Adds Qinling Ansible role
Qinling is an OpenStack project to provide "Function as a Service". This project aims to provide a platform to support serverless functions. Change-Id: I239a0130f8c8b061b531dab530d65172b0914d7c Implements: blueprint ansible-qinling-support Story: 2005760 Task: 33468
This commit is contained in:
parent
41e634e204
commit
edb3489820
@ -69,6 +69,7 @@ Kolla-Ansible deploys containers for the following OpenStack projects:
|
||||
- `Nova <https://docs.openstack.org/nova/latest/>`__
|
||||
- `Octavia <https://docs.openstack.org/octavia/latest/>`__
|
||||
- `Panko <https://docs.openstack.org/panko/latest/>`__
|
||||
- `Qinling <https://docs.openstack.org/qinling/latest/>`__
|
||||
- `Rally <https://docs.openstack.org/rally/latest/>`__
|
||||
- `Sahara <https://docs.openstack.org/sahara/latest/>`__
|
||||
- `Searchlight <https://docs.openstack.org/searchlight/latest/>`__
|
||||
|
@ -368,6 +368,8 @@ prometheus_elasticsearch_exporter_port: "9108"
|
||||
|
||||
qdrouterd_port: "31459"
|
||||
|
||||
qinling_api_port: "7070"
|
||||
|
||||
rabbitmq_port: "5672"
|
||||
rabbitmq_management_port: "15672"
|
||||
rabbitmq_cluster_port: "25672"
|
||||
@ -554,6 +556,7 @@ enable_horizon_murano: "{{ enable_murano | bool }}"
|
||||
enable_horizon_neutron_lbaas: "{{ enable_neutron_lbaas | bool }}"
|
||||
enable_horizon_neutron_vpnaas: "{{ enable_neutron_vpnaas | bool }}"
|
||||
enable_horizon_octavia: "{{ enable_octavia | bool }}"
|
||||
enable_horizon_qinling: "{{ enable_qinling | bool }}"
|
||||
enable_horizon_sahara: "{{ enable_sahara | bool }}"
|
||||
enable_horizon_searchlight: "{{ enable_searchlight | bool }}"
|
||||
enable_horizon_senlin: "{{ enable_senlin | bool }}"
|
||||
@ -608,6 +611,7 @@ enable_osprofiler: "no"
|
||||
enable_panko: "no"
|
||||
enable_placement: "{{ enable_nova }}"
|
||||
enable_qdrouterd: "{{ 'yes' if om_rpc_transport == 'amqp' else 'no' }}"
|
||||
enable_qinling: "no"
|
||||
enable_rally: "no"
|
||||
enable_redis: "no"
|
||||
enable_sahara: "no"
|
||||
@ -887,6 +891,12 @@ octavia_amp_boot_network_list:
|
||||
octavia_amp_secgroup_list:
|
||||
octavia_amp_flavor_id:
|
||||
|
||||
#################
|
||||
# Qinling options
|
||||
#################
|
||||
# Configure qinling-engine certificates to authenticate with Kubernetes cluster.
|
||||
qinling_kubernetes_certificates: "no"
|
||||
|
||||
###################
|
||||
# Ceph options
|
||||
###################
|
||||
|
@ -163,6 +163,9 @@ monitoring
|
||||
[magnum:children]
|
||||
control
|
||||
|
||||
[qinling:children]
|
||||
control
|
||||
|
||||
[sahara:children]
|
||||
control
|
||||
|
||||
@ -508,6 +511,13 @@ magnum
|
||||
[magnum-conductor:children]
|
||||
magnum
|
||||
|
||||
# Qinling
|
||||
[qinling-api:children]
|
||||
qinling
|
||||
|
||||
[qinling-engine:children]
|
||||
qinling
|
||||
|
||||
# Solum
|
||||
[solum-api:children]
|
||||
solum
|
||||
|
@ -185,6 +185,9 @@ control
|
||||
[magnum:children]
|
||||
control
|
||||
|
||||
[qinling:children]
|
||||
control
|
||||
|
||||
[sahara:children]
|
||||
control
|
||||
|
||||
@ -517,6 +520,13 @@ magnum
|
||||
[magnum-conductor:children]
|
||||
magnum
|
||||
|
||||
# Qinling
|
||||
[qinling-api:children]
|
||||
qinling
|
||||
|
||||
[qinling-engine:children]
|
||||
qinling
|
||||
|
||||
# Sahara
|
||||
[sahara-api:children]
|
||||
sahara
|
||||
|
@ -286,6 +286,7 @@
|
||||
- { name: "opendaylight", enabled: "{{ enable_opendaylight }}" }
|
||||
- { name: "outward-rabbitmq", enabled: "{{ enable_outward_rabbitmq }}" }
|
||||
- { name: "panko", enabled: "{{ enable_panko }}" }
|
||||
- { name: "qinling", enabled: "{{ enable_qinling }}" }
|
||||
- { name: "rabbitmq", enabled: "{{ enable_rabbitmq }}" }
|
||||
- { name: "rally", enabled: "{{ enable_rally }}" }
|
||||
- { name: "sahara", enabled: "{{ enable_sahara }}" }
|
||||
|
@ -166,4 +166,9 @@
|
||||
pattern ^(blazar-api|blazar-manager)$
|
||||
tag openstack_python
|
||||
</rule>
|
||||
<rule>
|
||||
key programname
|
||||
pattern ^(qinling-engine|qinling-api)$
|
||||
tag openstack_python
|
||||
</rule>
|
||||
</match>
|
||||
|
@ -29,6 +29,7 @@
|
||||
( 'nova', enable_nova ),
|
||||
( 'octavia', enable_octavia ),
|
||||
( 'panko', enable_panko ),
|
||||
( 'qinling', enable_qinling ),
|
||||
( 'rally', enable_rally ),
|
||||
( 'sahara', enable_sahara ),
|
||||
( 'searchlight', enable_searchlight ),
|
||||
|
@ -0,0 +1,3 @@
|
||||
"/var/log/kolla/qinling/*.log"
