diff --git a/README.rst b/README.rst
index 65544b5fb9..ca7b92ab55 100644
--- a/README.rst
+++ b/README.rst
@@ -89,6 +89,7 @@ Kolla provides images to deploy the following OpenStack projects:
- `Senlin <http://docs.openstack.org/developer/senlin/>`__
- `Solum <http://docs.openstack.org/developer/solum/>`__
- `Swift <http://docs.openstack.org/developer/swift/>`__
+- `Tacker <http://docs.openstack.org/developer/tacker/>`__
- `Tempest <http://docs.openstack.org/developer/tempest/>`__
- `Trove <http://docs.openstack.org/developer/trove/>`__
- `Vmtp <http://vmtp.readthedocs.io/en/latest/>`__
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 494790e6bc..3be6d62e2d 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -210,6 +210,8 @@ searchlight_api_port: "9393"
grafana_server_port: "3000"
+tacker_server_port: "9890"
+
public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
internal_protocol: "http"
admin_protocol: "http"
@@ -291,6 +293,7 @@ enable_searchlight: "no"
enable_senlin: "no"
enable_solum: "no"
enable_swift: "no"
+enable_tacker: "no"
enable_telegraf: "no"
enable_tempest: "no"
enable_trove: "no"
diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one
index ca693c0ff4..4a19ef581c 100644
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@@ -126,6 +126,9 @@ control
[congress:children]
control
+[tacker:children]
+control
+
# Tempest
[tempest:children]
control
diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode
index 728be081ea..d941b677ff 100644
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@@ -141,6 +141,9 @@ control
[gnocchi:children]
control
+[tacker:children]
+control
+
[trove:children]
control
diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml
index 00a83a7b86..f07d9a610c 100644
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@@ -100,4 +100,5 @@
- { name: "senlin", enabled: "{{ enable_senlin }}" }
- { name: "solum", enabled: "{{ enable_solum }}" }
- { name: "swift", enabled: "{{ enable_swift }}" }
+ - { name: "tacker", enabled: "{{ enable_tacker }}" }
- { name: "watcher", enabled: "{{ enable_watcher }}" }
diff --git a/ansible/roles/common/templates/cron-logrotate-tacker.conf.j2 b/ansible/roles/common/templates/cron-logrotate-tacker.conf.j2
new file mode 100644
index 0000000000..6815816451
--- /dev/null
+++ b/ansible/roles/common/templates/cron-logrotate-tacker.conf.j2
@@ -0,0 +1,3 @@
+"/var/log/kolla/tacker/*.log"
+{
+}
diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2
index 610145f25b..adc437a489 100644
--- a/ansible/roles/common/templates/cron.json.j2
+++ b/ansible/roles/common/templates/cron.json.j2
@@ -27,7 +27,8 @@
( 'searchlight', enable_searchlight ),
( 'senlin', enable_senlin ),
( 'solum', enable_solum ),
- ( 'swift', enable_swift )
+ ( 'swift', enable_swift ),
+ ( 'tacker', enable_tacker )
] %}
{
"command": "{{ cron_cmd }}",
diff --git a/ansible/roles/common/templates/heka-openstack.toml.j2 b/ansible/roles/common/templates/heka-openstack.toml.j2
index 1a22733805..56c008b804 100644
--- a/ansible/roles/common/templates/heka-openstack.toml.j2
+++ b/ansible/roles/common/templates/heka-openstack.toml.j2
@@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua"
type = "LogstreamerInput"
decoder = "openstack_log_decoder"
log_directory = "/var/log/kolla"
-file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|searchlight|senlin|sahara)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
+file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
priority = ["^Seq"]
differentiator = ["Service", "_", "Program"]
diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index abedfbf024..cceae6a2e5 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -647,6 +647,22 @@ listen mistral_api_external
{% endif %}
{% endif %}
+{% if enable_tacker | bool %}
+listen tacker_server
+ bind {{ kolla_internal_vip_address }}:{{ tacker_server_port }}
+{% for host in groups['tacker'] %}
+ server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ tacker_server_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% if haproxy_enable_external_vip | bool %}
