Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new linters were added, that enabled by default. In order to comply with linter rules we're applying changes to the role. With that we also update metdata to reflect current state. Change-Id: Id8215882ee528d4c3055479e770c7432616649ba
This commit is contained in:
parent
048f9d548e
commit
d94e57f17b
@ -20,7 +20,11 @@ debug: False
|
|||||||
# for the service setup. The host must already have
|
# for the service setup. The host must already have
|
||||||
# clouds.yaml properly configured.
|
# clouds.yaml properly configured.
|
||||||
octavia_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
|
octavia_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
|
||||||
octavia_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
|
octavia_service_setup_host_python_interpreter: >-
|
||||||
|
{{
|
||||||
|
openstack_service_setup_host_python_interpreter | default(
|
||||||
|
(octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
|
||||||
|
}}
|
||||||
|
|
||||||
# Set installation method.
|
# Set installation method.
|
||||||
octavia_install_method: "{{ service_install_method | default('source') }}"
|
octavia_install_method: "{{ service_install_method | default('source') }}"
|
||||||
@ -42,7 +46,8 @@ octavia_package_state: "{{ package_state | default('latest') }}"
|
|||||||
|
|
||||||
octavia_git_repo: https://opendev.org/openstack/octavia
|
octavia_git_repo: https://opendev.org/openstack/octavia
|
||||||
octavia_git_install_branch: master
|
octavia_git_install_branch: master
|
||||||
octavia_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"
|
octavia_upper_constraints_url: >-
|
||||||
|
{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}
|
||||||
octavia_git_constraints:
|
octavia_git_constraints:
|
||||||
- "--constraint {{ octavia_upper_constraints_url }}"
|
- "--constraint {{ octavia_upper_constraints_url }}"
|
||||||
|
|
||||||
@ -67,7 +72,11 @@ octavia_cinder_volume_type: "volumes-hdd"
|
|||||||
|
|
||||||
## Database info
|
## Database info
|
||||||
octavia_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
|
octavia_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
|
||||||
octavia_db_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((octavia_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
|
octavia_db_setup_python_interpreter: >-
|
||||||
|
{{
|
||||||
|
openstack_db_setup_python_interpreter | default(
|
||||||
|
(octavia_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
|
||||||
|
}}
|
||||||
octavia_galera_address: "{{ galera_address | default('127.0.0.1') }}"
|
octavia_galera_address: "{{ galera_address | default('127.0.0.1') }}"
|
||||||
octavia_galera_user: octavia
|
octavia_galera_user: octavia
|
||||||
octavia_galera_database: octavia
|
octavia_galera_database: octavia
|
||||||
@ -75,7 +84,7 @@ octavia_galera_persistence_database: octavia_persistence
|
|||||||
octavia_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
|
octavia_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
|
||||||
octavia_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
|
octavia_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
|
||||||
octavia_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}"
|
octavia_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}"
|
||||||
octavia_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}"
|
octavia_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}"
|
||||||
octavia_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}"
|
octavia_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}"
|
||||||
octavia_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}"
|
octavia_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}"
|
||||||
octavia_galera_port: "{{ galera_port | default('3306') }}"
|
octavia_galera_port: "{{ galera_port | default('3306') }}"
|
||||||
@ -106,7 +115,8 @@ octavia_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}"
|
|||||||
|
|
||||||
# Notify
|
# Notify
|
||||||
octavia_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
|
octavia_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
|
||||||
octavia_oslomsg_notify_setup_host: "{{ (octavia_oslomsg_notify_host_group in groups) | ternary(groups[octavia_oslomsg_notify_host_group][0], 'localhost') }}"
|
octavia_oslomsg_notify_setup_host: >-
|
||||||
|
{{ (octavia_oslomsg_notify_host_group in groups) | ternary(groups[octavia_oslomsg_notify_host_group][0], 'localhost') }}
|
||||||
octavia_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
|
octavia_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
|
||||||
octavia_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
|
octavia_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
|
||||||
octavia_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
|
octavia_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
|
||||||
@ -279,17 +289,21 @@ octavia_security_group_rule_cidr: "{{ octavia_management_net_subnet_cidr }}"
|
|||||||
octavia_ssh_enabled: False
|
octavia_ssh_enabled: False
|
||||||
octavia_ssh_key_name: octavia_key
|
octavia_ssh_key_name: octavia_key
|
||||||
octavia_keypair_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
|
octavia_keypair_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
|
||||||
octavia_keypair_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((octavia_keypair_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
|
octavia_keypair_setup_host_python_interpreter: >-
|
||||||
|
{{
|
||||||
|
openstack_service_setup_host_python_interpreter | default((octavia_keypair_setup_host == 'localhost') | ternary(
|
||||||
|
ansible_playbook_python, ansible_facts['python']['executable']))
|
||||||
|
}}
|
||||||
# port the agent listens on
|
# port the agent listens on
|
||||||
octavia_agent_port: "9443"
|
octavia_agent_port: "9443"
|
||||||
octavia_health_manager_port: 5555
|
octavia_health_manager_port: 5555
|
||||||
|
|
||||||
#Octavia Nova flavor
|
# Octavia Nova flavor
|
||||||
octavia_amp_flavor_name: "m1.amphora"
|
octavia_amp_flavor_name: "m1.amphora"
|
||||||
octavia_amp_ram: 1024
|
octavia_amp_ram: 1024
|
||||||
octavia_amp_vcpu: 1
|
octavia_amp_vcpu: 1
|
||||||
octavia_amp_disk: 20
|
octavia_amp_disk: 20
|
||||||
#octavia_amp_extra_specs:
|
# octavia_amp_extra_specs:
|
||||||
|
|
||||||
# only increase when it's a really busy system since this is by deployed host,
|
# only increase when it's a really busy system since this is by deployed host,
|
||||||
# e.g. 3 hosts, 5 workers (this param) per host, results in 15 worker total
|
# e.g. 3 hosts, 5 workers (this param) per host, results in 15 worker total
|
||||||
@ -337,7 +351,7 @@ octavia_amp_availability_zone: nova
|
|||||||
# dest: "/etc/octavia/templates/macros.cfg.j2"
|
# dest: "/etc/octavia/templates/macros.cfg.j2"
|
||||||
octavia_user_haproxy_templates: {}
|
octavia_user_haproxy_templates: {}
|
||||||
# Path of custom haproxy template file
|
# Path of custom haproxy template file
|
||||||
#octavia_haproxy_amphora_template: /etc/octavia/templates/haproxy.cfg.j2
|
# octavia_haproxy_amphora_template: /etc/octavia/templates/haproxy.cfg.j2
|
||||||
|
|
||||||
# Name of the Octavia management network in Neutron
|
# Name of the Octavia management network in Neutron
|
||||||
octavia_neutron_management_network_name: lbaas-mgmt
|
octavia_neutron_management_network_name: lbaas-mgmt
|
||||||
@ -346,7 +360,7 @@ octavia_provider_network_name: lbaas
|
|||||||
# Network type
|
# Network type
|
||||||
octavia_provider_network_type: flat
|
octavia_provider_network_type: flat
|
||||||
# Network segmentation ID if vlan, gre...
|
# Network segmentation ID if vlan, gre...
|
||||||
#octavia_provider_segmentation_id:
|
# octavia_provider_segmentation_id:
|
||||||
# Network CIDR
|
# Network CIDR
|
||||||
octavia_management_net_subnet_cidr: 172.29.232.0/22
|
octavia_management_net_subnet_cidr: 172.29.232.0/22
|
||||||
# Example allocation range:
|
# Example allocation range:
|
||||||
@ -359,13 +373,18 @@ octavia_service_net_setup: True
|
|||||||
# This should match net_name from provider_networks structure in openstack_user_config
|
# This should match net_name from provider_networks structure in openstack_user_config
|
||||||
octavia_provider_inventory_net_name: "{{ octavia_provider_network_name }}"
|
octavia_provider_inventory_net_name: "{{ octavia_provider_network_name }}"
|
||||||
# This gets container managment network structure based on octavia_provider_inventory_net_name
|
# This gets container managment network structure based on octavia_provider_inventory_net_name
|
||||||
octavia_provider_network: "{{ provider_networks|map(attribute='network')|selectattr('net_name','defined')|selectattr('net_name', 'equalto', octavia_provider_inventory_net_name)|list|first }}"
|
octavia_provider_network: >-
|
||||||
|
{{ provider_networks | map(attribute='network') | selectattr('net_name', 'defined') | selectattr(
|
||||||
|
'net_name', 'equalto', octavia_provider_inventory_net_name) | list | first
|
||||||
|
}}
|
||||||
# The name of the network address pool
|
# The name of the network address pool
|
||||||
octavia_container_network_name: "{{ octavia_provider_network['ip_from_q'] }}_address"
|
octavia_container_network_name: "{{ octavia_provider_network['ip_from_q'] }}_address"
|
||||||
octavia_hm_group: "octavia-health-manager"
|
octavia_hm_group: "octavia-health-manager"
|
||||||
# Note: We use some heuristics here but if you do anything special make sure to use the
|
