commit daf9f9d60a00edf5c874a35b621acc7d0e5a8e06 Author: Kevin Carter Date: Sat May 26 23:32:26 2018 -0500 first commit Signed-off-by: Kevin Carter diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..968d8b9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,72 @@ +# Compiled source # +################### +*.com +*.class +*.dll +*.exe +*.o +*.so +*.pyc +build/ +dist/ +doc/build/ + +# Packages # +############ +# it's better to unpack these files and commit the raw source +# git has its own built in compression methods +*.7z +*.dmg +*.gz +*.iso +*.jar +*.rar +*.tar +*.zip + +# Logs and databases # +###################### +*.log +*.sql +*.sqlite +logs/* + +# OS generated files # +###################### +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +.idea +.tox +*.sublime* +*.egg-info +Icon? +ehthumbs.db +Thumbs.db +.eggs + +# User driven backup files # +############################ +*.bak +*.swp + +# Generated by pbr while building docs +###################################### +AUTHORS +ChangeLog + +# Files created by releasenotes build +releasenotes/build + +# Test temp files +tests/common +tests/*.retry + +# Vagrant artifacts +.vagrant + +# Git clones +openstack-ansible-ops +previous diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..b334024 --- /dev/null +++ b/.gitreview @@ -0,0 +1,4 @@ +[gerrit] +host=review.openstack.org +port=29418 +project=openstack/openstack-ansible-os_zun.git diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 0000000..1de9c72 --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +os_zun +####### +:tags: openstack, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..2b7bf17 --- /dev/null +++ b/README.rst @@ -0,0 +1,24 @@ +======================== +Team and repository tags +======================== + +.. image:: https://governance.openstack.org/tc/badges/openstack-ansible-os_zun.svg + :target: https://governance.openstack.org/tc/reference/tags/index.html + +.. Change things from this point on + +====================== +OpenStack-Ansible zun +====================== + +Ansible role that installs and configures OpenStack zun and all of its +corresponding services. + +This role will install the following: + * zun-api + * zun-compute + +Documentation for the project can be found at: +``_ + +The project home is at: ``_ diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..c7ac466 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,44 @@ +# Note: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/Vagrantfile +# +# If you need to perform any change on it, you should modify the central file, +# then, an OpenStack CI job will propagate your changes to every OSA repository +# since every repo uses the same Vagrantfile + +# Verify whether required plugins are installed. +required_plugins = [ "vagrant-disksize" ] +required_plugins.each do |plugin| + if not Vagrant.has_plugin?(plugin) + raise "The vagrant plugin #{plugin} is required. Please run `vagrant plugin install #{plugin}`" + end +end + +Vagrant.configure(2) do |config| + config.vm.provider "virtualbox" do |v| + v.memory = 6144 + v.cpus = 2 + end + + config.vm.synced_folder ".", "/vagrant", type: "rsync" + + config.vm.provision "shell", + privileged: false, + inline: <<-SHELL + cd /vagrant + ./run_tests.sh + SHELL + + config.vm.define "ubuntu1604" do |xenial| + xenial.vm.box = "bento/ubuntu-16.04" + end + + config.vm.define "opensuse423" do |leap423| + leap423.vm.box = "bento/opensuse-leap-42.3" + end + + config.vm.define "centos7" do |centos7| + centos7.vm.box = "bento/centos-7" + end + +end diff --git a/bindep.txt b/bindep.txt new file mode 100644 index 0000000..5a05c5a --- /dev/null +++ b/bindep.txt @@ -0,0 +1,52 @@ +# This file facilitates OpenStack-CI package installation +# before the execution of any tests. +# +# See the following for details: +# - https://docs.openstack.org/infra/bindep/ +# - https://git.openstack.org/cgit/openstack-infra/bindep +# +# Even if the role does not make use of this facility, it +# is better to have this file empty, otherwise OpenStack-CI +# will fall back to installing its default packages which +# will potentially be detrimental to the tests executed. +# +# Note: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/bindep.txt +# If you need to remove or add extra dependencies, you should modify +# the central file instead and once your change is accepted then update +# this file as well. The purpose of this file is to ensure that Python and +# Ansible have all their necessary binary requirements on the test host before +# tox executes. Any binary requirements needed by services/roles should be +# installed by those roles in their applicable package install tasks, not through +# using this file. +# + +# The gcc compiler +gcc + +# Base requirements for Ubuntu +git-core [platform:dpkg] +libssl-dev [platform:dpkg] +libffi-dev [platform:dpkg] +python2.7 [platform:dpkg] +python-apt [platform:dpkg] +python-dev [platform:dpkg] +python3 [platform:dpkg] +python3-apt [platform:dpkg] +python3-dev [platform:dpkg] + +# Base requirements for RPM distros +gcc-c++ [platform:rpm] +git [platform:rpm] +libffi-devel [platform:rpm] +openssl-devel [platform:rpm] +python-devel [platform:rpm] +python2-dnf [platform:fedora] + +# For SELinux +libselinux-python [platform:redhat] +libsemanage-python [platform:redhat] + +# Required for compressing collected log files in CI +gzip diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..c6eb4cf --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,263 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Enable/Disable barbican configurations +zun_barbican_enabled: False +# Enable/Disable designate configurations +zun_designate_enabled: False +# Notification topics for designate. +zun_notifications_designate: notifications_designate +# Enable/Disable ceilometer configurations +zun_ceilometer_enabled: False + +## Verbosity Options +debug: False + +# Set the package install state for distribution and pip packages +# Options are 'present' and 'latest' +zun_package_state: "latest" +zun_pip_package_state: "latest" + +zun_git_repo: https://git.openstack.org/openstack/zun +zun_git_install_branch: master + +zun_kuryr_git_repo: https://git.openstack.org/openstack/kuryr-libnetwork +zun_kuryr_git_install_branch: master + +zun_developer_mode: false +zun_developer_constraints: + - "git+{{ zun_git_repo }}@{{ zun_git_install_branch }}#egg=zun" + - "git+{{ zun_kuryr_git_repo }}@{{ zun_kuryr_git_install_branch }}#egg=kuryr-libnetwork" + +# Name of the virtual env to deploy into +zun_venv_tag: untagged +zun_bin: "/openstack/venvs/zun-{{ zun_venv_tag }}/bin" + +# venv_download, even when true, will use the fallback method of building the +# venv from scratch if the venv download fails. +zun_venv_download: "{{ not zun_developer_mode | bool }}" +zun_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/zun.tgz + +zun_fatal_deprecations: False + +## Zun user information +zun_system_user_name: zun +zun_system_group_name: zun +zun_system_shell: /bin/false +zun_system_comment: zun system user +zun_system_home_folder: "/var/lib/{{ zun_system_user_name }}" +zun_log_dir: "/var/log/zun" + +zun_lock_path: "/var/lock/zun" + +## Kuryr user information +zun_kuryr_system_user_name: kuryr +zun_kuryr_system_group_name: kuryr +zun_kuryr_system_shell: /bin/false +zun_kuryr_system_comment: kuryr system user +zun_kuryr_system_home_folder: "/var/lib/{{ zun_kuryr_system_user_name }}" +zun_kuryr_log_dir: "/var/log/kuryr" + +zun_kuryr_lock_path: "/var/lock/kuryr" + +# Set a list of users that are permitted to execute the docker binary. +zun_docker_users: + - "{{ zun_system_user_name }}" + - "{{ zun_kuryr_system_user_name }}" + +# Set the docker api version. The default is false, which will result in no +# option being set in config for api servers. On compute hosts the docker api +# version will be used as determined by the client version information. +zun_docker_api_version: false + +## Manually specified zun UID/GID +# Deployers can specify a UID for the zun user as well as the GID for the +# zun group if needed. This is commonly used in environments where shared +# storage is used, such as NFS or GlusterFS, and zun UID/GID values must be +# in sync between multiple servers. +# +# WARNING: Changing these values on an existing deployment can lead to +# failures, errors, and instability. +# +# zun_system_user_uid = +# zun_system_group_gid = + +## Database info +zun_galera_user: zun +zun_galera_database: zun +zun_db_max_overflow: 10 +zun_db_max_pool_size: 120 +zun_db_pool_timeout: 30 +# Toggle whether zun connects via an encrypted connection +zun_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" +# The path where to store the database server CA certificate +zun_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}" + +## RabbitMQ info + +## Configuration for RPC communications +zun_rpc_thread_pool_size: 64 +zun_rpc_conn_pool_size: 30 +zun_rpc_response_timeout: 60 + +zun_rabbitmq_servers: 127.0.0.1 +zun_rabbitmq_port: 5672 +zun_rabbitmq_userid: zun +zun_rabbitmq_vhost: /zun +zun_rabbitmq_use_ssl: False + +## Configuration for notifications communication, i.e. [oslo_messaging_notifications] +zun_rabbitmq_telemetry_userid: "{{ zun_rabbitmq_userid }}" +zun_rabbitmq_telemetry_password: "{{ zun_rabbitmq_password }}" +zun_rabbitmq_telemetry_vhost: "{{ zun_rabbitmq_vhost }}" +zun_rabbitmq_telemetry_port: "{{ zun_rabbitmq_port }}" +zun_rabbitmq_telemetry_servers: "{{ zun_rabbitmq_servers }}" +zun_rabbitmq_telemetry_use_ssl: "{{ zun_rabbitmq_use_ssl }}" + +# If this is not set, then the playbook will try to guess it. +#zun_virt_type: kvm + +## Zun Auth +zun_service_region: RegionOne +zun_service_project_name: "service" +zun_service_project_domain_id: default +zun_service_user_domain_id: default +zun_service_user_name: "zun" +zun_service_role_name: "admin" + +## Zun Auth for kuryr +zun_kuryr_service_username: kuryr + +## Keystone authentication middleware +zun_keystone_auth_plugin: password + +## Zun v1 +zun_service_name: zun +zun_service_type: container +zun_service_proto: http +zun_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(zun_service_proto) }}" +zun_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(zun_service_proto) }}" +zun_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(zun_service_proto) }}" +zun_service_port: 9517 +zun_service_description: "Zun Compute Service" +zun_service_publicuri: "{{ zun_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ zun_service_port }}" +zun_service_publicurl: "{{ zun_service_publicuri }}" +zun_service_adminuri: "{{ zun_service_adminuri_proto }}//{{ internal_lb_vip_address }}:{{ zun_service_port }}" +zun_service_adminurl: "{{ zun_service_adminuri }}" +zun_service_internaluri: "{{ zun_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ zun_service_port }}" +zun_service_internalurl: "{{ zun_service_internaluri }}" +zun_service_endpoint_type: internalURL + +# If you want to regenerate the zun users SSH keys, on each run, set this var to True +# Otherwise keys will be generated on the first run and not regenerated each run. +zun_recreate_keys: False + +## General Zun configuration +# If ``zun_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# zun_osapi_compute_workers: 16 + +# If ``zun_conductor_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# zun_conductor_workers: 16 + +# If ``zun_metadata_workers`` is unset the system will use half the number of available VCPUS to +# compute the number of api workers to use. +# zun_metadata_workers: 16 + +## Cap the maximun number of threads / workers when a user value is unspecified. +zun_api_threads_max: 16 +zun_api_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, zun_api_threads_max] | min }}" + +zun_service_in_ldap: false + +zun_scheduler_default_filters: >- + AvailabilityZoneFilter, + CPUFilter, + RamFilter, + ComputeFilter, + DiskFilter +zun_scheduler_available_filters: zun.scheduler.filters.all_filters +zun_scheduler_driver: filter_scheduler + +## Service Name-Group Mapping +zun_services: + kuryr-libnetwork: + group: zun_compute + service_name: kuryr-libnetwork + condition: "{{ inventory_hostname in groups['zun_compute'] }}" + init_config_overrides: "{{ zun_kuryr_init_overrides }}" + start_order: 3 + execstarts: "{{ zun_bin }}/kuryr-server --config-dir /etc/kuryr" + zun-api: + group: zun_api + service_name: zun-api + init_config_overrides: "{{ zun_api_init_overrides }}" + start_order: 1 + execstarts: "{{ zun_bin }}/zun-api --config-dir /etc/zun" + zun-compute: + group: zun_compute + service_name: zun-compute + init_config_overrides: "{{ zun_compute_init_overrides }}" + start_order: 4 + execstarts: "{{ zun_bin }}/zun-compute --config-dir /etc/zun" + zun-wsproxy: + group: zun_api + service_name: zun-wsproxy + init_config_overrides: "{{ zun_wsproxy_init_overrides }}" + start_order: 2 + execstarts: "{{ zun_bin }}/zun-wsproxy --config-dir /etc/zun" + +# Common pip packages +zun_requires_pip_packages: [] +zun_pip_packages: + - kuryr-libnetwork + - oslo_rootwrap + - python-memcached + - python-zunclient + - pymysql + - zun + +## Default service options used within all systemd unit files. +zun_service_defaults: {} + +## Tunable overrides for services +zun_zun_conf_overrides: {} +zun_rootwrap_conf_overrides: {} +zun_kuryr_conf_overrides: {} +zun_docker_config_overrides: {} +zun_kuryr_config_overrides: {} + +## Tubnable overrides for service unit files. +zun_api_paste_ini_overrides: {} +zun_api_init_overrides: {} +zun_wsproxy_init_overrides: {} +zun_compute_init_overrides: {} + +## Default zun+kuryr options used within the system unit file. +# NOTE(cloudnull): These options are used to ensure that kuryr is always +# started after docker and has the proper capabilities. +zun_kuryr_init_overrides: + Unit: + After: + ? network-online.target + ? docker.service + PartOf: docker.service + Wants: network-online.target + Service: + CapabilityBoundingSet: CAP_NET_ADMIN + Group: "{{ zun_kuryr_system_group_name }}" + User: "{{ zun_kuryr_system_user_name }}" diff --git a/doc/Makefile b/doc/Makefile new file mode 100644 index 0000000..d46983f --- /dev/null +++ b/doc/Makefile @@ -0,0 +1,195 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) +$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " applehelp to make an Apple Help Book" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + @echo " coverage to run coverage check of the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-os_zun.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-os_zun.qhc" + +applehelp: + $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp + @echo + @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." + @echo "N.B. You won't be able to view it unless you put it in" \ + "~/Library/Documentation/Help or install it in your application" \ + "bundle." + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-os_zun" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-os_zun" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +coverage: + $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage + @echo "Testing of coverage in the sources finished, look at the " \ + "results in $(BUILDDIR)/coverage/python.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." + +livehtml: html + sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 0000000..b3abbc3 --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,10 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. + +# this is required for the docs build jobs +sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD +openstackdocstheme>=1.18.1 # Apache-2.0 +reno>=2.5.0 # Apache-2.0 +sphinxmark>=0.1.14 # Apache-2.0 +doc8>=0.6.0 # Apache-2.0 diff --git a/doc/source/app-powervm.rst b/doc/source/app-powervm.rst new file mode 100644 index 0000000..1041959 --- /dev/null +++ b/doc/source/app-powervm.rst @@ -0,0 +1,112 @@ +`Home `_ OpenStack-Ansible Neutron + +===================================== +Scenario - Using PowerVM Nova plugin +===================================== + +Prerequisites +~~~~~~~~~~~~~ + +In order to use the PowerVM OpenStack drivers with OpenStack-Ansible (OSA), the +following pre-requisites must be fulfilled: + + - At least one of the repo-build servers must be ppc64le. Can mix and match + repo-build servers between x86 and ppc64le. + + - The compute nodes should be pre-configured for PowerVM with the NovaLink_ + feature. + + - The NovaLink Management VM needs at least one direct attach I/O card. + OpenStack Ansible is currently able to deploy the PowerVM drivers when + paired with the Open vSwitch agent. The traditional PowerVM Shared Ethernet + Adapter networking agent is not yet supported. + + - The network topology on the NovaLink must match a supported OpenStack + Ansible network configuration. + +.. _NovaLink: http://www.ibm.com/support/knowledgecenter/POWER8/p8eig/p8eig_kickoff.htm?cp=POWER8 + + +PowerVM usage +~~~~~~~~~~~~~ + +The Compute driver for OpenStack-Ansible should automatically detect that it +is of type PowerVM. If the user has specified a specific compute type, that +is applicable to the whole cloud. It is advised that the you allow OSA to +detect the appropriate compute node type. + +The full set of configuration options for the PowerVM driver can be +found in the ``zun-powervm`` usage_. + +.. _usage: http://zun-powervm.readthedocs.io/en/latest/devref/usage.html + + +Configuring storage +~~~~~~~~~~~~~~~~~~~ + +There are various storage back ends available for PowerVM such as local disk +and shared storage pools. For example, to enable local disk storage backed by +a logical volume group, you can set: + +.. code-block:: yaml + + zun_zun_conf_overrides: + powervm: + disk_driver: localdisk + volume_group_name: <> + +To enable iSCSI as the volume attachment type, you can set the +``volume_adapter`` setting: + +.. code-block:: yaml + + zun_zun_conf_overrides: + powervm: + volume_adapter: iscsi + +The default volume attachment type for PowerVM is fibre channel. + +Enabling VNC console +~~~~~~~~~~~~~~~~~~~~ + +PowerVM only supports connecting to instance consoles over VNC. As +OpenStack-Ansible defaults to Spice console, you must set the +``zun_console_type`` variable to enable NoVNC: + +.. code-block:: yaml + + zun_console_type: novnc + + +Enabling configuration drive +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +By default, PowerVM uses configuration drives to provide configuration +information to instances built by zun. To enable this support in +OpenStack-Ansible, you can set the ``zun_force_config_drive`` +variable as documented in the `zun configuration instructions`_. + +.. _zun configuration instructions: ./configure-zun.html#config-drive + +Additionally, you can enable flat network injection by using the +``zun_zun_conf_overrides`` variable: + +.. code-block:: yaml + + zun_zun_conf_overrides: + DEFAULT: + flat_injected: True + +Enabling PowerVM RMC +~~~~~~~~~~~~~~~~~~~~ + +To enable PowerVM RMC_, IPv4/IPv6 dual-stack mode must be enabled. To do this, +you must set ``use_ipv6`` using the ``zun_zun_conf_overrides`` variable: + +.. code-block:: yaml + + zun_zun_conf_overrides: + DEFAULT: + use_ipv6: True + +.. _RMC: http://www.ibm.com/support/knowledgecenter/8284-22A/p8eig/p8eig_rmc.htm diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100644 index 0000000..0617688 --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,328 @@ +#!