+
+listen tacker_server_external
+ bind {{ kolla_external_vip_address }}:{{ tacker_server_port }} {{ tls_bind_info }}
+{% for host in groups['tacker'] %}
+ server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ tacker_server_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% endif %}
+{% endif %}
+
# (NOTE): This defaults section deletes forwardfor as recommended by:
# https://marc.info/?l=haproxy&m=141684110710132&w=1
diff --git a/ansible/roles/neutron/templates/ml2_conf.ini.j2 b/ansible/roles/neutron/templates/ml2_conf.ini.j2
index b689440e0d..b9cb102af3 100644
--- a/ansible/roles/neutron/templates/ml2_conf.ini.j2
+++ b/ansible/roles/neutron/templates/ml2_conf.ini.j2
@@ -19,6 +19,10 @@ mechanism_drivers = linuxbridge,l2population
extension_drivers = qos
{% endif %}
+{% if enable_tacker | bool %}
+extension_drivers = port_security
+{% endif %}
+
[ml2_type_vlan]
{% if enable_ironic | bool %}
network_vlan_ranges = physnet1
diff --git a/ansible/roles/prechecks/tasks/port_checks.yml b/ansible/roles/prechecks/tasks/port_checks.yml
index eef306fc2f..dc7dfa1159 100644
--- a/ansible/roles/prechecks/tasks/port_checks.yml
+++ b/ansible/roles/prechecks/tasks/port_checks.yml
@@ -929,3 +929,23 @@
when:
- inventory_hostname in groups['haproxy']
- enable_searchlight | bool
+
+- name: Checking free port for Tacker Server
+ wait_for:
+ host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+ port: "{{ tacker_server_port }}"
+ connect_timeout: 1
+ state: stopped
+ when:
+ - inventory_hostname in groups['tacker']
+ - enable_tacker | bool
+
+- name: Checking free port for Tacker Server HAProxy
+ wait_for:
+ host: "{{ kolla_internal_vip_address }}"
+ port: "{{ tacker_server_port }}"
+ connect_timeout: 1
+ state: stopped
+ when:
+ - inventory_hostname in groups['haproxy']
+ - enable_tacker | bool
diff --git a/ansible/roles/tacker/defaults/main.yml b/ansible/roles/tacker/defaults/main.yml
new file mode 100644
index 0000000000..6c1fc6c0e3
--- /dev/null
+++ b/ansible/roles/tacker/defaults/main.yml
@@ -0,0 +1,29 @@
+---
+project_name: "tacker"
+
+####################
+# Database
+####################
+tacker_database_name: "tacker"
+tacker_database_user: "tacker"
+tacker_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+########
+# Docker
+########
+tacker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-tacker"
+tacker_tag: "{{ openstack_release }}"
+tacker_image_full: "{{ tacker_image }}:{{ tacker_tag }}"
+
+####################
+# OpenStack
+####################
+tacker_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ tacker_server_port }}"
+tacker_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ tacker_server_port }}"
+tacker_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ tacker_server_port }}"
+
+tacker_logging_debug: "{{ openstack_logging_debug }}"
+
+tacker_keystone_user: "tacker"
+
+openstack_tacker_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
diff --git a/ansible/roles/tacker/meta/main.yml b/ansible/roles/tacker/meta/main.yml
new file mode 100644
index 0000000000..6b4fff8fef
--- /dev/null
+++ b/ansible/roles/tacker/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - { role: common }
diff --git a/ansible/roles/tacker/tasks/bootstrap.yml b/ansible/roles/tacker/tasks/bootstrap.yml
new file mode 100644
index 0000000000..5937c2add8
--- /dev/null
+++ b/ansible/roles/tacker/tasks/bootstrap.yml
@@ -0,0 +1,41 @@
+---
+- name: Creating tacker database
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m mysql_db
+ -a "login_host='{{ database_address }}'
+ login_port='{{ database_port }}'
+ login_user='{{ database_user }}'
+ login_password='{{ database_password }}'
+ name='{{ tacker_database_name }}'"
+ register: database
+ changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ failed_when: database.stdout.split()[2] != 'SUCCESS'
+ run_once: True
+ delegate_to: "{{ groups['tacker'][0] }}"
+
+- name: Reading json from variable
+ set_fact:
+ database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating tacker database user and setting permissions
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m mysql_user
+ -a "login_host='{{ database_address }}'
+ login_port='{{ database_port }}'
+ login_user='{{ database_user }}'
+ login_password='{{ database_password }}'
+ name='{{ tacker_database_name }}'
+ password='{{ tacker_database_password }}'
+ host='%'
+ priv='{{ tacker_database_name }}.*:ALL'
+ append_privs='yes'"
+ register: database_user_create
+ changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+ (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
+ run_once: True
+ delegate_to: "{{ groups['tacker'][0] }}"
+
+- include: bootstrap_service.yml
+ when: database_created
diff --git a/ansible/roles/tacker/tasks/bootstrap_service.yml b/ansible/roles/tacker/tasks/bootstrap_service.yml
new file mode 100644
index 0000000000..039f3e6d99
--- /dev/null
+++ b/ansible/roles/tacker/tasks/bootstrap_service.yml
@@ -0,0 +1,20 @@
+---
+- name: Running tacker bootstrap container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ detach: False
+ environment:
+ KOLLA_BOOTSTRAP:
+ KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+ image: "{{ tacker_image_full }}"
+ labels:
+ BOOTSTRAP:
+ name: "bootstrap_tacker"
+ restart_policy: "never"
+ volumes:
+ - "{{ node_config_directory }}/tacker/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
+ run_once: True
+ delegate_to: "{{ groups['tacker'][0] }}"
diff --git a/ansible/roles/tacker/tasks/config.yml b/ansible/roles/tacker/tasks/config.yml
new file mode 100644
index 0000000000..b7d821d0dd
--- /dev/null
+++ b/ansible/roles/tacker/tasks/config.yml
@@ -0,0 +1,44 @@
+---
+- name: Ensuring config directories exist
+ file:
+ path: "{{ node_config_directory }}/{{ item }}"
+ state: "directory"
+ recurse: yes
+ with_items:
+ - "tacker"
+
+- name: Copying over config.json files for services
+ template:
+ src: "{{ item }}.json.j2"
+ dest: "{{ node_config_directory }}/{{ item }}/config.json"
+ with_items:
+ - "tacker"
+
+- name: Copying over tacker.conf
+ merge_configs:
+ vars:
+ service_name: "{{ item }}"
+ sources:
+ - "{{ role_path }}/templates/tacker.conf.j2"
+ - "{{ node_custom_config }}/global.conf"
+ - "{{ node_custom_config }}/database.conf"
+ - "{{ node_custom_config }}/messaging.conf"
+ - "{{ node_custom_config }}/tacker.conf"
+ - "{{ node_custom_config }}/tacker/{{ item }}.conf"
+ - "{{ node_custom_config }}/tacker/{{ inventory_hostname }}/tacker.conf"
+ dest: "{{ node_config_directory }}/{{ item }}/tacker.conf"
+ with_items:
+ - "tacker"
+
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ node_custom_config }}/tacker/policy.json"
+ register: tacker_policy
+
+- name: Copying over existing policy.json
+ template:
+ src: "{{ node_custom_config }}/tacker/policy.json"
+ dest: "{{ node_config_directory }}/{{ item }}/policy.json"
+ with_items:
+ - "tacker"
+ when:
+ tacker_policy.stat.exists
diff --git a/ansible/roles/tacker/tasks/deploy.yml b/ansible/roles/tacker/tasks/deploy.yml
new file mode 100644
index 0000000000..5c48120b7c
--- /dev/null
+++ b/ansible/roles/tacker/tasks/deploy.yml
@@ -0,0 +1,8 @@
+---
+- include: register.yml
+
+- include: config.yml
+
+- include: bootstrap.yml
+
+- include: start.yml
diff --git a/ansible/roles/tacker/tasks/main.yml b/ansible/roles/tacker/tasks/main.yml
new file mode 100644
index 0000000000..b017e8b4ad
--- /dev/null
+++ b/ansible/roles/tacker/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"
diff --git a/ansible/roles/tacker/tasks/pull.yml b/ansible/roles/tacker/tasks/pull.yml
new file mode 100644
index 0000000000..c1e1bd19af
--- /dev/null
+++ b/ansible/roles/tacker/tasks/pull.yml
@@ -0,0 +1,6 @@
+---
+- name: Pulling tacker image
+ kolla_docker:
+ action: "pull_image"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ tacker_image_full }}"
diff --git a/ansible/roles/tacker/tasks/reconfigure.yml b/ansible/roles/tacker/tasks/reconfigure.yml
new file mode 100644
index 0000000000..60a29c0f06