|
||||
{
|
||||
}
|
@ -44,6 +44,7 @@
|
||||
( 'opendaylight', enable_opendaylight ),
|
||||
( 'outward-rabbitmq', enable_outward_rabbitmq ),
|
||||
( 'panko', enable_panko ),
|
||||
( 'qinling', enable_qinling ),
|
||||
( 'rabbitmq', enable_rabbitmq ),
|
||||
( 'rally', enable_rally ),
|
||||
( 'sahara', enable_sahara ),
|
||||
|
@ -756,6 +756,19 @@
|
||||
- haproxy_stat.find('panko_api') == -1
|
||||
- "host_running_haproxy == 'None'"
|
||||
|
||||
- name: Checking free port for Qinling API HAProxy
|
||||
wait_for:
|
||||
host: "{{ kolla_internal_vip_address }}"
|
||||
port: "{{ qinling_api_port }}"
|
||||
connect_timeout: 1
|
||||
timeout: 1
|
||||
state: stopped
|
||||
when:
|
||||
- enable_qinling | bool
|
||||
- inventory_hostname in groups['haproxy']
|
||||
- haproxy_stat.find('qinling_api') == -1
|
||||
- "host_running_haproxy == 'None'"
|
||||
|
||||
- name: Checking free port for RabbitMQ Management HAProxy
|
||||
wait_for:
|
||||
host: "{{ kolla_internal_vip_address }}"
|
||||
|
@ -24,6 +24,7 @@ horizon_services:
|
||||
ENABLE_NEUTRON_LBAAS: "{{ 'yes' if enable_horizon_neutron_lbaas | bool else 'no' }}"
|
||||
ENABLE_NEUTRON_VPNAAS: "{{ 'yes' if enable_horizon_neutron_vpnaas | bool else 'no' }}"
|
||||
ENABLE_OCTAVIA: "{{ 'yes' if enable_horizon_octavia | bool else 'no' }}"
|
||||
ENABLE_QINLING: "{{ 'yes' if enable_horizon_qinling | bool else 'no' }}"
|
||||
ENABLE_SAHARA: "{{ 'yes' if enable_horizon_sahara | bool else 'no' }}"
|
||||
ENABLE_SEARCHLIGHT: "{{ 'yes' if enable_horizon_searchlight | bool else 'no' }}"
|
||||
ENABLE_SENLIN: "{{ 'yes' if enable_horizon_senlin | bool else 'no' }}"
|
||||
|
@ -37,6 +37,7 @@
|
||||
- { name: "murano", enabled: "{{ enable_horizon_murano }}" }
|
||||
- { name: "neutron", enabled: "{{ enable_neutron_horizon_policy_file }}" }
|
||||
- { name: "nova", enabled: "{{ enable_nova_horizon_policy_file }}" }
|
||||
- { name: "qinling", enabled: "{{ enable_horizon_qinling }}" }
|
||||
- { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
|
||||
- { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
|
||||
- { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
|
||||
|
@ -18,6 +18,7 @@
|
||||
( 'murano', enable_horizon_murano ),
|
||||
( 'neutron', enable_neutron ),
|
||||
( 'nova', enable_nova ),
|
||||
( 'qinling', enable_horizon_qinling ),
|
||||
( 'sahara', enable_horizon_sahara ),
|
||||
( 'searchlight', enable_horizon_searchlight ),
|
||||
( 'senlin', enable_horizon_senlin ),
|
||||
|
88
ansible/roles/qinling/defaults/main.yml
Normal file
88
ansible/roles/qinling/defaults/main.yml
Normal file
@ -0,0 +1,88 @@
|
||||
---
|
||||
project_name: "qinling"
|
||||
|
||||
qinling_services:
|
||||
qinling-api:
|
||||
container_name: qinling_api
|
||||
group: qinling-api
|
||||
enabled: true
|
||||
image: "{{ qinling_api_image_full }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/qinling-api/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "{{ kolla_dev_repos_directory ~ '/qinling/qinling:/var/lib/kolla/venv/lib/python2.7/site-packages/qinling' if qinling_dev_mode | bool else '' }}"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ qinling_api_dimensions }}"
|
||||
haproxy:
|
||||
qinling_api:
|
||||
enabled: "{{ enable_qinling }}"
|
||||
mode: "http"
|
||||
external: false
|
||||
port: "{{ qinling_api_port }}"
|
||||
qinling_api_external:
|
||||
enabled: "{{ enable_qinling }}"
|
||||
mode: "http"
|
||||
external: true
|
||||
port: "{{ qinling_api_port }}"
|
||||
qinling-engine:
|
||||
container_name: qinling_engine
|
||||
group: qinling-engine
|
||||
enabled: true
|
||||
image: "{{ qinling_engine_image_full }}"
|
||||
environment: "{{ container_proxy }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/qinling-engine/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "qinling:/var/lib/qinling/"
|
||||
- "{{ kolla_dev_repos_directory ~ '/qinling/qinling:/var/lib/kolla/venv/lib/python2.7/site-packages/qinling' if qinling_dev_mode | bool else '' }}"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
dimensions: "{{ qinling_engine_dimensions }}"
|
||||
|
||||
|
||||
####################
|
||||
# Database
|
||||
####################
|
||||
qinling_database_name: "qinling"
|
||||
qinling_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}qinling{% endif %}"
|
||||
qinling_database_address: "{{ database_address }}:{{ database_port }}"
|
||||
|
||||
|
||||
