Fix zun deployment

Configure zun-api to use apache.
Fix zun endpoint (tenant_id) causes a 404 error.
Fix zun.conf options
Change zun port, correct port is 9517
Zun compute need privileged and mount docker lib volume

Change-Id: Id9455e7dde62e1994a3f6ae8f30d378e5cda4262
Closes-Bug: #1682165
This commit is contained in:
Eduardo Gonzalez 2017-04-12 16:28:33 +01:00
parent afdd11b9a2
commit 27b577c484
7 changed files with 98 additions and 15 deletions

View File

@ -245,7 +245,7 @@ tacker_server_port: "9890"
fluentd_syslog_port: "5140" fluentd_syslog_port: "5140"
zun_api_port: "9512" zun_api_port: "9517"
ovsdb_port: "6640" ovsdb_port: "6640"

View File

@ -16,10 +16,13 @@ zun_services:
group: zun-compute group: zun-compute
enabled: true enabled: true
image: "{{ zun_compute_image_full }}" image: "{{ zun_compute_image_full }}"
privileged: True
volumes: volumes:
- "{{ node_config_directory }}/zun-compute/:{{ container_config_directory }}/:ro" - "{{ node_config_directory }}/zun-compute/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro" - "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/" - "kolla_logs:/var/log/kolla/"
- "/run:/run:shared"
- "/usr/lib/docker:/usr/lib/docker"
#################### ####################
## Database ## Database
@ -44,9 +47,9 @@ zun_api_image_full: "{{ zun_api_image }}:{{ zun_api_tag }}"
#################### ####################
## OpenStack ## OpenStack
#################### ####################
zun_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s" zun_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/"
zun_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s" zun_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/"
zun_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s" zun_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ zun_api_port }}/v1/"
zun_logging_debug: "{{ openstack_logging_debug }}" zun_logging_debug: "{{ openstack_logging_debug }}"

View File

@ -12,6 +12,7 @@
common_options: "{{ docker_common_options }}" common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}" name: "{{ service.container_name }}"
image: "{{ service.image }}" image: "{{ service.image }}"
privileged: "{{ service.privileged | default(False) }}"
volumes: "{{ service.volumes }}" volumes: "{{ service.volumes }}"
when: when:
- action != "config" - action != "config"
@ -19,6 +20,7 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or zun_conf.changed | bool or zun_conf.changed | bool
or zun_conf_wsgi.changed | bool
or policy_json.changed | bool or policy_json.changed | bool
or zun_api_container.changed | bool or zun_api_container.changed | bool
@ -35,6 +37,7 @@
common_options: "{{ docker_common_options }}" common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}" name: "{{ service.container_name }}"
image: "{{ service.image }}" image: "{{ service.image }}"
privileged: "{{ service.privileged | default(False) }}"
volumes: "{{ service.volumes }}" volumes: "{{ service.volumes }}"
when: when:
- action != "config" - action != "config"

View File

@ -42,6 +42,19 @@
- Restart zun-api container - Restart zun-api container
- Restart zun-compute container - Restart zun-compute container
- name: Copying over wsgi-zun files for services
vars:
service: "{{ zun_services['zun-api'] }}"
template:
src: "wsgi-zun.conf.j2"
dest: "{{ node_config_directory }}/zun-api/wsgi-zun.conf"
register: zun_conf_wsgi
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
notify:
- Restart zun-api container
- name: Check if policies shall be overwritten - name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/zun/policy.json" local_action: stat path="{{ node_custom_config }}/zun/policy.json"
register: zun_policy register: zun_policy
@ -65,6 +78,7 @@
common_options: "{{ docker_common_options }}" common_options: "{{ docker_common_options }}"
name: "{{ item.value.container_name }}" name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}" image: "{{ item.value.image }}"
privileged: "{{ item.value.privileged | default(False) }}"
volumes: "{{ item.value.volumes }}" volumes: "{{ item.value.volumes }}"
register: check_zun_containers register: check_zun_containers
when: when:

View File

@ -0,0 +1,25 @@
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ api_interface_address }}:{{ zun_api_port }}
<VirtualHost *:{{ zun_api_port }}>
## Vhost docroot
DocumentRoot "/var/www/cgi-bin/zun"
## Directories, there should at least be a declaration for /var/www/cgi-bin/zun
<Directory "/var/www/cgi-bin/zun">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
## Logging
ErrorLog "/var/log/kolla/zun/zun_api_wsgi_error.log"
ServerSignature Off
CustomLog "/var/log/kolla/zun/zun_api_wsgi_access.log" combined
WSGIApplicationGroup %{GLOBAL}
WSGIDaemonProcess zun group=zun processes={{ openstack_service_workers }} threads=1 user=zun python-path={{ python_path }}
WSGIProcessGroup zun
WSGIScriptAlias / "/var/www/cgi-bin/zun/app.wsgi"
</VirtualHost>

View File

@ -1,5 +1,7 @@
{% set zun_cmd = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}
{% set zun_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}
{ {
"command": "zun-api --config-file /etc/zun/zun.conf", "command": "{{ zun_cmd }} -DFOREGROUND",
"config_files": [ "config_files": [
{ {
"source": "{{ container_config_directory }}/zun.conf", "source": "{{ container_config_directory }}/zun.conf",
@ -8,16 +10,17 @@
"perm": "0600" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/api-paste.ini", "source": "{{ container_config_directory }}/wsgi-zun.conf",
"dest": "/etc/zun/api-paste.ini", "dest": "/etc/{{ zun_dir }}/wsgi-zun.conf",
"owner": "zun", "owner": "root",
"perm": "0600" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/zun/policy.json", "dest": "/etc/zun/policy.json",
"owner": "zun", "owner": "zun",
"perm": "0600" "perm": "0600",
"optional": true
} }
], ],
"permissions": [ "permissions": [

View File

@ -3,10 +3,17 @@ debug = {{ zun_logging_debug }}
log_dir = /var/log/kolla/zun log_dir = /var/log/kolla/zun
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% if service_name == 'zun-api' %} container_driver = docker.driver.DockerDriver
osapi_zun_listen = {{ api_interface_address }} image_driver_list = glance
osapi_zun_listen_port = {{ zun_api_port }} db_type = sql
{% endif %}
[api]
host_ip = {{ api_interface_address }}
port = {{ zun_api_port }}
workers = {{ openstack_service_workers }}
[compute]
topic = zun-compute
[database] [database]
connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }} connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }}
@ -17,10 +24,9 @@ version = 1
service_type = container service_type = container
service_name = zun service_name = zun
[keystone_authtoken] [keystone_auth]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
project_domain_name = Default
auth_type = password auth_type = password
project_domain_id = default project_domain_id = default
user_domain_id = default user_domain_id = default
@ -31,3 +37,32 @@ password = {{ zun_keystone_password }}
memcache_security_strategy = ENCRYPT memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }} memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[keystone_authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ zun_keystone_user }}
password = {{ zun_keystone_password }}
service_token_roles_required = True
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[glance_client]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ zun_keystone_user }}
password = {{ zun_keystone_password }}
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
api_version = 2