Add skyline service

Support to deploy skyline by kolla-ansible.

Implements: blueprint skyline
Depends-On: https://review.opendev.org/c/openstack/kolla/+/826948

Change-Id: Ice5621491a432ba32138abd6f62d1f815cc219e0
This commit is contained in:
yangshaoxue 2021-09-23 16:50:17 +08:00 committed by Boxiang Zhu
parent 66ec9cef55
commit 113b77c8cb
34 changed files with 1008 additions and 0 deletions

View File

@ -515,6 +515,13 @@ senlin_external_fqdn: "{{ kolla_external_fqdn }}"
senlin_api_port: "8778" senlin_api_port: "8778"
senlin_api_listen_port: "{{ senlin_api_port }}" senlin_api_listen_port: "{{ senlin_api_port }}"
skyline_internal_fqdn: "{{ kolla_internal_fqdn }}"
skyline_external_fqdn: "{{ kolla_external_fqdn }}"
skyline_apiserver_port: "9998"
skyline_apiserver_listen_port: "{{ skyline_apiserver_port }}"
skyline_console_port: "9999"
skyline_console_listen_port: "{{ skyline_console_port }}"
solum_application_deployment_port: "9777" solum_application_deployment_port: "9777"
solum_image_builder_port: "9778" solum_image_builder_port: "9778"
@ -735,6 +742,7 @@ enable_proxysql: "no"
enable_redis: "no" enable_redis: "no"
enable_sahara: "no" enable_sahara: "no"
enable_senlin: "no" enable_senlin: "no"
enable_skyline: "no"
enable_solum: "no" enable_solum: "no"
enable_swift: "no" enable_swift: "no"
enable_swift_s3api: "no" enable_swift_s3api: "no"

View File

@ -198,6 +198,9 @@ control
[zun:children] [zun:children]
control control
[skyline:children]
control
[redis:children] [redis:children]
control control
@ -621,6 +624,13 @@ compute
[zun-cni-daemon:children] [zun-cni-daemon:children]
compute compute
# Skyline
[skyline-apiserver:children]
skyline
[skyline-console:children]
skyline
# Tacker # Tacker
[tacker-server:children] [tacker-server:children]
tacker tacker

View File

@ -216,6 +216,9 @@ control
[zun:children] [zun:children]
control control
[skyline:children]
control
[redis:children] [redis:children]
control control
@ -639,6 +642,13 @@ compute
[zun-cni-daemon:children] [zun-cni-daemon:children]
compute compute
# Skyline
[skyline-apiserver:children]
skyline
[skyline-console:children]
skyline
# Tacker # Tacker
[tacker-server:children] [tacker-server:children]
tacker tacker

View File

@ -189,6 +189,7 @@
- { name: "rabbitmq", enabled: "{{ enable_rabbitmq | bool }}" } - { name: "rabbitmq", enabled: "{{ enable_rabbitmq | bool }}" }
- { name: "sahara", enabled: "{{ enable_sahara | bool }}" } - { name: "sahara", enabled: "{{ enable_sahara | bool }}" }
- { name: "senlin", enabled: "{{ enable_senlin | bool }}" } - { name: "senlin", enabled: "{{ enable_senlin | bool }}" }
- { name: "skyline", enabled: "{{ enable_skyline | bool }}" }
- { name: "solum", enabled: "{{ enable_solum | bool }}" } - { name: "solum", enabled: "{{ enable_solum | bool }}" }
- { name: "swift", enabled: "{{ enable_swift | bool }}" } - { name: "swift", enabled: "{{ enable_swift | bool }}" }
- { name: "tacker", enabled: "{{ enable_tacker | bool }}" } - { name: "tacker", enabled: "{{ enable_tacker | bool }}" }

View File

@ -166,6 +166,11 @@
pattern ^(venus-api|venus-manager)$ pattern ^(venus-api|venus-manager)$
tag openstack_python tag openstack_python
</rule> </rule>
<rule>
key programname
pattern ^(skyline)$
tag openstack_python
</rule>
<rule> <rule>
key programname key programname
pattern .+ pattern .+