####################
|
||||
# Docker
|
||||
####################
|
||||
qinling_install_type: "{{ kolla_install_type }}"
|
||||
qinling_tag: "{{ openstack_release }}"
|
||||
|
||||
qinling_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ qinling_install_type }}-qinling-api"
|
||||
qinling_api_tag: "{{ qinling_tag }}"
|
||||
qinling_api_image_full: "{{ qinling_api_image }}:{{ qinling_api_tag }}"
|
||||
|
||||
qinling_engine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ qinling_install_type }}-qinling-engine"
|
||||
qinling_engine_tag: "{{ qinling_tag }}"
|
||||
qinling_engine_image_full: "{{ qinling_engine_image }}:{{ qinling_engine_tag }}"
|
||||
|
||||
qinling_api_dimensions: "{{ default_container_dimensions }}"
|
||||
qinling_engine_dimensions: "{{ default_container_dimensions }}"
|
||||
|
||||
|
||||
####################
|
||||
# OpenStack
|
||||
####################
|
||||
qinling_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ qinling_api_port }}"
|
||||
qinling_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ qinling_api_port }}"
|
||||
qinling_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ qinling_api_port }}"
|
||||
|
||||
qinling_logging_debug: "{{ openstack_logging_debug }}"
|
||||
|
||||
qinling_keystone_user: "qinling"
|
||||
|
||||
openstack_qinling_auth: "{{ openstack_auth }}"
|
||||
|
||||
|
||||
####################
|
||||
# Kolla
|
||||
####################
|
||||
qinling_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
|
||||
qinling_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
|
||||
qinling_dev_mode: "{{ kolla_dev_mode }}"
|
||||
qinling_source_version: "{{ kolla_source_version }}"
|
52
ansible/roles/qinling/handlers/main.yml
Normal file
52
ansible/roles/qinling/handlers/main.yml
Normal file
@ -0,0 +1,52 @@
|
||||
---
|
||||
- name: Restart qinling-api container
|
||||
vars:
|
||||
service_name: "qinling-api"
|
||||
service: "{{ qinling_services[service_name] }}"
|
||||
config_json: "{{ qinling_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
qinling_conf: "{{ qinling_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ qinling_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
qinling_api_container: "{{ check_qinling_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
name: "{{ service.container_name }}"
|
||||
image: "{{ service.image }}"
|
||||
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
|
||||
environment: "{{ service.environment }}"
|
||||
dimensions: "{{ service.dimensions }}"
|
||||
when:
|
||||
- kolla_action != "config"
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or qinling_conf.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or qinling_api_container.changed | bool
|
||||
|
||||
- name: Restart qinling-engine container
|
||||
vars:
|
||||
service_name: "qinling-engine"
|
||||
service: "{{ qinling_services[service_name] }}"
|
||||
config_json: "{{ qinling_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
qinling_conf: "{{ qinling_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ qinling_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
qinling_engine_container: "{{ check_qinling_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
name: "{{ service.container_name }}"
|
||||
image: "{{ service.image }}"
|
||||
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
|
||||
environment: "{{ service.environment }}"
|
||||
dimensions: "{{ service.dimensions }}"
|
||||
when:
|
||||
- kolla_action != "config"
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or qinling_conf.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or qinling_engine_container.changed | bool
|
3
ansible/roles/qinling/meta/main.yml
Normal file
3
ansible/roles/qinling/meta/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
dependencies:
|
||||
- { role: common }
|
38
ansible/roles/qinling/tasks/bootstrap.yml
Normal file
38
ansible/roles/qinling/tasks/bootstrap.yml
Normal file
@ -0,0 +1,38 @@
|
||||
---
|
||||
- name: Creating Qinling database
|
||||
become: true
|
||||
kolla_toolbox:
|
||||
module_name: mysql_db
|
||||
module_args:
|
||||
login_host: "{{ database_address }}"
|
||||
login_port: "{{ database_port }}"
|
||||
login_user: "{{ database_user }}"
|
||||
login_password: "{{ database_password }}"
|
||||
name: "{{ qinling_database_name }}"
|
||||
register: database
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['qinling-api'][0] }}"