# Note: We use some heuristics here but if you do anything special make sure to use the
|
||||||
# ip addresses on the right network. This will use the container networking to figure out the ip
|
# ip addresses on the right network. This will use the container networking to figure out the ip
|
||||||
octavia_hm_hosts: "{% for host in groups[octavia_hm_group] %}{{ hostvars[host]['container_networks'][octavia_container_network_name]['address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
|
octavia_hm_hosts: >-
|
||||||
|
{% for host in groups[octavia_hm_group] %}{{ hostvars[host]['container_networks'][octavia_container_network_name]['address'] }}{%
|
||||||
|
if not loop.last %},{% endif %}{% endfor %}
|
||||||
# Set this to the right container port aka the eth you connect to the octavia
|
# Set this to the right container port aka the eth you connect to the octavia
|
||||||
# management network
|
# management network
|
||||||
octavia_container_interface: "{{ octavia_provider_network.container_interface }}"
|
octavia_container_interface: "{{ octavia_provider_network.container_interface }}"
|
||||||
@ -382,7 +401,7 @@ octavia_iptables_rules:
|
|||||||
- # Allow existing connections:
|
- # Allow existing connections:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
in_interface: "{{ octavia_container_interface }}"
|
in_interface: "{{ octavia_container_interface }}"
|
||||||
ctstate: RELATED,ESTABLISHED
|
ctstate: RELATED,ESTABLISHED
|
||||||
jump: ACCEPT
|
jump: ACCEPT
|
||||||
- # Allow heartbeat:
|
- # Allow heartbeat:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
@ -406,7 +425,7 @@ octavia_iptables_rules:
|
|||||||
- # Allow existing connections
|
- # Allow existing connections
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
in_interface: "{{ octavia_container_interface }}"
|
in_interface: "{{ octavia_container_interface }}"
|
||||||
ctstate: RELATED,ESTABLISHED
|
ctstate: RELATED,ESTABLISHED
|
||||||
jump: ACCEPT
|
jump: ACCEPT
|
||||||
ip_version: ipv6
|
ip_version: ipv6
|
||||||
- # Allow heartbeat
|
- # Allow heartbeat
|
||||||
@ -429,7 +448,8 @@ octavia_iptables_rules:
|
|||||||
|
|
||||||
# uWSGI Settings
|
# uWSGI Settings
|
||||||
octavia_wsgi_processes_max: 16
|
octavia_wsgi_processes_max: 16
|
||||||
octavia_wsgi_processes: "{{ [[(ansible_facts['processor_vcpus']//ansible_facts['processor_threads_per_core'])|default(1), 1] | max * 2, octavia_wsgi_processes_max] | min }}"
|
octavia_wsgi_processes: >-
|
||||||
|
{{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, octavia_wsgi_processes_max] | min }}
|
||||||
octavia_wsgi_threads: 1
|
octavia_wsgi_threads: 1
|
||||||
octavia_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
|
octavia_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
|
||||||
octavia_uwsgi_tls:
|
octavia_uwsgi_tls:
|
||||||
@ -578,27 +598,27 @@ octavia_cert_install_certificates:
|
|||||||
condition: "{{ octavia_generate_certs | bool }}"
|
condition: "{{ octavia_generate_certs | bool }}"
|
||||||
|
|
||||||
# Custom client CA
|
# Custom client CA
|
||||||
#octavia_client_ca: "{{ octavia_cert_dir }}/ca_01.pem"
|
# octavia_client_ca: "{{ octavia_cert_dir }}/ca_01.pem"
|
||||||
## Custom client certs
|
## Custom client certs
|
||||||
#octavia_client_cert: "{{ octavia_cert_dir }}/client.pem"