View File

@ -0,0 +1,3 @@
"/var/log/kolla/skyline/*.log"
{
}

View File

@ -0,0 +1,186 @@
---
skyline_services:
skyline-apiserver:
container_name: skyline_apiserver
group: skyline-apiserver
enabled: true
image: "{{ skyline_apiserver_image_full }}"
volumes: "{{ skyline_apiserver_default_volumes + skyline_apiserver_extra_volumes }}"
dimensions: "{{ skyline_apiserver_dimensions }}"
healthcheck: "{{ skyline_apiserver_healthcheck }}"
haproxy:
skyline_apiserver:
enabled: "{{ enable_skyline }}"
mode: "http"
external: false
port: "{{ skyline_apiserver_port }}"
listen_port: "{{ skyline_apiserver_listen_port }}"
tls_backend: "{{ skyline_enable_tls_backend }}"
skyline_apiserver_external:
enabled: "{{ enable_skyline }}"
mode: "http"
external: true
port: "{{ skyline_apiserver_port }}"
listen_port: "{{ skyline_apiserver_listen_port }}"
tls_backend: "{{ skyline_enable_tls_backend }}"
skyline-console:
container_name: skyline_console
group: skyline-console
enabled: true
image: "{{ skyline_console_image_full }}"
volumes: "{{ skyline_console_default_volumes + skyline_console_extra_volumes }}"
dimensions: "{{ skyline_console_dimensions }}"
healthcheck: "{{ skyline_console_healthcheck }}"
haproxy:
skyline_console:
enabled: "{{ enable_skyline }}"
mode: "http"
external: false
port: "{{ skyline_console_port }}"
listen_port: "{{ skyline_console_listen_port }}"
tls_backend: "{{ skyline_enable_tls_backend }}"
skyline_console_external:
enabled: "{{ enable_skyline }}"
mode: "http"
external: true
port: "{{ skyline_console_port }}"
listen_port: "{{ skyline_console_listen_port }}"
tls_backend: "{{ skyline_enable_tls_backend }}"
####################
# Database
####################
skyline_database_name: "skyline"
skyline_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}skyline{% endif %}"
skyline_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
####################
# Database sharding
####################
skyline_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ skyline_database_shard_id }}{% else %}{{ database_user }}{% endif %}"
skyline_database_shard_id: "{{ mariadb_default_database_shard_id | int }}"
skyline_database_shard:
users:
- user: "{{ skyline_database_user }}"
password: "{{ skyline_database_password }}"
rules:
- schema: "{{ skyline_database_name }}"
shard_id: "{{ skyline_database_shard_id }}"
####################
# Docker
####################
skyline_tag: "{{ openstack_tag }}"
skyline_apiserver_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/skyline-apiserver"
skyline_apiserver_tag: "{{ skyline_tag }}"
skyline_apiserver_image_full: "{{ skyline_apiserver_image }}:{{ skyline_apiserver_tag }}"
skyline_console_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/skyline-console"
skyline_console_tag: "{{ skyline_tag }}"
skyline_console_image_full: "{{ skyline_console_image }}:{{ skyline_console_tag }}"
skyline_apiserver_dimensions: "{{ default_container_dimensions }}"
skyline_console_dimensions: "{{ default_container_dimensions }}"
skyline_apiserver_enable_healthchecks: "{{ enable_container_healthchecks }}"
skyline_apiserver_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
skyline_apiserver_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
skyline_apiserver_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
skyline_apiserver_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if skyline_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ skyline_apiserver_listen_port }}/docs"]
skyline_apiserver_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
skyline_apiserver_healthcheck:
interval: "{{ skyline_apiserver_healthcheck_interval }}"
retries: "{{ skyline_apiserver_healthcheck_retries }}"
start_period: "{{ skyline_apiserver_healthcheck_start_period }}"
test: "{% if skyline_apiserver_enable_healthchecks | bool %}{{ skyline_apiserver_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ skyline_apiserver_healthcheck_timeout }}"
skyline_console_enable_healthchecks: "{{ enable_container_healthchecks }}"
skyline_console_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
skyline_console_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
skyline_console_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
skyline_console_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if skyline_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ skyline_console_listen_port }}/docs"]
skyline_console_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
skyline_console_healthcheck:
interval: "{{ skyline_console_healthcheck_interval }}"
retries: "{{ skyline_console_healthcheck_retries }}"
start_period: "{{ skyline_console_healthcheck_start_period }}"
test: "{% if skyline_console_enable_healthchecks | bool %}{{ skyline_console_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ skyline_console_healthcheck_timeout }}"
skyline_apiserver_default_volumes:
- "{{ node_config_directory }}/skyline-apiserver/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
skyline_console_default_volumes:
- "{{ node_config_directory }}/skyline-console/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
skyline_extra_volumes: "{{ default_extra_volumes }}"
skyline_apiserver_extra_volumes: "{{ skyline_extra_volumes }}"
skyline_console_extra_volumes: "{{ skyline_extra_volumes }}"
####################
# OpenStack
####################
skyline_internal_endpoint: "{{ internal_protocol }}://{{ skyline_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}"
skyline_public_endpoint: "{{ public_protocol }}://{{ skyline_external_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}"
skyline_logging_debug: "{{ openstack_logging_debug }}"
openstack_skyline_auth: "{{ openstack_auth }}"
####################
# Skyline
####################
log_dir: /var/log/kolla/skyline
skyline_access_token_expire_seconds: 3600
skyline_access_token_renew_seconds: 1800
skyline_backend_cors_origins: []
skyline_nginx_prefix: /api/openstack
# if set skyline_base_domains_ignore as true, we will not display
# the domains like heat_user_domain when we login from skyline.
skyline_base_domains_ignore: true
skyline_system_admin_roles:
- admin
skyline_system_reader_roles:
- system_reader
skyline_keystone_url: "{{ keystone_internal_url }}/v3/"
skyline_session_name: session
skyline_reclaim_instance_interval: 604800
skyline_gunicorn_debug_level: "{% if openstack_logging_debug | bool %}DEBUG{% else %}INFO{% endif %}"
skyline_gunicorn_timeout: 300
skyline_gunicorn_keepalive: 5
skyline_gunicorn_workers: "{{ openstack_service_workers }}"
skyline_ssl_certfile: "{{ '/etc/skyline/certs/skyline-cert.pem' if skyline_enable_tls_backend | bool else '' }}"
skyline_ssl_keyfile: "{{ '/etc/skyline/certs/skyline-key.pem' if skyline_enable_tls_backend | bool else '' }}"
####################
# Keystone
####################
skyline_keystone_user: skyline
skyline_ks_services:
- name: "skyline"
type: "panel"
description: "OpenStack Dashboard Service"
endpoints:
- {'interface': 'internal', 'url': '{{ skyline_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ skyline_public_endpoint }}'}
skyline_ks_users:
- project: "service"
user: "{{ skyline_keystone_user }}"
password: "{{ skyline_keystone_password }}"
role: "admin"
####################
# TLS
####################
skyline_enable_tls_backend: "{{ kolla_enable_tls_backend }}"