|
||||
when:
|
||||
- not use_preconfigured_databases | bool
|
||||
|
||||
- name: Creating Qinling database user and setting permissions
|
||||
become: true
|
||||
kolla_toolbox:
|
||||
module_name: mysql_user
|
||||
module_args:
|
||||
login_host: "{{ database_address }}"
|
||||
login_port: "{{ database_port }}"
|
||||
login_user: "{{ database_user }}"
|
||||
login_password: "{{ database_password }}"
|
||||
name: "{{ qinling_database_user }}"
|
||||
password: "{{ qinling_database_password }}"
|
||||
host: "%"
|
||||
priv: "{{ qinling_database_name }}.*:ALL"
|
||||
append_privs: "yes"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['qinling-api'][0] }}"
|
||||
when:
|
||||
- not use_preconfigured_databases | bool
|
||||
|
||||
- include_tasks: bootstrap_service.yml
|
||||
when: database.changed or use_preconfigured_databases | bool
|
20
ansible/roles/qinling/tasks/bootstrap_service.yml
Normal file
20
ansible/roles/qinling/tasks/bootstrap_service.yml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Running Qinling bootstrap container
|
||||
vars:
|
||||
qinling_api: "{{ qinling_services['qinling-api'] }}"
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
detach: False
|
||||
environment:
|
||||
KOLLA_BOOTSTRAP:
|
||||
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||
image: "{{ qinling_api.image }}"
|
||||
labels:
|
||||
BOOTSTRAP:
|
||||
name: "bootstrap_qinling"
|
||||
restart_policy: "never"
|
||||
volumes: "{{ qinling_api.volumes|reject('equalto', '')|list }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups[qinling_api.group][0] }}"
|
1
ansible/roles/qinling/tasks/check.yml
Normal file
1
ansible/roles/qinling/tasks/check.yml
Normal file
@ -0,0 +1 @@
|
||||
---
|
7
ansible/roles/qinling/tasks/clone.yml
Normal file
7
ansible/roles/qinling/tasks/clone.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: Cloning qinling source repository for development
|
||||
git:
|
||||
repo: "{{ qinling_git_repository }}"
|
||||
dest: "{{ kolla_dev_repos_directory }}/{{ project_name }}"
|
||||
update: "{{ qinling_dev_repos_pull }}"
|
||||
version: "{{ qinling_source_version }}"
|
104
ansible/roles/qinling/tasks/config.yml
Normal file
104
ansible/roles/qinling/tasks/config.yml
Normal file
@ -0,0 +1,104 @@
|
||||
---
|
||||
- name: Ensuring config directories exist
|
||||
file:
|
||||
path: "{{ node_config_directory }}/{{ item.key }}"
|
||||
state: "directory"
|
||||
owner: "{{ config_owner_user }}"
|
||||
group: "{{ config_owner_group }}"
|
||||
mode: "0770"
|
||||
become: true
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ qinling_services }}"
|
||||
|
||||
- include_tasks: external_kubernetes.yml
|
||||
when:
|
||||
- (enable_qinling | bool) and (qinling_kubernetes_certificates | bool)
|
||||
- inventory_hostname in groups['qinling-engine']
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ item }}"
|
||||
run_once: True
|
||||
register: qinling_policy
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_format_list }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/qinling/"
|
||||
skip: true
|
||||
|
||||
- name: Set qinling policy file
|
||||
set_fact:
|
||||
qinling_policy_file: "{{ qinling_policy.results.0.stat.path | basename }}"
|
||||
qinling_policy_file_path: "{{ qinling_policy.results.0.stat.path }}"
|
||||
when:
|
||||
- qinling_policy.results
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item.key }}.json.j2"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: qinling_config_jsons
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ qinling_services }}"
|
||||
notify:
|
||||
- Restart {{ item.key }} container
|
||||
|
||||
- name: Copying over qinling.conf
|
||||
vars:
|
||||
service_name: "{{ item.key }}"
|
||||
merge_configs:
|
||||
sources:
|
||||
- "{{ role_path }}/templates/qinling.conf.j2"
|
||||
- "{{ node_custom_config }}/global.conf"
|
||||
- "{{ node_custom_config }}/qinling.conf"
|
||||
- "{{ node_custom_config }}/qinling/{{ item.key }}.conf"
|
||||
- "{{ node_custom_config }}/qinling/{{ inventory_hostname }}/qinling.conf"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/qinling.conf"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: qinling_confs
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ qinling_services }}"
|
||||
notify:
|
||||
- Restart {{ item.key }} container
|
||||
|
||||
- name: Copying over existing policy file
|
||||
template:
|
||||