|
# octavia_client_cert: "{{ octavia_cert_dir }}/client.pem"
|
||||||
#octavia_client_key: "{{ octavia_cert_dir }}/client.key.pem"
|
# octavia_client_key: "{{ octavia_cert_dir }}/client.key.pem"
|
||||||
## server
|
## server
|
||||||
#octavia_server_ca: "{{ octavia_ca_certificate }}"
|
# octavia_server_ca: "{{ octavia_ca_certificate }}"
|
||||||
## ca certs
|
## ca certs
|
||||||
#octavia_ca_private_key: "{{ octavia_cert_dir }}/private/cakey.pem"
|
# octavia_ca_private_key: "{{ octavia_cert_dir }}/private/cakey.pem"
|
||||||
octavia_ca_private_key_passphrase: "{{ octavia_cert_client_password }}"
|
octavia_ca_private_key_passphrase: "{{ octavia_cert_client_password }}"
|
||||||
#octavia_ca_certificate: "{{ octavia_cert_dir }}/ca_server_01.pem"
|
# octavia_ca_certificate: "{{ octavia_cert_dir }}/ca_server_01.pem"
|
||||||
|
|
||||||
|
|
||||||
# Quotas for the Octavia user - assuming active/passive topology
|
# Quotas for the Octavia user - assuming active/passive topology
|
||||||
octavia_num_instances: 10000 # 5000 LB in active/passive
|
octavia_num_instances: 10000 # 5000 LB in active/passive
|
||||||
octavia_ram: "{{ (octavia_num_instances|int)*1024 }}"
|
octavia_ram: "{{ (octavia_num_instances | int) * 1024 }}"
|
||||||
octavia_num_server_groups: "{{ ((octavia_num_instances|int)*0.5)|int|abs }}"
|
octavia_num_server_groups: "{{ ((octavia_num_instances | int) * 0.5) | int | abs }}"
|
||||||
octavia_num_server_group_members: 50
|
octavia_num_server_group_members: 50
|
||||||
octavia_num_cores: "{{ octavia_num_instances }}"
|
octavia_num_cores: "{{ octavia_num_instances }}"
|
||||||
octavia_num_secgroups: "{{ (octavia_num_instances|int)*1.5|int|abs }}" # average 3 listener per lb
|
octavia_num_secgroups: "{{ (octavia_num_instances | int) * 1.5 | int | abs }}" # average 3 listener per lb
|
||||||
octavia_num_ports: "{{ (octavia_num_instances|int)*10 }}" # at least instances * 10
|
octavia_num_ports: "{{ (octavia_num_instances | int) * 10 }}" # at least instances * 10
|
||||||
octavia_num_security_group_rules: "{{ (octavia_num_secgroups|int)*100 }}"
|
octavia_num_security_group_rules: "{{ (octavia_num_secgroups | int) * 100 }}"
|
||||||
|
|
||||||
## Tunable overrides
|
## Tunable overrides
|
||||||
octavia_octavia_conf_overrides: {}
|
octavia_octavia_conf_overrides: {}
|
||||||
@ -623,5 +643,5 @@ octavia_api_ssl_cert: /etc/octavia/certs/octavia-api.pem
|
|||||||
octavia_api_ssl_key: /etc/octavia/certs/octavia-api.key
|
octavia_api_ssl_key: /etc/octavia/certs/octavia-api.key
|
||||||
|
|
||||||
# Define user-provided SSL certificates
|
# Define user-provided SSL certificates
|
||||||
#octavia_api_user_ssl_cert: <path to cert on ansible deployment host>
|
# octavia_api_user_ssl_cert: <path to cert on ansible deployment host>
|
||||||
#octavia_api_user_ssl_key: <path to cert on ansible deployment host>
|
# octavia_api_user_ssl_key: <path to cert on ansible deployment host>
|
||||||
|
@ -18,16 +18,21 @@ galaxy_info:
|
|||||||
description: Installation and setup of octavia
|
description: Installation and setup of octavia
|
||||||
company: Rackspace
|
company: Rackspace
|
||||||
license: Apache2
|
license: Apache2
|
||||||
min_ansible_version: 2.2
|
role_name: os_octavia