View File

@ -0,0 +1,32 @@
---
- name: Restart skyline-apiserver container
vars:
service_name: "skyline-apiserver"
service: "{{ skyline_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes | reject('equalto', '') | list }}"
dimensions: "{{ service.dimensions }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"
- name: Restart skyline-console container
vars:
service_name: "skyline-console"
service: "{{ skyline_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes | reject('equalto', '') | list }}"
dimensions: "{{ service.dimensions }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- kolla_action != "config"

View File

@ -0,0 +1,38 @@
---
- name: Creating Skyline database
become: true
kolla_toolbox:
container_engine: "{{ kolla_container_engine }}"
module_name: mysql_db
module_args:
login_host: "{{ database_address }}"
login_port: "{{ database_port }}"
login_user: "{{ skyline_database_shard_root_user }}"
login_password: "{{ database_password }}"
name: "{{ skyline_database_name }}"
run_once: True
delegate_to: "{{ groups['skyline-apiserver'][0] }}"
when:
- not use_preconfigured_databases | bool
- name: Creating Skyline database user and setting permissions
become: true
kolla_toolbox:
container_engine: "{{ kolla_container_engine }}"
module_name: mysql_user
module_args:
login_host: "{{ database_address }}"
login_port: "{{ database_port }}"
login_user: "{{ skyline_database_shard_root_user }}"
login_password: "{{ database_password }}"
name: "{{ skyline_database_user }}"
password: "{{ skyline_database_password }}"
host: "%"
priv: "{{ skyline_database_name }}.*:ALL"
append_privs: "yes"
run_once: True
delegate_to: "{{ groups['skyline-apiserver'][0] }}"
when:
- not use_preconfigured_databases | bool
- import_tasks: bootstrap_service.yml