src: "{{ qinling_policy_file_path }}"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/{{ qinling_policy_file }}"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: qinling_policy_overwriting
|
||||
when:
|
||||
- qinling_policy_file is defined
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ qinling_services }}"
|
||||
notify:
|
||||
- Restart {{ item.key }} container
|
||||
|
||||
- name: Check qinling containers
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "compare_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
name: "{{ item.value.container_name }}"
|
||||
image: "{{ item.value.image }}"
|
||||
volumes: "{{ item.value.volumes|reject('equalto', '')|list }}"
|
||||
dimensions: "{{ item.value.dimensions }}"
|
||||
environment: "{{ item.value.environment }}"
|
||||
register: check_qinling_containers
|
||||
when:
|
||||
- kolla_action != "config"
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ qinling_services }}"
|
||||
notify:
|
||||
- Restart {{ item.key }} container
|
16
ansible/roles/qinling/tasks/deploy.yml
Normal file
16
ansible/roles/qinling/tasks/deploy.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
- include_tasks: register.yml
|
||||
when: inventory_hostname in groups['qinling-api']
|
||||
|
||||
- include_tasks: config.yml
|
||||
when: inventory_hostname in groups['qinling-api'] or
|
||||
inventory_hostname in groups['qinling-engine']
|
||||
|
||||
- include_tasks: clone.yml
|
||||
when: qinling_dev_mode | bool
|
||||
|
||||
- include_tasks: bootstrap.yml
|
||||
when: inventory_hostname in groups['qinling-api']
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
19
ansible/roles/qinling/tasks/external_kubernetes.yml
Normal file
19
ansible/roles/qinling/tasks/external_kubernetes.yml
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
- name: Copy over Kubernetes certificates files for qinling-engine
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ node_config_directory }}/qinling-engine/"
|
||||
mode: "0660"
|
||||
owner: "{{ config_owner_user }}"
|
||||
group: "{{ config_owner_group }}"
|
||||
become: true
|
||||
register: qinling_engine_kubernetes_files
|
||||
with_items:
|
||||
- "{{ node_custom_config }}/qinling/qinling-engine/kubernetes_ca.crt"
|
||||
- "{{ node_custom_config }}/qinling/qinling-engine/kubernetes.crt"
|
||||
- "{{ node_custom_config }}/qinling/qinling-engine/kubernetes.key"
|
||||
when:
|
||||
- qinling_kubernetes_certificates | bool
|
||||
- inventory_hostname in groups['qinling-engine']
|
||||
notify:
|
||||
- Restart qinling-engine container
|
7
ansible/roles/qinling/tasks/loadbalancer.yml
Normal file
7
ansible/roles/qinling/tasks/loadbalancer.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Configure haproxy for {{ project_name }}"
|
||||
import_role:
|
||||
role: haproxy-config
|
||||
vars:
|
||||
project_services: "{{ qinling_services }}"
|
||||
tags: always
|
2
ansible/roles/qinling/tasks/main.yml
Normal file
2
ansible/roles/qinling/tasks/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
- include_tasks: "{{ kolla_action }}.yml"
|
17
ansible/roles/qinling/tasks/precheck.yml
Normal file
17
ansible/roles/qinling/tasks/precheck.yml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: Get container facts
|
||||
kolla_container_facts:
|
||||
name:
|
||||
- qinling_api
|
||||
register: container_facts
|
||||
|
||||
- name: Checking free port for Qinling API
|
||||
wait_for:
|
||||
host: "{{ api_interface_address }}"
|
||||
port: "{{ qinling_api_port }}"
|
||||
connect_timeout: 1
|
||||
timeout: 1
|
||||
state: stopped
|
||||
when:
|
||||
- container_facts['qinling_api'] is not defined
|
||||
- inventory_hostname in groups['qinling-api']
|
11
ansible/roles/qinling/tasks/pull.yml
Normal file
11
ansible/roles/qinling/tasks/pull.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: Pulling qinling images
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ item.value.image }}"
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ qinling_services }}"
|
2
ansible/roles/qinling/tasks/reconfigure.yml
Normal file
2
ansible/roles/qinling/tasks/reconfigure.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
- include_tasks: deploy.yml
|
34
ansible/roles/qinling/tasks/register.yml
Normal file
34
ansible/roles/qinling/tasks/register.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
- name: Creating the Qinling service and endpoint
|
||||
become: true