|
||||||
|
namespace: openstack
|
||||||
|
min_ansible_version: "2.10"
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- buster
|
- bullseye
|
||||||
- name: Ubuntu
|
- name: Ubuntu
|
||||||
versions:
|
versions:
|
||||||
- bionic
|
|
||||||
- focal
|
- focal
|
||||||
categories:
|
- jammy
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- "9"
|
||||||
|
galaxy_tags:
|
||||||
- cloud
|
- cloud
|
||||||
- development
|
- development
|
||||||
- octavia
|
- octavia
|
||||||
|
@ -51,7 +51,8 @@
|
|||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
- include_role:
|
- name: Including osa.db_setup role
|
||||||
|
include_role:
|
||||||
name: openstack.osa.db_setup
|
name: openstack.osa.db_setup
|
||||||
apply:
|
apply:
|
||||||
tags:
|
tags:
|
||||||
@ -77,7 +78,8 @@
|
|||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
- include_role:
|
- name: Including osa.mq_setup role
|
||||||
|
include_role:
|
||||||
name: openstack.osa.mq_setup
|
name: openstack.osa.mq_setup
|
||||||
apply:
|
apply:
|
||||||
tags:
|
tags:
|
||||||
@ -104,7 +106,8 @@
|
|||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
- import_tasks: octavia_pre_install.yml
|
- name: Importing octavia_pre_install tasks
|
||||||
|
import_tasks: octavia_pre_install.yml
|
||||||
tags:
|
tags:
|
||||||
- octavia-install
|
- octavia-install
|
||||||
|
|
||||||
@ -135,6 +138,9 @@
|
|||||||
src: /etc/octavia/certs/
|
src: /etc/octavia/certs/
|
||||||
dest: /etc/octavia/certs/client.pem
|
dest: /etc/octavia/certs/client.pem
|
||||||
regexp: '(client\.pem\.crt|client\.pem\.key)$'
|
regexp: '(client\.pem\.crt|client\.pem\.key)$'
|
||||||
|
owner: "{{ octavia_system_user_name }}"
|
||||||
|
group: "{{ octavia_system_group_name }}"
|
||||||
|
mode: "0640"
|
||||||
notify:
|
notify:
|
||||||
- Restart octavia services
|
- Restart octavia services
|
||||||
- Restart uwsgi services
|
- Restart uwsgi services
|
||||||
@ -145,7 +151,8 @@
|
|||||||
- octavia-install
|
- octavia-install
|
||||||
|
|
||||||
|
|
||||||
- import_tasks: octavia_install.yml
|
- name: Importing octavia_install tasks
|
||||||
|
import_tasks: octavia_install.yml
|
||||||
tags:
|
tags:
|
||||||
- octavia-install
|
- octavia-install
|
||||||
|
|
||||||
@ -169,16 +176,17 @@
|
|||||||
systemd_tempd_prefix: openstack
|
systemd_tempd_prefix: openstack
|
||||||
systemd_slice_name: "{{ octavia_system_slice_name }}"
|
systemd_slice_name: "{{ octavia_system_slice_name }}"
|
||||||
systemd_lock_dir: "{{ octavia_lock_dir }}"
|
systemd_lock_dir: "{{ octavia_lock_dir }}"
|
||||||
systemd_CPUAccounting: true
|
systemd_service_cpu_accounting: true
|
||||||
systemd_BlockIOAccounting: true
|
systemd_service_block_io_accounting: true
|
||||||
systemd_MemoryAccounting: true
|
systemd_service_memory_accounting: true
|
||||||
systemd_TasksAccounting: true
|
systemd_service_tasks_accounting: true
|
||||||
systemd_services: "{{ filtered_octavia_services }}"
|
systemd_services: "{{ filtered_octavia_services }}"
|
||||||
tags:
|
tags:
|
||||||
- octavia-config
|
- octavia-config
|
||||||
- systemd-service
|
- systemd-service
|
||||||
|
|
||||||
- include_role:
|
- name: Including osa.service_setup role
|
||||||
|
include_role:
|
||||||
name: openstack.osa.service_setup
|