/usr/bin/env python3 + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import pbr.version +import os + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'openstackdocstheme', + 'sphinx.ext.autodoc', + 'sphinxmark' +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +author = 'OpenStack-Ansible Contributors' +category = 'Miscellaneous' +copyright = '2014-2016, OpenStack-Ansible Contributors' +description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' +project = 'OpenStack-Ansible' +role_name = 'os_zun' +target_name = 'openstack-ansible-' + role_name +title = 'OpenStack-Ansible Documentation: ' + role_name + 'role' + +# The link to the browsable source code (for the left hand menu) +oslosphinx_cgit_link = ( + 'https://git.openstack.org/cgit/openstack/{}'.format(target_name) +) + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version_info = pbr.version.VersionInfo(target_name) +# The full version, including alpha/beta/rc tags. +release = version_info.version_string_with_vcs() +# The short X.Y version. +version = version_info.canonical_version_string() + +# openstackdocstheme options +repository_name = 'openstack/' + target_name +bug_project = project.lower() +bug_tag = '' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'openstackdocs' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +html_last_updated_fmt = '%Y-%m-%d %H:%M' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr' +# html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +# html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +# html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = target_name + '-docs' + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', + + # Latex figure (float) alignment + # 'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, target_name + '.tex', + title, author, 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, target_name, + title, [author], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, target_name, + title, author, project, + description, category), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + + +watermark = os.popen("git branch --contains $(git rev-parse HEAD)\ +| awk -F/ '/stable/ {print $2}'").read().strip(' \n\t').capitalize() +if watermark == "": + watermark = "Pre-release" + +# -- Options for sphinxmark ----------------------------------------------- +sphinxmark_enable = True +sphinxmark_div = 'docs-body' +sphinxmark_image = 'text' +sphinxmark_text = watermark +sphinxmark_text_color = (128, 128, 128) +sphinxmark_text_size = 70 diff --git a/doc/source/configure-nova.rst b/doc/source/configure-nova.rst new file mode 100644 index 0000000..06cdfd9 --- /dev/null +++ b/doc/source/configure-nova.rst @@ -0,0 +1,167 @@ +================================================= +Configuring the Compute (zun) service (optional) +================================================= + +The Compute service (zun) handles the creation of virtual machines within an +OpenStack environment. Many of the default options used by OpenStack-Ansible +are found within ``defaults/main.yml`` within the zun role. + +Availability zones +~~~~~~~~~~~~~~~~~~ + +Deployers with multiple availability zones can set the +``zun_default_schedule_zone`` Ansible variable to specify an availability zone +for new requests. This is useful in environments with different types +of hypervisors, where builds are sent to certain hardware types based on +their resource requirements. + +For example, if you have servers running on two racks without sharing the PDU. +These two racks can be grouped into two availability zones. +When one rack loses power, the other one still works. By spreading +your containers onto the two racks (availability zones), you will +improve your service availability. + +Block device tuning for Ceph (RBD) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Enabling Ceph and defining ``zun_libvirt_images_rbd_pool`` changes two +libvirt configurations by default: + +* hw_disk_discard: ``unmap`` +* disk_cachemodes: ``network=writeback`` + +Setting ``hw_disk_discard`` to ``unmap`` in libvirt enables +discard (sometimes called TRIM) support for the underlying block device. This +allows reclaiming of unused blocks on the underlying disks. + +Setting ``disk_cachemodes`` to ``network=writeback`` allows data to be written +into a cache on each change, but those changes are flushed to disk at a regular +interval. This can increase write performance on Ceph block devices. + +You have the option to customize these settings using two Ansible +variables (defaults shown here): + +.. code-block:: yaml + + zun_libvirt_hw_disk_discard: 'unmap' + zun_libvirt_disk_cachemodes: 'network=writeback' + +You can disable discard by setting ``zun_libvirt_hw_disk_discard`` to +``ignore``. The ``zun_libvirt_disk_cachemodes`` can be set to an empty +string to disable ``network=writeback``. + +The following minimal example configuration sets zun to use the +``ephemeral-vms`` Ceph pool. The following example uses cephx authentication, +and requires an existing ``cinder`` account for the ``ephemeral-vms`` pool: + +.. code-block:: console + + zun_libvirt_images_rbd_pool: ephemeral-vms + ceph_mons: + - 172.29.244.151 + - 172.29.244.152 + - 172.29.244.153 + + +If you have a different Ceph username for the pool, use it as: + +.. code-block:: console + + cinder_ceph_client: + +* The `Ceph documentation for OpenStack`_ has additional information about + these settings. +* `OpenStack-Ansible and Ceph Working Example`_ + + +.. _Ceph documentation for OpenStack: http://docs.ceph.com/docs/master/rbd/rbd-openstack/ +.. _OpenStack-Ansible and Ceph Working Example: https://www.openstackfaq.com/openstack-ansible-ceph/ + + + +Config drive +~~~~~~~~~~~~ + +By default, OpenStack-Ansible does not configure zun to force config drives +to be provisioned with every instance that zun builds. The metadata service +provides configuration information that is used by ``cloud-init`` inside the +instance. Config drives are only necessary when an instance does not have +``cloud-init`` installed or does not have support for handling metadata. + +A deployer can set an Ansible variable to force config drives to be deployed +with every virtual machine: + +.. code-block:: yaml + + zun_force_config_drive: True + +Certain formats of config drives can prevent instances from migrating properly +between hypervisors. If you need forced config drives and the ability +to migrate instances, set the config drive format to ``vfat`` using +the ``zun_zun_conf_overrides`` variable: + +.. code-block:: yaml + + zun_zun_conf_overrides: + DEFAULT: + config_drive_format: vfat + force_config_drive: True + +Libvirtd connectivity and authentication +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +By default, OpenStack-Ansible configures the libvirt daemon in the following +way: + +* TLS connections are enabled +* TCP plaintext connections are disabled +* Authentication over TCP connections uses SASL + +You can customize these settings using the following Ansible variables: + +.. code-block:: yaml + + # Enable libvirtd's TLS listener + zun_libvirtd_listen_tls: 1 + + # Disable libvirtd's plaintext TCP listener + zun_libvirtd_listen_tcp: 0 + + # Use SASL for authentication + zun_libvirtd_auth_tcp: sasl + +Multipath +~~~~~~~~~ + +Nova supports multipath for iSCSI-based storage. Enable multipath support in +zun through a configuration override: + +.. code-block:: yaml + + zun_zun_conf_overrides: + libvirt: + iscsi_use_multipath: true + +Shared storage and synchronized UID/GID +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Specify a custom UID for the zun user and GID for the zun group +to ensure they are identical on each host. This is helpful when using shared +storage on Compute nodes because it allows instances to migrate without +filesystem ownership failures. + +By default, Ansible creates the zun user and group without specifying the +UID or GID. To specify custom values for the UID or GID, set the following +Ansible variables: + +.. code-block:: yaml + + zun_system_user_uid = + zun_system_group_gid = + +.. warning:: + + Setting this value after deploying an environment with + OpenStack-Ansible can cause failures, errors, and general instability. These + values should only be set once before deploying an OpenStack environment + and then never changed. diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 0000000..e2e8e63 --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,121 @@ +=============================== +Nova role for OpenStack-Ansible +=============================== + +.. toctree:: + :maxdepth: 2 + + configure-zun.rst + app-powervm.rst + +:tags: openstack, zun, cloud, ansible +:category: \*nix + +This role will install the following Systemd services: + * zun-server + * zun-compute + +To clone or view the source code for this repository, visit the role repository +for `os_zun `_. + +Default variables +~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../defaults/main.yml + :language: yaml + :start-after: under the License. + +Dependencies +~~~~~~~~~~~~ + +This role needs pip >= 7.1 installed on the target host. + +Example playbook +~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../examples/playbook.yml + :language: yaml + +External Restart Hooks +~~~~~~~~~~~~~~~~~~~~~~ + +When the role performs a restart of the service, it will notify an Ansible +handler named ``Manage LB``, which is a noop within this role. In the +playbook, other roles may be loaded before and after this role which will +implement Ansible handler listeners for ``Manage LB``, allowing external roles +to manage the load balancer endpoints responsible for sending traffic to the +servers being restarted by marking them in maintenance or active mode, +draining sessions, etc. For an example implementation, please reference the +`ansible-haproxy-endpoints role `_ +used by the openstack-ansible project. + +Tags +~~~~ + +This role supports two tags: ``zun-install`` and ``zun-config`` + +The ``zun-install`` tag can be used to install and upgrade. + +The ``zun-config`` tag can be used to manage configuration. + +CPU platform compatibility +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This role supports multiple CPU architecture types. At least one repo_build +node must exist for each CPU type that is in use in the deployment. + +Currently supported CPU architectures: + - x86_64 / amd64 + - ppc64le + +At this time, ppc64le is only supported for the Compute node type. It can not +be used to manage the OpenStack-Ansible management nodes. + + +Compute driver compatibility +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This role supports multiple zun compute driver types. The following +compute drivers are supported: + +- libvirt (default) +- ironic +- lxd (via zun-lxd) +- powervm (via zun-powervm) + +The driver type is automatically detected by the OpenStack Ansible Nova role +for the following compute driver types: + +- libvirt (kvm / qemu) +- powervm + +Any mix and match of compute node types can be used for those platforms, +except for ironic. + +If using the lxd driver, the compute type must be specified using the +``zun_virt_type`` variable. + +The ``zun_virt_type`` may be set in +``/etc/openstack_deploy/user_variables.yml``, for example: + +.. code-block:: shell-session + + zun_virt_type: lxd + +You can set ``zun_virt_type`` per host by using ``host_vars`` in +``/etc/openstack_deploy/openstack_user_config.yml``. For example: + + .. code-block:: shell-session + + compute_hosts: + aio1: + ip: 172.29.236.100 + host_vars: + zun_virt_type: lxd + +If ``zun_virt_type`` is set in ``/etc/openstack_deploy/user_variables.yml``, +all nodes in the deployment are set to that hypervisor type. Setting +``zun_virt_type`` in both ``/etc/openstack_deploy/user_variables.yml`` and +``/etc/openstack_deploy/openstack_user_config.yml`` will always result in the +value specified in ``/etc/openstack_deploy/user_variables.yml`` being set on +all hosts. diff --git a/examples/playbook.yml b/examples/playbook.yml new file mode 120000 index 0000000..ae94f6a --- /dev/null +++ b/examples/playbook.yml @@ -0,0 +1 @@ +../tests/test-install-zun.yml \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..648da36 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,74 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Stop services + systemd: + name: "{{ item.service_name }}" + enabled: yes + state: "stopped" + daemon_reload: yes + with_items: "{{ filtered_zun_services }}" + register: _stop + until: _stop | success + retries: 5 + delay: 2 + listen: "Restart zun services" + +- name: Start services + systemd: + name: "{{ item.service_name }}" + enabled: yes + state: "started" + daemon_reload: yes + with_items: "{{ filtered_zun_services }}" + register: _start + until: _start | success + retries: 5 + delay: 2 + listen: "Restart zun services" + +- name: Stop docker + systemd: + name: "{{ item }}" + enabled: yes + state: "stopped" + daemon_reload: yes + with_items: + - docker + - kuryr-libnetwork + register: _stop + until: _stop | success + retries: 5 + delay: 2 + listen: "Restart kuryr services" + +- name: Start docker + systemd: + name: "{{ item }}" + enabled: yes + state: "started" + daemon_reload: yes + with_items: + - docker + - kuryr-libnetwork + register: _start + until: _start | success + retries: 5 + delay: 2 + listen: "Restart kuryr services" + +- meta: noop + listen: Manage LB + when: false diff --git a/manual-test.rc b/manual-test.rc new file mode 100644 index 0000000..5b991c8 --- /dev/null +++ b/manual-test.rc @@ -0,0 +1,35 @@ +export VIRTUAL_ENV=$(pwd) +export ANSIBLE_HOST_KEY_CHECKING=False +export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r + +# TODO (odyssey4me) These are only here as they are non-standard folder +# names for Ansible 1.9.x. We are using the standard folder names for +# Ansible v2.x. We can remove this when we move to Ansible 2.x. +export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action +export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback +export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter +export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup + +# This is required as the default is the current path or a path specified +# in ansible.cfg +export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library + +# This is required as the default is '/etc/ansible/roles' or a path +# specified in ansible.cfg +export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/.. + +export ANSIBLE_SSH_ARGS="-o ControlMaster=no \ + -o UserKnownHostsFile=/dev/null \ + -o StrictHostKeyChecking=no \ + -o ServerAliveInterval=64 \ + -o ServerAliveCountMax=1024 \ + -o Compression=no \ + -o TCPKeepAlive=yes \ + -o VerifyHostKeyDNS=no \ + -o ForwardX11=no \ + -o ForwardAgent=yes" + +ln -sf $(pwd) ${HOME}/.ansible/roles/os_zun + +echo "Run manual functional tests by executing the following:" +echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..2e36a5a --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of zun + company: Rackspace + license: Apache2 + min_ansible_version: 2.4 + platforms: + - name: Ubuntu + versions: + - xenial + - name: EL + versions: + - 7 + - name: opensuse + versions: + - 42.1 + - 42.2 + - 42.3 + categories: + - cloud + - python + - zun + - development + - openstack +dependencies: + - apt_package_pinning diff --git a/meta/openstack-ansible.yml b/meta/openstack-ansible.yml new file mode 100644 index 0000000..ab4039c --- /dev/null +++ b/meta/openstack-ansible.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2017, Jean-Philippe Evrard + +maturity_info: + status: development + created_during: rocky diff --git a/releasenotes/notes/.placeholder b/releasenotes/notes/.placeholder new file mode 100644 index 0000000..e69de29 diff --git a/releasenotes/source/_static/.placeholder b/releasenotes/source/_static/.placeholder new file mode 100644 index 0000000..e69de29 diff --git a/releasenotes/source/_templates/.placeholder b/releasenotes/source/_templates/.placeholder new file mode 100644 index 0000000..e69de29 diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py new file mode 100644 index 0000000..c77a68c --- /dev/null +++ b/releasenotes/source/conf.py @@ -0,0 +1,285 @@ +#!/usr/bin/env python3 + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'openstackdocstheme', + 'reno.sphinxext', +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +author = 'OpenStack-Ansible Contributors' +category = 'Miscellaneous' +copyright = '2014-2016, OpenStack-Ansible Contributors' +description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' +project = 'OpenStack-Ansible' +role_name = 'os_zun' +target_name = 'openstack-ansible-' + role_name +title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role' + +# The link to the browsable source code (for the left hand menu) +oslosphinx_cgit_link = ( + 'https://git.openstack.org/cgit/openstack/{}'.format(target_name) +) + +# Release notes do not need a version number in the title, they +# cover multiple releases. +# The full version, including alpha/beta/rc tags. +release = '' +# The short X.Y version. +version = '' + +# openstackdocstheme options +repository_name = 'openstack/' + target_name +bug_project = project.lower() +bug_tag = '' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'openstackdocs' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +html_last_updated_fmt = '%Y-%m-%d %H:%M' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = target_name + '-docs' + + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, target_name + '.tex', + title, author, 