|
||||
kolla_toolbox:
|
||||
module_name: "kolla_keystone_service"
|
||||
module_args:
|
||||
service_name: "qinling"
|
||||
service_type: "function-engine"
|
||||
description: "Function Service"
|
||||
endpoint_region: "{{ openstack_region_name }}"
|
||||
url: "{{ item.url }}"
|
||||
interface: "{{ item.interface }}"
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_qinling_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
run_once: True
|
||||
with_items:
|
||||
- {'interface': 'admin', 'url': '{{ qinling_admin_endpoint }}'}
|
||||
- {'interface': 'internal', 'url': '{{ qinling_internal_endpoint }}'}
|
||||
- {'interface': 'public', 'url': '{{ qinling_public_endpoint }}'}
|
||||
|
||||
- name: Creating the Qinling project, user, and role
|
||||
become: true
|
||||
kolla_toolbox:
|
||||
module_name: "kolla_keystone_user"
|
||||
module_args:
|
||||
project: "service"
|
||||
user: "{{ qinling_keystone_user }}"
|
||||
password: "{{ qinling_keystone_password }}"
|
||||
role: "admin"
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
auth: "{{ openstack_qinling_auth }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
run_once: True
|
6
ansible/roles/qinling/tasks/stop.yml
Normal file
6
ansible/roles/qinling/tasks/stop.yml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- import_role:
|
||||
role: service-stop
|
||||
vars:
|
||||
project_services: "{{ qinling_services }}"
|
||||
service_name: "{{ project_name }}"
|
7
ansible/roles/qinling/tasks/upgrade.yml
Normal file
7
ansible/roles/qinling/tasks/upgrade.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- include_tasks: config.yml
|
||||
|
||||
- include_tasks: bootstrap_service.yml
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
24
ansible/roles/qinling/templates/qinling-api.json.j2
Normal file
24
ansible/roles/qinling/templates/qinling-api.json.j2
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"command": "qinling-api --config-file /etc/qinling/qinling.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/qinling.conf",
|
||||
"dest": "/etc/qinling/qinling.conf",
|
||||
"owner": "qinling",
|
||||
"perm": "0600"
|
||||
}{% if qinling_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/{{ qinling_policy_file }}",
|
||||
"dest": "/etc/qinling/{{ qinling_policy_file }}",
|
||||
"owner": "qinling",
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/log/kolla/qinling",
|
||||
"owner": "qinling:qinling",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
47
ansible/roles/qinling/templates/qinling-engine.json.j2
Normal file
47
ansible/roles/qinling/templates/qinling-engine.json.j2
Normal file
@ -0,0 +1,47 @@
|
||||
{
|
||||
"command": "qinling-engine --config-file /etc/qinling/qinling.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/qinling.conf",
|
||||
"dest": "/etc/qinling/qinling.conf",
|
||||
"owner": "qinling",
|
||||
"perm": "0600"
|
||||
}{% if qinling_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/{{ qinling_policy_file }}",
|
||||
"dest": "/etc/qinling/{{ qinling_policy_file }}",
|
||||
"owner": "qinling",
|
||||
"perm": "0600"
|
||||
}{% endif %}{% if qinling_kubernetes_certificates is defined and qinling_kubernetes_certificates | bool %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/kubernetes_ca.crt",
|
||||
"dest": "/etc/qinling/pki/kubernetes/ca.crt",
|
||||
"owner": "qinling",
|
||||
"perm": "0600"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/kubernetes.crt",
|
||||
"dest": "/etc/qinling/pki/kubernetes/qinling.crt",
|
||||
"owner": "qinling",
|
||||
"perm": "0600"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/kubernetes.key",
|
||||
"dest": "/etc/qinling/pki/kubernetes/qinling.key",
|
||||
"owner": "qinling",
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/lib/qinling",
|
||||
"owner": "qinling:qinling",
|
||||
"recurse": true
|
||||
},
|
||||
{
|
||||
"path": "/var/log/kolla/qinling",
|
||||
"owner": "qinling:qinling",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
62
ansible/roles/qinling/templates/qinling.conf.j2
Normal file
62
ansible/roles/qinling/templates/qinling.conf.j2
Normal file
@ -0,0 +1,62 @@
|
||||
[DEFAULT]
|
||||
debug = {{ qinling_logging_debug }}
|
||||
log_dir = /var/log/kolla/qinling
|
||||
transport_url = {{ rpc_transport_url }}
|
||||
|
||||
{% if service_name == 'qinling-api' %}
|
||||
[api]
|
||||
port = {{ qinling_api_port }}
|
||||
host = {{ api_interface_address }}