name: openstack.osa.service_setup
|
||||||
apply:
|
apply:
|
||||||
tags:
|
tags:
|
||||||
@ -218,7 +226,8 @@
|
|||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
- include_tasks: octavia_mgmt_network.yml
|
- name: Including octavia_mgmt_network tasks
|
||||||
|
include_tasks: octavia_mgmt_network.yml
|
||||||
args:
|
args:
|
||||||
apply:
|
apply:
|
||||||
tags:
|
tags:
|
||||||
@ -231,13 +240,15 @@
|
|||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
- import_tasks: octavia_security_group.yml
|
- name: Importing octavia_security_group tasks
|
||||||
|
import_tasks: octavia_security_group.yml
|
||||||
when:
|
when:
|
||||||
- _octavia_is_first_play_host
|
- _octavia_is_first_play_host
|
||||||
tags:
|
tags:
|
||||||
- octavia-install
|
- octavia-install
|
||||||
|
|
||||||
- include_tasks: octavia_keypair.yml
|
- name: Including octavia_keypair tasks
|
||||||
|
include_tasks: octavia_keypair.yml
|
||||||
args:
|
args:
|
||||||
apply:
|
apply:
|
||||||
tags:
|
tags:
|
||||||
@ -247,7 +258,8 @@
|
|||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
- include_tasks: octavia_flavor_create.yml
|
- name: Importing octavia_flavor_create tasks
|
||||||
|
include_tasks: octavia_flavor_create.yml
|
||||||
args:
|
args:
|
||||||
apply:
|
apply:
|
||||||
tags:
|
tags:
|
||||||
@ -259,24 +271,28 @@
|
|||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
- import_tasks: octavia_post_install.yml
|
- name: Importing octavia_post_install tasks
|
||||||
|
import_tasks: octavia_post_install.yml
|
||||||
tags:
|
tags:
|
||||||
- octavia-install
|
- octavia-install
|
||||||
- octavia-config
|
- octavia-config
|
||||||
|
|
||||||
- import_tasks: octavia_db_sync.yml
|
- name: Importing octavia_db_sync tasks
|
||||||
|
import_tasks: octavia_db_sync.yml
|
||||||
when:
|
when:
|
||||||
- _octavia_is_first_play_host
|
- _octavia_is_first_play_host
|
||||||
tags:
|
tags:
|
||||||
- octavia-install
|
- octavia-install
|
||||||
|
|
||||||
- import_tasks: octavia_policy.yml
|
- name: Importing octavia_policy tasks
|
||||||
|
import_tasks: octavia_policy.yml
|
||||||
tags:
|
tags:
|
||||||
- octavia-install
|
- octavia-install
|
||||||
- octavia-config
|
- octavia-config
|
||||||
- octavia-policy-override
|
- octavia-policy-override
|
||||||
|
|
||||||
- include_tasks: octavia_amp_image.yml
|
- name: Including octavia_amp_image tasks
|
||||||
|
include_tasks: octavia_amp_image.yml
|
||||||
args:
|
args:
|
||||||
apply:
|
apply:
|
||||||
tags:
|
tags:
|
||||||
|
@ -34,6 +34,7 @@
|
|||||||
get_url:
|
get_url:
|
||||||
url: "{{ octavia_artefact_url }}"
|
url: "{{ octavia_artefact_url }}"
|
||||||
dest: "{{ octavia_amp_image_path }}"
|
dest: "{{ octavia_amp_image_path }}"
|
||||||
|
mode: "0644"
|
||||||
retries: 10
|
retries: 10
|
||||||
delay: 10
|
delay: 10
|
||||||
register: octavia_download_result
|
register: octavia_download_result
|
||||||
@ -74,6 +75,7 @@
|
|||||||
--private
|
--private
|
||||||
--project {{ octavia_service_project_name }}
|
--project {{ octavia_service_project_name }}
|
||||||
amphora-x64-haproxy
|
amphora-x64-haproxy
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
- name: Delete old image from glance
|
- name: Delete old image from glance
|
||||||
openstack.cloud.image:
|
openstack.cloud.image:
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
section: "octavia"
|
section: "octavia"
|
||||||
option: "install_method"
|
option: "install_method"
|
||||||
value: "{{ octavia_install_method }}"
|
value: "{{ octavia_install_method }}"
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
- name: Refresh local facts to ensure the octavia section is present
|
- name: Refresh local facts to ensure the octavia section is present
|
||||||
setup:
|
setup:
|
||||||
@ -33,8 +34,11 @@
|
|||||||
venv_install_destination_path: "{{ octavia_bin | dirname }}"
|
venv_install_destination_path: "{{ octavia_bin | dirname }}"
|
||||||
venv_install_distro_package_list: "{{ octavia_distro_packages }}"
|
venv_install_distro_package_list: "{{ octavia_distro_packages }}"
|
||||||
venv_pip_install_args: "{{ octavia_pip_install_args }}"
|
venv_pip_install_args: "{{ octavia_pip_install_args }}"
|
||||||
venv_pip_packages: "{{ octavia_pip_packages | union(octavia_user_pip_packages) +
|
venv_pip_packages: >-
|
||||||
(octavia_oslomsg_amqp1_enabled | bool) | ternary(octavia_optional_oslomsg_amqp1_pip_packages, []) }}"
|
{{
|
||||||
|
octavia_pip_packages | union(octavia_user_pip_packages) +
|
||||||
|
(octavia_oslomsg_amqp1_enabled | bool) | ternary(octavia_optional_oslomsg_amqp1_pip_packages, [])
|
||||||
|
}}
|
||||||
venv_facts_when_changed:
|
venv_facts_when_changed:
|
||||||
- section: "octavia"
|
- section: "octavia"
|
||||||
option: "venv_tag"
|
option: "venv_tag"
|
||||||
|
@ -35,6 +35,7 @@
|
|||||||
copy:
|
copy:
|
||||||
content: "{{ _octavia_keypair['keypair']['private_key'] }}"
|
content: "{{ _octavia_keypair['keypair']['private_key'] }}"
|
||||||
dest: "{{ lookup('env', 'HOME') }}/.ssh/{{ octavia_ssh_key_name }}"
|
dest: "{{ lookup('env', 'HOME') }}/.ssh/{{ octavia_ssh_key_name }}"
|
||||||
|
mode: "0600"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
when:
|
when:
|
||||||
- _octavia_keypair is changed
|
- _octavia_keypair is changed
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
|
|
||||||
# iptables module doesn't see empty string as a null value so this is the only
|
# iptables module doesn't see empty string as a null value so this is the only
|
||||||
# way to get a configurable rule definition in right now
|
# way to get a configurable rule definition in right now
|
||||||
- name: iptables rules
|
- name: IPtables rules
|
||||||
iptables: "{{ item }}"
|
iptables: "{{ item }}"
|
||||||
with_items: "{{ octavia_iptables_rules }}"
|
with_items: "{{ octavia_iptables_rules }}"
|
||||||
when: octavia_ip_tables_fw | bool
|
when: octavia_ip_tables_fw | bool
|
||||||
@ -23,13 +23,15 @@
|
|||||||
# This is totally odd: If you run the commands via run-parts (as the script
|
# This is totally odd: If you run the commands via run-parts (as the script
|
||||||
# in the distro does) they return 1; but do their job. If you run them
|
# in the distro does) they return 1; but do their job. If you run them
|
||||||
# directly they work. Ignoring errors for now --
|
# directly they work. Ignoring errors for now --
|
||||||
- name: save iptables rules (Debian/Ubuntu)
|
- name: Save iptables rules (Debian/Ubuntu)
|
||||||
command: netfilter-persistent save
|
command: netfilter-persistent save
|
