Deploy Openstack-Trove (DBaaS)
This commit allows the deployer to create 3 containers to run Trove-API, Trove-Conductor and Trove-Taskmanager. Change-Id: If93330d48f53745d45af351b9de9a4a733af943a
This commit is contained in:
parent
45d876d06e
commit
3455ec7579
2
.gitignore
vendored
2
.gitignore
vendored
@ -62,5 +62,5 @@ releasenotes/build
|
||||
# Test temp files
|
||||
tests/plugins
|
||||
|
||||
# Vagrant testing artifacts
|
||||
# Files created by vagrant testing
|
||||
.vagrant
|
||||
|
@ -1,8 +0,0 @@
|
||||
CHANGES
|
||||
=======
|
||||
|
||||
* Add scaffolding for OpenStack-CI tests
|
||||
* Adding trove_extra_service_names and creating database on galera
|
||||
* Updates
|
||||
* Update
|
||||
* Initial Commit
|
@ -17,6 +17,7 @@
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
trove_package_state: "latest"
|
||||
|
||||
debug: false
|
||||
trove_system_group_name: trove
|
||||
trove_system_user_name: trove
|
||||
trove_system_user_comment: Trove System User
|
||||
@ -28,7 +29,6 @@ trove_etc_directory: /etc/trove
|
||||
trove_api_program_name: trove-api
|
||||
trove_conductor_program_name: trove-conductor
|
||||
trove_taskmanager_program_name: trove-taskmanager
|
||||
trove_guestagent_program_name: trove-guestagent
|
||||
|
||||
trove_service_name: trove
|
||||
trove_service_user_name: trove
|
||||
@ -38,13 +38,25 @@ trove_service_project_name: service
|
||||
trove_service_role_names:
|
||||
- admin
|
||||
trove_service_region: RegionOne
|
||||
trove_service_host: "0.0.0.0"
|
||||
trove_service_port: 8779
|
||||
trove_service_publicuri_proto: http
|
||||
trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_bind_port }}"
|
||||
trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0"
|
||||
trove_service_internaluri_proto: http
|
||||
trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_bind_port }}"
|
||||
trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0"
|
||||
trove_service_adminuri_proto: http
|
||||
trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_bind_port }}"
|
||||
trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0"
|
||||
trove_auth_url: "{{ keystone_service_internalurl }}"
|
||||
trove_nova_compute_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_service_port }}/v2.1"
|
||||
trove_cinder_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}/v1"
|
||||
trove_swift_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_"
|
||||
trove_neutron_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}/"
|
||||
trove_profiler_enabled: false
|
||||
|
||||
# If ``trove_api_workers`` is unset the system will use half the number of
|
||||
# available VCPUS to compute the number of api workers to use.
|
||||
# trove_api_workers: 16
|
||||
# trove_api_workers: 16
|
||||
|
||||
# Name of the virtual env to deploy into
|
||||
trove_venv_tag: untagged
|
||||
@ -83,28 +95,30 @@ trove_ssl_self_signed_regen: false
|
||||
trove_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
|
||||
|
||||
# Database vars
|
||||
|
||||
trove_galera_database_name: trove
|
||||
trove_galera_user: trove
|
||||
trove_galera_address: "{{ internal_lb_vip_address }}"
|
||||
trove_db_sync_options:
|
||||
trove_galera_connection_string: "mysql+pymysql://{{ trove_galera_user}}:{{ trove_galera_password }}@{{ trove_galera_address }}/{{ trove_galera_database_name }}?charset=utf8"
|
||||
|
||||
# Rabbit vars
|
||||
trove_rpc_backend: rabbit
|
||||
trove_control_exchange: trove
|
||||
trove_rabbit_notification_topic: notification
|
||||
trove_rabbitmq_userid: trove
|
||||
trove_rabbitmq_vhost: /trove
|
||||
trove_rabbitmq_servers: 127.0.0.1
|
||||
trove_rabbitmq_use_ssl: False
|
||||
trove_rabbitmq_port: 5672
|
||||
trove_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||
|
||||
# Keystone AuthToken/Middleware
|
||||
trove_keystone_auth_plugin: password
|
||||
trove_service_project_domain_name: Default
|
||||
trove_service_user_domain_name: default
|
||||
trove_service_project_name: service
|
||||
|
||||
#: List of extra programs/services owned by trove
|
||||
trove_extra_service_names:
|
||||
- "{{ trove_conductor_program_name }}"
|
||||
- "{{ trove_taskmanager_program_name }}"
|
||||
trove_conductor_service_name: "{{ trove_conductor_program_name }}"
|
||||
trove_taskmanager_service_name: "{{ trove_taskmanager_program_name }}"
|
||||
|
||||
#Glance images
|
||||
trove_glance_images: []
|
||||
@ -121,6 +135,7 @@ trove_pip_packages:
|
||||
- MySQL-python
|
||||
- PyMySQL
|
||||
- pexpect
|
||||
- pycrypto
|
||||
- trove
|
||||
|
||||
# This variable is used by the repo_build process to determine
|
||||
|
@ -59,5 +59,8 @@
|
||||
rsyslog_client_config_name: "99-trove-rsyslog-client.conf"
|
||||
tags:
|
||||
- "trove-rsyslog-client"
|
||||
- role: "system_crontab_coordination"
|
||||
tags:
|
||||
- "system-crontab-coordination"
|
||||
vars:
|
||||
is_metal: "{{ properties.is_metal|default(false) }}"
|
||||
|
4
extras/user_secrets.yml
Executable file
4
extras/user_secrets.yml
Executable file
@ -0,0 +1,4 @@
|
||||
---
|
||||
trove_galera_password:
|
||||
trove_rabbitmq_password:
|
||||
trove_service_password:
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,22 +12,27 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# trove_service_names should exclude the API if {{ trove_use_mod_wsgi }}
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- name: Restart trove API services
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
name: "{{ trove_api_program_name }}"
|
||||
state: "restarted"
|
||||
pattern: "{{ item }}"
|
||||
pattern: "{{ trove_api_program_name }}"
|
||||
when: not trove_use_mod_wsgi | bool
|
||||
with_items: "{{ trove_api_program_name }}"
|
||||
|
||||
- name: Restart trove extra services
|
||||
- name: Restart trove conductor service
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
name: "{{ trove_conductor_service_name }}"
|
||||
state: "restarted"
|
||||
pattern: "{{ item }}"
|
||||
with_items: "{{ trove_extra_service_names }}"
|
||||
pattern: "{{ trove_conductor_service_name }}"
