Deploy Openstack-Trove (DBaaS)

This commit allows the deployer to create 3 containers to run Trove-API, Trove-Conductor and Trove-Taskmanager. Change-Id: If93330d48f53745d45af351b9de9a4a733af943a
2016-08-30 14:15:51 +02:00 · 2016-08-30 14:15:51 +02:00 · 3455ec7579
commit 3455ec7579
parent 45d876d06e
24 changed files with 347 additions and 562 deletions
--- a/.gitignore
+++ b/.gitignore
@ -62,5 +62,5 @@ releasenotes/build
 # Test temp files
 tests/plugins
-# Vagrant testing artifacts
+# Files created by vagrant testing
 .vagrant
--- a/8
+++ b/8
@ -1,8 +0,0 @@
 CHANGES
 =======
 * Add scaffolding for OpenStack-CI tests
 * Adding trove_extra_service_names and creating database on galera
 * Updates
 * Update
 * Initial Commit
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -17,6 +17,7 @@
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 trove_package_state: "latest"
 debug: false
 trove_system_group_name: trove
 trove_system_user_name: trove
 trove_system_user_comment: Trove System User
@ -28,7 +29,6 @@ trove_etc_directory: /etc/trove
 trove_api_program_name: trove-api
 trove_conductor_program_name: trove-conductor
 trove_taskmanager_program_name: trove-taskmanager
 trove_guestagent_program_name: trove-guestagent
 trove_service_name: trove
 trove_service_user_name: trove
@ -38,13 +38,25 @@ trove_service_project_name: service
 trove_service_role_names:
  - admin
 trove_service_region: RegionOne
 trove_service_host: "0.0.0.0"
 trove_service_port: 8779
 trove_service_publicuri_proto: http
-trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_bind_port }}"
+trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0"
 trove_service_internaluri_proto: http
-trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_bind_port }}"
+trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0"
 trove_service_adminuri_proto: http
-trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_bind_port }}"
+trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0"
 trove_auth_url: "{{ keystone_service_internalurl }}"
 trove_nova_compute_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_service_port }}/v2.1"
 trove_cinder_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}/v1"
 trove_swift_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_"
 trove_neutron_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}/"
 trove_profiler_enabled: false
 # If ``trove_api_workers`` is unset the system will use half the number of
 # available VCPUS to compute the number of api workers to use.
 # trove_api_workers: 16
 # trove_api_workers: 16
 # Name of the virtual env to deploy into
 trove_venv_tag: untagged
@ -83,28 +95,30 @@ trove_ssl_self_signed_regen: false
 trove_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
 # Database vars
 trove_galera_database_name: trove
 trove_galera_user: trove
 trove_galera_address: "{{ internal_lb_vip_address }}"
 trove_db_sync_options:
 trove_galera_connection_string: "mysql+pymysql://{{ trove_galera_user}}:{{ trove_galera_password }}@{{ trove_galera_address }}/{{ trove_galera_database_name }}?charset=utf8"
 # Rabbit vars
 trove_rpc_backend: rabbit
 trove_control_exchange: trove
 trove_rabbit_notification_topic: notification
 trove_rabbitmq_userid: trove
 trove_rabbitmq_vhost: /trove
 trove_rabbitmq_servers: 127.0.0.1
 trove_rabbitmq_use_ssl: False
 trove_rabbitmq_port: 5672
 trove_rabbitmq_servers: "{{ rabbitmq_servers }}"
 # Keystone AuthToken/Middleware
 trove_keystone_auth_plugin: password
 trove_service_project_domain_name: Default
 trove_service_user_domain_name: default
 trove_service_project_name: service
-#: List of extra programs/services owned by trove
+trove_conductor_service_name: "{{ trove_conductor_program_name }}"
-trove_extra_service_names:
+trove_taskmanager_service_name: "{{ trove_taskmanager_program_name }}"
  - "{{ trove_conductor_program_name }}"
  - "{{ trove_taskmanager_program_name }}"
 #Glance images
 trove_glance_images: []
@ -121,6 +135,7 @@ trove_pip_packages:
  - MySQL-python
  - PyMySQL
  - pexpect
  - pycrypto
  - trove
 # This variable is used by the repo_build process to determine
--- a/extras/haproxy_trove.yml
+++ b/extras/haproxy_trove.yml
@ -1,8 +1,8 @@
- - service:
+ - service:
-      haproxy_service_name: trove
+      haproxy_service_name: trove
-      haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}"
+      haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}"
-      haproxy_ssl: "{{ haproxy_ssl }}"
+      haproxy_ssl: "{{ haproxy_ssl }}"
-      haproxy_port: 8779
+      haproxy_port: 8779
-      haproxy_balance_type: http
+      haproxy_balance_type: http
-      haproxy_backend_options:
+      haproxy_backend_options:
-        - "httpchk HEAD /"
+        - "httpchk HEAD /"
--- a/extras/os-trove-install.yml
+++ b/extras/os-trove-install.yml
@ -59,5 +59,8 @@
      rsyslog_client_config_name: "99-trove-rsyslog-client.conf"
      tags:
        - "trove-rsyslog-client"
    - role: "system_crontab_coordination"
      tags:
        - "system-crontab-coordination"
