physical_interfaces="\${physical_interface}"
- else
- available_physical_interfaces="\${available_physical_interfaces} \${physical_interface}"
- fi
- else
- echo "ignore physical interface \${physical_interface} since the same name logical interface mapped to physical interface \${mapped_physical_interface}" >> /tmp/network_log
- fi
+ if [ -z "\${mapped_physical_interface}" ]; then
+ eval "available_physical_interface_\${physical_interface}=\${physical_interface}"
+ if [ -z "\${available_physical_interfaces}" ]; then
+ available_physical_interfaces="\${physical_interface}"
+ else
+ available_physical_interfaces="\${available_physical_interfaces} \${physical_interface}"
+ fi
+ else
+ echo "ignore physical interface \${physical_interface} since the same name logical interface mapped to physical interface \${mapped_physical_interface}" >> /tmp/network_log
+ fi
done
# add extra physical interfaces name to logical interfaces
@@ -356,12 +356,12 @@ if [ ! -z "\${sorted_unset_physical_interfaces}" ]; then
if [ ! -z "\${available_physical_interface}" ]; then
eval "logical_interface_mapping_\${available_physical_interface}=\${physical_interface}"
eval "physical_interface_mapping_\${physical_interface}=\${available_physical_interface}"
- else
- if [ -z "\${unset_physical_interfaces}" ]; then
- unset_physical_interfaces="\${physical_interface}"
- else
- unset_physical_interfaces="\${unset_physical_interfaces} \${physical_interface}"
- fi
+ else
+ if [ -z "\${unset_physical_interfaces}" ]; then
+ unset_physical_interfaces="\${physical_interface}"
+ else
+ unset_physical_interfaces="\${unset_physical_interfaces} \${physical_interface}"
+ fi
fi
done
sorted_unset_physical_interfaces=\${unset_physical_interfaces}
@@ -369,13 +369,13 @@ if [ ! -z "\${sorted_unset_physical_interfaces}" ]; then
# map remain unset physical interfaces to logical interface name as available physical interface names
for physical_interface in \${sorted_unset_physical_interfaces}; do
for available_physical_interface in \${available_physical_interfaces}; do
- eval "mapped_physical_interface=\\${logical_interface_mapping_\${available_physical_interface}}"
- if [ -z "\${mapped_physical_interface}" ]; then
- eval "logical_interface_mapping_\${available_physical_interface}=\${physical_interface}"
- eval "physical_interface_mapping_\${physical_interface}=\${available_physical_interface}"
- break
- fi
- done
+ eval "mapped_physical_interface=\\${logical_interface_mapping_\${available_physical_interface}}"
+ if [ -z "\${mapped_physical_interface}" ]; then
+ eval "logical_interface_mapping_\${available_physical_interface}=\${physical_interface}"
+ eval "physical_interface_mapping_\${physical_interface}=\${available_physical_interface}"
+ break
+ fi
+ done
done
fi
unset_physical_interfaces=""
@@ -401,7 +401,7 @@ for key in \${logical_interfaces}; do
if [ ! -z "\${physical_mac}" ]; then
physical_mac=\$(echo \${physical_mac} | tr 'A-Z' 'a-z')
echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"\${physical_mac}\", ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"\$key\"" >> /etc/udev/rules.d/70-persistent-net.rules.new