--- /dev/null
+++ b/ansible/roles/tacker/tasks/reconfigure.yml
@@ -0,0 +1,64 @@
+---
+- name: Ensuring the containers up
+ kolla_docker:
+ name: "{{ item.name }}"
+ action: "get_container_state"
+ register: container_state
+ failed_when: container_state.Running == false
+ when: inventory_hostname in groups[item.group]
+ with_items:
+ - { name: tacker, group: tacker }
+
+- include: config.yml
+
+- name: Check the configs
+ command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
+ changed_when: false
+ failed_when: false
+ register: check_results
+ when: inventory_hostname in groups[item.group]
+ with_items:
+ - { name: tacker, group: tacker }
+
+# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
+# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
+# just remove the container and start again
+- name: Containers config strategy
+ kolla_docker:
+ name: "{{ item.name }}"
+ action: "get_container_env"
+ register: container_envs
+ when: inventory_hostname in groups[item.group]
+ with_items:
+ - { name: tacker, group: tacker }
+
+- name: Remove the containers
+ kolla_docker:
+ name: "{{ item[0]['name'] }}"
+ action: "remove_container"
+ register: remove_containers
+ when:
+ - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
+ - item[2]['rc'] == 1
+ - inventory_hostname in groups[item[0]['group']]
+ with_together:
+ - [{ name: tacker, group: tacker }]
+ - "{{ container_envs.results }}"
+ - "{{ check_results.results }}"
+
+- include: start.yml
+ when: remove_containers.changed
+
+- name: Restart containers
+ kolla_docker:
+ name: "{{ item[0]['name'] }}"
+ action: "restart_container"
+ when:
+ - config_strategy == 'COPY_ALWAYS'
+ - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
+ - item[2]['rc'] == 1
+ - inventory_hostname in groups[item[0]['group']]
+ with_together:
+ - [{ name: tacker, group: tacker }]
+ - "{{ container_envs.results }}"
+ - "{{ check_results.results }}"
diff --git a/ansible/roles/tacker/tasks/register.yml b/ansible/roles/tacker/tasks/register.yml
new file mode 100644
index 0000000000..c039e9afb1
--- /dev/null
+++ b/ansible/roles/tacker/tasks/register.yml
@@ -0,0 +1,40 @@
+---
+- name: Creating the Tacker service and endpoint
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m kolla_keystone_service
+ -a "service_name=tacker
+ service_type=nfv-orchestration
+ description='Tacker Service'
+ endpoint_region={{ openstack_region_name }}
+ url='{{ item.url }}'
+ interface='{{ item.interface }}'
+ region_name={{ openstack_region_name }}
+ auth={{ '{{ openstack_tacker_auth }}' }}"
+ -e "{'openstack_tacker_auth':{{ openstack_tacker_auth }}}"
+ register: tacker_endpoint
+ changed_when: "{{ tacker_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (tacker_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: tacker_endpoint.stdout.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
+ with_items:
+ - {'interface': 'admin', 'url': '{{ tacker_admin_endpoint }}'}
+ - {'interface': 'internal', 'url': '{{ tacker_internal_endpoint }}'}
+ - {'interface': 'public', 'url': '{{ tacker_public_endpoint }}'}
+
+- name: Creating the Tacker project, user, and role
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m kolla_keystone_user
+ -a "project=service
+ user=tacker
+ password={{ tacker_keystone_password }}
+ role=admin
+ region_name={{ openstack_region_name }}
+ auth={{ '{{ openstack_tacker_auth }}' }}"
+ -e "{'openstack_tacker_auth':{{ openstack_tacker_auth }}}"
+ register: tacker_user
+ changed_when: "{{ tacker_user.stdout.find('localhost | SUCCESS => ') != -1 and (tacker_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: tacker_user.stdout.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
diff --git a/ansible/roles/tacker/tasks/start.yml b/ansible/roles/tacker/tasks/start.yml
new file mode 100644
index 0000000000..2d8214fe7b
--- /dev/null
+++ b/ansible/roles/tacker/tasks/start.yml
@@ -0,0 +1,11 @@
+---
+- name: Starting tacker container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ tacker_image_full }}"