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
--- a/extras/user_secrets.yml
+++ b/extras/user_secrets.yml
@ -0,0 +1,4 @@
 ---
 trove_galera_password:
 trove_rabbitmq_password:
 trove_service_password:
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,33 +1,38 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
-# trove_service_names should exclude the API if {{ trove_use_mod_wsgi }}
+# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - name: Restart trove API services
  service:
-    name: "{{ item }}"
+    name: "{{ trove_api_program_name }}"
    state: "restarted"
-    pattern: "{{ item }}"
+    pattern: "{{ trove_api_program_name }}"
  when: not trove_use_mod_wsgi | bool
  with_items: "{{ trove_api_program_name }}"
- name: Restart trove extra services
+- name: Restart trove conductor service
  service:
-    name: "{{ item }}"
+    name: "{{ trove_conductor_service_name }}"
    state: "restarted"
-    pattern: "{{ item }}"
+    pattern: "{{ trove_conductor_service_name }}"
-  with_items: "{{ trove_extra_service_names }}"
+
 - name: Restart trove taskmanager service
  service:
    name: "{{ trove_taskmanager_service_name }}"
    state: "restarted"
    pattern: "{{ trove_taskmanager_service_name }}"
 - name: Restart Apache
  service:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,18 +1,20 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - name: Gather variables for each operating system
  include_vars: "{{ item }}"
  with_first_found:
@ -54,12 +56,12 @@
    - trove-install
 - include: trove_service_setup.yml
-  when: inventory_hostname == groups['trove_all'][0]
+  when: inventory_hostname == groups['trove_api'][0]
  tags:
    - trove-install
 - include: trove_db_setup.yml
-  when: inventory_hostname == groups['trove_all'][0]
+  when: inventory_hostname == groups['trove_conductor'][0]
  tags:
    - trove-install
--- a/tasks/trove_db_setup.yml
+++ b/tasks/trove_db_setup.yml
@ -15,7 +15,6 @@
 #
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - name: Perform a trove DB sync
  command: "{{ trove_bin }}/trove-manage db_sync {{ trove_db_sync_options }}"
  become: yes
--- a/tasks/trove_init.yml
+++ b/tasks/trove_init.yml
@ -1,18 +1,20 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - include: trove_init_common.yml
  vars:
    program_name: "{{ trove_api_program_name }}"
@ -20,11 +22,22 @@
    system_user: "{{ trove_system_user_name }}"
    system_group: "{{ trove_system_group_name }}"
    service_home: "{{ trove_system_user_home }}"
  when: inventory_hostname in groups['trove_api']
 - include: trove_init_common.yml
  vars:
-    program_name: "{{ trove_metricd_program_name }}"
+    program_name: "{{ trove_conductor_program_name }}"
-    service_name: "{{ trove_service_name }}"
+    service_name: "{{ trove_conductor_service_name }}"
    system_user: "{{ trove_system_user_name }}"
    system_group: "{{ trove_system_group_name }}"
    service_home: "{{ trove_system_user_home }}"
  when: inventory_hostname in groups['trove_conductor']
 - include: trove_init_common.yml
  vars:
    program_name: "{{ trove_taskmanager_program_name }}"
    service_name: "{{ trove_taskmanager_service_name }}"
    system_user: "{{ trove_system_user_name }}"
    system_group: "{{ trove_system_group_name }}"
    service_home: "{{ trove_system_user_home }}"
  when: inventory_hostname in groups['trove_taskmanager']
--- a/tasks/trove_init_common.yml
+++ b/tasks/trove_init_common.yml
@ -1,18 +1,20 @@
 ---
-# Copyright 2016, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - include: trove_init_upstart.yml
  when: pid1_name == "init"
@ -25,5 +27,6 @@
   enabled: "yes"
  notify:
    - Restart trove API services
-    - Restart trove extra services
+    - Restart trove conductor service
    - Restart trove taskmanager service
    - Restart Apache
--- a/tasks/trove_init_systemd.yml
+++ b/tasks/trove_init_systemd.yml
@ -1,18 +1,20 @@
 ---
-# Copyright 2016, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - name: Create TEMP run dir
  file:
    path: "/var/run/{{ program_name }}"
@ -51,5 +53,6 @@
  when: systemd_init | changed
  notify:
    - Restart trove API services
-    - Restart trove extra services
+    - Restart trove conductor service
    - Restart trove taskmanager service
    - Restart Apache
--- a/tasks/trove_init_upstart.yml
+++ b/tasks/trove_init_upstart.yml
@ -1,18 +1,20 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - name: Place the init script
  template:
    src: "trove-upstart-init.j2"
@ -23,7 +25,8 @@
  register: upstart_init
  notify:
    - Restart trove API services
-    - Restart trove extra services
+    - Restart trove conductor service
    - Restart trove taskmanager service
    - Restart Apache
 - name: Reload init scripts
@ -32,5 +35,6 @@
  when: upstart_init | changed
  notify:
    - Restart trove API services
-    - Restart trove extra services
+    - Restart trove conductor service
    - Restart trove taskmanager service
    - Restart Apache
--- a/tasks/trove_install.yml
+++ b/tasks/trove_install.yml