View File

@ -0,0 +1,20 @@
---
- name: Running Skyline bootstrap container
vars:
skyline_apiserver: "{{ skyline_services['skyline-apiserver'] }}"
become: true
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
detach: False
environment:
KOLLA_BOOTSTRAP:
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
image: "{{ skyline_apiserver.image }}"
labels:
BOOTSTRAP:
name: "bootstrap_skyline"
restart_policy: no
volumes: "{{ skyline_apiserver.volumes | reject('equalto', '') | list }}"
run_once: True
delegate_to: "{{ groups[skyline_apiserver.group][0] }}"

View File

@ -0,0 +1,17 @@
---
- name: Check skyline container
become: true
kolla_docker:
action: "compare_container"
common_options: "{{ docker_common_options }}"
name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}"
volumes: "{{ item.value.volumes | reject('equalto', '') | list }}"
dimensions: "{{ item.value.dimensions }}"
healthcheck: "{{ horizon.healthcheck | default(omit) }}"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ skyline_services }}"
notify:
- "Restart {{ item.key }} container"

View File

@ -0,0 +1 @@
---

View File

@ -0,0 +1,69 @@
---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ skyline_services }}"
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or skyline_enable_tls_backend | bool
- name: Copying over skyline.yaml files for services
template:
src: "skyline.yaml.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/skyline.yaml"
mode: "0660"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ skyline_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over gunicorn.py files for services
template:
src: "gunicorn.py.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/gunicorn.py"
mode: "0660"
become: true
when:
- inventory_hostname in groups['skyline-apiserver']
- item.value.enabled | bool
with_dict: "{{ skyline_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over nginx.conf files for services
template:
src: "nginx.conf.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/nginx.conf"
mode: "0660"
become: true
when:
- inventory_hostname in groups['skyline-console']
- item.value.enabled | bool
with_dict: "{{ skyline_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ skyline_services }}"
notify:
- "Restart {{ item.key }} container"

View File

@ -0,0 +1 @@
---

View File

@ -0,0 +1,6 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ skyline_services }}"

View File

@ -0,0 +1,11 @@
---
- import_tasks: register.yml
- import_tasks: config.yml
- import_tasks: check-containers.yml
- import_tasks: bootstrap.yml
- name: Flush handlers
meta: flush_handlers

View File

@ -0,0 +1,7 @@
---
- name: "Configure loadbalancer for {{ project_name }}"
import_role:
name: loadbalancer-config
vars:
project_services: "{{ skyline_services }}"
tags: always

View File

@ -0,0 +1,2 @@
---
- include_tasks: "{{ kolla_action }}.yml"

View File

@ -0,0 +1,37 @@
---
- import_role:
name: service-precheck
vars:
service_precheck_services: "{{ skyline_services }}"
service_name: "{{ project_name }}"
- name: Get container facts
become: true
kolla_container_facts:
container_engine: "{{ kolla_container_engine }}"
name:
- skyline_apiserver
- skyline_console
register: container_facts
- name: Checking free port for Skyline APIServer
wait_for:
host: "{{ api_interface_address }}"
port: "{{ skyline_apiserver_listen_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts['skyline_apiserver'] is not defined
- inventory_hostname in groups['skyline-apiserver']
- name: Checking free port for Skyline Console
wait_for:
host: "{{ api_interface_address }}"
port: "{{ skyline_console_listen_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts['skyline_console'] is not defined
- inventory_hostname in groups['skyline-console']

View File

@ -0,0 +1,3 @@
---
- import_role:
role: service-images-pull

View File

@ -0,0 +1,2 @@
---
- include_tasks: deploy.yml

View File

@ -0,0 +1,7 @@
---
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_skyline_auth }}"
service_ks_register_services: "{{ skyline_ks_services }}"
service_ks_register_users: "{{ skyline_ks_users }}"