|
||||
|
||||
- name: Restart trove taskmanager service
|
||||
service:
|
||||
name: "{{ trove_taskmanager_service_name }}"
|
||||
state: "restarted"
|
||||
pattern: "{{ trove_taskmanager_service_name }}"
|
||||
|
||||
- name: Restart Apache
|
||||
service:
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,7 +12,9 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- name: Gather variables for each operating system
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
@ -54,12 +56,12 @@
|
||||
- trove-install
|
||||
|
||||
- include: trove_service_setup.yml
|
||||
when: inventory_hostname == groups['trove_all'][0]
|
||||
when: inventory_hostname == groups['trove_api'][0]
|
||||
tags:
|
||||
- trove-install
|
||||
|
||||
- include: trove_db_setup.yml
|
||||
when: inventory_hostname == groups['trove_all'][0]
|
||||
when: inventory_hostname == groups['trove_conductor'][0]
|
||||
tags:
|
||||
- trove-install
|
||||
|
||||
|
@ -15,7 +15,6 @@
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
|
||||
- name: Perform a trove DB sync
|
||||
command: "{{ trove_bin }}/trove-manage db_sync {{ trove_db_sync_options }}"
|
||||
become: yes
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,7 +12,9 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- include: trove_init_common.yml
|
||||
vars:
|
||||
program_name: "{{ trove_api_program_name }}"
|
||||
@ -20,11 +22,22 @@
|
||||
system_user: "{{ trove_system_user_name }}"
|
||||
system_group: "{{ trove_system_group_name }}"
|
||||
service_home: "{{ trove_system_user_home }}"
|
||||
when: inventory_hostname in groups['trove_api']
|
||||
|
||||
- include: trove_init_common.yml
|
||||
vars:
|
||||
program_name: "{{ trove_metricd_program_name }}"
|
||||
service_name: "{{ trove_service_name }}"
|
||||
program_name: "{{ trove_conductor_program_name }}"
|
||||
service_name: "{{ trove_conductor_service_name }}"
|
||||
system_user: "{{ trove_system_user_name }}"
|
||||
system_group: "{{ trove_system_group_name }}"
|
||||
service_home: "{{ trove_system_user_home }}"
|
||||
when: inventory_hostname in groups['trove_conductor']
|
||||
|
||||
- include: trove_init_common.yml
|
||||
vars:
|
||||
program_name: "{{ trove_taskmanager_program_name }}"
|
||||
service_name: "{{ trove_taskmanager_service_name }}"
|
||||
system_user: "{{ trove_system_user_name }}"
|
||||
system_group: "{{ trove_system_group_name }}"
|
||||
service_home: "{{ trove_system_user_home }}"
|
||||
when: inventory_hostname in groups['trove_taskmanager']
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,7 +12,9 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- include: trove_init_upstart.yml
|
||||
when: pid1_name == "init"
|
||||
|
||||
@ -25,5 +27,6 @@
|
||||
enabled: "yes"
|
||||
notify:
|
||||
- Restart trove API services
|
||||
- Restart trove extra services
|
||||
- Restart trove conductor service
|
||||
- Restart trove taskmanager service
|
||||
- Restart Apache
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,7 +12,9 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- name: Create TEMP run dir
|
||||
file:
|
||||
path: "/var/run/{{ program_name }}"
|
||||
@ -51,5 +53,6 @@
|
||||
when: systemd_init | changed
|
||||
notify:
|
||||
- Restart trove API services
|
||||
- Restart trove extra services
|
||||
- Restart trove conductor service
|
||||
- Restart trove taskmanager service
|
||||
- Restart Apache
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,7 +12,9 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- name: Place the init script
|
||||
template:
|
||||
src: "trove-upstart-init.j2"
|
||||
@ -23,7 +25,8 @@
|
||||
register: upstart_init
|
||||
notify:
|
||||
- Restart trove API services
|
||||
- Restart trove extra services
|
||||
- Restart trove conductor service
|
||||
- Restart trove taskmanager service
|
||||
- Restart Apache
|
||||
|
||||
- name: Reload init scripts
|
||||
@ -32,5 +35,6 @@
|
||||
when: upstart_init | changed
|
||||
notify:
|
||||
- Restart trove API services
|
||||
- Restart trove extra services
|
||||
- Restart trove conductor service
|
||||
- Restart trove taskmanager service
|
||||
- Restart Apache
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,7 +12,9 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- include: trove_install_apt.yml
|
||||
when:
|
||||
- ansible_pkg_mgr == 'apt'
|
||||
@ -119,7 +121,8 @@
|
||||
- trove_get_venv | changed or trove_venv_dir | changed
|
||||
notify:
|
||||
- Restart trove API services
|
||||
- Restart trove extra services
|
||||
- Restart trove conductor service
|
||||
- Restart trove taskmanager service
|
||||
- Restart Apache
|
||||
|
||||
- name: Install pip packages
|
||||
@ -137,7 +140,8 @@
|
||||
- trove_get_venv | failed or trove_developer_mode | bool
|
||||
notify:
|
||||
- Restart trove API services
|
||||
- Restart trove extra services
|
||||
- Restart trove conductor service
|
||||
- Restart trove taskmanager service
|
||||
- Restart Apache
|
||||
|
||||
- name: Update virtualenv path
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,11 +12,12 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
|
||||
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
|
||||
#in 1.9.x or we move to 2.0 (if tested working)
|
||||
|
||||
- name: Check apt last update file
|
||||
stat:
|
||||
path: /var/cache/apt
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,8 +12,10 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Drop trove Config(s)
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- name: Drop trove api Config(s)
|
||||
config_template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
@ -31,18 +33,54 @@
|
||||
dest: "/etc/trove/trove.conf"
|
||||
config_overrides: "{{ trove_config_overrides }}"
|
||||
config_type: "ini"
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart trove API services
|
||||
when: inventory_hostname in groups['trove_api']
|
||||
|
||||
- name: Drop trove-conductor Config(s)
|
||||
config_template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ trove_system_user_name }}"