||||||
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
when: ansible_facts['os_family'] == 'Debian'
|
when: ansible_facts['os_family'] == 'Debian'
|
||||||
|
|
||||||
- name: save iptables rules (CentOS)
|
- name: Save iptables rules (CentOS)
|
||||||
shell: iptables-save > /etc/sysconfig/iptables
|
shell: iptables-save > /etc/sysconfig/iptables
|
||||||
|
changed_when: false
|
||||||
when:
|
when:
|
||||||
- ansible_facts['distribution'] == 'CentOS'
|
- ansible_facts['distribution'] == 'CentOS'
|
||||||
|
|
||||||
|
@ -33,9 +33,9 @@
|
|||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ item.owner|default(octavia_system_user_name) }}"
|
owner: "{{ item.owner | default(octavia_system_user_name) }}"
|
||||||
group: "{{ item.group|default(octavia_system_group_name) }}"
|
group: "{{ item.group | default(octavia_system_group_name) }}"
|
||||||
mode: "{{ item.mode|default('0755') }}"
|
mode: "{{ item.mode | default('0755') }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { path: "/openstack", owner: "root", group: "root" }
|
- { path: "/openstack", owner: "root", group: "root" }
|
||||||
- { path: "/openstack/venvs", owner: "root", group: "root" }
|
- { path: "/openstack/venvs", owner: "root", group: "root" }
|
||||||
|
@ -13,7 +13,11 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
_octavia_is_first_play_host: "{{ (octavia_services['octavia-api']['group'] in group_names and inventory_hostname == (groups[octavia_services['octavia-api']['group']] | intersect(ansible_play_hosts)) | first) | bool }}"
|
_octavia_is_first_play_host: >-
|
||||||
|
{{
|
||||||
|
(octavia_services['octavia-api']['group'] in group_names and
|
||||||
|
inventory_hostname == (groups[octavia_services['octavia-api']['group']] | intersect(ansible_play_hosts)) | first) | bool
|
||||||
|
}}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Compile a list of the services on a host based on whether
|
# Compile a list of the services on a host based on whether
|
||||||
@ -65,14 +69,14 @@ uwsgi_octavia_services: |-
|
|||||||
{{ services }}
|
{{ services }}
|
||||||
|
|
||||||
_octavia_legacy_policies:
|
_octavia_legacy_policies:
|
||||||
"context_is_admin": "role:admin or role:load-balancer_admin"
|
"context_is_admin": "role:admin or role:load-balancer_admin"
|
||||||
"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
|
"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
|
||||||
"load-balancer:read": "rule:admin_or_owner"
|
"load-balancer:read": "rule:admin_or_owner"
|
||||||
"load-balancer:read-global": "is_admin:True"
|
"load-balancer:read-global": "is_admin:True"
|
||||||
"load-balancer:write": "rule:admin_or_owner"
|
"load-balancer:write": "rule:admin_or_owner"
|
||||||
"load-balancer:read-quota": "rule:admin_or_owner"
|
"load-balancer:read-quota": "rule:admin_or_owner"
|
||||||
"load-balancer:read-quota-global": "is_admin:True"
|
"load-balancer:read-quota-global": "is_admin:True"
|
||||||
"load-balancer:write-quota": "is_admin:True"
|
"load-balancer:write-quota": "is_admin:True"
|
||||||
|
|
||||||
_octavia_jobboard_driver_map:
|
_octavia_jobboard_driver_map:
|
||||||
zookeeper: zookeeper_taskflow_driver
|
zookeeper: zookeeper_taskflow_driver
|
||||||
|
Loading…
Reference in New Issue
Block a user