diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 88e59c3637..2c96f53029 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -104,6 +104,8 @@ murano_api_port: "8082" ironic_api_port: "6385" +magnum_api_port: "9511" + #################### # Openstack options @@ -155,6 +157,7 @@ enable_horizon: "yes" enable_swift: "no" enable_murano: "no" enable_ironic: "no" +enable_magnum: "no" ironic_keystone_user: "ironic" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index ab6eceeb27..ce25dd76a7 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -63,6 +63,9 @@ storage [ironic:children] control +[magnum:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -155,3 +158,10 @@ ironic [ironic-pxe:children] ironic + +# Magnum +[magnum-api:children] +magnum + +[magnum-conductor:children] +magnum diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 63b9af66fa..148db99dff 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -71,6 +71,9 @@ control [ceph-osd:children] storage +[magnum:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. @@ -164,3 +167,10 @@ ironic [ironic-pxe:children] ironic + +# Magnum +[magnum-api:children] +magnum + +[magnum-conductor:children] +magnum diff --git a/ansible/roles/common/templates/rsyslog.conf.j2 b/ansible/roles/common/templates/rsyslog.conf.j2 index 86d8298b95..f20438cd5b 100755 --- a/ansible/roles/common/templates/rsyslog.conf.j2 +++ b/ansible/roles/common/templates/rsyslog.conf.j2 @@ -132,6 +132,12 @@ $template MuranoEngineFile,"/var/log/murano/murano-engine.log" $template MuranoApiFile,"/var/log/murano/murano-api.log" :syslogtag,contains,"murano-api" ?MuranoApiFile +$template MagnumApiFile,"/var/log/magnum/magnum-api.log" +:syslogtag,contains,"magnum-api" ?MagnumApiFile + +$template MagnumConductorFile,"/var/log/magnum/magnum-conductor.log" +:syslogtag,contains,"magnum-conductor" ?MagnumConductorFile + $template DynFile,"/var/log/syslog.log" *.* ?DynFile & ~ diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index adc0096b94..9ef8015b0f 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -157,3 +157,11 @@ listen murano_api server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ murano_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} {% endif %} + +{% if enable_magnum | bool %} +listen magnum_api + bind {{ kolla_internal_address }}:{{ magnum_api_port }} +{% for host in groups['magnum-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ magnum_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} diff --git a/ansible/roles/magnum/defaults/main.yml b/ansible/roles/magnum/defaults/main.yml new file mode 100644 index 0000000000..6d3ec0032d --- /dev/null +++ b/ansible/roles/magnum/defaults/main.yml @@ -0,0 +1,35 @@ +--- +project_name: "magnum" + +#################### +# Database +#################### +magnum_database_name: "magnum" +magnum_database_user: "magnum" +magnum_database_address: "{{ kolla_internal_address }}" + + +#################### +# Docker +#################### +magnum_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-magnum-api" +magnum_api_tag: "{{ openstack_release }}" +magnum_api_image_full: "{{ magnum_api_image }}:{{ magnum_api_tag }}" +magnum_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-magnum-conductor" +magnum_conductor_tag: "{{ openstack_release }}" +magnum_conductor_image_full: "{{ magnum_conductor_image }}:{{ magnum_conductor_tag }}" + + +#################### +# Openstack +#################### +magnum_public_address: "{{ kolla_external_address }}" +magnum_admin_address: "{{ kolla_internal_address }}" +magnum_internal_address: "{{ kolla_internal_address }}" + +magnum_logging_verbose: "{{ openstack_logging_verbose }}" +magnum_logging_debug: "{{ openstack_logging_debug }}" + +magnum_keystone_user: "magnum" + +openstack_magnum_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" diff --git a/ansible/roles/magnum/meta/main.yml b/ansible/roles/magnum/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/magnum/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/magnum/tasks/bootstrap.yml b/ansible/roles/magnum/tasks/bootstrap.yml new file mode 100644 index 0000000000..bd6e526add --- /dev/null +++ b/ansible/roles/magnum/tasks/bootstrap.yml @@ -0,0 +1,65 @@ +--- +- name: Creating Magnum database + command: docker exec -t kolla_ansible /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ magnum_database_name }}'" + register: database + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + +- name: Creating Magnum database user and setting permissions + command: docker exec -t kolla_ansible /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ magnum_database_name }}' + password='{{ magnum_database_password }}' + host='%' + priv='{{ magnum_database_name }}.