@ -1,18 +1,20 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - include: trove_install_apt.yml
  when:
    - ansible_pkg_mgr == 'apt'
@ -119,7 +121,8 @@
    - trove_get_venv | changed or trove_venv_dir | changed
  notify:
    - Restart trove API services
-    - Restart trove extra services
+    - Restart trove conductor service
    - Restart trove taskmanager service
    - Restart Apache
 - name: Install pip packages
@ -137,7 +140,8 @@
    - trove_get_venv | failed or trove_developer_mode | bool
  notify:
    - Restart trove API services
-    - Restart trove extra services
+    - Restart trove conductor service
    - Restart trove taskmanager service
    - Restart Apache
 - name: Update virtualenv path
--- a/tasks/trove_install_apt.yml
+++ b/tasks/trove_install_apt.yml
@ -1,22 +1,23 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 #TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
 #when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
 #in 1.9.x or we move to 2.0 (if tested working)
 - name: Check apt last update file
  stat:
    path: /var/cache/apt
--- a/tasks/trove_post_install.yml
+++ b/tasks/trove_post_install.yml
@ -1,19 +1,21 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
- name: Drop trove Config(s)
+# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - name: Drop trove api Config(s)
  config_template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -31,18 +33,54 @@
      dest: "/etc/trove/trove.conf"
      config_overrides: "{{ trove_config_overrides }}"
      config_type: "ini"
  notify:
    - Restart Apache
    - Restart trove API services
  when: inventory_hostname in groups['trove_api']
 - name: Drop trove-conductor Config(s)
  config_template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ trove_system_user_name }}"
    group: "{{ trove_system_group_name }}"
    mode: "0644"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
  with_items:
    - src: "trove-api-paste.ini.j2"
      dest: "/etc/trove/api-paste.ini"
      config_overrides: "{{ trove_api_paste_ini_overrides }}"
      config_type: "ini"
    - src: "trove-conductor.conf.j2"
      dest: "/etc/trove/trove-conductor.conf"
      config_overrides: "{{ trove_conductor_config_overrides }}"
      config_type: "ini"
  notify:
    - Restart trove conductor service
  when: inventory_hostname in groups['trove_conductor']
 - name: Drop trove-taskmanager Config(s)
  config_template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ trove_system_user_name }}"
    group: "{{ trove_system_group_name }}"
    mode: "0644"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
  with_items:
    - src: "trove-api-paste.ini.j2"
      dest: "/etc/trove/api-paste.ini"
      config_overrides: "{{ trove_api_paste_ini_overrides }}"
      config_type: "ini"
    - src: "trove-taskmanager.conf.j2"
      dest: "/etc/trove/trove-taskmanager.conf"
      config_overrides: "{{ trove_taskmanager_config_overrides }}"
      config_type: "ini"
  notify:
-    - Restart Apache
+    - Restart trove taskmanager service
-    - Restart trove API services
+  when: inventory_hostname in groups['trove_taskmanager']
    - Restart trove extra services
 - name: Drop trove WSGI Configs
  template:
@ -51,6 +89,8 @@
    owner: "{{ trove_system_user_name }}"
    group: "{{ trove_system_group_name }}"
    mode: "0755"
-  when: trove_use_mod_wsgi | bool
+  when:
    - trove_use_mod_wsgi | bool
    - inventory_hostname in groups['trove_api']
  notify:
    - Restart Apache
--- a/tasks/trove_pre_install.yml
+++ b/tasks/trove_pre_install.yml
@ -1,18 +1,20 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - name: Create the system group
  group:
    name: "{{ trove_system_group_name }}"
@ -54,7 +56,9 @@
  with_items:
    - { path: "/var/www/cgi-bin", owner: root, group: root }
    - { path: "/var/www/cgi-bin/trove" }
-  when: trove_use_mod_wsgi | bool
+  when:
    - trove_use_mod_wsgi | bool
    - inventory_hostname in groups['trove_api']
 - name: Test for log directory or link
  shell: |
--- a/tasks/trove_service_setup.yml
+++ b/tasks/trove_service_setup.yml
@ -1,72 +1,62 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016 Internet Solutions (Pty) Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
-# Create a service
+# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
- name: Ensure trove service
+# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - name: Ensure the service for trove exists
  keystone:
    command: "ensure_service"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
    service_name: "{{ trove_service_name }}"
    service_type: "{{ trove_service_type }}"
    description: "{{ trove_service_description }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+  register: add_trove_service
-  register: add_service
+  until: add_trove_service |success
  until: add_service|success
  retries: 5
  delay: 2
  tags:
    - trove-api-setup
    - trove-service-add
    - trove-setup
-# Create the project if needed, assumed to be in default domain.