View File

@ -0,0 +1,11 @@
---
- name: "Stopping skyline containers"
vars:
service: "{{ item.value }}"
docker_container:
name: "{{ service.container_name }}"
state: stopped
when:
- service.enabled | bool
- service.container_name not in skip_stop_containers
with_dict: "{{ skyline_services }}"

View File

@ -0,0 +1,7 @@
---
- import_tasks: config.yml
- import_tasks: check-containers.yml
- name: Flush handlers
meta: flush_handlers

View File

@ -0,0 +1,66 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
bind = "{{ api_interface_address }}:{{ skyline_apiserver_port }}"
workers = {{ skyline_gunicorn_workers }}
worker_class = "uvicorn.workers.UvicornWorker"
timeout = {{ skyline_gunicorn_timeout }}
keepalive = {{ skyline_gunicorn_keepalive }}
reuse_port = True
proc_name = "{{ project_name }}"
logconfig_dict = {
"version": 1,
"disable_existing_loggers": False,
"root": {"level": "{{ skyline_gunicorn_debug_level }}", "handlers": ["console"]},
"loggers": {
"gunicorn.error": {
"level": "{{ skyline_gunicorn_debug_level }}",
"handlers": ["error_file"],
"propagate": 0,
"qualname": "gunicorn_error",
},
"gunicorn.access": {
"level": "{{ skyline_gunicorn_debug_level }}",
"handlers": ["access_file"],
"propagate": 0,
"qualname": "access",
},
},
"handlers": {
"error_file": {
"class": "logging.handlers.RotatingFileHandler",
"formatter": "generic",
"filename": "{{ log_dir }}/skyline-error.log",
},
"access_file": {
"class": "logging.handlers.RotatingFileHandler",
"formatter": "generic",
"filename": "{{ log_dir }}/skyline-access.log",
},
"console": {
"class": "logging.StreamHandler",
"level": "{{ skyline_gunicorn_debug_level }}",
"formatter": "generic",
},
},
"formatters": {
"generic": {
"format": "%(asctime)s.%(msecs)03d %(process)d %(levelname)s [-] %(message)s",
"datefmt": "[%Y-%m-%d %H:%M:%S %z]",
"class": "logging.Formatter",
}
},
}

View File

@ -0,0 +1,258 @@
daemon off;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 0;
types_hash_max_size 2048;
proxy_request_buffering off;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
{% if skyline_ssl_certfile and skyline_ssl_keyfile %}
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
ssl_certificate {{ skyline_ssl_certfile }};
ssl_certificate_key {{ skyline_ssl_keyfile }};
{% endif %}
##
# Logging Settings
##
log_format main '$remote_addr - $remote_user [$time_local] "$request_time" '
'"$upstream_response_time" "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-access.log main;
error_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-error.log;
##
# Gzip Settings
##
gzip on;
gzip_static on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
server {
listen {{ api_interface_address | put_address_in_context('url') }}:{{ skyline_console_listen_port }}{% if skyline_ssl_certfile and skyline_ssl_keyfile %} ssl http2{% endif %} default_server;
root /var/lib/kolla/venv/lib/python{{ distro_python_version }}/site-packages/skyline_console/static;
# Add index.php to the list if you are using PHP
index index.html;
server_name _;
error_page 497 https://$http_host$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
expires 1d;
add_header Cache-Control "public";
}
# Service: skyline
location {{ skyline_nginx_prefix }}/skyline/ {
proxy_pass {{ internal_protocol }}://{{ skyline_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/;
proxy_redirect {{ internal_protocol }}://{{ skyline_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/ {{ skyline_nginx_prefix }}/skyline/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% if enable_keystone | bool %}# Region: {{ openstack_region_name }}, Service: keystone
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone {
proxy_pass {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}/;
proxy_redirect {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_glance | bool %}# Region: {{ openstack_region_name }}, Service: glance
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance {
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_neutron | bool %}# Region: {{ openstack_region_name }}, Service: neutron
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron {
proxy_pass {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/;
proxy_redirect {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_nova | bool %}# Region: {{ openstack_region_name }}, Service: nova
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova {
proxy_pass {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_placement | bool %}# Region: {{ openstack_region_name }}, Service: placement
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement {
proxy_pass {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_cinder | bool %}# Region: {{ openstack_region_name }}, Service: cinder
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder {
proxy_pass {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_heat | bool %}# Region: {{ openstack_region_name }}, Service: heat
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat {
proxy_pass {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_octavia | bool %}# Region: {{ openstack_region_name }}, Service: octavia
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia {
proxy_pass {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_manila | bool %}# Region: {{ openstack_region_name }}, Service: manilav2
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2 {
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_ironic | bool %}# Region: {{ openstack_region_name }}, Service: ironic
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic {
proxy_pass {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_zun | bool %}# Region: {{ openstack_region_name }}, Service: zun
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun {
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_magnum | bool %}# Region: {{ openstack_region_name }}, Service: magnum
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum {
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
{% if enable_trove | bool %}# Region: {{ openstack_region_name }}, Service: trove
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove {
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/;
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% endif %}
}
}

