diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 4be4bfaae9..5f3cd1f88b 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -245,7 +245,7 @@ tacker_server_port: "9890" fluentd_syslog_port: "5140" -zun_api_port: "9512" +zun_api_port: "9517" ovsdb_port: "6640" diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml index c81c326a9a..022ac70b98 100644 --- a/ansible/roles/zun/defaults/main.yml +++ b/ansible/roles/zun/defaults/main.yml @@ -16,10 +16,13 @@ zun_services: group: zun-compute enabled: true image: "{{ zun_compute_image_full }}" + privileged: True volumes: - "{{ node_config_directory }}/zun-compute/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "kolla_logs:/var/log/kolla/" + - "/run:/run:shared" + - "/usr/lib/docker:/usr/lib/docker" #################### ## Database @@ -44,9 +47,9 @@ zun_api_image_full: "{{ zun_api_image }}:{{ zun_api_tag }}" #################### ## OpenStack #################### -zun_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s" -zun_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s" -zun_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ zun_api_port }}/v1/%(tenant_id)s" +zun_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/" +zun_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ zun_api_port }}/v1/" +zun_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ zun_api_port }}/v1/" zun_logging_debug: "{{ openstack_logging_debug }}" diff --git a/ansible/roles/zun/handlers/main.yml b/ansible/roles/zun/handlers/main.yml index ba34d4b881..beab820d5e 100644 --- a/ansible/roles/zun/handlers/main.yml +++ b/ansible/roles/zun/handlers/main.yml @@ -12,6 +12,7 @@ common_options: "{{ docker_common_options }}" name: "{{ service.container_name }}" image: "{{ service.image }}" + privileged: "{{ service.privileged | default(False) }}" volumes: "{{ service.volumes }}" when: - action != "config" @@ -19,6 +20,7 @@ - service.enabled | bool - config_json.changed | bool or zun_conf.changed | bool + or zun_conf_wsgi.changed | bool or policy_json.changed | bool or zun_api_container.changed | bool @@ -35,6 +37,7 @@ common_options: "{{ docker_common_options }}" name: "{{ service.container_name }}" image: "{{ service.image }}" + privileged: "{{ service.privileged | default(False) }}" volumes: "{{ service.volumes }}" when: - action != "config" diff --git a/ansible/roles/zun/tasks/config.yml b/ansible/roles/zun/tasks/config.yml index bdf326db01..9712b48bab 100644 --- a/ansible/roles/zun/tasks/config.yml +++ b/ansible/roles/zun/tasks/config.yml @@ -42,6 +42,19 @@ - Restart zun-api container - Restart zun-compute container +- name: Copying over wsgi-zun files for services + vars: + service: "{{ zun_services['zun-api'] }}" + template: + src: "wsgi-zun.conf.j2" + dest: "{{ node_config_directory }}/zun-api/wsgi-zun.conf" + register: zun_conf_wsgi + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + notify: + - Restart zun-api container + - name: Check if policies shall be overwritten local_action: stat path="{{ node_custom_config }}/zun/policy.json" register: zun_policy @@ -65,6 +78,7 @@ common_options: "{{ docker_common_options }}" name: "{{ item.value.container_name }}" image: "{{ item.value.image }}" + privileged: "{{ item.value.privileged | default(False) }}" volumes: "{{ item.value.volumes }}" register: check_zun_containers when: diff --git a/ansible/roles/zun/templates/wsgi-zun.conf.j2 b/ansible/roles/zun/templates/wsgi-zun.conf.j2 new file mode 100644 index 0000000000..e484ea7306 --- /dev/null +++ b/ansible/roles/zun/templates/wsgi-zun.conf.j2 @@ -0,0 +1,25 @@ +{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} +Listen {{ api_interface_address }}:{{ zun_api_port }} + + + + ## Vhost docroot + DocumentRoot "/var/www/cgi-bin/zun" + + ## Directories, there should at least be a declaration for /var/www/cgi-bin/zun + + + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Require all granted + + + ## Logging + ErrorLog "/var/log/kolla/zun/zun_api_wsgi_error.log" + ServerSignature Off + CustomLog "/var/log/kolla/zun/zun_api_wsgi_access.log" combined + WSGIApplicationGroup %{GLOBAL} + WSGIDaemonProcess zun group=zun processes={{ openstack_service_workers }} threads=1 user=zun python-path={{ python_path }} + WSGIProcessGroup zun + WSGIScriptAlias / "/var/www/cgi-bin/zun/app.wsgi" + diff --git a/ansible/roles/zun/templates/zun-api.json.j2 b/ansible/roles/zun/templates/zun-api.json.j2 index ded9aea735..14feaf3bbf 100644 --- a/ansible/roles/zun/templates/zun-api.json.j2 +++ b/ansible/roles/zun/templates/zun-api.json.j2 @@ -1,5 +1,7 @@ +{% set zun_cmd = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %} +{% set zun_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %} { - "command": "zun-api --config-file /etc/zun/zun.conf", + "command": "{{ zun_cmd }} -DFOREGROUND", "config_files": [ { "source": "{{ container_config_directory }}/zun.conf", @@ -8,16 +10,17 @@ "perm": "0600" }, { - "source": "{{ container_config_directory }}/api-paste.ini", - "dest": "/etc/zun/api-paste.ini", - "owner": "zun", + "source": "{{ container_config_directory }}/wsgi-zun.conf", + "dest": "/etc/{{ zun_dir }}/wsgi-zun.conf", + "owner": "root", "perm": "0600" }, { "source": "{{ container_config_directory }}/policy.json", "dest": "/etc/zun/policy.json", "owner": "zun", - "perm": "0600" + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2 index b7c1a01a4e..2fb85acec7 100644 --- a/ansible/roles/zun/templates/zun.conf.j2 +++ b/ansible/roles/zun/templates/zun.conf.j2 @@ -3,10 +3,17 @@ debug = {{ zun_logging_debug }} log_dir = /var/log/kolla/zun transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} -{% if service_name == 'zun-api' %} -osapi_zun_listen = {{ api_interface_address }} -osapi_zun_listen_port = {{ zun_api_port }} -{% endif %} +container_driver = docker.driver.DockerDriver +image_driver_list = glance +db_type = sql + +[api] +host_ip = {{ api_interface_address }} +port = {{ zun_api_port }} +workers = {{ openstack_service_workers }} + +[compute] +topic = zun-compute [database] connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }} @@ -17,10 +24,9 @@ version = 1 service_type = container service_name = zun -[keystone_authtoken] +[keystone_auth] auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} -project_domain_name = Default auth_type = password project_domain_id = default user_domain_id = default @@ -31,3 +37,32 @@ password = {{ zun_keystone_password }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[keystone_authtoken] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ zun_keystone_user }} +password = {{ zun_keystone_password }} +service_token_roles_required = True + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + + +[glance_client] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ zun_keystone_user }} +password = {{ zun_keystone_password }} +region_name = {{ openstack_region_name }} +endpoint_type = internalURL +api_version = 2