- echo "add network interface \$key mac \${physical_mac} into udev rules" >> /tmp/network_log
+ echo "add network interface \$key mac \${physical_mac} into udev rules" >> /tmp/network_log
else
echo "network interface \$key does not find mac address to add to udev rules" >> /tmp/network_log
fi
@@ -441,7 +441,7 @@ used_logical_interface_$iname=$iname
#if $iface_type in ("slave","bond_slave","bridge_slave","bonded_bridge_slave")
#set $static = 1
- #end if
+ #end if
echo "auto $iname" >> /etc/network/interfaces
#if $static
@@ -500,8 +500,8 @@ fi
echo " bond-slaves $bondslaves" >> /etc/network/interfaces
#if $bonding_opts != ""
- #for $bondopts in $bonding_opts.split(" ")
- #set [$bondkey, $bondvalue] = $bondopts.split("=")
+ #for $bondopts in $bonding_opts.split(" ")
+ #set [$bondkey, $bondvalue] = $bondopts.split("=")
echo " bond-$bondkey $bondvalue" >> /etc/network/interfaces
#end for
#end if
@@ -519,10 +519,10 @@ echo " bond-master $iface_master" >> /etc/network/interfaces
#set $bridgeslaves += $bridgeiname + " "
#end if
#end for
-echo " bridge_ports $bridgeslaves" >> /etc/network/interfaces
+echo " bridge_ports $bridgeslaves" >> /etc/network/interfaces
#if $bridge_opts != ""
- #for $bridgeopts in $bridge_opts.split(" ")
- #set [$bridgekey, $bridgevalue] = $bridgeopts.split("=")
+ #for $bridgeopts in $bridge_opts.split(" ")
+ #set [$bridgekey, $bridgevalue] = $bridgeopts.split("=")
echo " bridge_$bridgekey $bridgevalue" >> /etc/network/interfaces
#end for
#end if
@@ -546,7 +546,7 @@ echo " address $ip" >> /etc/network/interfaces
echo " netmask $netmask" >> /etc/network/interfaces
#import netaddr
#set interface_network = $netaddr.IPNetwork('%s/%s' % ($ip, $netmask))
- #set interface_network_str = $str($interface_network)
+ #set interface_network_str = $str($interface_network)
#if $if_gateway != ""
echo " gateway $if_gateway" >> /etc/network/interfaces
#elif $gateway != ""
@@ -555,7 +555,7 @@ echo " gateway $if_gateway" >> /etc/network/interfaces
echo " gateway $gateway" >> /etc/network/interfaces
#end if
#end if
- #end if
+ #end if
#else
#pass
#end if
@@ -595,19 +595,19 @@ for logical_interface in \${logical_interfaces}; do
eval "used_logical_interface=\\${used_logical_interface_\${logical_interface}}"
if [ ! -z "\${used_logical_interface}" ]; then
# ignore logical interface that is already generated in above
- echo "ignore used logical interface \${logical_interface}" >> /tmp/network_log
- continue
+ echo "ignore used logical interface \${logical_interface}" >> /tmp/network_log
+ continue
fi
echo "add logical interface \${logical_interface} into network config since it is not set above" >> /tmp/network_log
eval "physical_interface=\\${logical_interface_mapping_\${logical_interface}}"
if [ ! -z "\${physical_interface}" ]; then
- echo "auto \${logical_interface}" >> /etc/network/interfaces
- echo "iface \${logical_interface} inet static" >> /etc/network/interfaces