|
||||
group: "{{ trove_system_group_name }}"
|
||||
mode: "0644"
|
||||
config_overrides: "{{ item.config_overrides }}"
|
||||
config_type: "{{ item.config_type }}"
|
||||
with_items:
|
||||
- src: "trove-api-paste.ini.j2"
|
||||
dest: "/etc/trove/api-paste.ini"
|
||||
config_overrides: "{{ trove_api_paste_ini_overrides }}"
|
||||
config_type: "ini"
|
||||
- src: "trove-conductor.conf.j2"
|
||||
dest: "/etc/trove/trove-conductor.conf"
|
||||
config_overrides: "{{ trove_conductor_config_overrides }}"
|
||||
config_type: "ini"
|
||||
notify:
|
||||
- Restart trove conductor service
|
||||
when: inventory_hostname in groups['trove_conductor']
|
||||
|
||||
- name: Drop trove-taskmanager Config(s)
|
||||
config_template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ trove_system_user_name }}"
|
||||
group: "{{ trove_system_group_name }}"
|
||||
mode: "0644"
|
||||
config_overrides: "{{ item.config_overrides }}"
|
||||
config_type: "{{ item.config_type }}"
|
||||
with_items:
|
||||
- src: "trove-api-paste.ini.j2"
|
||||
dest: "/etc/trove/api-paste.ini"
|
||||
config_overrides: "{{ trove_api_paste_ini_overrides }}"
|
||||
config_type: "ini"
|
||||
- src: "trove-taskmanager.conf.j2"
|
||||
dest: "/etc/trove/trove-taskmanager.conf"
|
||||
config_overrides: "{{ trove_taskmanager_config_overrides }}"
|
||||
config_type: "ini"
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart trove API services
|
||||
- Restart trove extra services
|
||||
- Restart trove taskmanager service
|
||||
when: inventory_hostname in groups['trove_taskmanager']
|
||||
|
||||
- name: Drop trove WSGI Configs
|
||||
template:
|
||||
@ -51,6 +89,8 @@
|
||||
owner: "{{ trove_system_user_name }}"
|
||||
group: "{{ trove_system_group_name }}"
|
||||
mode: "0755"
|
||||
when: trove_use_mod_wsgi | bool
|
||||
when:
|
||||
- trove_use_mod_wsgi | bool
|
||||
- inventory_hostname in groups['trove_api']
|
||||
notify:
|
||||
- Restart Apache
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,7 +12,9 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- name: Create the system group
|
||||
group:
|
||||
name: "{{ trove_system_group_name }}"
|
||||
@ -54,7 +56,9 @@
|
||||
with_items:
|
||||
- { path: "/var/www/cgi-bin", owner: root, group: root }
|
||||
- { path: "/var/www/cgi-bin/trove" }
|
||||
when: trove_use_mod_wsgi | bool
|
||||
when:
|
||||
- trove_use_mod_wsgi | bool
|
||||
- inventory_hostname in groups['trove_api']
|
||||
|
||||
- name: Test for log directory or link
|
||||
shell: |
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
# Copyright 2016 Internet Solutions (Pty) Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@ -12,61 +12,51 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Create a service
|
||||
- name: Ensure trove service
|
||||
#
|
||||
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
|
||||
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
|
||||
- name: Ensure the service for trove exists
|
||||
keystone:
|
||||
command: "ensure_service"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
service_name: "{{ trove_service_name }}"
|
||||
service_type: "{{ trove_service_type }}"
|
||||
description: "{{ trove_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
register: add_trove_service
|
||||
until: add_trove_service |success
|
||||
retries: 5
|
||||
delay: 2
|
||||
tags:
|
||||
- trove-api-setup
|
||||
- trove-service-add
|
||||
- trove-setup
|
||||
|
||||
# Create the project if needed, assumed to be in default domain.
|
||||
# In many cases this will be present but under some circumstances the project
|
||||
# may be unique to trove, esp. when Swift is used for storage.
|
||||
- name: Ensure trove project
|
||||
keystone:
|
||||
command: ensure_project
|
||||
project_name: "{{ trove_service_project_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
description: "{{ trove_service_project_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_project
|
||||
until: add_project|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
# Create an admin user
|
||||
- name: Ensure trove user
|
||||
- name: Ensure the trove user exists
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
user_name: "{{ trove_service_user_name }}"
|
||||
tenant_name: "{{ trove_service_project_name }}"
|
||||
password: "{{ trove_service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_user
|
||||
until: add_user|success
|
||||
register: add_trove_user
|
||||
until: add_trove_user |success
|
||||
retries: 5
|
||||
delay: 10
|
||||
delay: 2
|
||||
tags:
|
||||
- trove-api-setup
|
||||
- trove-service-add
|
||||
- trove-user-add
|
||||
- trove-setup
|
||||
|
||||
# Add a role to the user
|
||||
- name: Ensure trove user maps to admin role
|
||||
- name: Ensure the trove user has the admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
@ -75,25 +65,25 @@
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ trove_service_user_name }}"
|
||||
tenant_name: "{{ trove_service_project_name }}"
|
||||
role_name: "{{ trove_role_name }}"
|
||||
role_name: "{{ item }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_admin_role
|
||||
until: add_admin_role|success
|
||||
register: ensure_trove_roles
|
||||
until: ensure_trove_roles |success
|
||||
retries: 5
|
||||
delay: 10
|
||||
delay: 2
|
||||
with_items: "{{ trove_service_role_names }}"
|
||||
|
||||
# Create an endpoint
|
||||
- name: Ensure trove endpoint
|
||||
- name: Ensure the trove endpoint is registered
|
||||
keystone:
|
||||
command: "ensure_endpoint"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
region_name: "{{ trove_service_region }}"
|
||||
service_name: "{{ trove_service_name }}"
|
||||
service_type: "{{ trove_service_type }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
endpoint_list:
|
||||
- url: "{{ trove_service_publicurl }}"
|
||||
interface: "public"
|
||||
@ -101,7 +91,7 @@
|
||||
interface: "internal"
|
||||
- url: "{{ trove_service_adminurl }}"
|
||||
interface: "admin"