|
||||
api_workers = {{ openstack_service_workers }}
|
||||
{% endif %}
|
||||
|
||||
{% if service_name == 'qinling-engine' %}
|
||||
[engine]
|
||||
host = {{ api_interface_address }}
|
||||
{% endif %}
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ qinling_database_user }}:{{ qinling_database_password }}@{{ qinling_database_address }}/{{ qinling_database_name }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_type = password
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
project_name = service
|
||||
username = {{ qinling_keystone_user }}
|
||||
password = {{ qinling_keystone_password }}
|
||||
region_name = {{ openstack_region_name }}
|
||||
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcache_secret_key }}
|
||||
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
[storage]
|
||||
file_system_dir = /var/lib/qinling/package
|
||||
|
||||
[etcd]
|
||||
{% if enable_etcd | bool %}
|
||||
host = {{ api_interface_address }}
|
||||
port = {{ etcd_client_port }}
|
||||
protocol = {{ internal_protocol }}
|
||||
{% endif %}
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
transport_url = {{ notify_transport_url }}
|
||||
{% if enable_ceilometer | bool %}
|
||||
driver = messagingv2
|
||||
topics = notifications
|
||||
{% else %}
|
||||
driver = noop
|
||||
{% endif %}
|
||||
|
||||
{% if qinling_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ qinling_policy_file }}
|
||||
{% endif %}
|
||||
|
||||
[oslo_middleware]
|
||||
enable_proxy_headers_parsing = True
|
@ -69,6 +69,7 @@
|
||||
- enable_placement_{{ enable_placement | bool }}
|
||||
- enable_prometheus_{{ enable_prometheus | bool }}
|
||||
- enable_qdrouterd_{{ enable_qdrouterd | bool }}
|
||||
- enable_qinling_{{ enable_qinling | bool }}
|
||||
- enable_rabbitmq_{{ enable_rabbitmq | bool }}
|
||||
- enable_rally_{{ enable_rally | bool }}
|
||||
- enable_redis_{{ enable_redis | bool }}
|
||||
@ -302,6 +303,11 @@
|
||||
tasks_from: loadbalancer
|
||||
tags: prometheus
|
||||
when: enable_prometheus | bool
|
||||
- include_role:
|
||||
role: qinling
|
||||
tasks_from: loadbalancer
|
||||
tags: qinling
|
||||
when: enable_qinling | bool
|
||||
- include_role:
|
||||
role: rabbitmq
|
||||
tasks_from: loadbalancer
|
||||
@ -863,6 +869,18 @@
|
||||
tags: mistral,
|
||||
when: enable_mistral | bool }
|
||||
|
||||
- name: Apply role qinling
|
||||
gather_facts: false
|
||||
hosts:
|
||||
- qinling-api
|
||||
- qinling-engine
|
||||
- '&enable_qinling_True'
|
||||
serial: '{{ kolla_serial|default("0") }}'
|
||||
roles:
|
||||
- { role: qinling,
|
||||
tags: qinling,
|
||||
when: enable_qinling | bool }
|
||||
|
||||
- name: Apply role sahara
|
||||
gather_facts: false
|
||||
hosts:
|
||||
|
@ -10,6 +10,7 @@ compute services like HyperV, XenServer and so on.
|
||||
|
||||
hyperv-guide
|
||||
nova-fake-driver
|
||||
qinling-guide
|
||||
vmware-guide
|
||||
xenserver-guide
|
||||
zun-guide
|
||||
|
96
doc/source/reference/compute/qinling-guide.rst
Normal file
96
doc/source/reference/compute/qinling-guide.rst
Normal file
@ -0,0 +1,96 @@
|
||||
.. _qinling-guide:
|
||||
|
||||
=========================
|
||||
Qinling - Function Engine
|
||||
=========================
|
||||
|
||||
Overview
|
||||
~~~~~~~~
|
||||
|
||||
Qinling aims to provide a platform to support serverless functions
|
||||
(like AWS Lambda). Qinling supports different container orchestration
|
||||
platforms (Kubernetes/Swarm, etc...) and different function package storage
|
||||
backends (local/Swift/S3) by nature using plugin mechanism.
|
||||
|
||||
Kolla deploys Qinling API and Qinling Engine containers which are the main
|
||||
Qinling components but it needs to be connected to an existing container
|
||||
orchestration platforms.
|
||||
|
||||
Apply custom policies to Qinling API
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Custom policies could be apply by creating ``policy.json`` file under
|
||||
``/etc/kolla/config/qinling`` directory.
|
||||
|
||||
|
||||
Connect to an existing Kubernetes cluster
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Certificates
|
||||
------------
|
||||
|
||||
``qinling-engine`` authenticates to Kubernetes by using certificates.
|
||||
|
||||
.. note::
|
||||
If the cluster has not been created with OpenStack Magnum then
|
||||
certificates need to be gathered using different methods that will not
|
||||
be mentioned here.