+ echo "auto \${logical_interface}" >> /etc/network/interfaces
+ echo "iface \${logical_interface} inet static" >> /etc/network/interfaces
eval "mac=\\${physical_interface_mac_\${physical_interface}}"
if [ ! -z "\$mac" ]; then
- echo " hwaddress ether \${mac}" >> /etc/network/interfaces
- fi
- echo "" >> /etc/network/interfaces
+ echo " hwaddress ether \${mac}" >> /etc/network/interfaces
+ fi
+ echo "" >> /etc/network/interfaces
if [ -f "/etc/modprobe.conf" ] && [ ! -z "\${physical_interface}" ]; then
grep \${physical_interface} /etc/modprobe.conf | sed "s/\${physical_interface}/\${logical_interface}/" >> /etc/modprobe.conf.cobbler
grep -v \${physical_interface} /etc/modprobe.conf >> /etc/modprobe.conf.new
@@ -627,4 +627,4 @@ fi
if [ -f "/etc/udev/rules.d/70-persistent-net.rules.new" ]; then
mv /etc/udev/rules.d/70-persistent-net.rules.new /etc/udev/rules.d/70-persistent-net.rules
fi
-## End post_install_network_config generated code
+## End post_install_network_config generated code
diff --git a/cobbler/snippets/preseed_post_partition_disks b/cobbler/snippets/preseed_post_partition_disks
index 477551b..4770e2a 100644
--- a/cobbler/snippets/preseed_post_partition_disks
+++ b/cobbler/snippets/preseed_post_partition_disks
@@ -28,7 +28,7 @@ for remove_partition in \${remove_partitions}; do
partition_number=\$2
if [ ! -z "\${partition_disk}" ]; then
if [ ! -z "\${partition_number}" ]; then
- echo "remove partition \${remove_partition} on \${partition_disk} number \${partition_number}" >> /tmp/post_partition.log
+ echo "remove partition \${remove_partition} on \${partition_disk} number \${partition_number}" >> /tmp/post_partition.log
parted \${partition_disk} --script -- rm \${partition_number}
else
echo "no partition number found for \${remove_partition}" >> /tmp/post_partition.log
diff --git a/cobbler/snippets/preseed_pre_install_network_config b/cobbler/snippets/preseed_pre_install_network_config
index 2ea7479..e2d45df 100644
--- a/cobbler/snippets/preseed_pre_install_network_config
+++ b/cobbler/snippets/preseed_pre_install_network_config
@@ -34,7 +34,7 @@ get_ifname() {
#set ikeys = $interfaces.keys()
#for $iname in $ikeys
#set $idata = $interfaces[$iname]
- #set $management = $idata["management"]
+ #set $management = $idata["management"]
#if $management
#set $management_nic = $iname
#end if
diff --git a/cobbler/snippets/preseed_pre_partition_disks b/cobbler/snippets/preseed_pre_partition_disks
index 79fcbc2..b31d884 100644
--- a/cobbler/snippets/preseed_pre_partition_disks
+++ b/cobbler/snippets/preseed_pre_partition_disks
@@ -43,13 +43,13 @@ if [ -e /dev/disk/by-path ]; then
else
disk_mapping="\${disk_mapping} \${disk_name}"
fi
- if [ -z "\${disk_path_mapping}" ]; then
+ if [ -z "\${disk_path_mapping}" ]; then
disk_path_mapping="\${disk_path_name}"
- else
- disk_path_mapping="\${disk_path_mapping} \${disk_path_name}"
+ else
+ disk_path_mapping="\${disk_path_mapping} \${disk_path_name}"
fi
eval "disk_\${disk_name}=/dev/disk/by-path/\${path_name}"
- eval "disk_\${disk_path_name}=/dev/disk/by-path/\${path_name}"
