diff --git a/.gitreview b/.gitreview index 865c2a9..e2d776a 100644 --- a/.gitreview +++ b/.gitreview @@ -1,4 +1,5 @@ [gerrit] host=review.openstack.org port=29418 -project=openstack/openstack-ansible.git +project=openstack/ansible-role-qdrouterd.git +defaultbranch=master diff --git a/defaults/main.yml b/defaults/main.yml index 1ef59eb..3ff7ecc 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -35,6 +35,8 @@ qdrouterd_listener_auth_peer: "no" qdrouterd_listener_sasl_mech: "ANONYMOUS" qdrouterd_irl_addr: qdrouterd_irl_port: 31460 +qdrouterd_irl_auth_peer: "no" +qdrouterd_irl_sasl_mech: "ANONYMOUS" qdrouterd_worker_threads: 4 qdrouterd_sasl_conf_path: "/etc/sasl2" qdrouterd_sasl_conf_file: "/etc/sasl2/qdrouterd.conf" diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 0000000..b3abbc3 --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,10 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, target_name, + title, author, project, + description, category), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + + +watermark = os.popen("git branch --contains $(git rev-parse HEAD)\ +| awk -F/ '/stable/ {print $2}'").read().strip(' \n\t').capitalize() +if watermark == "": + watermark = "Pre-release" + +# -- Options for sphinxmark ----------------------------------------------- +sphinxmark_enable = True +sphinxmark_div = 'docs-body' +sphinxmark_image = 'text' +sphinxmark_text = watermark +sphinxmark_text_color = (128, 128, 128) +sphinxmark_text_size = 70 diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 0000000..68b7ef8 --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,33 @@ +=========================== +OpenStack-Ansible Qdrouterd +=========================== + +This Ansible role deploys Qdrouterd. This Ansible role deploys Qdrouterd. When multiple hosts are present in
the ``qdrouterd_all`` inventory group, a router mesh is created.

Table of Contents
~~~~~~~~~~~~~~~~~

.. toctree::
   :maxdepth: 2

To clone or view the source code for this repository, visit the role repository
for `qdrouterd `_.

Default variables
~~~~~~~~~~~~~~~~~

.. literalinclude:: ../../defaults/main.yml
   :language: yaml
   :start-after: under the License.

Dependencies
~~~~~~~~~~~~

This role needs pip >= 7.1 installed on the target host.

Example playbook
~~~~~~~~~~~~~~~~

.. literalinclude:: ../../examples/playbook.yml
   :language: yaml include: qdrouterd_pre_install.yml +- include: qdrouterd_install.yml + static: no + # Qdrouterd SSL/TLS listener configuration # # If the user has not specified a certificate, key and CA certificate, we will @@ -48,9 +51,6 @@ tags: - qdrouterd-config -- include: qdrouterd_install.yml - static: no - - include: qdrouterd_post_install.yml diff --git a/tasks/qdrouterd_install_apt.yml b/tasks/qdrouterd_install_apt.yml index 6a44471..009dd23 100644 --- a/tasks/qdrouterd_install_apt.yml +++ b/tasks/qdrouterd_install_apt.yml @@ -13,10 +13,27 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Add the qdrouterd via ppa + apt_key: + id: "{{ qdrouterd_ppa_keyid }}" + keyserver: "{{ qdrouterd_ppa_keyserver }}" + state: present + tags: + - qdrouterd-apt-keys + +- name: Setup qpid ppa repository + apt_repository: + repo: "{{ qdrouterd_ppa_repo }}" + update_cache: True + codename: xenial + state: present + tags: + - qdrouterd-rep + - name: Install Qpid Dispatch Router (qdrouterd) packages apt: name: "{{ qdrouterd_distro_packages }}" - state: "{{ qdrouterd_server_package_state }}" + state: "{{ qdrouterd_package_state }}" register: install_qdrouterd tags: - qdrouterd-apt-packages diff --git a/tasks/qdrouterd_install_yum.yml b/tasks/qdrouterd_install_yum.yml index 5bbb4eb..214e7e2 100644 --- a/tasks/qdrouterd_install_yum.yml +++ b/tasks/qdrouterd_install_yum.yml @@ -12,37 +12,38 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -- name: Check if EPEL repo is already configured. - stat: path={{ epel_repofile_path }} - register: epel_repofile_result - -- name: Install EPEL repo. - yum: - name: "{{ epel_repo_url }}" - state: present - register: result - when: not epel_repofile_result.stat.exists - -- name: Import EPEL GPG key - rpm_key: - key: "{{ epel_repo_gpg_key_url }}" - state: present - when: not epel_repofile_result.stat.exists - -- name: Ensure yum-config-manager is installed - package: - name: yum-utils - state: present - -- name: Ensure that EPEL is enabled - shell: yum-config-manager --enable epel +# +# TODO (ansmith): conditionally enable epel +# +#- name: Check if EPEL repo is already configured. +# stat: path={{ epel_repofile_path }} +# register: epel_repofile_result +# +#- name: Install EPEL repo. +# yum: +# name: "{{ epel_repo_url }}" +# state: present +# register: result +# when: not epel_repofile_result.stat.exists +# +#- name: Import EPEL GPG key +# rpm_key: +# key: "{{ epel_repo_gpg_key_url }}" +# state: present +# when: not epel_repofile_result.stat.exists +# +#- name: Ensure yum-config-manager is installed +# package: +# name: yum-utils +# state: present +# +#- name: Ensure that EPEL is enabled +# shell: yum-config-manager --enable epel - name: Install Qpid Dispatch Router (qdrouterd) packages yum: name: "{{ qdrouterd_distro_packages }}" state: "{{ qdrouterd_package_state }}" - enablerepo: epel register: install_qdrouterd tags: - qdrouterd-yum-packages diff --git a/tasks/qdrouterd_pre_install.yml b/tasks/qdrouterd_pre_install.yml index e6ac27c..229f230 100644 --- a/tasks/qdrouterd_pre_install.yml +++ b/tasks/qdrouterd_pre_install.yml @@ -12,8 +12,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -- name: Create the local directories + +- name: Create the local config directory file: path: "{{ qdrouterd_etc_conf_path }}" state: "directory" @@ -23,4 +23,14 @@ tags: - qdrouterd-config +- name: Create the config ssl directory + file: + path: "{{ qdrouterd_etc_conf_path }}/ssl" + state: "directory" + group: "root" + owner: "root" + mode: "0755" + tags: + - qdrouterd-config + diff --git a/templates/qdrouterd.conf.j2 b/templates/qdrouterd.conf.j2 index 870a771..590f6d9 100644 --- a/templates/qdrouterd.conf.j2 +++ b/templates/qdrouterd.conf.j2 @@ -37,6 +37,8 @@ listener { {% if qdrouterd_require_ssl == 'yes' %} sslProfile: {{ ansible_hostname }} {% endif %} + authenticatePeer: {{ qdrouterd_irl_auth_peer }} + saslMechanisms: {{ qdrouterd_irl_sasl_mech }} } {% endif %} diff --git a/templates/qdrouterd.json.j2 b/templates/qdrouterd.json.j2 deleted file mode 100644 index 193ec19..0000000 --- a/templates/qdrouterd.json.j2 +++ /dev/null @@ -1,29 +0,0 @@ -{ - "command": "/usr/sbin/qdrouterd", - "config_files": [ - { - "source": "{{ container_config_directory }}/qdrouterd.conf", - "dest": "/etc/qpid-dispatch/qdrouterd.conf", - "owner": "qdrouterd", - "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/qdrouterd-sasl.conf", - "dest": "/etc/sasl2/qdrouterd.conf", - "owner": "qdrouterd", - "perm": "0600" - } - ], - "permissions": [ - { - "path": "/var/lib/qdrouterd", - "owner": "qdrouterd:qdrouterd", - "recurse": true - }, - { - "path": "/var/log/kolla/qdrouterd", - "owner": "qdrouterd:qdrouterd", - "recurse": true - } - ] -} diff --git a/tests/test-install-qdrouterd.yml b/tests/test-install-qdrouterd.yml new file mode 100644 index 0000000..7780dcb --- /dev/null +++ b/tests/test-install-qdrouterd.