View File

@ -0,0 +1,36 @@
{
"command": "gunicorn -c /etc/skyline/gunicorn.py skyline_apiserver.main:app",
"config_files": [
{
"source": "{{ container_config_directory }}/skyline.yaml",
"dest": "/etc/skyline/skyline.yaml",
"owner": "skyline",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/gunicorn.py",
"dest": "/etc/skyline/gunicorn.py",
"owner": "skyline",
"perm": "0600"
}{% if skyline_enable_tls_backend | bool %},
{
"source": "{{ container_config_directory }}/skyline-cert.pem",
"dest": "/etc/skyline/certs/skyline-cert.pem",
"owner": "skyline",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/skyline-key.pem",
"dest": "/etc/skyline/certs/skyline-key.pem",
"owner": "skyline",
"perm": "0600"
}{% endif %}
],
"permissions": [
{
"path": "/var/log/kolla/skyline",
"owner": "skyline:skyline",
"recurse": true
}
]
}

View File

@ -0,0 +1,36 @@
{
"command": "nginx",
"config_files": [
{
"source": "{{ container_config_directory }}/skyline.yaml",
"dest": "/etc/skyline/skyline.yaml",
"owner": "skyline",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/nginx.conf",
"dest": "/etc/nginx/nginx.conf",
"owner": "skyline",
"perm": "0600"
}{% if skyline_enable_tls_backend | bool %},
{
"source": "{{ container_config_directory }}/skyline-cert.pem",
"dest": "/etc/skyline/certs/skyline-cert.pem",
"owner": "skyline",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/skyline-key.pem",
"dest": "/etc/skyline/certs/skyline-key.pem",
"owner": "skyline",
"perm": "0600"
}{% endif %}
],
"permissions": [
{
"path": "/var/log/kolla/skyline",
"owner": "skyline:skyline",
"recurse": true
}
]
}