|
||||
|
||||
If the Kubernetes cluster has been deployed with OpenStack Magnum then the
|
||||
OpenStack client should be used to retrieve the certificates.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
openstack coe cluster config --dir . 687f7476-5604-4b44-8b09-b7a4f3fdbd64 --output-certs
|
||||
|
||||
Where ``687f7476-5604-4b44-8b09-b7a4f3fdbd64`` is the Kubernetes cluster ID
|
||||
created with Magnum.
|
||||
|
||||
Four files should have been generated:
|
||||
|
||||
- ``ca.pem``
|
||||
- ``cert.pem``
|
||||
- ``key.pem``
|
||||
- ``config``
|
||||
|
||||
Only ``ca.pem``, ``cert.pem`` and ``key.pem`` will be used, these files have
|
||||
to be stored in ``/etc/kolla/config/qinling/qinling-engine`` directory under
|
||||
these file name:
|
||||
|
||||
- ``ca.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes_ca.crt``
|
||||
- ``cert.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.crt``
|
||||
- ``key.pem``: ``/etc/kolla/config/qinling/qinling-engine/kubernetes.key``
|
||||
|
||||
|
||||
Declare ``qinling_kubernetes_certificates`` variable in
|
||||
``/etc/kolla/globals.yml``:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
qinling_kubernetes_certificates: "yes"
|
||||
|
||||
Kubernetes cluster
|
||||
------------------
|
||||
|
||||
``qinling-engine`` needs to know where to connect, the information is
|
||||
provided by options under ``[kubernetes]`` section inside ``qinling.conf``
|
||||
configuration file.
|
||||
|
||||
As mentioned above, these settings are only required by ``qinling-engine``,
|
||||
put the content in ``/etc/kolla/config/qinling/qinling-engine.conf``.
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[kubernetes]
|
||||
kube_host = https://192.168.1.168:6443
|
||||
use_api_certificate = True
|
||||
ssl_ca_cert = /etc/qinling/pki/kubernetes/ca.crt
|
||||
cert_file = /etc/qinling/pki/kubernetes/qinling.crt
|
||||
key_file = /etc/qinling/pki/kubernetes/qinling.key
|
||||
trusted_cidrs = 192.168.1.0/24,10.0.0.53/32
|
||||
|
||||
``kube_host`` is the the Kubernetes cluster API address, ``https`` protocol
|
||||
have to be defined.
|
||||
|
||||
``trusted_cidrs`` is a list of CIDR trusted by the Kubernetes cluster defined
|
||||
by a network policy under the ``qinling`` namespace.
|
@ -236,6 +236,7 @@ kolla_internal_vip_address: "10.10.10.254"
|
||||
#enable_horizon_neutron_lbaas: "{{ enable_neutron_lbaas | bool }}"
|
||||
#enable_horizon_neutron_vpnaas: "{{ enable_neutron_vpnaas | bool }}"
|
||||
#enable_horizon_octavia: "{{ enable_octavia | bool }}"
|
||||
#enable_horizon_qinling: "{{ enable_qinling | bool }}"
|
||||
#enable_horizon_sahara: "{{ enable_sahara | bool }}"
|
||||
#enable_horizon_searchlight: "{{ enable_searchlight | bool }}"
|
||||
#enable_horizon_senlin: "{{ enable_senlin | bool }}"
|
||||
@ -288,6 +289,7 @@ kolla_internal_vip_address: "10.10.10.254"
|
||||
#enable_placement: "{{ enable_nova }}"
|
||||
#enable_prometheus: "no"
|
||||
#enable_qdrouterd: "no"
|
||||
#enable_qinling: "no"
|
||||
#enable_rally: "no"
|
||||
#enable_redis: "no"
|
||||
#enable_sahara: "no"
|
||||
|
@ -196,6 +196,9 @@ vitrage_keystone_password:
|
||||
|
||||
memcache_secret_key:
|
||||
|
||||
qinling_database_password:
|
||||
qinling_keystone_password:
|
||||
|
||||
# HMAC secret key
|
||||
osprofiler_secret:
|
||||
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- Adds Qinling Ansible role. Qinling is an OpenStack project
|
||||
to provide "Function as a Service". This project aims to
|
||||
provide a platform to support serverless functions.
|
@ -159,6 +159,9 @@ monitoring
|
||||
[magnum:children]
|
||||
control
|
||||
|
||||
[qinling:children]
|
||||
control
|
||||
|
||||
[sahara:children]
|
||||
control
|
||||
|
||||
@ -457,6 +460,13 @@ magnum
|
||||
[magnum-conductor:children]
|
||||
magnum
|
||||
|
||||
# Qinling
|
||||
[qinling-api:children]
|
||||
qinling
|
||||
|
||||
[qinling-engine:children]
|
||||
qinling
|
||||
|
||||
# Solum
|
||||
[solum-api:children]
|
||||
solum
|
||||
|
Loading…
Reference in New Issue
Block a user