|
||||
register: add_endpoint
|
||||
until: add_endpoint|success
|
||||
register: add_trove_endpoints
|
||||
until: add_trove_endpoints |success
|
||||
retries: 5
|
||||
delay: 10
|
||||
delay: 2
|
||||
|
@ -1,62 +1,20 @@
|
||||
#{{ ansible_managed }}
|
||||
# Do not edit this file manually, your changes will be overwritten.
|
||||
[DEFAULT]
|
||||
verbose = True
|
||||
debug = True
|
||||
trove_auth_url = http://0.0.0.0:5000/v2.0
|
||||
|
||||
# The manager class to use for conductor. (string value)
|
||||
debug = {{ debug }}
|
||||
trove_auth_url = {{ trove_auth_url }}
|
||||
conductor_manager = trove.conductor.manager.Manager
|
||||
|
||||
#===================== RPC Configuration =================================
|
||||
|
||||
# URL representing the messaging driver to use and its full configuration.
|
||||
# If not set, we fall back to the 'rpc_backend' option and driver specific
|
||||
# configuration.
|
||||
#transport_url=<None>
|
||||
|
||||
# The messaging driver to use. Options include rabbit, qpid and zmq.
|
||||
# Default is rabbit. (string value)
|
||||
#rpc_backend=rabbit
|
||||
|
||||
# The default exchange under which topics are scoped. May be
|
||||
# overridden by an exchange name specified in the 'transport_url option.
|
||||
control_exchange = trove
|
||||
rpc_backend={{ trove_rpc_backend }}
|
||||
transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
|
||||
control_exchange = {{ trove_control_exchange }}
|
||||
|
||||
[profiler]
|
||||
# If False fully disable profiling feature.
|
||||
#enabled = False
|
||||
enabled = {{ trove_profiler_enabled }}
|
||||
# If False doesn't trace SQL requests.
|
||||
#trace_sqlalchemy = True
|
||||
|
||||
[database]
|
||||
connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove
|
||||
connection = "{{ trove_galera_connection_string }}"
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
# The RabbitMQ broker address where a single node is used. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_host
|
||||
#rabbit_host=localhost
|
||||
|
||||
# The RabbitMQ broker port where a single node is used. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_port
|
||||
#rabbit_port=5672
|
||||
|
||||
# RabbitMQ HA cluster host:port pairs. (list value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_hosts
|
||||
#rabbit_hosts=$rabbit_host:$rabbit_port
|
||||
|
||||
# Connect over SSL for RabbitMQ. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
|
||||
#rabbit_use_ssl=false
|
||||
|
||||
# The RabbitMQ userid. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_userid
|
||||
#rabbit_userid=guest
|
||||
|
||||
# The RabbitMQ password. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_password
|
||||
rabbit_password=f7999d1955c5014aa32c
|
||||
|
||||
# The RabbitMQ virtual host. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
|
||||
#rabbit_virtual_host=/
|
||||
rabbit_use_ssl={{ trove_rabbitmq_use_ssl }}
|
||||
|
@ -1,85 +1,31 @@
|
||||
#{{ ansible_managed }}
|
||||
# Do not edit this file manually, your changes will be overwritten.
|
||||
[DEFAULT]
