diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 2d82639438..b49b776da3 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -150,6 +150,9 @@ keystone_ssh_port: "8023" glance_api_port: "9292" glance_registry_port: "9191" +octavia_api_port: "9876" +octavia_health_manager_port: "5555" + nova_api_port: "8774" nova_metadata_port: "8775" nova_novncproxy_port: "6080" @@ -287,6 +290,7 @@ enable_neutron_dvr: "no" enable_neutron_lbaas: "no" enable_neutron_qos: "no" enable_neutron_agent_ha: "no" +enable_octavia: "no" enable_rally: "no" enable_sahara: "no" enable_searchlight: "no" @@ -404,6 +408,15 @@ nova_backend: "{{ 'rbd' if nova_backend_ceph | bool else 'default' }}" ####################### horizon_backend_database: "no" +################# +# Octavia options +################# +# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ] +octavia_loadbalancer_topology: "SINGLE" +octavia_amp_boot_network_list: +octavia_amp_secgroup_list: +octavia_amp_flavor_id: + ################### # Ceph options ################### diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 4a19ef581c..a90fb922b3 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -151,6 +151,9 @@ control [searchlight:children] control +[octavia:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -434,3 +437,16 @@ searchlight [searchlight-listener:children] searchlight + +# Octavia +[octavia-api:children] +octavia + +[octavia-health-manager:children] +octavia + +[octavia-housekeeping:children] +octavia + +[octavia-worker:children] +octavia diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 0b143c6a5a..fca4335215 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -167,6 +167,9 @@ control [searchlight:children] control +[octavia:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. # @@ -450,3 +453,16 @@ searchlight [searchlight-listener:children] searchlight + +# Octavia +[octavia-api:children] +octavia + +[octavia-health-manager:children] +octavia + +[octavia-housekeeping:children] +octavia + +[octavia-worker:children] +octavia diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index 3c6568efc7..f2dd09d5d4 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -94,6 +94,7 @@ - { name: "murano", enabled: "{{ enable_murano }}" } - { name: "neutron", enabled: "{{ enable_neutron }}" } - { name: "nova", enabled: "{{ enable_nova }}" } + - { name: "octavia", enabled: "{{ enable_octavia }}" } - { name: "rabbitmq", enabled: "{{ enable_rabbitmq }}" } - { name: "sahara", enabled: "{{ enable_sahara }}" } - { name: "searchlight", enabled: "{{ enable_searchlight }}" } diff --git a/ansible/roles/common/templates/cron-logrotate-octavia.conf.j2 b/ansible/roles/common/templates/cron-logrotate-octavia.conf.j2 new file mode 100644 index 0000000000..f7464d7e25 --- /dev/null +++ b/ansible/roles/common/templates/cron-logrotate-octavia.conf.j2 @@ -0,0 +1,3 @@ +"/var/log/kolla/octavia/*.log" +{ +} diff --git a/ansible/roles/common/templates/heka-openstack.toml.j2 b/ansible/roles/common/templates/heka-openstack.toml.j2 index 56c008b804..3bbe25a52b 100644 --- a/ansible/roles/common/templates/heka-openstack.toml.j2 +++ b/ansible/roles/common/templates/heka-openstack.toml.j2 @@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua" type = "LogstreamerInput" decoder = "openstack_log_decoder" log_directory = "/var/log/kolla" -file_match = '(?Pcloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|searchlight|senlin|sahara|tacker)/(?P.*)\.log\.?(?P\d*)$' +file_match = '(?Pcloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P.*)\.log\.?(?P\d*)$' priority = ["^Seq"] differentiator = ["Service", "_", "Program"] diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index cceae6a2e5..9d1d54883b 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -255,6 +255,25 @@ listen cloudkitty_api_external {% endif %} {% endif %} +{% if enable_octavia | bool %} +listen octavia_api + bind {{ kolla_internal_vip_address }}:{{ octavia_api_port }} + http-request del-header X-Forwarded-Proto +{% for host in groups['octavia-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ octavia_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} + +{% if haproxy_enable_external_vip | bool %} +listen octavia_api_external + bind {{ kolla_external_vip_address }}:{{ octavia_api_port }} {{ tls_bind_info }} + http-request del-header X-Forwarded-Proto + http-request set-header X-Forwarded-Proto https if { ssl_fc } +{% for host in groups['octavia-api'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ octavia_api_port }} check inter 2000 rise 2 fall 5 +{% endfor %} +{% endif %} +{% endif %} + {% if enable_heat | bool %} listen heat_api bind {{ kolla_internal_vip_address }}:{{ heat_api_port }} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 2f56fa81c5..8dbd2880ad 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -103,3 +103,8 @@ driver = noop drivers = ovs [flowclassifier] {% endif %} + +{% if enable_octavia | bool %} +[octavia] +base_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ octavia_api_port }} +{% endif %} diff --git a/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 b/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 index bfacaba544..2187f4f85e 100644 --- a/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 +++ b/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 @@ -1,4 +1,16 @@ {% if enable_neutron_lbaas | bool %} [service_providers] +{% if enable_octavia | bool %} +service_provider = LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default + +[service_auth] +auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v2.0 +admin_tenant_name = admin +admin_user = admin +admin_password = {{ keystone_admin_password }} +auth_version = 2 +{% else %} service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default {% endif %} + +{% endif %} diff --git a/ansible/roles/octavia/defaults/main.yml b/ansible/roles/octavia/defaults/main.yml new file mode 100644 index 0000000000..6a2bc36873 --- /dev/null +++ b/ansible/roles/octavia/defaults/main.yml @@ -0,0 +1,43 @@ +--- +project_name: "octavia" + +#################### +# Database +#################### +octavia_database_name: "octavia" +octavia_database_user: "octavia" +octavia_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + + +#################### +# Docker +#################### +octavia_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-octavia-api" +octavia_api_tag: "{{ openstack_release }}" +octavia_api_image_full: "{{ octavia_api_image }}:{{ octavia_api_tag }}" + +octavia_health_manager_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-octavia-health-manager" +octavia_health_manager_tag: "{{ openstack_release }}" +octavia_health_manager_image_full: "{{ octavia_health_manager_image }}:{{ octavia_health_manager_tag }}" + +octavia_housekeeping_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-octavia-housekeeping" +octavia_housekeeping_tag: "{{ openstack_release }}" +octavia_housekeeping_image_full: "{{ octavia_housekeeping_image }}:{{ octavia_housekeeping_tag }}" + +octavia_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-octavia-worker" +octavia_worker_tag: "{{ openstack_release }}" +octavia_worker_image_full: "{{ octavia_worker_image }}:{{ octavia_worker_tag }}" + + +#################### +# OpenStack +#################### +octavia_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ octavia_api_port }}" +octavia_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ octavia_api_port }}" +octavia_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ octavia_api_port }}" + +octavia_logging_debug: "{{ openstack_logging_debug }}" + +octavia_keystone_user: "octavia" + +openstack_octavia_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/octavia/tasks/bootstrap.yml b/ansible/roles/octavia/tasks/bootstrap.yml new file mode 100644 index 0000000000..5676e387a6 --- /dev/null +++ b/ansible/roles/octavia/tasks/bootstrap.yml @@ -0,0 +1,41 @@ +--- +- name: Creating Octavia database + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_db + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ octavia_database_name }}'" + register: database + changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and + (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['octavia-api'][0] }}" + +- name: Reading json from variable + set_fact: + database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + +- name: Creating Octavia database user and setting permissions + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m mysql_user + -a "login_host='{{ database_address }}' + login_port='{{ database_port }}' + login_user='{{ database_user }}' + login_password='{{ database_password }}' + name='{{ octavia_database_name }}' + password='{{ octavia_database_password }}' + host='%' + priv='{{ octavia_database_name }}.