+ eval "disk_\${disk_path_name}=/dev/disk/by-path/\${path_name}"
eval "disk_path_\${disk_path_name}=/dev/\${disk_name}"
eval "disk_path_\${disk_name}=/dev/\${disk_name}"
else
@@ -77,7 +77,7 @@ partition_disks=""
disks=""
for disk in \$(list-devices disk); do
disk_name=\$(basename \$disk)
- eval "disk_path=\\${disk_\${disk_name}}"
+ eval "disk_path=\\${disk_\${disk_name}}"
if [ -z "\${disk_path}" ]; then
eval "ignore_disk_path=\\${ignore_disk_\${disk_name}}"
if [ ! -z "\${ignore_disk_path}" ]; then
@@ -186,16 +186,16 @@ for disk_partition in \${disk_partitions}; do
#if $getVar('partition_by_path', '0') != "0"
path_name=\$(basename \${remove_disk})
disk_path_name=\$(echo \${path_name} | tr '-' '_' | tr ':' '_' | tr '.' '_')
- remove_disk_path=\${remove_disk}
+ remove_disk_path=\${remove_disk}
eval "remove_disk=\\${disk_path_\${disk_path_name}}"
#else
disk_name=\$(basename \${remove_disk})
eval "remove_disk_path=\\${disk_\${disk_name}}"
#end if
if [ -z "\${remove_disk}" ]; then
- continue
- fi
- if [ -z "\${remove_disk_path}" ]; then
+ continue
+ fi
+ if [ -z "\${remove_disk_path}" ]; then
continue
fi
if expr match "\${disk_partition}" "\${remove_disk_path}.*"; then
@@ -210,9 +210,9 @@ for disk_partition in \${disk_partitions}; do
else
echo "partition \${disk_partition} does not match \${remove_disk}.*" >> /tmp/preseed.log
fi
- if [[ "\$vg" == "$vgname" ]]; then
+ if [[ "\$vg" == "$vgname" ]]; then
remove_vg="\$vg"
- remove_partition="\${disk_partition}"
+ remove_partition="\${disk_partition}"
fi
done
if [ ! -z "\${remove_vg}" ]; then
@@ -234,15 +234,15 @@ for disk_partition in \${disk_partitions}; do
if [ -z "\${remove_partitions}" ]; then
remove_partitions="\${remove_partition}"
else
- pv_removed=0
- for pv in ${remove_partitions}; do
- if [[ "\$pv" == "\${remove_partition}" ]]; then
- pv_removed=1
- fi
- done
- if [ \${pv_removed} -eq 0 ]; then
+ pv_removed=0
+ for pv in ${remove_partitions}; do
+ if [[ "\$pv" == "\${remove_partition}" ]]; then
+ pv_removed=1
+ fi
+ done
+ if [ \${pv_removed} -eq 0 ]; then
remove_partitions="\${remove_partitions} \${remove_partition}"
- fi
+ fi
fi
fi
done
@@ -288,17 +288,17 @@ echo "partition fstype \${partition_fstype}" >> /tmp/preseed.log
#for disk_and_size in $disk_sizes
#set disk_name, size = $disk_and_size.split(' ', 1)
#set disk_name = $disk_name.strip()
- #if $size.endswith('K')
- #set disk_size = $int($size[:-1]) / 1000
- #elif $size.endswith('M')
- #set disk_size = $int($size[:-1])
- #elif $size.endswith('G')
- #set disk_size = $int($size[:-1]) * 1000
- #elif $size.endswith('T')
- #set disk_size = $int($size[:-1]) * 1000000
- #else
- #set disk_size = $int($size)
- #end if
+ #if $size.endswith('K')
+ #set disk_size = $int($size[:-1]) / 1000
+ #elif $size.endswith('M')
+ #set disk_size = $int($size[:-1])
+ #elif $size.endswith('G')
+ #set disk_size = $int($size[:-1]) * 1000
+ #elif $size.endswith('T')
+ #set disk_size = $int($size[:-1]) * 1000000
+ #else
+ #set disk_size = $int($size)
+ #end if
reserve_disk_size_${disk_name}=${disk_size}
#end for