|
||||
# Show more verbose log output (sets INFO log level output)
|
||||
verbose = True
|
||||
|
||||
# Show debugging output in logs (sets DEBUG log level output)
|
||||
debug = True
|
||||
|
||||
# Update the service and instance statuses if the instances fails to become
|
||||
# active within the configured usage_timeout.
|
||||
# usage_timeout = 600
|
||||
# restore_usage_timeout = 36000
|
||||
debug = {{ debug }}
|
||||
update_status_on_fail = True
|
||||
|
||||
#================= RPC Configuration ================================
|
||||
|
||||
# URL representing the messaging driver to use and its full configuration.
|
||||
# If not set, we fall back to the 'rpc_backend' option and driver specific
|
||||
# configuration.
|
||||
#transport_url=<None>
|
||||
|
||||
# The messaging driver to use. Options include rabbit, qpid and zmq.
|
||||
# Default is rabbit. (string value)
|
||||
#rpc_backend=rabbit
|
||||
|
||||
# The default exchange under which topics are scoped. May be
|
||||
# overridden by an exchange name specified in the 'transport_url option.
|
||||
control_exchange = trove
|
||||
|
||||
#DB Api Implementation
|
||||
rpc_backend={{ trove_rpc_backend }}
|
||||
transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
|
||||
control_exchange = {{ trove_control_exchange }}
|
||||
db_api_implementation = trove.db.sqlalchemy.api
|
||||
|
||||
# Configuration options for talking to nova via the novaclient.
|
||||
trove_auth_url = http://0.0.0.0:5000/v2.0
|
||||
#nova_compute_url = http://localhost:8774/v2
|
||||
#cinder_url = http://localhost:8776/v1
|
||||
#swift_url = http://localhost:8080/v1/AUTH_
|
||||
#neutron_url = http://localhost:9696/
|
||||
|
||||
# nova_compute_url, cinder_url, swift_url, and heat_url can all be fetched
|
||||
# from Keystone. To fetch from Keystone, comment out nova_compute_url,
|
||||
# cinder_url, swift_url, and heat_url and optionally uncomment the lines below.
|
||||
|
||||
# Region name of this node. Used when searching catalog. Default value is None.
|
||||
#os_region_name = RegionOne
|
||||
# Service type to use when searching catalog.
|
||||
#nova_compute_service_type = compute
|
||||
# Service type to use when searching catalog.
|
||||
#cinder_service_type = volumev2
|
||||
# Service type to use when searching catalog.
|
||||
#swift_service_type = object-store
|
||||
# Service type to use when searching catalog.
|
||||
#heat_service_type = orchestration
|
||||
# Service type to use when searching catalog.
|
||||
#neutron_service_type = network
|
||||
|
||||
# Config options for enabling volume service
|
||||
trove_auth_url = {{ trove_auth_url }}
|
||||
nova_compute_url = {{ trove_nova_compute_url }}
|
||||
cinder_url = {{ trove_cinder_url }}
|
||||
swift_url = {{ trove_swift_url }}
|
||||
neutron_url = {{ trove_neutron_url }}
|
||||
os_region_name = {{ trove_service_region }}
|
||||
nova_compute_service_type = compute
|
||||
cinder_service_type = volumev2
|
||||
swift_service_type = object-store
|
||||
heat_service_type = orchestration
|
||||
neutron_service_type = network
|
||||
trove_volume_support = True
|
||||
block_device_mapping = vdb
|
||||
device_path = /dev/vdb
|
||||
mount_point = /var/lib/mysql
|
||||
volume_time_out=30
|
||||
server_delete_time_out=480
|
||||
|
||||
# Nova server boot options
|
||||
# sets the --config-drive argument when doing a nova boot
|
||||
# (controls how file injection is handled by nova)
|
||||
use_nova_server_config_drive = False
|
||||
|
||||
# Configuration options for talking to nova via the novaclient.
|
||||
# These options are for an admin user in your keystone config.
|
||||
# It proxy's the token received from the user to send to nova via this admin users creds,
|
||||
# basically acting like the client via that proxy token.
|
||||
nova_proxy_admin_user = admin
|
||||
nova_proxy_admin_pass = 3de4922d8b6ac5a1aad9
|
||||
nova_proxy_admin_tenant_id =
|
||||
|
||||
# Manager impl for the taskmanager
|
||||
taskmanager_manager=trove.taskmanager.manager.Manager
|
||||
|
||||
# Manager sends Exists Notifications
|
||||
exists_notification_transformer = trove.extensions.mgmt.instances.models.NovaNotificationTransformer
|
||||
exists_notification_ticks = 30
|
||||
notification_service_id = mysql:2f3ff068-2bfb-4f70-9a9d-a6bb65bc084b
|
||||
@ -115,46 +61,14 @@ agent_replication_snapshot_timeout = 36000
|
||||
# Whether to use nova's contrib api for create server with volume
|
||||
use_nova_server_volume = False
|
||||
|
||||
# Config option for filtering the IP address that DNS uses
|
||||
# For nova-network, set this to the appropriate network label defined in nova
|
||||
# For neutron, set this to .* since users can specify custom network labels
|
||||
# You can also optionally specify regex'es to match the actual IP addresses
|
||||
# ip_regex (white-list) is applied before black_list_regex in the filter chain
|
||||
network_label_regex = ^private$
|
||||
network_label_regex = .*
|
||||
#ip_regex = ^(15.|123.)
|
||||
#black_list_regex = ^(10.0.0.)
|
||||
|
||||
# Datastore templates
|
||||
template_path = /etc/trove/templates/
|
||||
|
||||
# ============ Notification System configuration ===========================
|
||||
|
||||
# Sets the notification driver used by oslo.messaging. Options include
|
||||
# messaging, messagingv2, log and routing. Default is 'noop'
|
||||
# notification_driver=noop
|
||||
|
||||
# Topics used for OpenStack notifications, list value. Default is 'notifications'.
|
||||
# notification_topics=notifications
|
||||
|
||||
# ============ Logging information =============================
|
||||
#log_dir = /integration/report
|
||||
#log_file = trove-taskmanager.log
|
||||
|
||||
# ============ PyDev remote dubugging =============================
|
||||
|
||||
# Enable or disable pydev remote debugging.
|
||||
# There are three values allowed: 'disabled', 'enabled' and 'auto'
|
||||
# If value is 'auto' tries to connect to remote debugger server,
|
||||
# but in case of error continue running with disabled debugging
|
||||
pydev_debug = disabled
|
||||
|
||||
# remote debug server host and port options
|
||||
#pydev_debug_host = localhost
|
||||
#pydev_debug_port = 5678
|
||||
|
||||
# path to pydevd library. It will be used if pydevd is absent in sys.path
|
||||
#pydev_path = <path>
|
||||
|
||||
# ================= Guestagent related ========================
|
||||
#guest_config = /etc/trove/trove-guestagent.conf
|
||||
# Use 'guest_info = /etc/guest_info' for pre-Kilo compatibility
|
||||
@ -164,72 +78,23 @@ pydev_debug = disabled
|
||||
#cloudinit_location = /etc/trove/cloudinit
|
||||
|
||||
[database]
|
||||
|
||||
# SQLAlchemy connection string for the reference implementation
|
||||
# registry server. Any valid SQLAlchemy connection string is fine.
|
||||
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
|
||||
connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove
|
||||
# connection = mysql://root:root@localhost/trove
|
||||
|
||||
# Period in seconds after which SQLAlchemy should reestablish its connection
|
||||
# to the database.
|
||||
#
|
||||
# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
|
||||
# idle connections. This can result in 'MySQL Gone Away' exceptions. If you
|
||||
# notice this, you can lower this value to ensure that SQLAlchemy reconnects
|
||||
# before MySQL can drop the connection.
|
||||
connection = "{{ trove_galera_connection_string }}"
|
||||
idle_timeout = 3600
|
||||
|
||||
# ================= Security groups related ========================
|
||||
# Each future datastore implementation should implement
|
||||
# its own oslo group with defined in it:
|
||||
# - tcp_ports; upd_ports;
|
||||
|
||||
[profiler]