*:ALL' + append_privs='yes'" + register: database_user_create + changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and + (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + failed_when: database_user_create.stdout.split()[2] != 'SUCCESS' + run_once: True + delegate_to: "{{ groups['octavia-api'][0] }}" + +- include: bootstrap_service.yml + when: database_created diff --git a/ansible/roles/octavia/tasks/bootstrap_service.yml b/ansible/roles/octavia/tasks/bootstrap_service.yml new file mode 100644 index 0000000000..ba5fa7f185 --- /dev/null +++ b/ansible/roles/octavia/tasks/bootstrap_service.yml @@ -0,0 +1,20 @@ +--- +- name: Running Octavia bootstrap container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ octavia_api_image_full }}" + labels: + BOOTSTRAP: + name: "bootstrap_octavia" + restart_policy: "never" + volumes: + - "{{ node_config_directory }}/octavia-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + run_once: True + delegate_to: "{{ groups['octavia-api'][0] }}" diff --git a/ansible/roles/octavia/tasks/config.yml b/ansible/roles/octavia/tasks/config.yml new file mode 100644 index 0000000000..23658a8aaa --- /dev/null +++ b/ansible/roles/octavia/tasks/config.yml @@ -0,0 +1,49 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item }}" + state: "directory" + recurse: yes + with_items: + - "octavia-api" + - "octavia-health-manager" + - "octavia-housekeeping" + - "octavia-worker" + +- name: Copying over config.json files for services + template: + src: "{{ item }}.json.j2" + dest: "{{ node_config_directory }}/{{ item }}/config.json" + with_items: + - "octavia-api" + - "octavia-health-manager" + - "octavia-housekeeping" + - "octavia-worker" + +- name: Copying over octavia.conf + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/octavia.conf.j2" + - "{{ node_config_directory }}/config/global.conf" + - "{{ node_config_directory }}/config/database.conf" + - "{{ node_config_directory }}/config/messaging.conf" + - "{{ node_config_directory }}/config/octavia.conf" + - "{{ node_config_directory }}/config/octavia/{{ item }}.conf" + - "{{ node_config_directory }}/config/octavia/{{ inventory_hostname }}/octavia.conf" + dest: "{{ node_config_directory }}/{{ item }}/octavia.conf" + with_items: + - "octavia-api" + - "octavia-health-manager" + - "octavia-housekeeping" + - "octavia-worker" + +- name: Copying certificate files + copy: + src: "{{ node_config_directory }}/config/octavia/{{ item }}" + dest: "{{ node_config_directory }}/octavia-worker/{{ item }}" + with_items: + - cakey.pem + - ca_01.pem + - client.pem diff --git a/ansible/roles/octavia/tasks/deploy.yml b/ansible/roles/octavia/tasks/deploy.yml new file mode 100644 index 0000000000..c75a5e6026 --- /dev/null +++ b/ansible/roles/octavia/tasks/deploy.yml @@ -0,0 +1,18 @@ +--- +- include: "register.yml" + when: inventory_hostname in groups['octavia-api'] + +- include: "config.yml" + when: inventory_hostname in groups['octavia-api'] or + inventory_hostname in groups['octavia-health-manager'] or + inventory_hostname in groups['octavia-housekeeping'] or + inventory_hostname in groups['octavia-worker'] + +- include: "bootstrap.yml" + when: inventory_hostname in groups['octavia-api'] + +- include: "start.yml" + when: inventory_hostname in groups['octavia-api'] or + inventory_hostname in groups['octavia-health-manager'] or + inventory_hostname in groups['octavia-housekeeping'] or + inventory_hostname in groups['octavia-worker'] diff --git a/ansible/roles/octavia/tasks/main.yml b/ansible/roles/octavia/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/octavia/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/octavia/tasks/pull.yml b/ansible/roles/octavia/tasks/pull.yml new file mode 100644 index 0000000000..2b51b139da --- /dev/null +++ b/ansible/roles/octavia/tasks/pull.yml @@ -0,0 +1,28 @@ +--- +- name: Pulling octavia-api image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ octavia_api_image_full }}" + when: inventory_hostname in groups['octavia-api'] + +- name: Pulling octavia-health-manager image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ octavia_health_manager_image_full }}" + when: inventory_hostname in groups['octavia-health-manager'] + +- name: Pulling octavia-housekeeping image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ octavia_housekeeping_image_full }}" + when: inventory_hostname in groups['octavia-housekeeping'] + +- name: Pulling octavia-worker image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ octavia_worker_image_full }}" + when: inventory_hostname in groups['octavia-worker'] diff --git a/ansible/roles/octavia/tasks/reconfigure.yml b/ansible/roles/octavia/tasks/reconfigure.yml new file mode 100644 index 0000000000..c9f85a8838 --- /dev/null +++ b/ansible/roles/octavia/tasks/reconfigure.yml @@ -0,0 +1,76 @@ +--- +- name: Ensuring the containers up + kolla_docker: + name: "{{ item.name }}" + action: "get_container_state" + register: container_state + failed_when: container_state.Running == false + when: inventory_hostname in groups[item.group] + with_items: + - { name: octavia_api, group: octavia-api } + - { name: octavia_health_manager, group: octavia-health-manager } + - { name: octavia_housekeeping, group: octavia-housekeeping } + - { name: octavia_worker, group: octavia-worker } + +- include: config.yml + +- name: Check the configs + command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check + changed_when: false + failed_when: false + register: check_results + when: inventory_hostname in groups[item.group] + with_items: + - { name: octavia_api, group: octavia-api } + - { name: octavia_health_manager, group: octavia-health-manager } + - { name: octavia_housekeeping, group: octavia-housekeeping } + - { name: octavia_worker, group: octavia-worker } + +- name: Containers config strategy + kolla_docker: + name: "{{ item.name }}" + action: "get_container_env" + register: container_envs + when: inventory_hostname in groups[item.group] + with_items: + - { name: octavia_api, group: octavia-api } + - { name: octavia_health_manager, group: octavia-health-manager } + - { name: octavia_housekeeping, group: octavia-housekeeping } + - { name: octavia_worker, group: octavia-worker } + +- name: Remove the containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "remove_container" + register: remove_containers + when: + - inventory_hostname in groups[item[0]['group']] + - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE' + - item[2]['rc'] == 1 + with_together: + - [{ name: octavia_api, group: octavia-api }, + { name: octavia_health_manager, group: octavia-health-manager }, + { name: octavia_housekeeping, group: octavia-housekeeping }, + { name: octavia_worker, group: octavia-worker }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" + +- include: start.yml + when: remove_containers.changed + +- name: Restart containers + kolla_docker: + name: "{{ item[0]['name'] }}" + action: "restart_container" + when: + - inventory_hostname in groups[item[0]['group']] + - config_strategy == 'COPY_ALWAYS' + - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE' + - item[2]['rc'] == 1 + with_together: + - [{ name: octavia_api, group: octavia-api }, + { name: octavia_health_manager, group: octavia-health-manager }, + { name: octavia_housekeeping, group: octavia-housekeeping }, + { name: octavia_worker, group: octavia-worker }] + - "{{ container_envs.results }}" + - "{{ check_results.results }}" diff --git a/ansible/roles/octavia/tasks/register.yml b/ansible/roles/octavia/tasks/register.yml new file mode 100644 index 0000000000..96c0e790b8 --- /dev/null +++ b/ansible/roles/octavia/tasks/register.yml @@ -0,0 +1,40 @@ +--- +- name: Creating the Octavia service and endpoint + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=octavia + service_type=application-catalog + description='Openstack Application Catalogue' + endpoint_region={{ openstack_region_name }} + url='{{ item.url }}' + interface='{{ item.interface }}' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_octavia_auth }}' }}" + -e "{'openstack_octavia_auth':{{ openstack_octavia_auth }}}" + register: octavia_endpoint + changed_when: "{{ octavia_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (octavia_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: octavia_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ octavia_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ octavia_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ octavia_public_endpoint }}'} + +- name: Creating the Octavia project, user, and role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user=octavia + password={{ octavia_keystone_password }} + role=admin + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_octavia_auth }}' }}" + -e "{'openstack_octavia_auth':{{ openstack_octavia_auth }}}" + register: octavia_user + changed_when: "{{ octavia_user.stdout.find('localhost | SUCCESS => ') != -1 and (octavia_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: octavia_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/octavia/tasks/start.yml b/ansible/roles/octavia/tasks/start.yml new file mode 100644 index 0000000000..0baa93d311 --- /dev/null +++ b/ansible/roles/octavia/tasks/start.yml @@ -0,0 +1,48 @@ +--- +- name: Starting octavia-api container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ octavia_api_image_full }}" + name: "octavia_api" + volumes: + - "{{ node_config_directory }}/octavia-api/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['octavia-api'] + +- name: Starting octavia-health-manager container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ octavia_api_image_full }}" + name: "octavia_health_manager" + volumes: + - "{{ node_config_directory }}/octavia-health-manager/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['octavia-health-manager'] + +- name: Starting octavia-housekeeping container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ octavia_api_image_full }}" + name: "octavia_housekeeping" + volumes: + - "{{ node_config_directory }}/octavia-housekeeping/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['octavia-housekeeping'] + +- name: Starting octavia-worker container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ octavia_api_image_full }}" + name: "octavia_worker" + volumes: + - "{{ node_config_directory }}/octavia-worker/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: inventory_hostname in groups['octavia-worker'] diff --git a/ansible/roles/octavia/tasks/upgrade.yml b/ansible/roles/octavia/tasks/upgrade.yml new file mode 100644 index 0000000000..77ffb53e90 --- /dev/null +++ b/ansible/roles/octavia/tasks/upgrade.yml @@ -0,0 +1,6 @@ +--- +- include: "config.yml" + +- include: "bootstrap_service.yml" + +- include: "start.yml" diff --git a/ansible/roles/octavia/templates/octavia-api.json.j2 b/ansible/roles/octavia/templates/octavia-api.json.j2 new file mode 100644 index 0000000000..ede67a722b --- /dev/null +++ b/ansible/roles/octavia/templates/octavia-api.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "octavia-api --config-file /etc/octavia/octavia.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/octavia.conf", + "dest": "/etc/octavia/octavia.conf", + "owner": "octavia", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/octavia/templates/octavia-health-manager.json.j2 b/ansible/roles/octavia/templates/octavia-health-manager.json.j2 new file mode 100644 index 0000000000..ed0f102c62 --- /dev/null +++ b/ansible/roles/octavia/templates/octavia-health-manager.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "octavia-health-manager --config-file /etc/octavia/octavia.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/octavia.conf", + "dest": "/etc/octavia/octavia.conf", + "owner": "octavia", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/octavia/templates/octavia-housekeeping.json.j2 b/ansible/roles/octavia/templates/octavia-housekeeping.json.j2 new file mode 100644 index 0000000000..a112332833 --- /dev/null +++ b/ansible/roles/octavia/templates/octavia-housekeeping.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "octavia-housekeeping --config-file /etc/octavia/octavia.