+- name: Ensure the trove user exists
 # In many cases this will be present but under some circumstances the project
 # may be unique to trove, esp. when Swift is used for storage.
 - name: Ensure trove project
  keystone:
    command: ensure_project
    project_name: "{{ trove_service_project_name }}"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    description: "{{ trove_service_project_description }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_project
  until: add_project|success
  retries: 5
  delay: 10
 # Create an admin user
 - name: Ensure trove user
  keystone:
    command: "ensure_user"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
    user_name: "{{ trove_service_user_name }}"
    tenant_name: "{{ trove_service_project_name }}"
    password: "{{ trove_service_password }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+  register: add_trove_user
-  register: add_user
+  until: add_trove_user |success
  until: add_user|success
  retries: 5
-  delay: 10
+  delay: 2
  tags:
    - trove-api-setup
    - trove-service-add
    - trove-user-add
    - trove-setup
-# Add a role to the user
+- name: Ensure the trove user has the admin role
 - name: Ensure trove user maps to admin role
  keystone:
    command: "ensure_user_role"
    endpoint: "{{ keystone_service_adminurl }}"
@ -75,25 +65,25 @@
    login_project_name: "{{ keystone_admin_tenant_name }}"
    user_name: "{{ trove_service_user_name }}"
    tenant_name: "{{ trove_service_project_name }}"
-    role_name: "{{ trove_role_name }}"
+    role_name: "{{ item }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_admin_role
+  register: ensure_trove_roles
-  until: add_admin_role|success
+  until: ensure_trove_roles |success
  retries: 5
-  delay: 10
+  delay: 2
  with_items: "{{ trove_service_role_names }}"
-# Create an endpoint
+- name: Ensure the trove endpoint is registered
 - name: Ensure trove endpoint
  keystone:
    command: "ensure_endpoint"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
    region_name: "{{ trove_service_region }}"
    service_name: "{{ trove_service_name }}"
    service_type: "{{ trove_service_type }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
    endpoint_list:
      - url: "{{ trove_service_publicurl }}"
        interface: "public"
@ -101,7 +91,7 @@
        interface: "internal"
      - url: "{{ trove_service_adminurl }}"
        interface: "admin"
-  register: add_endpoint
+  register: add_trove_endpoints
-  until: add_endpoint|success
+  until: add_trove_endpoints |success
  retries: 5
-  delay: 10
+  delay: 2
--- a/templates/trove-conductor.conf.j2
+++ b/templates/trove-conductor.conf.j2
@ -1,62 +1,20 @@
 #{{ ansible_managed }}
 # Do not edit this file manually, your changes will be overwritten.
 [DEFAULT]
-verbose = True
+debug = {{ debug }}
-debug = True
+trove_auth_url = {{ trove_auth_url }}
 trove_auth_url = http://0.0.0.0:5000/v2.0
 # The manager class to use for conductor. (string value)
 conductor_manager = trove.conductor.manager.Manager
-
+rpc_backend={{ trove_rpc_backend }}
-#===================== RPC Configuration =================================
+transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
-
+control_exchange = {{ trove_control_exchange }}
 # URL representing the messaging driver to use and its full configuration.
 # If not set, we fall back to the 'rpc_backend' option and driver specific
 # configuration.
 #transport_url=<None>
 # The messaging driver to use. Options include rabbit, qpid and zmq.
 # Default is rabbit. (string value)
 #rpc_backend=rabbit
 # The default exchange under which topics are scoped. May be
 # overridden by an exchange name specified in the 'transport_url option.
 control_exchange = trove
 [profiler]
-# If False fully disable profiling feature.
+enabled = {{ trove_profiler_enabled }}
 #enabled = False
 # If False doesn't trace SQL requests.
 #trace_sqlalchemy = True
 [database]
-connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove
+connection = "{{ trove_galera_connection_string }}"
 [oslo_messaging_rabbit]
-# The RabbitMQ broker address where a single node is used. (string value)
+rabbit_use_ssl={{ trove_rabbitmq_use_ssl }}
 # Deprecated group/name - [DEFAULT]/rabbit_host
 #rabbit_host=localhost
 # The RabbitMQ broker port where a single node is used. (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_port
 #rabbit_port=5672
 # RabbitMQ HA cluster host:port pairs. (list value)
 # Deprecated group/name - [DEFAULT]/rabbit_hosts
 #rabbit_hosts=$rabbit_host:$rabbit_port
 # Connect over SSL for RabbitMQ. (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
 #rabbit_use_ssl=false
 # The RabbitMQ userid. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_userid
 #rabbit_userid=guest
 # The RabbitMQ password. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_password
 rabbit_password=f7999d1955c5014aa32c
 # The RabbitMQ virtual host. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_virtual_host
 #rabbit_virtual_host=/
--- a/templates/trove-taskmanager.conf.j2
+++ b/templates/trove-taskmanager.conf.j2
@ -1,85 +1,31 @@
 #{{ ansible_managed }}
 # Do not edit this file manually, your changes will be overwritten.
 [DEFAULT]
-# Show more verbose log output (sets INFO log level output)
+debug = {{ debug }}
 verbose = True
 # Show debugging output in logs (sets DEBUG log level output)
 debug = True
 # Update the service and instance statuses if the instances fails to become
 # active within the configured usage_timeout.
 # usage_timeout = 600
 # restore_usage_timeout = 36000
 update_status_on_fail = True
-
+rpc_backend={{ trove_rpc_backend }}
-#================= RPC Configuration ================================
+transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
-
+control_exchange = {{ trove_control_exchange }}
 # URL representing the messaging driver to use and its full configuration.
 # If not set, we fall back to the 'rpc_backend' option and driver specific
 # configuration.
 #transport_url=<None>
 # The messaging driver to use. Options include rabbit, qpid and zmq.
 # Default is rabbit. (string value)
 #rpc_backend=rabbit
 # The default exchange under which topics are scoped. May be
 # overridden by an exchange name specified in the 'transport_url option.
 control_exchange = trove
 #DB Api Implementation
 db_api_implementation = trove.db.sqlalchemy.api
-
+trove_auth_url = {{ trove_auth_url }}
-# Configuration options for talking to nova via the novaclient.