#end if
@@ -321,17 +321,17 @@ default_reserve_disk_size=${disk_size}
#for disk_and_size in $disk_sizes
#set disk_name, size = $disk_and_size.split(' ', 1)
#set disk_name = $disk_name.strip()
- #if $size.endswith('K')
- #set disk_size = $int($size[:-1]) / 1000
- #elif $size.endswith('M')
- #set disk_size = $int($size[:-1])
- #elif $size.endswith('G')
- #set disk_size = $int($size[:-1]) * 1000
- #elif $size.endswith('T')
- #set disk_size = $int($size[:-1]) * 1000000
- #else
- #set disk_size = $int($size)
- #end if
+ #if $size.endswith('K')
+ #set disk_size = $int($size[:-1]) / 1000
+ #elif $size.endswith('M')
+ #set disk_size = $int($size[:-1])
+ #elif $size.endswith('G')
+ #set disk_size = $int($size[:-1]) * 1000
+ #elif $size.endswith('T')
+ #set disk_size = $int($size[:-1]) * 1000000
+ #else
+ #set disk_size = $int($size)
+ #end if
max_disk_size_${disk_name}=${disk_size}
#end for
#end if
@@ -356,13 +356,13 @@ default_partition_name=""
#for vol_and_size in vol_sizes
#set vol, vol_size = $vol_and_size.split(' ', 1)
#set vol = $vol.strip()
- #if $vol == '/'
- #set volname = 'root'
- #elif $vol == 'swap'
- #set volname = 'swap'
- #elif $vol.startswith('/')
+ #if $vol == '/'
+ #set volname = 'root'
+ #elif $vol == 'swap'
+ #set volname = 'swap'
+ #elif $vol.startswith('/')
#set volname = $vol[1:].replace('/', '_')
- #else
+ #else
# $vol is not starts with /
#continue
#end if
@@ -376,21 +376,21 @@ if [[ "$vol" == "\$default_partition" ]]; then
fi
partition_point_$volname=$vol
#set vol_size = $vol_size.strip()
- #if $vol_size.endswith('%')
- #set vol_percent = $vol_size[:-1]
+ #if $vol_size.endswith('%')
+ #set vol_percent = $vol_size[:-1]
partition_percentage_$volname=$vol_percent
#else
- #if $vol_size.endswith('K')
+ #if $vol_size.endswith('K')
#set vol_min_size = $int($vol_size[:-1]) / 1000
#elif $vol_size.endswith('M')
- #set vol_min_size = $int($vol_size[:-1])
+ #set vol_min_size = $int($vol_size[:-1])
#elif $vol_size.endswith('G')
- #set vol_min_size = $int($vol_size[:-1]) * 1000
- #elif $vol_size.endswith('T')
- #set vol_min_size = $int($vol_size[:-1]) * 1000000
- #else
- #set vol_min_size = $int($vol_size)
- #end if
+ #set vol_min_size = $int($vol_size[:-1]) * 1000
+ #elif $vol_size.endswith('T')
+ #set vol_min_size = $int($vol_size[:-1]) * 1000000
+ #else
+ #set vol_min_size = $int($vol_size)
+ #end if
partition_size_$volname=$vol_min_size
#end if
#end for
@@ -401,27 +401,27 @@ partition_size_$volname=$vol_min_size
#for vol_and_size in $vol_sizes
#set vol, vol_size = $vol_and_size.split(' ', 1)
#set vol = $vol.strip()
- #if $vol == '/'
- #set volname = 'root'
- #elif $vol == 'swap'
- #set volname = 'swap'
- #elif $vol.startswith('/')
+ #if $vol == '/'
+ #set volname = 'root'
+ #elif $vol == 'swap'
+ #set volname = 'swap'
+ #elif $vol.startswith('/')
#set volname = $vol[1:].replace('/', '_')
- #else
+ #else
# $vol is not starts with /
#continue
#end if
- #if $vol_size.endswith('K')
- #set vol_min_size = $int($vol_size[:-1]) / 1000
- #elif $vol_size.endswith('M')
