Jesse Pretorius 648b4ed10c Move MQ vhost/user creation into role
There is no record for why we implement the MQ vhost/user creation
outside of the role in the playbook, when we could do it inside the
role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement two new variables:
- designate_oslomsg_rpc_setup_host
- designate_oslomsg_notify_setup_host

These are used in the role to allow delegation of the MQ vhost/user
setup for each type to any host, but they default to using the first
member of the applicable oslomsg host group.

We also adjust some of the defaults to automatically inherit existing
vars set in group_vars form the integrated build so that we do not
need to do the wiring in the integrated build's group vars. We still
default them in the role too for independent role usage.

Change-Id: I65203372e551d5ab3ef17a823f2089c23a2af8fe
2018-07-17 22:03:47 +01:00

230 lines
8.7 KiB
YAML

---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
designate_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
# Set the package install state for distribution packages
# Options are 'present' and 'latest'
designate_package_state: "latest"
designate_pip_package_state: "latest"
# Set installation method.
designate_install_method: "source"
## The git source/branch
designate_git_repo: https://git.openstack.org/openstack/designate
designate_git_install_branch: master
# Developer mode is used for role functional testing and allows the role
# to build an environment directly from a git source without the presence
# of an OpenStack-Ansible repo_server.
designate_developer_mode: False
## The packages to build from source (used in developer mode)
designate_developer_constraints:
- "git+{{ designate_git_repo }}@{{ designate_git_install_branch }}#egg=designate"
# Name of the virtual env to deploy into
designate_venv_tag: untagged
designate_bin: "{{ _designate_bin }}"
# Set the etc dir path where designate is installed.
# This is used for role access to the db migrations.
# Example:
# designate_etc_dir: "/usr/local/etc/designate"
designate_etc_dir: "{{ _designate_etc }}/designate"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
designate_venv_download: "{{ not designate_developer_mode | bool }}"
# URL of the pre-built virtualenv
designate_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/designate.tgz
## System info
designate_system_user_name: designate
designate_system_group_name: designate
designate_system_shell: /bin/false
designate_system_comment: designate system user
designate_system_user_home: "/var/lib/{{ designate_system_user_name }}"
## Database info
designate_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
designate_galera_address: "{{ galera_address | default('127.0.0.1') }}"
designate_galera_user: designate
designate_galera_database: designate
designate_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
designate_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
## Oslo Messaging
# RPC
designate_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
designate_oslomsg_rpc_setup_host: "{{ (designate_oslomsg_rpc_host_group in groups) | ternary(groups[designate_oslomsg_rpc_host_group][0], 'localhost') }}"
designate_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
designate_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
designate_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
designate_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
designate_oslomsg_rpc_userid: designate-rpc
designate_oslomsg_rpc_vhost: /designate
# Notify
designate_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
designate_oslomsg_notify_setup_host: "{{ (designate_oslomsg_notify_host_group in groups) | ternary(groups[designate_oslomsg_notify_host_group][0], 'localhost') }}"
designate_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
designate_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
designate_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
designate_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
designate_oslomsg_notify_userid: designate-notify
designate_oslomsg_notify_vhost: /designate
## RabbitMQ info
## Pool Configuration Defaults
designate_pool_uuid: 794ccc2c-d751-44fe-b57f-8894c9f5c842
# Enable/Disable Ceilometer
designate_ceilometer_enabled: False
# Designate services info
designate_role_name: admin
## DNS Backend Configuration
# Configuration for the DNS backend that Designate will talk to, Designate
# supports lots of backends, bind9, powerdns, nsd, djb, dyn, akamai, etc.
# DNS Backends are configured via a YAML file that Designate reads. The DNS
# server need not be in the actual Designate container, but for development,
# or for some internal addressing use cases, it may make sense.
# YAML to use for the Designate pools.yaml file. If this variable is defined,
# a pools.yaml file will be written to /etc/designate/pools.yaml with the
# provided YAML data.
#
# This is some example pools.yaml information that will work with a
# simple bind9 installation in the same container as Designate.
# designate_pools_yaml:
# - name: "default"
# description: Default BIND9 Pool
# attributes: {}
# ns_records:
# - hostname: ns1.example.org.
# priority: 1
# nameservers:
# - host: 127.0.0.1
# port: 53
# targets:
# - type: bind9
# description: BIND9 Server
# masters:
# - host: 127.0.0.1
# port: 5354
# options:
# host: 127.0.0.1
# port: 53
# rndc_host: 127.0.0.1
# rndc_port: 953
## rndc keys for authenticating with bind9
# define this to create as many key files as are required
# designate_rndc_keys
# - name: "rndc-key"
# file: /etc/designate/rndc.key
# algorithm: "hmac-md5"
# secret: "<key>"
## Service Type and Data
designate_service_region: RegionOne
designate_service_endpoint_type: internalURL
designate_service_name: designate
designate_service_port: 9001
designate_service_proto: http
designate_service_type: dns
designate_service_description: "Designate DNS as a Service"
designate_service_project_domain_id: default
designate_service_user_domain_id: default
designate_service_user_name: designate
designate_keystone_auth_type: password
designate_service_project_name: service
designate_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(designate_service_proto) }}"
designate_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(designate_service_proto) }}"
designate_service_publicuri: "{{ designate_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}"
designate_service_internaluri: "{{ designate_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_adminuri: "{{ (designate_service_adminurl | default('http://localhost')) | netorigin }}"
designate_service_in_ldap: False
# Common pip packages
designate_pip_packages:
- cryptography
- designate
- osprofiler
- python-designateclient
- PyMySQL
- python-memcached
- warlock
designate_central_init_overrides: {}
designate_worker_init_overrides: {}
designate_producer_init_overrides: {}
designate_mdns_init_overrides: {}
designate_sink_init_overrides: {}
designate_api_init_overrides: {}
## Service Name-Group Mapping
designate_services:
designate-central:
group: designate_central
service_name: designate-central
init_config_overrides: "{{ designate_central_init_overrides }}"
designate-worker:
group: designate_worker
service_name: designate-worker
init_config_overrides: "{{ designate_worker_init_overrides }}"
designate-producer:
group: designate_producer
service_name: designate-producer
init_config_overrides: "{{ designate_producer_init_overrides }}"
designate-mdns:
group: designate_mdns
service_name: designate-mdns
init_config_overrides: "{{ designate_mdns_init_overrides }}"
designate-sink:
group: designate_sink
service_name: designate-sink
init_config_overrides: "{{ designate_sink_init_overrides }}"
designate-api:
group: designate_api
service_name: designate-api
init_config_overrides: "{{ designate_api_init_overrides }}"
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
designate_role_project_group: designate_all
## Tunable overrides
designate_policy_overrides: {}
designate_designate_conf_overrides: {}
designate_api_paste_ini_overrides: {}
designate_rootwrap_conf_overrides: {}