*:ALL' + append_privs='yes'" + register: database_user_create + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + +- name: Starting Magnum bootstrap container + docker: + tty: True + detach: False + net: host + pull: "{{ docker_pull_policy }}" + restart_policy: "no" + state: reloaded + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + insecure_registry: "{{ docker_insecure_registry }}" + name: bootstrap_magnum + image: "{{ magnum_api_image_full }}" + volumes: "{{ node_config_directory }}/magnum-api/:{{ container_config_directory }}/:ro" + env: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + run_once: True + when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed + +# https://github.com/ansible/ansible-modules-core/pull/1031 +- name: Waiting for bootstrap container to exit + command: docker wait bootstrap_magnum + register: bootstrap_result + run_once: True + failed_when: bootstrap_result.stdout != "0" + when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed + +- name: Cleaning up Magnum boostrap container + docker: + tty: True + name: bootstrap_magnum + image: "{{ magnum_api_image_full }}" + state: absent + when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed diff --git a/ansible/roles/magnum/tasks/config.yml b/ansible/roles/magnum/tasks/config.yml new file mode 100644 index 0000000000..54166d3d61 --- /dev/null +++ b/ansible/roles/magnum/tasks/config.yml @@ -0,0 +1,50 @@ +--- +- include: ../../config.yml + vars: + service_name: "magnum-api" + config_source: + - "roles/{{ project_name }}/templates/magnum.conf.j2" + - "/etc/kolla/config/global.conf" + - "/etc/kolla/config/database.conf" + - "/etc/kolla/config/messaging.conf" + - "/etc/kolla/config/{{ project_name }}.conf" + - "/etc/kolla/config/{{ project_name }}/{{ service_name }}.conf" + config_template_dest: + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_minimal" + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_global" + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_database" + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_messaging" + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_augment" + - "{{ node_templates_directory }}/{{ service_name }}/{{ service_name }}.conf_augment" + config_dest: "{{ node_config_directory }}/{{ service_name }}/magnum.conf" + when: inventory_hostname in groups['magnum-api'] + +- name: Copying over Magnum API JSON configuration file + template: + src: "roles/magnum/templates/magnum-api.json.j2" + dest: "{{ node_config_directory }}/magnum-api/config.json" + +- include: ../../config.yml + vars: + service_name: "magnum-conductor" + config_source: + - "roles/{{ project_name }}/templates/magnum.conf.j2" + - "/etc/kolla/config/global.conf" + - "/etc/kolla/config/database.conf" + - "/etc/kolla/config/messaging.conf" + - "/etc/kolla/config/{{ project_name }}.conf" + - "/etc/kolla/config/{{ project_name }}/{{ service_name }}.conf" + config_template_dest: + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_minimal" + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_global" + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_database" + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_messaging" + - "{{ node_templates_directory }}/{{ service_name }}/{{ project_name }}.conf_augment" + - "{{ node_templates_directory }}/{{ service_name }}/{{ service_name }}.conf_augment" + config_dest: "{{ node_config_directory }}/{{ service_name }}/magnum.conf" + when: inventory_hostname in groups['magnum-conductor'] + +- name: Copying over Magnum conductor JSON configuration file + template: + src: "roles/magnum/templates/magnum-conductor.json.j2" + dest: "{{ node_config_directory }}/magnum-conductor/config.json" diff --git a/ansible/roles/magnum/tasks/main.yml b/ansible/roles/magnum/tasks/main.yml new file mode 100644 index 0000000000..5c48120b7c --- /dev/null +++ b/ansible/roles/magnum/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- include: register.yml + +- include: config.yml + +- include: bootstrap.yml + +- include: start.yml diff --git a/ansible/roles/magnum/tasks/register.yml b/ansible/roles/magnum/tasks/register.yml new file mode 100644 index 0000000000..aff9c38b27 --- /dev/null +++ b/ansible/roles/magnum/tasks/register.yml @@ -0,0 +1,37 @@ +--- +- name: Creating the Magnum service and endpoint + command: docker exec -t kolla_ansible /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=magnum + service_type=container + description='Openstack Container Service' + endpoint_region={{ openstack_region_name }} + admin_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1' + internal_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1' + public_url='http://{{ kolla_external_address }}:{{ magnum_api_port }}/v1' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_magnum_auth }}' }}" + -e "{'openstack_magnum_auth':{{ openstack_magnum_auth }}}" + register: magnum_endpoint + changed_when: "{{ magnum_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (magnum_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: magnum_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + +- name: Creating the Magnum project, user, and role + command: docker exec -t kolla_ansible /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user=magnum + password={{ magnum_keystone_password }} + role=admin + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_magnum_auth }}' }}" + -e "{'openstack_magnum_auth':{{ openstack_magnum_auth }}}" + register: magnum_user + changed_when: "{{ magnum_user.stdout.find('localhost | SUCCESS => ') != -1 and (magnum_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: magnum_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/magnum/tasks/start.yml b/ansible/roles/magnum/tasks/start.yml new file mode 100644 index 0000000000..beba29e862 --- /dev/null +++ b/ansible/roles/magnum/tasks/start.yml @@ -0,0 +1,42 @@ +--- +- name: Starting magnum-api container + docker: + tty: True + net: host + pull: "{{ docker_pull_policy }}" + restart_policy: "{{ docker_restart_policy }}" + restart_policy_retry: "{{ docker_restart_policy_retry }}" + state: reloaded + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + insecure_registry: "{{ docker_insecure_registry }}" + name: magnum_api + image: "{{ magnum_api_image_full }}" + volumes: + - "{{ node_config_directory }}/magnum-api/:{{ container_config_directory }}/:ro" + - "/var/lib/kolla/dev/log:/dev/log" + env: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + when: inventory_hostname in groups['magnum-api'] + +- name: Starting magnum-conductor container + docker: + tty: True + net: host + pull: "{{ docker_pull_policy }}" + restart_policy: "{{ docker_restart_policy }}" + restart_policy_retry: "{{ docker_restart_policy_retry }}" + state: reloaded + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + insecure_registry: "{{ docker_insecure_registry }}" + name: magnum_conductor + image: "{{ magnum_conductor_image_full }}" + volumes: + - "{{ node_config_directory }}/magnum-conductor/:{{ container_config_directory }}/:ro" + - "/var/lib/kolla/dev/log:/dev/log" + env: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + when: inventory_hostname in groups['magnum-conductor'] diff --git a/ansible/roles/magnum/templates/magnum-api.json.j2 b/ansible/roles/magnum/templates/magnum-api.json.j2 new file mode 100644 index 0000000000..ac61e2d158 --- /dev/null +++ b/ansible/roles/magnum/templates/magnum-api.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "/usr/bin/magnum-api --config-file /etc/magnum/magnum.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/magnum.conf", + "dest": "/etc/magnum/magnum.conf", + "owner": "magnum", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/magnum/templates/magnum-conductor.json.j2 b/ansible/roles/magnum/templates/magnum-conductor.json.j2 new file mode 100644 index 0000000000..b1816a178e --- /dev/null +++ b/ansible/roles/magnum/templates/magnum-conductor.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "/usr/bin/magnum-conductor --config-file /etc/magnum/magnum.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/magnum.conf", + "dest": "/etc/magnum/magnum.conf", + "owner": "magnum", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2 new file mode 100644 index 0000000000..b0cc895eb6 --- /dev/null +++ b/ansible/roles/magnum/templates/magnum.conf.j2 @@ -0,0 +1,47 @@ +[DEFAULT] +debug = {{ openstack_logging_debug }} +verbose = {{ openstack_logging_verbose }} + +use_syslog = true +syslog_log_facility = LOG_LOCAL0 + +{% if service_name == 'magnum-api' %} +[api] +port = {{ magnum_api_port }} +host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +{% endif %} + +[database] +connection = mysql://{{ magnum_database_user }}:{{ magnum_database_password }}@{{ magnum_database_address}}/{{ magnum_database_name }} + +[heat_client] +region_name = {{ openstack_region_name }} + +[keystone_authtoken] +auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_uri = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ magnum_keystone_user }} +password = {{ magnum_keystone_password }} + +[trustee] +auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_uri = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ magnum_keystone_user }} +password = {{ magnum_keystone_password }} + +[oslo_concurrency] +lock_path = /var/lib/magnum/tmp + +[oslo_messaging_rabbit] +rabbit_userid = {{ rabbitmq_user }} +rabbit_password = {{ rabbitmq_password }} +rabbit_ha_queues = true +rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} diff --git a/ansible/site.yml b/ansible/site.yml index f5feddd349..c644529b3f 100755 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -140,3 +140,12 @@ - { role: ironic, tags: ironic, when: enable_ironic | bool } + +- hosts: + - magnum-api + - magnum-conductor + - rabbitmq + roles: + - { role: magnum, + tags: magnum, + when: enable_magnum | bool } diff --git a/docker/magnum/magnum-api/extend_start.sh b/docker/magnum/magnum-api/extend_start.sh index c193a0a9a0..f6db675568 100644 --- a/docker/magnum/magnum-api/extend_start.sh +++ b/docker/magnum/magnum-api/extend_start.sh @@ -3,6 +3,6 @@ # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # of the KOLLA_BOOTSTRAP variable being set, including empty. if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then - sudo -H -u magnum magnum-manage db_sync + sudo -H -u magnum magnum-db-manage upgrade exit 0 fi diff --git a/etc/kolla/config/magnum.conf b/etc/kolla/config/magnum.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/magnum/magnum-api.conf b/etc/kolla/config/magnum/magnum-api.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/magnum/magnum-conductor.conf b/etc/kolla/config/magnum/magnum-conductor.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 507b969868..a59508df61 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -87,6 +87,7 @@ neutron_external_interface: "eth1" # OpenStack services can be enabled or disabled with these options #enable_cinder: "yes" #enable_heat: "no" +#enable_magnum: "no" ################### diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 03afac043f..6de1f7bb9f 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -56,6 +56,9 @@ murano_keystone_password: "password" ironic_database_password: "password" ironic_keystone_password: "password" +magnum_database_password: "password" +magnum_keystone_password: "password" + horizon_secret_key: "password" #################### diff --git a/tools/cleanup-containers b/tools/cleanup-containers index f195ccbf59..e88a16a3b2 100755 --- a/tools/cleanup-containers +++ b/tools/cleanup-containers @@ -15,6 +15,7 @@ containers_to_kill=( keystone \ kolla_ansible \ log_data \ + magnum_{api,conductor} \ mariadb{,_data} \ murano_{api,engine} \ neutron_{server,agents,linuxbridge_agent,openvswitch_agent} \