+nova_compute_url = {{ trove_nova_compute_url }}
-trove_auth_url = http://0.0.0.0:5000/v2.0
+cinder_url = {{ trove_cinder_url }}
-#nova_compute_url = http://localhost:8774/v2
+swift_url = {{ trove_swift_url }}
-#cinder_url = http://localhost:8776/v1
+neutron_url = {{ trove_neutron_url }}
-#swift_url = http://localhost:8080/v1/AUTH_
+os_region_name = {{ trove_service_region }}
-#neutron_url = http://localhost:9696/
+nova_compute_service_type = compute
-
+cinder_service_type = volumev2
-# nova_compute_url, cinder_url, swift_url, and heat_url can all be fetched
+swift_service_type = object-store
-# from Keystone. To fetch from Keystone, comment out nova_compute_url,
+heat_service_type = orchestration
-# cinder_url, swift_url, and heat_url and optionally uncomment the lines below.
+neutron_service_type = network
 # Region name of this node. Used when searching catalog. Default value is None.
 #os_region_name = RegionOne
 # Service type to use when searching catalog.
 #nova_compute_service_type = compute
 # Service type to use when searching catalog.
 #cinder_service_type = volumev2
 # Service type to use when searching catalog.
 #swift_service_type = object-store
 # Service type to use when searching catalog.
 #heat_service_type = orchestration
 # Service type to use when searching catalog.
 #neutron_service_type = network
 # Config options for enabling volume service
 trove_volume_support = True
 block_device_mapping = vdb
 device_path = /dev/vdb
 mount_point = /var/lib/mysql
 volume_time_out=30
 server_delete_time_out=480
 # Nova server boot options
 # sets the --config-drive argument when doing a nova boot
 # (controls how file injection is handled by nova)
 use_nova_server_config_drive = False
 # Configuration options for talking to nova via the novaclient.
 # These options are for an admin user in your keystone config.
 # It proxy's the token received from the user to send to nova via this admin users creds,
 # basically acting like the client via that proxy token.
 nova_proxy_admin_user = admin
 nova_proxy_admin_pass = 3de4922d8b6ac5a1aad9
 nova_proxy_admin_tenant_id =
 # Manager impl for the taskmanager
 taskmanager_manager=trove.taskmanager.manager.Manager
 # Manager sends Exists Notifications
 exists_notification_transformer = trove.extensions.mgmt.instances.models.NovaNotificationTransformer
 exists_notification_ticks = 30
 notification_service_id = mysql:2f3ff068-2bfb-4f70-9a9d-a6bb65bc084b
@ -115,46 +61,14 @@ agent_replication_snapshot_timeout = 36000
 # Whether to use nova's contrib api for create server with volume
 use_nova_server_volume = False
-# Config option for filtering the IP address that DNS uses
+network_label_regex = .*
 # For nova-network, set this to the appropriate network label defined in nova
 # For neutron, set this to .* since users can specify custom network labels
 # You can also optionally specify regex'es to match the actual IP addresses
 # ip_regex (white-list) is applied before black_list_regex in the filter chain
 network_label_regex = ^private$
 #ip_regex = ^(15.|123.)
 #black_list_regex = ^(10.0.0.)
 # Datastore templates
 template_path = /etc/trove/templates/
 # ============ Notification System configuration ===========================
 # Sets the notification driver used by oslo.messaging. Options include
 # messaging, messagingv2, log and routing. Default is 'noop'
 # notification_driver=noop
 # Topics used for OpenStack notifications, list value. Default is 'notifications'.
 # notification_topics=notifications
 # ============ Logging information =============================
 #log_dir = /integration/report
 #log_file = trove-taskmanager.log
 # ============ PyDev remote dubugging =============================
 # Enable or disable pydev remote debugging.
 # There are three values allowed: 'disabled', 'enabled' and 'auto'
 # If value is 'auto' tries to connect to remote debugger server,
 # but in case of error continue running with disabled debugging
 pydev_debug = disabled
 # remote debug server host and port options
 #pydev_debug_host = localhost
 #pydev_debug_port = 5678
 # path to pydevd library. It will be used if pydevd is absent in sys.path
 #pydev_path = <path>
 # ================= Guestagent related ========================
 #guest_config = /etc/trove/trove-guestagent.conf
 # Use 'guest_info = /etc/guest_info' for pre-Kilo compatibility
@ -164,72 +78,23 @@ pydev_debug = disabled
 #cloudinit_location = /etc/trove/cloudinit
 [database]
-
+connection = "{{ trove_galera_connection_string }}"
 # SQLAlchemy connection string for the reference implementation
 # registry server. Any valid SQLAlchemy connection string is fine.
 # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
 connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove
 # connection = mysql://root:root@localhost/trove
 # Period in seconds after which SQLAlchemy should reestablish its connection
 # to the database.
 #
 # MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
 # idle connections. This can result in 'MySQL Gone Away' exceptions. If you
 # notice this, you can lower this value to ensure that SQLAlchemy reconnects
 # before MySQL can drop the connection.
 idle_timeout = 3600
 # ================= Security groups related ========================
 # Each future datastore implementation should implement
 # its own oslo group with defined in it:
 # - tcp_ports; upd_ports;
 [profiler]
-# If False fully disable profiling feature.