- #set vol_min_size = $int($vol_size[:-1])
- #elif $vol_size.endswith('G')
- #set vol_min_size = $int($vol_size[:-1]) * 1000
- #elif $vol_size.endswith('T')
- #set vol_min_size = $int($vol_size[:-1]) * 1000000
- #else
- #set vol_min_size = $int($vol_size)
- #end if
+ #if $vol_size.endswith('K')
+ #set vol_min_size = $int($vol_size[:-1]) / 1000
+ #elif $vol_size.endswith('M')
+ #set vol_min_size = $int($vol_size[:-1])
+ #elif $vol_size.endswith('G')
+ #set vol_min_size = $int($vol_size[:-1]) * 1000
+ #elif $vol_size.endswith('T')
+ #set vol_min_size = $int($vol_size[:-1]) * 1000000
+ #else
+ #set vol_min_size = $int($vol_size)
+ #end if
partitions_size_$volname=${vol_min_size}
#end for
#end if
@@ -431,27 +431,27 @@ partitions_size_$volname=${vol_min_size}
#for vol_and_size in $vol_sizes
#set vol, vol_size = $vol_and_size.split(' ', 1)
#set vol = $vol.strip()
- #if $vol == '/'
- #set volname = 'root'
- #elif $vol == 'swap'
- #set volname = 'swap'
- #elif $vol.startswith('/')
+ #if $vol == '/'
+ #set volname = 'root'
+ #elif $vol == 'swap'
+ #set volname = 'swap'
+ #elif $vol.startswith('/')
#set volname = $vol[1:].replace('/', '_')
- #else
+ #else
# $vol is not starts with /
#continue
#end if
- #if $vol_size.endswith('K')
- #set vol_max_size = $int($vol_size[:-1]) / 1000
- #elif $vol_size.endswith('M')
- #set vol_max_size = $int($vol_size[:-1])
- #elif $vol_size.endswith('G')
- #set vol_max_size = $int($vol_size[:-1]) * 1000
- #elif $vol_size.endswith('T')
- #set vol_max_size = $int($vol_size[:-1]) * 1000000
- #else
- #set vol_max_size = $int($vol_size)
- #end if
+ #if $vol_size.endswith('K')
+ #set vol_max_size = $int($vol_size[:-1]) / 1000
+ #elif $vol_size.endswith('M')
+ #set vol_max_size = $int($vol_size[:-1])
+ #elif $vol_size.endswith('G')
+ #set vol_max_size = $int($vol_size[:-1]) * 1000
+ #elif $vol_size.endswith('T')
+ #set vol_max_size = $int($vol_size[:-1]) * 1000000
+ #else
+ #set vol_max_size = $int($vol_size)
+ #end if
partition_maxsize_$volname=${vol_max_size}
#end for
#end if
@@ -602,7 +602,7 @@ in_vg{ $vgname } lv_name{ \${key}vol } \
mountpoint{ \$partition }"
fi
echo "partition param \$partition => \${partition_param}" >> /tmp/preseed.log
- recipe="\$recipe \${partition_size} \${partition_factor} \${partition_maxsize} \${partition_param} ."
+ recipe="\$recipe \${partition_size} \${partition_factor} \${partition_maxsize} \${partition_param} ."
done
for disk in \${sorted_disks}; do
@@ -641,7 +641,7 @@ method{ lvm } vg_name{ $vgname }"
\\$defaultignore{ } device{ \${disk} } \
method{ lvm } vg_name{ reserved }"
recipe="\$recipe \${reserve_disk_size} \${reserve_disk_size} \${reserve_disk_size} \${reserve_disk_param} ."
- echo "reserve partition param \${disk_name} => \${reserve_disk_param}" >> /tmp/preseed.log
+ echo "reserve partition param \${disk_name} => \${reserve_disk_param}" >> /tmp/preseed.log
fi
done
@@ -662,7 +662,7 @@ for disk in \$disks; do
\\$defaultignore{ } device{ \${disk} } \
method{ lvm } vg_name{ reserved }"
recipe="\$recipe 512 512+100% -1 \${reserve_disk_param} ."