|
||||
# If False fully disable profiling feature.
|
||||
#enabled = False
|
||||
enabled = {{ trove_profiler_enabled }}
|
||||
# If False doesn't trace SQL requests.
|
||||
#trace_sqlalchemy = True
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
# The RabbitMQ broker address where a single node is used. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_host
|
||||
#rabbit_host=localhost
|
||||
|
||||
# The RabbitMQ broker port where a single node is used. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_port
|
||||
#rabbit_port=5672
|
||||
|
||||
# RabbitMQ HA cluster host:port pairs. (list value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_hosts
|
||||
#rabbit_hosts=$rabbit_host:$rabbit_port
|
||||
|
||||
# Connect over SSL for RabbitMQ. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
|
||||
#rabbit_use_ssl=false
|
||||
|
||||
# The RabbitMQ userid. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_userid
|
||||
#rabbit_userid=guest
|
||||
|
||||
# The RabbitMQ password. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_password
|
||||
rabbit_password=f7999d1955c5014aa32c
|
||||
|
||||
# The RabbitMQ virtual host. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
|
||||
#rabbit_virtual_host=/
|
||||
rabbit_use_ssl={{ trove_rabbitmq_use_ssl }}
|
||||
|
||||
[mysql]
|
||||
# Format (single port or port range): A, B-C
|
||||
# where C greater than B
|
||||
tcp_ports = 3306
|
||||
volume_support = True
|
||||
device_path = /dev/vdb
|
||||
|
||||
[redis]
|
||||
# Format (single port or port range): A, B-C
|
||||
# where C greater than B
|
||||
tcp_ports = 6379
|
||||
# redis uses local storage
|
||||
volume_support = False
|
||||
|
@ -1,87 +1,26 @@
|
||||
# {{ ansible_managed }}
|
||||
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
|
||||
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}
|
||||
[DEFAULT]
|
||||
# Show more verbose log output (sets INFO log level output)
|
||||
verbose = True
|
||||
|
||||
# Show debugging output in logs (sets DEBUG log level output)
|
||||
debug = False
|
||||
|
||||
# Address to bind the API server
|
||||
bind_host = 0.0.0.0
|
||||
|
||||
# Port the bind the API server to
|
||||
bind_port = 8779
|
||||
|
||||
# Number of workers for the API service. The default will
|
||||
# be the number of CPUs available. (integer value)
|
||||
#trove_api_workers=None
|
||||
|
||||
#===================== RPC Configuration =================================
|
||||
|
||||
# URL representing the messaging driver to use and its full configuration.
|
||||
# If not set, we fall back to the 'rpc_backend' option and driver specific
|
||||
# configuration.
|
||||
#transport_url=<None>
|
||||
|
||||
# The messaging driver to use. Options include rabbit, qpid and zmq.
|
||||
# Default is rabbit. (string value)
|
||||
#rpc_backend=rabbit
|
||||
|
||||
# The default exchange under which topics are scoped. May be
|
||||
# overridden by an exchange name specified in the 'transport_url option.
|
||||
control_exchange = trove
|
||||
|
||||
# Maximum line size of message headers to be accepted.
|
||||
# max_header_line may need to be increased when using large tokens
|
||||
# (typically those generated by the Keystone v3 API with big service
|
||||
# catalogs)
|
||||
# max_header_line = 16384
|
||||
|
||||
#DB Api Implementation
|
||||
debug = {{ debug }}
|
||||
bind_host = {{ trove_service_host }}
|
||||
bind_port = {{ trove_service_port }}
|
||||
trove_api_workers={{ trove_api_workers | default(api_threads) }}
|
||||
rpc_backend={{ trove_rpc_backend }}
|
||||
transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
|
||||
control_exchange = {{ trove_control_exchange }}
|
||||
db_api_implementation = "trove.db.sqlalchemy.api"
|
||||
|
||||
# Configuration options for talking to nova via the novaclient.
|
||||
trove_auth_url = http://0.0.0.0:5000/v2.0
|
||||
#nova_compute_url = http://localhost:8774/v2
|
||||
#cinder_url = http://localhost:8776/v1
|
||||
#swift_url = http://localhost:8080/v1/AUTH_
|
||||
#neutron_url = http://localhost:9696/
|
||||
|
||||
# nova_compute_url, cinder_url, swift_url, and heat_url can all be fetched
|
||||
# from Keystone. To fetch from Keystone, comment out nova_compute_url,
|
||||
# cinder_url, swift_url, and heat_url and optionally uncomment the lines below.
|
||||
|
||||
# Region name of this node. Used when searching catalog. Default value is None.
|
||||
#os_region_name = RegionOne
|
||||
# Service type to use when searching catalog.
|
||||
#nova_compute_service_type = compute
|
||||
# Service type to use when searching catalog.
|
||||
#cinder_service_type = volumev2
|
||||
# Service type to use when searching catalog.
|
||||
#swift_service_type = object-store
|
||||
# Service type to use when searching catalog.
|
||||
#heat_service_type = orchestration
|
||||
# Service type to use when searching catalog.
|
||||
#neutron_service_type = network
|
||||
|
||||
# Config option for showing the IP address that nova doles out
|
||||
# For nova-network, set this to the appropriate network label defined in nova
|
||||
# For neutron, set this to .* since users can specify custom network labels
|
||||
# You can also optionally specify regex'es to match the actual IP addresses
|
||||
# ip_regex (white-list) is applied before black_list_regex in the filter chain
|
||||
network_label_regex = ^private$
|
||||
trove_auth_url = {{ trove_auth_url }}
|
||||
os_region_name = {{ trove_service_region }}
|
||||
network_label_regex = .*
|
||||
#network_label_regex = .* //with neutron enabled
|
||||
#ip_regex = ^(15.|123.)
|
||||
#black_list_regex = ^10.0.0.