+enabled = {{ trove_profiler_enabled }}
 #enabled = False
 # If False doesn't trace SQL requests.
 #trace_sqlalchemy = True
 [oslo_messaging_rabbit]
-# The RabbitMQ broker address where a single node is used. (string value)
+rabbit_use_ssl={{ trove_rabbitmq_use_ssl }}
 # Deprecated group/name - [DEFAULT]/rabbit_host
 #rabbit_host=localhost
 # The RabbitMQ broker port where a single node is used. (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_port
 #rabbit_port=5672
 # RabbitMQ HA cluster host:port pairs. (list value)
 # Deprecated group/name - [DEFAULT]/rabbit_hosts
 #rabbit_hosts=$rabbit_host:$rabbit_port
 # Connect over SSL for RabbitMQ. (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
 #rabbit_use_ssl=false
 # The RabbitMQ userid. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_userid
 #rabbit_userid=guest
 # The RabbitMQ password. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_password
 rabbit_password=f7999d1955c5014aa32c
 # The RabbitMQ virtual host. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_virtual_host
 #rabbit_virtual_host=/
 [mysql]
 # Format (single port or port range): A, B-C
 # where C greater than B
 tcp_ports = 3306
 volume_support = True
 device_path = /dev/vdb
 [redis]
 # Format (single port or port range): A, B-C
 # where C greater than B
 tcp_ports = 6379
 # redis uses local storage
 volume_support = False
--- a/templates/trove.conf.j2
+++ b/templates/trove.conf.j2
@ -1,87 +1,26 @@
 # {{ ansible_managed }}
 {% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
 {% set api_threads = _api_threads if _api_threads > 0 else 1 %}
 [DEFAULT]
-# Show more verbose log output (sets INFO log level output)
+debug = {{ debug }}
-verbose = True
+bind_host = {{ trove_service_host }}
-
+bind_port = {{ trove_service_port }}
-# Show debugging output in logs (sets DEBUG log level output)
+trove_api_workers={{ trove_api_workers | default(api_threads) }}
-debug = False
+rpc_backend={{ trove_rpc_backend }}
-
+transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
-# Address to bind the API server
+control_exchange = {{ trove_control_exchange }}
 bind_host = 0.0.0.0
 # Port the bind the API server to
 bind_port = 8779
 # Number of workers for the API service. The default will
 # be the number of CPUs available. (integer value)
 #trove_api_workers=None
 #===================== RPC Configuration =================================
 # URL representing the messaging driver to use and its full configuration.
 # If not set, we fall back to the 'rpc_backend' option and driver specific
 # configuration.
 #transport_url=<None>
 # The messaging driver to use. Options include rabbit, qpid and zmq.
 # Default is rabbit. (string value)
 #rpc_backend=rabbit
 # The default exchange under which topics are scoped. May be
 # overridden by an exchange name specified in the 'transport_url option.
 control_exchange = trove
 # Maximum line size of message headers to be accepted.
 # max_header_line may need to be increased when using large tokens
 # (typically those generated by the Keystone v3 API with big service
 # catalogs)
 # max_header_line = 16384
 #DB Api Implementation
 db_api_implementation = "trove.db.sqlalchemy.api"
-
+trove_auth_url = {{ trove_auth_url }}
-# Configuration options for talking to nova via the novaclient.
+os_region_name = {{ trove_service_region }}
-trove_auth_url = http://0.0.0.0:5000/v2.0
+network_label_regex = .*
 #nova_compute_url = http://localhost:8774/v2
 #cinder_url = http://localhost:8776/v1
 #swift_url = http://localhost:8080/v1/AUTH_
 #neutron_url = http://localhost:9696/
 # nova_compute_url, cinder_url, swift_url, and heat_url can all be fetched
 # from Keystone. To fetch from Keystone, comment out nova_compute_url,
 # cinder_url, swift_url, and heat_url and optionally uncomment the lines below.
 # Region name of this node. Used when searching catalog. Default value is None.
 #os_region_name = RegionOne
 # Service type to use when searching catalog.
 #nova_compute_service_type = compute
 # Service type to use when searching catalog.
 #cinder_service_type = volumev2
 # Service type to use when searching catalog.
 #swift_service_type = object-store
 # Service type to use when searching catalog.
 #heat_service_type = orchestration
 # Service type to use when searching catalog.
 #neutron_service_type = network
 # Config option for showing the IP address that nova doles out
 # For nova-network, set this to the appropriate network label defined in nova
 # For neutron, set this to .* since users can specify custom network labels
 # You can also optionally specify regex'es to match the actual IP addresses
 # ip_regex (white-list) is applied before black_list_regex in the filter chain
 network_label_regex = ^private$
 #network_label_regex = .* //with neutron enabled
 #ip_regex = ^(15.|123.)