- echo "reserve partition param \${disk_name} => \${reserve_disk_param}" >> /tmp/preseed.log
+ echo "reserve partition param \${disk_name} => \${reserve_disk_param}" >> /tmp/preseed.log
fi
done
#end if
diff --git a/cobbler/snippets/preseed_rsyslog.conf b/cobbler/snippets/preseed_rsyslog.conf
index 500d2a8..11e7722 100644
--- a/cobbler/snippets/preseed_rsyslog.conf
+++ b/cobbler/snippets/preseed_rsyslog.conf
@@ -1,6 +1,6 @@
cat << EOL > /etc/rsyslog.conf
\#\#\#\# MODULES \#\#\#\##
-
+
\\$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
\\$ModLoad imfile
diff --git a/cobbler/snippets/preseed_sysctl.conf b/cobbler/snippets/preseed_sysctl.conf
index b814dfd..c227ecf 100644
--- a/cobbler/snippets/preseed_sysctl.conf
+++ b/cobbler/snippets/preseed_sysctl.conf
@@ -38,9 +38,9 @@ kernel.shmall = 4294967296
# increase TCP max buffer size settable using setsockopt()
net.core.rmem_max = 16777216
-net.core.wmem_max = 16777216
+net.core.wmem_max = 16777216
-# increase Linux autotuning TCP buffer limit
+# increase Linux autotuning TCP buffer limit
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
@@ -48,7 +48,7 @@ net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_max_syn_backlog = 4096
-# recommended default congestion control is htcp
+# recommended default congestion control is htcp
net.ipv4.tcp_congestion_control=htcp
# recommended for hosts with jumbo frames enabled
@@ -60,12 +60,12 @@ net.ipv4.tcp_fin_timeout=30
# fast cycling of sockets in time_wait state and re-using them
net.ipv4.tcp_tw_recycle = 1
-net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_tw_reuse = 1
# increase the maximum number of requests queued to a listen socket
net.core.somaxconn = 8192
-# avoid caching tcp network transfer statistics
+# avoid caching tcp network transfer statistics
net.ipv4.route.flush=1
#end raw
EOF
diff --git a/cobbler/snippets/puppet_register_if_enabled b/cobbler/snippets/puppet_register_if_enabled
index 90ef702..439345a 100644
--- a/cobbler/snippets/puppet_register_if_enabled
+++ b/cobbler/snippets/puppet_register_if_enabled
@@ -1,4 +1,4 @@
-# start puppet registration
+# start puppet registration
#if $str($getVar('puppet_auto_setup','')) == "1"
# generate puppet certificates and trigger a signing request, but
# don't wait for signing to complete
diff --git a/cobbler/snippets/redhat_register b/cobbler/snippets/redhat_register
index 2f1f783..3ac0d07 100644
--- a/cobbler/snippets/redhat_register
+++ b/cobbler/snippets/redhat_register
@@ -4,12 +4,12 @@ mkdir -p /usr/share/rhn/
#if $redhat_management_type == "site"
#set $mycert_file = "RHN-ORG-TRUSTED-SSL-CERT"
#set $mycert = "/usr/share/rhn/" + $mycert_file
-wget http://$redhat_management_server/pub/RHN-ORG-TRUSTED-SSL-CERT -O $mycert
-perl -npe 's/RHNS-CA-CERT/$mycert_file/g' -i /etc/sysconfig/rhn/*
+wget http://$redhat_management_server/pub/RHN-ORG-TRUSTED-SSL-CERT -O $mycert
+perl -npe 's/RHNS-CA-CERT/$mycert_file/g' -i /etc/sysconfig/rhn/*
#end if
#if $redhat_management_type == "hosted"
#set $mycert = "/usr/share/rhn/RHNS-CA-CERT"
- #end if
+ #end if
#set $endpoint = "https://%s/XMLRPC" % $redhat_management_server
rhnreg_ks --serverUrl=$endpoint --sslCACert=$mycert --activationkey=$redhat_management_key
#else
diff --git a/cobbler/snippets/repo_config.xml b/cobbler/snippets/repo_config.xml
index 5483644..dbdd5d2 100644
--- a/cobbler/snippets/repo_config.xml
+++ b/cobbler/snippets/repo_config.xml
@@ -10,7 +10,7 @@
${repo.name}
/
false
- ${repo.name}
+ ${repo.name}
#end for
diff --git a/cobbler/snippets/rsyslog.xml b/cobbler/snippets/rsyslog.xml
index 4623eb3..63eacfe 100644
--- a/cobbler/snippets/rsyslog.xml
+++ b/cobbler/snippets/rsyslog.xml
@@ -3,7 +3,7 @@
diff --git a/cobbler/snippets/yum.repos.d/centos/6.5/kickstart_centos_base_repo b/cobbler/snippets/yum.repos.d/centos/6.5/kickstart_centos_base_repo