+ name: "tacker"
+ volumes:
+ - "{{ node_config_directory }}/tacker/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla/"
diff --git a/ansible/roles/tacker/tasks/upgrade.yml b/ansible/roles/tacker/tasks/upgrade.yml
new file mode 100644
index 0000000000..308053080c
--- /dev/null
+++ b/ansible/roles/tacker/tasks/upgrade.yml
@@ -0,0 +1,6 @@
+---
+- include: config.yml
+
+- include: bootstrap_service.yml
+
+- include: start.yml
diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2
new file mode 100644
index 0000000000..ebdc278c42
--- /dev/null
+++ b/ansible/roles/tacker/templates/tacker.conf.j2
@@ -0,0 +1,59 @@
+[DEFAULT]
+debug = {{ tacker_logging_debug }}
+
+log_dir = /var/log/kolla/tacker
+
+transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+bind_host = {{ api_interface_address }}
+bind_port = {{ tacker_server_port }}
+
+{% if enable_nova | bool %}
+nova_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}
+nova_admin_user_name = nova
+nova_admin_password = {{ nova_keystone_password }}
+nova_admin_tenant_id = service
+nova_admin_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+
+[tacker_nova]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ nova_keystone_user }}
+password = {{ nova_keystone_password }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+{% endif %}
+
+[database]
+connection = mysql+pymysql://{{ tacker_database_user }}:{{ tacker_database_password }}@{{ tacker_database_address }}/{{ tacker_database_name }}
+max_retries = -1
+
+[keystone_authtoken]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ tacker_keystone_user }}
+password = {{ tacker_keystone_password }}
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+{% if enable_heat | bool %}
+[tacker_heat]
+heat_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1
+{% endif %}
+
+[oslo_messaging_notifications]
+{% if enable_ceilometer | bool %}
+driver = messagingv2
+topics = notifications
+{% else %}
+driver = noop
+{% endif %}
diff --git a/ansible/roles/tacker/templates/tacker.json.j2 b/ansible/roles/tacker/templates/tacker.json.j2
new file mode 100644
index 0000000000..81a519cf89
--- /dev/null
+++ b/ansible/roles/tacker/templates/tacker.json.j2
@@ -0,0 +1,25 @@
+{
+ "command": "tacker-server --config-file /etc/tacker/tacker.conf",
+ "config_files":[
+ {
+ "source": "{{ container_config_directory }}/tacker.conf",
+ "dest": "/etc/tacker/tacker.conf",
+ "owner": "tacker",
+ "perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/tacker/policy.json",
+ "owner": "tacker",
+ "perm": "0600",
+ "optional": true
+ }
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/tacker",
+ "owner": "tacker:tacker",
+ "recurse": true
+ }
+ ]
+}
diff --git a/ansible/site.yml b/ansible/site.yml
index 62c53f5a4d..0055a13515 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -433,3 +433,10 @@
- { role: searchlight,
tags: searchlight,
when: enable_searchlight | bool }
+
+- hosts: tacker
+ serial: '{{ serial|default("0") }}'
+ roles:
+ - { role: tacker,
+ tags: tacker,
+ when: enable_tacker | bool }
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index 2e13289802..c5b4d57acc 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -155,6 +155,7 @@ kolla_internal_vip_address: "10.10.10.254"
#enable_solum: "no"
#enable_swift: "no"
#enable_telegraf: "no"
+#enable_tacker: "no"
#enable_tempest: "no"
#enable_watcher: "no"
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index da095040a0..b37451d1bb 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -108,6 +108,9 @@ manila_keystone_password:
searchlight_keystone_password:
+tacker_database_password:
+tacker_keystone_password:
+
memcache_secret_key:
nova_ssh_key:
diff --git a/releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml b/releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml
new file mode 100644
index 0000000000..ac98611120
--- /dev/null
+++ b/releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - OpenStack Tacker NFV service Ansible support is included
+ in Kolla.