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2018, Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather facts + hosts: "qdrouterd_all" + user: root + gather_facts: true + +- name: Deploy Qdrouterd + hosts: qdrouterd_all + serial: 1 + user: root + become: true + gather_facts: true + any_errors_fatal: true + roles: + - role: "qdrouterd" + vars_files: + - test-vars.yml diff --git a/tests/test-qdrouterd-functional.yml b/tests/test-qdrouterd-functional.yml index f177552..d5f081d 100644 --- a/tests/test-qdrouterd-functional.yml +++ b/tests/test-qdrouterd-functional.yml @@ -41,7 +41,7 @@ - name: Open qdrouterd.conf slurp: - src: "{{ qdrouterd_etc_conf_file }}" + src: "{{ _qdrouterd_etc_conf_file }}" register: qdrouterd_config - name: Read qdrouterd_ssl_cert @@ -72,10 +72,19 @@ - name: Print qdrouterd_statistics debug: - var: qdrotuerd_statistics + var: qdrouterd_statistics + + - name: Get qdrouterd node view + command: "qdstat -nv -b" + register: qdrouterd_nv + changed_when: false + + - name: Print qdrouterd_nv + debug: + var: qdrouterd_nv - name: Ensure SSL cert/key checksums are identical across the mesh assert: that: - - hostvars['container1']['qdrotuerd_ssl_cert_checksum'] == hostvars['container2']['qdrouterd_ssl_cert_checksum'] == hostvars['container3']['qdrouterd_ssl_cert_checksum'] + - hostvars['container1']['qdrouterd_ssl_cert_checksum'] == hostvars['container2']['qdrouterd_ssl_cert_checksum'] == hostvars['container3']['qdrouterd_ssl_cert_checksum'] - hostvars['container1']['qdrouterd_ssl_key_checksum'] == hostvars['container2']['qdrouterd_ssl_key_checksum'] == hostvars['container3']['qdrouterd_ssl_key_checksum'] diff --git a/tests/test-vars.yml b/tests/test-vars.yml new file mode 100644 index 0000000..f428910 --- /dev/null +++ b/tests/test-vars.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2018, Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +qdrouterd_worker_threads: 2 +qdrouterd_require_ssl: no +qdrouterd_listener_port: 31459 +qdrouterd_irl_port: 31460 diff --git a/tests/test.yml b/tests/test.yml index 861f684..273ff88 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -17,7 +17,7 @@ - include: common/test-setup-host.yml # Install previous version qdrouterd server -- include: common/test-install-qdrouterd.yml +- include: test-install-qdrouterd.yml # Run functional tests - include: test-qdrouterd-functional.yml diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml index 0201aed..da8fc64 100644 --- a/vars/ubuntu.yml +++ b/vars/ubuntu.yml @@ -15,15 +15,17 @@ qdrouterd_distro_packages: - python-qpid-proton + - libsasl2-modules - sasl2-bin - - libpython-2.2 - qdrouterd + - qdmanage + - qdstat -qdrouterd_package_name: "qdrouterd" +_qdrouterd_etc_conf_path: "/etc/qpid-dispatch" +_qdrouterd_etc_conf_file: "/etc/qpid-dispatch/qdrouterd.conf" qdrouterd_service_name: "qdrouterd" -qdrouterd_etc_conf_file: "/etc/qpid-dispatch/qdrouterd.conf" # repo details for qpid ppa qdrouterd_ppa_repo: "ppa:qpid/released" -qdrouterd_ppa_keyid: 4096R/4D8EB5FDA37AB55F41A135203BF88A0C6A770882 +qdrouterd_ppa_keyid: 6A770882 qdrouterd_ppa_keyserver: "keyserver.ubuntu.com" diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml new file mode 100644 index 0000000..ced4237 --- /dev/null +++ b/zuul.d/project.yaml @@ -0,0 +1,32 @@ +# Copyright 2018, SUSE LINUX GmbH. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- project: + check: + jobs: + - openstack-ansible-linters + - openstack-ansible-functional-centos-7: + voting: false + - openstack-ansible-functional-opensuse-423: + voting: false + - openstack-ansible-functional-ubuntu-xenial: + voting: false + - openstack-ansible-upgrade-ubuntu-xenial: + voting: false + experimental: + jobs: + - openstack-ansible-integrated-deploy-aio + gate: + jobs: + - openstack-ansible-linters