|
||||
|
||||
# Config options for enabling volume service
|
||||
trove_volume_support = True
|
||||
block_device_mapping = vdb
|
||||
device_path = /dev/vdb
|
||||
# Maximum volume size for an instance
|
||||
max_accepted_volume_size = 10
|
||||
max_instances_per_tenant = 5
|
||||
# Maximum volume capacity (in GB) spanning across all trove volumes per tenant
|
||||
max_volumes_per_tenant = 100
|
||||
max_backups_per_tenant = 5
|
||||
volume_time_out=30
|
||||
@ -111,7 +50,6 @@ dns_service_type = dns
|
||||
network_driver = trove.network.nova.NovaNetwork
|
||||
default_neutron_networks =
|
||||
|
||||
|
||||
# Taskmanager queue name
|
||||
taskmanager_queue = taskmanager
|
||||
|
||||
@ -129,51 +67,12 @@ reboot_time_out = 60
|
||||
# Trove api-paste file name
|
||||
api_paste_config = api-paste.ini
|
||||
|
||||
|
||||
# ============ Notification System configuration ===========================
|
||||
|
||||
# Sets the notification driver used by oslo.messaging. Options include
|
||||
# messaging, messagingv2, log and routing. Default is 'noop'
|
||||
# notification_driver=noop
|
||||
|
||||
# Topics used for OpenStack notifications, list value. Default is 'notifications'.
|
||||
# notification_topics=notifications
|
||||
|
||||
# ============ Logging information =============================
|
||||
#log_dir = /integration/report
|
||||
#log_file = trove-api.log
|
||||
|
||||
|
||||
[database]
|
||||
|
||||
# SQLAlchemy connection string for the reference implementation
|
||||
# registry server. Any valid SQLAlchemy connection string is fine.
|
||||
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
|
||||
# connection = sqlite:///trove_test.sqlite
|
||||
connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove
|
||||
#connection = postgresql://trove:trove@localhost/trove
|
||||
|
||||
# Period in seconds after which SQLAlchemy should reestablish its connection
|
||||
# to the database.
|
||||
#
|
||||
# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
|
||||
# idle connections. This can result in 'MySQL Gone Away' exceptions. If you
|
||||
# notice this, you can lower this value to ensure that SQLAlchemy reconnects
|
||||
# before MySQL can drop the connection.
|
||||
connection = "{{ trove_galera_connection_string }}"
|
||||
idle_timeout = 3600
|
||||
|
||||
|
||||
|
||||
# ============ SSL configuration (and enablement) =============================
|
||||
# In order to enable SSL for the trove api server, uncomment
|
||||
# the cert_file and key_file - and of course have those files
|
||||
# accessible. The existence of those setting and files will
|
||||
# enable SSL.
|
||||
|
||||
[profiler]
|
||||
# If False fully disable profiling feature.
|
||||
#enabled = False
|
||||
# If False doesn't trace SQL requests.
|
||||
enabled = {{ trove_profiler_enabled }}
|
||||
#trace_sqlalchemy = True
|
||||
|
||||
[ssl]
|
||||
@ -184,38 +83,10 @@ idle_timeout = 3600
|
||||
#ca_file = /path/to/ca_file
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
# The RabbitMQ broker address where a single node is used. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_host
|
||||
#rabbit_host=localhost
|
||||
|
||||
# The RabbitMQ broker port where a single node is used. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_port
|
||||
#rabbit_port=5672
|
||||
|
||||
# RabbitMQ HA cluster host:port pairs. (list value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_hosts
|
||||
#rabbit_hosts=$rabbit_host:$rabbit_port
|
||||
|
||||
# Connect over SSL for RabbitMQ. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
|
||||
#rabbit_use_ssl=false
|
||||
|
||||
# The RabbitMQ userid. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_userid
|
||||
#rabbit_userid=guest
|
||||
|
||||
# The RabbitMQ password. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_password
|
||||
rabbit_password=f7999d1955c5014aa32c
|
||||
|
||||
# The RabbitMQ virtual host. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
|
||||
#rabbit_virtual_host=/
|
||||
rabbit_use_ssl={{ trove_rabbitmq_use_ssl }}
|
||||
|
||||
[mysql]
|
||||
root_on_create = False
|
||||
# Format (single port or port range): A, B-C
|
||||
# where C greater than B
|
||||
tcp_ports = 3306
|
||||
volume_support = True
|
||||
device_path = /dev/vdb
|
||||
@ -224,7 +95,6 @@ device_path = /dev/vdb
|
||||
ignore_users = os_admin, root
|
||||
ignore_dbs = mysql, information_schema, performance_schema
|
||||
|
||||
|
||||
[redis]
|
||||
tcp_ports = 6379
|
||||
#redis uses local storage
|
||||
@ -256,61 +126,3 @@ device_path = /dev/vdb
|
||||
cluster_support = True
|
||||
cluster_member_count = 3
|
||||
api_strategy = trove.common.strategies.cluster.experimental.vertica.api.VerticaAPIStrategy
|
||||
|
||||
|
||||
# ============ CORS configuration =============================
|
||||
|
||||
[cors]
|
||||
|
||||
#
|
||||
# From oslo.middleware.cors
|
||||
#
|
||||
|
||||
# Indicate whether this resource may be shared with the domain received in the
|
||||
# requests "origin" header. (list value)
|
||||
#allowed_origin = <None>
|
||||
|
||||
# Indicate that the actual request can include user credentials (boolean value)
|
||||
#allow_credentials = true
|
||||
|
||||
# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
|
||||
# Headers. (list value)
|
||||
#expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
|
||||
|
||||
# Maximum cache age of CORS preflight requests. (integer value)
|
||||
#max_age = 3600
|
||||
|
||||
# Indicate which methods can be used during the actual request. (list value)
|
||||
#allow_methods = GET,PUT,POST,DELETE,PATCH
|
||||
|
||||
# Indicate which header field names may be used during the actual request.
|
||||
# (list value)
|
||||
#allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
|
||||
|
||||
|
||||
[cors.subdomain]