index feb4d4f..ee01aa3 100644
--- a/cobbler/snippets/yum.repos.d/centos/6.5/kickstart_centos_base_repo
+++ b/cobbler/snippets/yum.repos.d/centos/6.5/kickstart_centos_base_repo
@@ -6,7 +6,7 @@ cat << EOF > /etc/yum.repos.d/CentOS-Base.repo
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
-# If the mirrorlist= does not work for you, as a fall back you can try the
+# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
@@ -19,7 +19,7 @@ gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
skip_if_unavailable=1
-# released updates
+# released updates
[updates]
name=CentOS-6.5 - Updates
mirrorlist=http://mirrorlist.centos.org/?release=6&arch=\\$basearch&repo=updates
diff --git a/cobbler/snippets/yum.repos.d/centos/6.5/kickstart_centos_vault_repo b/cobbler/snippets/yum.repos.d/centos/6.5/kickstart_centos_vault_repo
index 5e5de02..310736d 100644
--- a/cobbler/snippets/yum.repos.d/centos/6.5/kickstart_centos_vault_repo
+++ b/cobbler/snippets/yum.repos.d/centos/6.5/kickstart_centos_vault_repo
@@ -2,7 +2,7 @@ cat << EOF > /etc/yum.repos.d/CentOS-Vault.repo
# CentOS-Vault.repo
#
# CentOS Vault holds packages from previous releases within the same CentOS Version
-# these are packages obsoleted by the current release and should usually not
+# these are packages obsoleted by the current release and should usually not
# be used in production
#-----------------
diff --git a/cobbler/snippets/yum.repos.d/centos/6.6/kickstart_centos_base_repo b/cobbler/snippets/yum.repos.d/centos/6.6/kickstart_centos_base_repo
index 7bb6b6b..7116ade 100644
--- a/cobbler/snippets/yum.repos.d/centos/6.6/kickstart_centos_base_repo
+++ b/cobbler/snippets/yum.repos.d/centos/6.6/kickstart_centos_base_repo
@@ -6,7 +6,7 @@ cat << EOF > /etc/yum.repos.d/CentOS-Base.repo
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
-# If the mirrorlist= does not work for you, as a fall back you can try the
+# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
@@ -19,7 +19,7 @@ gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
skip_if_unavailable=1
-# released updates
+# released updates
[updates]
name=CentOS-6.6 - Updates
mirrorlist=http://mirrorlist.centos.org/?release=6&arch=\\$basearch&repo=updates
diff --git a/cobbler/snippets/yum.repos.d/centos/6.6/kickstart_centos_vault_repo b/cobbler/snippets/yum.repos.d/centos/6.6/kickstart_centos_vault_repo
index ec23f5a..065fa43 100644
--- a/cobbler/snippets/yum.repos.d/centos/6.6/kickstart_centos_vault_repo
+++ b/cobbler/snippets/yum.repos.d/centos/6.6/kickstart_centos_vault_repo
@@ -2,7 +2,7 @@ cat << EOF > /etc/yum.repos.d/CentOS-Vault.repo
# CentOS-Vault.repo
#
# CentOS Vault holds packages from previous releases within the same CentOS Version
-# these are packages obsoleted by the current release and should usually not
+# these are packages obsoleted by the current release and should usually not
# be used in production
#-----------------
diff --git a/cobbler/snippets/yum.repos.d/centos/7.0/kickstart_centos_base_repo b/cobbler/snippets/yum.repos.d/centos/7.0/kickstart_centos_base_repo
index 7ad1842..2462aa8 100644
--- a/cobbler/snippets/yum.repos.d/centos/7.0/kickstart_centos_base_repo
+++ b/cobbler/snippets/yum.repos.d/centos/7.0/kickstart_centos_base_repo
@@ -6,7 +6,7 @@ cat << EOF > /etc/yum.repos.d/CentOS-Base.repo
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
-# If the mirrorlist= does not work for you, as a fall back you can try the
+# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
@@ -19,7 +19,7 @@ gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
skip_if_unavailable=1
-# released updates
+# released updates
[updates]
name=CentOS-7.0 - Updates
mirrorlist=http://mirrorlist.centos.org/?release=7&arch=\\$basearch&repo=updates