 #black_list_regex = ^10.0.0.
 # Config options for enabling volume service
 trove_volume_support = True
 block_device_mapping = vdb
 device_path = /dev/vdb
 # Maximum volume size for an instance
 max_accepted_volume_size = 10
 max_instances_per_tenant = 5
 # Maximum volume capacity (in GB) spanning across all trove volumes per tenant
 max_volumes_per_tenant = 100
 max_backups_per_tenant = 5
 volume_time_out=30
@ -111,7 +50,6 @@ dns_service_type = dns
 network_driver = trove.network.nova.NovaNetwork
 default_neutron_networks =
 # Taskmanager queue name
 taskmanager_queue = taskmanager
@ -129,51 +67,12 @@ reboot_time_out = 60
 # Trove api-paste file name
 api_paste_config = api-paste.ini
 # ============ Notification System configuration ===========================
 # Sets the notification driver used by oslo.messaging. Options include
 # messaging, messagingv2, log and routing. Default is 'noop'
 # notification_driver=noop
 # Topics used for OpenStack notifications, list value. Default is 'notifications'.
 # notification_topics=notifications
 # ============ Logging information =============================
 #log_dir = /integration/report
 #log_file = trove-api.log
 [database]
-
+connection = "{{ trove_galera_connection_string }}"
 # SQLAlchemy connection string for the reference implementation
 # registry server. Any valid SQLAlchemy connection string is fine.
 # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
 # connection = sqlite:///trove_test.sqlite
 connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove
 #connection = postgresql://trove:trove@localhost/trove
 # Period in seconds after which SQLAlchemy should reestablish its connection
 # to the database.
 #
 # MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
 # idle connections. This can result in 'MySQL Gone Away' exceptions. If you
 # notice this, you can lower this value to ensure that SQLAlchemy reconnects
 # before MySQL can drop the connection.
 idle_timeout = 3600
 # ============ SSL configuration (and enablement) =============================
 # In order to enable SSL for the trove api server, uncomment
 # the cert_file and key_file - and of course have those files
 # accessible. The existence of those setting and files will
 # enable SSL.
 [profiler]
-# If False fully disable profiling feature.
+enabled = {{ trove_profiler_enabled }}
 #enabled = False
 # If False doesn't trace SQL requests.
 #trace_sqlalchemy = True
 [ssl]
@ -184,38 +83,10 @@ idle_timeout = 3600
 #ca_file = /path/to/ca_file
 [oslo_messaging_rabbit]
-# The RabbitMQ broker address where a single node is used. (string value)
+rabbit_use_ssl={{ trove_rabbitmq_use_ssl }}
 # Deprecated group/name - [DEFAULT]/rabbit_host
 #rabbit_host=localhost
 # The RabbitMQ broker port where a single node is used. (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_port
 #rabbit_port=5672
 # RabbitMQ HA cluster host:port pairs. (list value)
 # Deprecated group/name - [DEFAULT]/rabbit_hosts
 #rabbit_hosts=$rabbit_host:$rabbit_port
 # Connect over SSL for RabbitMQ. (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
 #rabbit_use_ssl=false
 # The RabbitMQ userid. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_userid
 #rabbit_userid=guest
 # The RabbitMQ password. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_password
 rabbit_password=f7999d1955c5014aa32c
 # The RabbitMQ virtual host. (string value)
 # Deprecated group/name - [DEFAULT]/rabbit_virtual_host
 #rabbit_virtual_host=/
 [mysql]
 root_on_create = False
 # Format (single port or port range): A, B-C
 # where C greater than B
 tcp_ports = 3306
 volume_support = True
 device_path = /dev/vdb
@ -224,7 +95,6 @@ device_path = /dev/vdb
 ignore_users = os_admin, root
 ignore_dbs = mysql, information_schema, performance_schema
 [redis]
 tcp_ports = 6379
 #redis uses local storage
@ -256,61 +126,3 @@ device_path = /dev/vdb
 cluster_support = True
 cluster_member_count = 3
 api_strategy = trove.common.strategies.cluster.experimental.vertica.api.VerticaAPIStrategy
 # ============ CORS configuration =============================
 [cors]
 #
 # From oslo.middleware.cors
 #
 # Indicate whether this resource may be shared with the domain received in the
 # requests "origin" header. (list value)
 #allowed_origin = <None>
 # Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
 #expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
 # Indicate which header field names may be used during the actual request.
 # (list value)
 #allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
 [cors.subdomain]