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/octavia.conf", + "dest": "/etc/octavia/octavia.conf", + "owner": "octavia", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/octavia/templates/octavia-worker.json.j2 b/ansible/roles/octavia/templates/octavia-worker.json.j2 new file mode 100644 index 0000000000..042349b84f --- /dev/null +++ b/ansible/roles/octavia/templates/octavia-worker.json.j2 @@ -0,0 +1,29 @@ +{ + "command": "octavia-worker --config-file /etc/octavia/octavia.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/octavia.conf", + "dest": "/etc/octavia/octavia.conf", + "owner": "octavia", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/cakey.pem", + "dest": "/etc/octavia/certs/private/cakey.pem", + "owner": "octavia", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/ca_01.pem", + "dest": "/etc/octavia/certs/ca_01.pem", + "owner": "octavia", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/client.pem", + "dest": "/etc/octavia/certs/client.pem", + "owner": "octavia", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2 new file mode 100644 index 0000000000..b44c5221be --- /dev/null +++ b/ansible/roles/octavia/templates/octavia.conf.j2 @@ -0,0 +1,74 @@ +[DEFAULT] +debug = {{ octavia_logging_debug }} + +log_dir = /var/log/kolla/octavia + +api_handler = queue_producer + +transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} + +bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +bind_port = {{ octavia_api_port }} + +[certificates] +ca_private_key_passphrase = {{ octavia_ca_password }} +ca_private_key = /etc/octavia/certs/private/cakey.pem +ca_certificate = /etc/octavia/certs/ca_01.pem + +[haproxy_amphora] +server_ca = /etc/octavia/certs/ca_01.pem +client_cert = /etc/octavia/certs/client.pem + +[database] +connection = mysql+pymysql://{{ octavia_database_user }}:{{ octavia_database_password }}@{{ octavia_database_address }}/{{ octavia_database_name }} +max_retries = -1 + +[service_auth] +auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +username = admin +password = {{ keystone_admin_password }} +user_domain_name = Default +project_name = admin +project_domain_name = Default + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[keystone_authtoken] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_host = {{ kolla_internal_fqdn }} +auth_port = {{ keystone_public_port }} +auth_protocol = {{ internal_protocol }} +auth_type = password +admin_tenant_name = service +admin_user = {{ octavia_keystone_user }} +admin_password = {{ octavia_keystone_password }} + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[health_manager] +bind_port = {{ octavia_health_manager_port }} +bind_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +controller_ip_port_list = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ octavia_health_manager_port }} +heartbeat_key =insecure + +[controller_worker] +amp_boot_network_list = {{ octavia_amp_boot_network_list }} +amp_image_tag = amphora +amp_secgroup_list = {{ octavia_amp_secgroup_list }} +amp_flavor_id = {{ octavia_amp_flavor_id }} +amp_ssh_key_name = octavia_ssh_key +network_driver = allowed_address_pairs_driver +compute_driver = compute_nova_driver +amphora_driver = amphora_haproxy_rest_driver +amp_active_retries = 100 +amp_active_wait_sec = 2 +loadbalancer_topology = {{ octavia_loadbalancer_topology }} + +[oslo_messaging] +topic = octavia_prov +rpc_thread_pool_size = 2 diff --git a/ansible/site.yml b/ansible/site.yml index ba8e17796b..3a60afd72f 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -486,3 +486,11 @@ - { role: tacker, tags: tacker, when: enable_tacker | bool } + +- name: Apply role octavia + hosts: + - octavia-api + - octavia-health-manager + - octavia-housekeeping + - octavia-worker + serial: '{{ serial|default("0") }}' diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index b37451d1bb..7aea8a1830 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -106,6 +106,9 @@ telemetry_secret_key: manila_database_password: manila_keystone_password: +octavia_database_password: +octavia_keystone_password: + searchlight_keystone_password: tacker_database_password: diff --git a/releasenotes/notes/implement-octavia-73f5470136886e9e.yaml b/releasenotes/notes/implement-octavia-73f5470136886e9e.yaml new file mode 100644 index 0000000000..3022da13f5 --- /dev/null +++ b/releasenotes/notes/implement-octavia-73f5470136886e9e.yaml @@ -0,0 +1,3 @@ +--- +features: + - Implement Octavia Ansible role