View File

@ -0,0 +1,92 @@
default:
access_token_expire: {{ skyline_access_token_expire_seconds }}
access_token_renew: {{ skyline_access_token_renew_seconds }}
cors_allow_origins: {{ skyline_backend_cors_origins }}
database_url: mysql://{{ skyline_database_user }}:{{ skyline_database_password }}@{{ skyline_database_address }}/{{ skyline_database_name }}
debug: {{ skyline_logging_debug }}
log_dir: {{ log_dir }}
secret_key: {{ skyline_secret_key }}
session_name: {{ skyline_session_name }}
openstack:
{% if skyline_base_domains_ignore | bool %}
base_domains:
{% if enable_heat | bool %}
- heat_user_domain
{% endif %}
{% if enable_magnum | bool %}
- magnum
{% endif %}
{% endif %}
default_region: {{ openstack_region_name }}
extension_mapping:
{% if enable_neutron_port_forwarding | bool %}
floating-ip-port-forwarding: neutron_port_forwarding
{% endif %}
{% if enable_neutron_qos | bool %}
qos: neutron_qos
{% endif %}
{% if enable_neutron_vpnaas | bool %}
vpnaas: neutron_vpn
{% endif %}
keystone_url: {{ skyline_keystone_url }}
nginx_prefix: {{ skyline_nginx_prefix }}
reclaim_instance_interval: {{ skyline_reclaim_instance_interval }}
service_mapping:
{% if enable_ironic | bool %}
baremetal: ironic
{% endif %}
{% if enable_nova | bool %}
compute: nova
{% endif %}
{% if enable_zun | bool %}
container: zun
{% endif %}
{% if enable_magnum | bool %}
container-infra: magnum
{% endif %}
{% if enable_trove | bool %}
database: trove
{% endif %}
{% if enable_keystone | bool %}
identity: keystone
{% endif %}
{% if enable_glance | bool %}
image: glance
{% endif %}
{% if enable_barbican | bool %}
key-manager: barbican
{% endif %}
{% if enable_octavia | bool %}
load-balancer: octavia
{% endif %}
{% if enable_neutron | bool %}
network: neutron
{% endif %}
{% if enable_swift | bool %}
object-store: swift
{% endif %}
{% if enable_heat | bool %}
orchestration: heat
{% endif %}
{% if enable_placement | bool %}
placement: placement
{% endif %}
{% if enable_manila | bool %}
sharev2: manilav2
{% endif %}
{% if enable_cinder | bool %}
volumev3: cinder
{% endif %}
system_admin_roles:
{% for skyline_system_admin_role in skyline_system_admin_roles %}
- {{ skyline_system_admin_role }}
{% endfor %}
system_project: service
system_project_domain: {{ default_project_domain_name }}
system_reader_roles:
{% for skyline_system_reader_role in skyline_system_reader_roles %}
- {{ skyline_system_reader_role }}
{% endfor %}
system_user_domain: {{ default_user_domain_name }}
system_user_name: skyline
system_user_password: {{ skyline_keystone_password }}

View File

@ -0,0 +1,2 @@
---
project_name: "skyline"

View File

@ -64,6 +64,7 @@
- enable_redis_{{ enable_redis | bool }} - enable_redis_{{ enable_redis | bool }}
- enable_sahara_{{ enable_sahara | bool }} - enable_sahara_{{ enable_sahara | bool }}
- enable_senlin_{{ enable_senlin | bool }} - enable_senlin_{{ enable_senlin | bool }}
- enable_skyline_{{ enable_skyline | bool }}
- enable_solum_{{ enable_solum | bool }} - enable_solum_{{ enable_solum | bool }}
- enable_swift_{{ enable_swift | bool }} - enable_swift_{{ enable_swift | bool }}
- enable_tacker_{{ enable_tacker | bool }} - enable_tacker_{{ enable_tacker | bool }}
@ -285,6 +286,11 @@
tasks_from: loadbalancer tasks_from: loadbalancer
tags: senlin tags: senlin
when: enable_senlin | bool when: enable_senlin | bool
- include_role:
name: skyline
tasks_from: loadbalancer
tags: skyline
when: enable_skyline | bool
- include_role: - include_role:
name: solum name: solum
tasks_from: loadbalancer tasks_from: loadbalancer
@ -987,3 +993,13 @@
roles: roles:
- { role: venus, - { role: venus,
tags: venus } tags: venus }
- name: Apply role skyline
gather_facts: false
hosts:
- skyline
- '&enable_skyline_True'
serial: '{{ kolla_serial|default("0") }}'
roles:
- { role: skyline,
tags: skyline }

View File

@ -406,6 +406,7 @@ workaround_ansible_issue_8743: yes
#enable_redis: "no" #enable_redis: "no"
#enable_sahara: "no" #enable_sahara: "no"
#enable_senlin: "no" #enable_senlin: "no"
#enable_skyline: "no"
#enable_solum: "no" #enable_solum: "no"
#enable_swift: "no" #enable_swift: "no"
#enable_swift_s3api: "no" #enable_swift_s3api: "no"

View File

@ -174,6 +174,10 @@ masakari_keystone_password:
memcache_secret_key: memcache_secret_key:
skyline_secret_key:
skyline_database_password:
skyline_keystone_password:
# HMAC secret key # HMAC secret key
osprofiler_secret: osprofiler_secret:

View File

@ -0,0 +1,3 @@
---
features:
- Add skyline ansible role