 #
 # From oslo.middleware.cors
 #
 # Indicate whether this resource may be shared with the domain received in the
 # requests "origin" header. (list value)
 #allowed_origin = <None>
 # Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
 #expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
 # Indicate which header field names may be used during the actual request.
 # (list value)
 #allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
--- a/tests/test-prepare-keys.yml
+++ b/tests/test-prepare-keys.yml
@ -13,21 +13,94 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # NOTE: we use become_user because setting become: no or become: false
 #       doesn't seem to override the ansible_become=true in the
 #       inventory
 - name: Playbook for establishing ssh keys
  hosts: localhost
-  become_user: "{{ ansible_ssh_user }}"
+  connection: local
-  pre_tasks:
+  gather_facts: false
  become: true
  tasks:
    - name: Ensure root has a .ssh directory
      file:
        path: /root/.ssh
        state: directory
        owner: root
        group: root
        mode: 0700
    - name: Create ssh key pair for root
      user:
-        name: "{{ ansible_ssh_user }}"
+        name: root
-        generate_ssh_key: "yes"
+        generate_ssh_key: yes
        ssh_key_bits: 2048
-        ssh_key_file: ".ssh/id_rsa"
+        ssh_key_file: /root/.ssh/id_rsa
-    - name: Get the calling user's key
+
-      command: cat ~/.ssh/id_rsa.pub
+    - name: Get root private key
-      register: key_get
+      command: cat /root/.ssh/id_rsa
-    - set_fact:
+      register: private_key_get
-        lxc_container_ssh_key: "{{ key_get.stdout }}"
+      changed_when: false
    - name: Get root public key
      command: cat /root/.ssh/id_rsa.pub
      register: public_key_get
      changed_when: false
    - name: Set key facts
      set_fact:
        root_public_key: "{{ public_key_get.stdout }}"
        root_private_key: "{{ private_key_get.stdout }}"
        lxc_container_ssh_key: "{{ public_key_get.stdout }}"
    - name: Ensure root can ssh to localhost
      authorized_key:
        user: "root"
        key: "{{ root_public_key }}"
 - name: Playbook for establishing user ssh keys
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tasks:
    # Shell used because facts may not be ready yet
    - name: Get user home directory
      shell: "getent passwd '{{ ansible_ssh_user }}' | cut -d':' -f6"
      register: user_home
      changed_when: false
    - name: Set local user home fact
      set_fact:
        calling_user_home: "{{ user_home.stdout }}"
    - name: Ensure user has a .ssh directory
      file:
        path: "{{ calling_user_home }}/.ssh"
        state: directory
        owner: "{{ ansible_ssh_user }}"
        group: "{{ ansible_ssh_user }}"
        mode: 0700
      when: ansible_ssh_user != 'root'
    - name: Ensure user has the known private key
      copy:
        content: "{{ root_private_key }}"
        dest: "{{ calling_user_home }}/.ssh/id_rsa"
        owner: "{{ ansible_ssh_user }}"
        group: "{{ ansible_ssh_user }}"
        mode: "0600"
      when: ansible_ssh_user != 'root'
    - name: Ensure user has the known public key
      copy:
        content: "{{ root_public_key }}"
        dest: "{{ calling_user_home }}/.ssh/id_rsa.pub"
        owner: "{{ ansible_ssh_user }}"
        group: "{{ ansible_ssh_user }}"
        mode: "0600"
      when: ansible_ssh_user != 'root'
    - name: Ensure local user can ssh to localhost
      authorized_key:
        user: "{{ ansible_ssh_user }}"
        key: "{{ root_public_key }}"
      when: ansible_ssh_user != 'root'
--- a/tests/test-vars.yml
+++ b/tests/test-vars.yml
@ -72,6 +72,10 @@ trove_venv_tag: "testing"
 openrc_os_auth_url: "http://127.0.0.1:5000/v3"
 openrc_os_domain_name: "Default"
 openrc_os_password: "{{ keystone_auth_admin_password }}"
 neutron_service_port: 9696
 swift_proxy_port: 8080
 cinder_service_port: 8776
 nova_service_port: 8774
 rabbitmq_port: 5672
 rabbitmq_servers: 10.100.102.101
--- a/tox.ini
+++ b/tox.ini
@ -94,7 +94,7 @@ commands =
 [testenv:ansible]
 deps =
    {[testenv]deps}
-    ansible==2.1.1.0
+    ansible==1.9.4
    ansible-lint>=2.7.0,<3.0.0
 setenv =
    {[testenv]setenv}
@ -161,23 +161,14 @@ deps =
 setenv =
    {[testenv:ansible]setenv}
 commands =
-    echo -e "\n *******************************************************\n" \
+    {[testenv:ansible]commands}
-            "**** Functional Testing is still to be implemented ****\n" \
+    ansible-playbook -i {toxinidir}/tests/inventory \
-            "**** TODO: Write tests here                        ****\n" \
+                     -e "rolename={toxinidir}" \
-            "*******************************************************\n"
+                     -e "install_test_packages=True" \
-    # As a temporary measure, while functional testing is being worked on, we
+                     {toxinidir}/tests/test.yml -vvvv
    # will not execute the functional test. This allows other patches to be
    # worked on while the functional testing is being worked out.
    #{[testenv:ansible]commands}
    #ansible-playbook -i {toxinidir}/tests/inventory \
    #                 -e "rolename={toxinidir}" \
    #                 -e "install_test_packages=True" \
    #                 {toxinidir}/tests/test.yml -vvvv
    bash -c 'mkdir -p {toxinidir}/logs'
    bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
 [testenv:linters]
 deps =
    {[testenv:ansible]deps}