|
||||
|
||||
#
|
||||
# From oslo.middleware.cors
|
||||
#
|
||||
|
||||
# Indicate whether this resource may be shared with the domain received in the
|
||||
# requests "origin" header. (list value)
|
||||
#allowed_origin = <None>
|
||||
|
||||
# Indicate that the actual request can include user credentials (boolean value)
|
||||
#allow_credentials = true
|
||||
|
||||
# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
|
||||
# Headers. (list value)
|
||||
#expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
|
||||
|
||||
# Maximum cache age of CORS preflight requests. (integer value)
|
||||
#max_age = 3600
|
||||
|
||||
# Indicate which methods can be used during the actual request. (list value)
|
||||
#allow_methods = GET,PUT,POST,DELETE,PATCH
|
||||
|
||||
# Indicate which header field names may be used during the actual request.
|
||||
# (list value)
|
||||
#allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
|
||||
|
@ -13,21 +13,94 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# NOTE: we use become_user because setting become: no or become: false
|
||||
# doesn't seem to override the ansible_become=true in the
|
||||
# inventory
|
||||
- name: Playbook for establishing ssh keys
|
||||
hosts: localhost
|
||||
become_user: "{{ ansible_ssh_user }}"
|
||||
pre_tasks:
|
||||
connection: local
|
||||
gather_facts: false
|
||||
become: true
|
||||
tasks:
|
||||
- name: Ensure root has a .ssh directory
|
||||
file:
|
||||
path: /root/.ssh
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
|
||||
- name: Create ssh key pair for root
|
||||
user:
|
||||
name: "{{ ansible_ssh_user }}"
|
||||
generate_ssh_key: "yes"
|
||||
name: root
|
||||
generate_ssh_key: yes
|
||||
ssh_key_bits: 2048
|
||||
ssh_key_file: ".ssh/id_rsa"
|
||||
- name: Get the calling user's key
|
||||
command: cat ~/.ssh/id_rsa.pub
|
||||
register: key_get
|
||||
- set_fact:
|
||||
lxc_container_ssh_key: "{{ key_get.stdout }}"
|
||||
ssh_key_file: /root/.ssh/id_rsa
|
||||
|
||||
- name: Get root private key
|
||||
command: cat /root/.ssh/id_rsa
|
||||
register: private_key_get
|
||||
changed_when: false
|
||||
|
||||
- name: Get root public key
|
||||
command: cat /root/.ssh/id_rsa.pub
|
||||
register: public_key_get
|
||||
changed_when: false
|
||||
|
||||
- name: Set key facts
|
||||
set_fact:
|
||||
root_public_key: "{{ public_key_get.stdout }}"
|
||||
root_private_key: "{{ private_key_get.stdout }}"
|
||||
lxc_container_ssh_key: "{{ public_key_get.stdout }}"
|
||||
|
||||
- name: Ensure root can ssh to localhost
|
||||
authorized_key:
|
||||
user: "root"
|
||||
key: "{{ root_public_key }}"
|
||||
|
||||
|
||||
- name: Playbook for establishing user ssh keys
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
become: false
|
||||
tasks:
|
||||
# Shell used because facts may not be ready yet
|
||||
- name: Get user home directory
|
||||
shell: "getent passwd '{{ ansible_ssh_user }}' | cut -d':' -f6"
|
||||
register: user_home
|
||||
changed_when: false
|
||||
|
||||
- name: Set local user home fact
|
||||
set_fact:
|
||||
calling_user_home: "{{ user_home.stdout }}"
|
||||
|
||||
- name: Ensure user has a .ssh directory
|
||||
file:
|
||||
path: "{{ calling_user_home }}/.ssh"
|
||||
state: directory
|
||||
owner: "{{ ansible_ssh_user }}"
|
||||
group: "{{ ansible_ssh_user }}"
|
||||
mode: 0700
|
||||
when: ansible_ssh_user != 'root'
|
||||
|
||||
- name: Ensure user has the known private key
|
||||
copy:
|
||||
content: "{{ root_private_key }}"
|
||||
dest: "{{ calling_user_home }}/.ssh/id_rsa"
|
||||
owner: "{{ ansible_ssh_user }}"
|
||||
group: "{{ ansible_ssh_user }}"
|
||||
mode: "0600"
|
||||
when: ansible_ssh_user != 'root'
|
||||
|
||||
- name: Ensure user has the known public key
|
||||
copy:
|
||||
content: "{{ root_public_key }}"
|
||||
dest: "{{ calling_user_home }}/.ssh/id_rsa.pub"
|
||||
owner: "{{ ansible_ssh_user }}"
|
||||
group: "{{ ansible_ssh_user }}"
|
||||
mode: "0600"
|
||||
when: ansible_ssh_user != 'root'
|
||||
|
||||
- name: Ensure local user can ssh to localhost
|
||||
authorized_key:
|
||||
user: "{{ ansible_ssh_user }}"
|
||||
key: "{{ root_public_key }}"
|
||||
when: ansible_ssh_user != 'root'
|
||||
|
@ -72,6 +72,10 @@ trove_venv_tag: "testing"
|
||||
openrc_os_auth_url: "http://127.0.0.1:5000/v3"
|
||||
openrc_os_domain_name: "Default"
|
||||
openrc_os_password: "{{ keystone_auth_admin_password }}"
|
||||
neutron_service_port: 9696
|
||||
swift_proxy_port: 8080
|
||||
cinder_service_port: 8776
|
||||
nova_service_port: 8774
|
||||
|
||||
rabbitmq_port: 5672
|
||||
rabbitmq_servers: 10.100.102.101
|
||||
|
21
tox.ini
21
tox.ini
@ -94,7 +94,7 @@ commands =
|
||||
[testenv:ansible]
|
||||
deps =
|
||||
{[testenv]deps}
|
||||
ansible==2.1.1.0
|
||||
ansible==1.9.4
|
||||
ansible-lint>=2.7.0,<3.0.0
|
||||
setenv =
|
||||
{[testenv]setenv}
|
||||
@ -161,23 +161,14 @@ deps =
|
||||
setenv =
|
||||
{[testenv:ansible]setenv}
|
||||
commands =
|
||||
echo -e "\n *******************************************************\n" \
|
||||
"**** Functional Testing is still to be implemented ****\n" \
|
||||
"**** TODO: Write tests here ****\n" \
|
||||
"*******************************************************\n"
|
||||
# As a temporary measure, while functional testing is being worked on, we
|
||||
# will not execute the functional test. This allows other patches to be
|
||||
# worked on while the functional testing is being worked out.
|
||||
#{[testenv:ansible]commands}
|
||||
#ansible-playbook -i {toxinidir}/tests/inventory \
|
||||
# -e "rolename={toxinidir}" \
|
||||
# -e "install_test_packages=True" \
|
||||
# {toxinidir}/tests/test.yml -vvvv
|
||||
{[testenv:ansible]commands}
|
||||
ansible-playbook -i {toxinidir}/tests/inventory \
|
||||
-e "rolename={toxinidir}" \
|
||||
-e "install_test_packages=True" \
|
||||
{toxinidir}/tests/test.yml -vvvv
|
||||
bash -c 'mkdir -p {toxinidir}/logs'
|
||||
bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
|
||||
|
||||
|
||||
|
||||
[testenv:linters]
|
||||
deps =
|
||||
{[testenv:ansible]deps}
|
||||
|
Loading…
x
Reference in New Issue
Block a user