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, target_name, + title, [author], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, target_name, + title, author, project, + description, category), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + +# -- Options for Internationalization output ------------------------------ +locale_dirs = ['locale/'] diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst new file mode 100644 index 0000000..71f7357 --- /dev/null +++ b/releasenotes/source/index.rst @@ -0,0 +1,8 @@ +================================ + OpenStack-Ansible Release Notes +================================ + +.. toctree:: + :maxdepth: 1 + + unreleased diff --git a/releasenotes/source/unreleased.rst b/releasenotes/source/unreleased.rst new file mode 100644 index 0000000..cd22aab --- /dev/null +++ b/releasenotes/source/unreleased.rst @@ -0,0 +1,5 @@ +============================== + Current Series Release Notes +============================== + +.. release-notes:: diff --git a/run_tests.sh b/run_tests.sh new file mode 100755 index 0000000..4280085 --- /dev/null +++ b/run_tests.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env bash +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# PURPOSE: +# This script clones the openstack-ansible-tests repository to the +# tests/common folder in order to be able to re-use test components +# for role testing. This is intended to be the thinnest possible +# shim for test execution outside of OpenStack CI. + +# WARNING: +# This file is maintained in the openstack-ansible-tests repository. +# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/run_tests.sh +# If you need to modify this file, update the one in the openstack-ansible-tests +# repository and then update this file as well. The purpose of this file is to +# prepare the host and then execute all the tox tests. +# + +## Shell Opts ---------------------------------------------------------------- +set -xeu + +## Vars ---------------------------------------------------------------------- + +WORKING_DIR="$(readlink -f $(dirname $0))" + +COMMON_TESTS_PATH="${WORKING_DIR}/tests/common" +TESTING_HOME=${TESTING_HOME:-$HOME} +ZUUL_TESTS_CLONE_LOCATION="/home/zuul/src/git.openstack.org/openstack/openstack-ansible-tests" + +# Use .gitreview as the key to determine the appropriate +# branch to clone for tests. +TESTING_BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' "${WORKING_DIR}/.gitreview") +if [[ "${TESTING_BRANCH}" == "" ]]; then + TESTING_BRANCH="master" +fi + +## Main ---------------------------------------------------------------------- + +# Source distribution information +source /etc/os-release || source /usr/lib/os-release + +# Prefer dnf over yum for CentOS. +which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum' + +# Figure out the appropriate package install command +case ${ID,,} in + *suse*) pkg_mgr_cmd="zypper -n in" ;; + centos|rhel|fedora) pkg_mgr_cmd="${RHT_PKG_MGR} install -y" ;; + ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;; + gentoo) pkg_mgr_cmd="emerge" ;; + *) echo "unsupported distribution: ${ID,,}"; exit 1 ;; +esac + +# Install git so that we can clone the tests repo if git is not available +which git &>/dev/null || eval sudo "${pkg_mgr_cmd}" git + +# Clone the tests repo for access to the common test script +if [[ ! -d "${COMMON_TESTS_PATH}" ]]; then + # The tests repo doesn't need a clone, we can just + # symlink it. + if [[ "$(basename ${WORKING_DIR})" == "openstack-ansible-tests" ]]; then + ln -s "${WORKING_DIR}" "${COMMON_TESTS_PATH}" + + # In zuul v3 any dependent repository is placed into + # /home/zuul/src/git.openstack.org, so we check to see + # if there is a tests checkout there already. If so, we + # symlink that and use it. + elif [[ -d "${ZUUL_TESTS_CLONE_LOCATION}" ]]; then + ln -s "${ZUUL_TESTS_CLONE_LOCATION}" "${COMMON_TESTS_PATH}" + + # Otherwise we're clearly not in zuul or using a previously setup + # repo in some way, so just clone it from upstream. + else + git clone -b "${TESTING_BRANCH}" \ + https://git.openstack.org/openstack/openstack-ansible-tests \ + "${COMMON_TESTS_PATH}" + fi +fi + +# Execute the common test script +source tests/common/run_tests_common.sh + diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..10b37dc --- /dev/null +++ b/setup.cfg @@ -0,0 +1,24 @@ +[metadata] +name = openstack-ansible-os_zun +summary = os_zun for OpenStack Ansible +description-file = + README.rst +author = OpenStack +author-email = openstack-dev@lists.openstack.org +home-page = https://docs.openstack.org/openstack-ansible-os_zun/latest/ +classifier = + Intended Audience :: Developers + Intended Audience :: System Administrators + License :: OSI Approved :: Apache Software License + Operating System :: POSIX :: Linux + +[build_sphinx] +all_files = 1 +build-dir = doc/build +source-dir = doc/source + +[pbr] +warnerrors = True + +[wheel] +universal = 1 diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..566d844 --- /dev/null +++ b/setup.py @@ -0,0 +1,29 @@ +# Copyright (c) 2013 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT +import setuptools + +# In python < 2.7.4, a lazy loading of package `pbr` will break +# setuptools if some other modules registered functions in `atexit`. +# solution from: http://bugs.python.org/issue15881#msg170215 +try: + import multiprocessing # noqa +except ImportError: + pass + +setuptools.setup( + setup_requires=['pbr>=2.0.0'], + pbr=True) diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..0d9e6c2 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,106 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- include_tasks: zun_pre_flight.yml + tags: + - always + +- include_tasks: zun_pre_install.yml + tags: + - zun-install + +- include_tasks: zun_install.yml + tags: + - zun-install + +- include_tasks: zun_db_setup.yml + when: + - zun_services['zun-api']['group'] in group_names + - inventory_hostname == ((groups['zun_api'] | intersect(ansible_play_hosts)) | list)[0] + tags: + - zun-config + +- include_tasks: zun_amqp_setup.yml + when: + - zun_services['zun-api']['group'] in group_names + - inventory_hostname == ((groups['zun_api'] | intersect(ansible_play_hosts)) | list)[0] + tags: + - zun-config + +- include_tasks: zun_service_setup.yml + when: + - zun_services['zun-api']['group'] in group_names + - inventory_hostname == ((groups['zun_api'] | intersect(ansible_play_hosts)) | list)[0] + tags: + - zun-config + +- include_tasks: zun_compute.yml + when: + - zun_services['zun-compute']['group'] in group_names + tags: + - zun-compute + +- include_tasks: zun_post_install.yml + tags: + - zun-config + +- name: Run the systemd service role + include_role: + name: systemd_service + private: true + vars: + systemd_user_name: "{{ zun_system_user_name }}" + systemd_group_name: "{{ zun_system_group_name }}" + systemd_tempd_prefix: openstack + systemd_slice_name: zun + system_lock_path: "{{ zun_lock_path }}" + systemd_CPUAccounting: true + systemd_BlockIOAccounting: true + systemd_MemoryAccounting: true + systemd_TasksAccounting: true + systemd_services: + - service_name: "{{ service_var.service_name }}" + enabled: yes + state: started + execstarts: "{{ service_var.execstarts }}" + execreloads: "{{ service_var.execreloads | default([]) }}" + config_overrides: "{{ zun_service_defaults | combine(service_var.init_config_overrides) }}" + with_items: "{{ filtered_zun_services }}" + loop_control: + loop_var: service_var + tags: + - zun-config + +- name: Run the etcd service role + include_role: + name: etcd + private: true + vars: + etcd_cluster_group: "zun_api" + when: + - zun_services['zun-api']['group'] in group_names + tags: + - zun-config diff --git a/tasks/zun_amqp_setup.yml b/tasks/zun_amqp_setup.yml new file mode 100644 index 0000000..437f919 --- /dev/null +++ b/tasks/zun_amqp_setup.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure Rabbitmq vhost + rabbitmq_vhost: + name: "{{ zun_rabbitmq_vhost }}" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" + +- name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ zun_rabbitmq_userid }}" + password: "{{ zun_rabbitmq_password }}" + vhost: "{{ zun_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" + no_log: true diff --git a/tasks/zun_compute.yml b/tasks/zun_compute.yml new file mode 100644 index 0000000..8c4fd58 --- /dev/null +++ b/tasks/zun_compute.yml @@ -0,0 +1,197 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Add zypper repository + zypper_repository: + auto_import_keys: yes + autorefresh: yes + name: "{{ item.name }}" + repo: "{{ item.uri }}" + runrefresh: yes + with_items: "{{ zun_docker_repo }}" + when: + - ansible_pkg_mgr == 'zypper' + +- name: Run apt install block + block: + - name: Get apt gpg key + get_url: + url: "{{ item.gpg_uri }}" + dest: "/tmp/{{ item.name }}" + mode: 0440 + with_items: "{{ zun_docker_repo }}" + + - name: Add Apt signing key on remote server to keyring + apt_key: + file: "/tmp/{{ item.name }}" + state: present + with_items: "{{ zun_docker_repo }}" + + - name: Add apt repository + apt_repository: + repo: deb [arch=amd64] {{ item.uri }} {{ ansible_distribution_release | lower }} stable + state: present + filename: "{{ item.name }}" + with_items: "{{ zun_docker_repo }}" + when: + - ansible_pkg_mgr == 'apt' + +- name: Add yum repository + get_url: + url: "{{ item.uri }}" + dest: "/etc/yum.repos.d/{{ item.name }}.repo" + owner: root + group: root + mode: 0644 + with_items: "{{ zun_docker_repo }}" + when: + - ansible_pkg_mgr == 'yum' + +- name: Install compute distro packages + package: + name: "{{ zun_distro_compute_packages }}" + state: "{{ zun_package_state }}" + update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}" + cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" + +- name: Generate kuryr config + config_template: + content: | + { + "live-restore": true + } + dest: "/etc/docker/daemon.json" + owner: "root" + group: "root" + mode: "0644" + config_overrides: "{{ zun_docker_config_overrides }}" + config_type: "json" + notify: + - Restart kuryr services + +- name: Create the kuryr system group + group: + name: "{{ zun_kuryr_system_group_name }}" + gid: "{{ zun_kuryr_system_group_gid | default(omit) }}" + state: "present" + system: "yes" + tags: + - zun-kuryr-group + +- name: Remove old kuryr key file(s) if found + file: + path: "{{ item }}" + state: "absent" + with_items: + - "{{ zun_kuryr_system_home_folder }}/.ssh/authorized_keys" + - "{{ zun_kuryr_system_home_folder }}/.ssh/id_rsa" + - "{{ zun_kuryr_system_home_folder }}/.ssh/id_rsa.pub" + when: + - zun_recreate_keys | bool + tags: + - zun-kuryr-key + - zun-kuryr-key-create + +- name: Create the kuryr system user + user: + name: "{{ zun_kuryr_system_user_name }}" + uid: "{{ zun_kuryr_system_user_uid | default(omit) }}" + group: "{{ zun_kuryr_system_group_name }}" + comment: "{{ zun_kuryr_system_comment }}" + shell: "{{ zun_kuryr_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ zun_kuryr_system_home_folder }}" + generate_ssh_key: "yes" + tags: + - zun-kuryr-user + - zun-kuryr-key + - zun-kuryr-key-create + +- name: Create kuryr dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + mode: "{{ item.mode | default('0755') }}" + with_items: + - path: "/etc/kuryr" + mode: "0750" + owner: "{{ zun_kuryr_system_user_name }}" + group: "{{ zun_kuryr_system_group_name }}" + - path: "/etc/systemd/system/docker.service.d" + - path: "/etc/docker/plugins" + tags: + - zun-kuryr-dirs + +- name: Generate kuryr config + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ zun_kuryr_system_user_name }}" + group: "{{ zun_system_group_name }}" + mode: "0640" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "kuryr-libnetwork.conf.j2" + dest: "/etc/kuryr/kuryr.conf" + config_overrides: "{{ zun_kuryr_conf_overrides }}" + config_type: "ini" + - src: "systemd-docker-override.conf.j2" + dest: "/etc/systemd/system/docker.service.d/zun-docker.conf" + config_overrides: "{{ zun_kuryr_conf_overrides }}" + config_type: "ini" + notify: + - Manage LB + - Restart kuryr services + tags: + - zun-config + - zun-post-install + +- name: Generate kuryr docker plugin config + config_template: + content: | + { + "Name": "kuryr", + "Addr": "http://127.0.0.1:23750" + } + dest: "/etc/docker/plugins/kuryr.json" + owner: "root" + group: "root" + mode: "0644" + config_overrides: "{{ zun_kuryr_config_overrides }}" + config_type: "json" + notify: + - Restart kuryr services + +- name: Ensure docker users are added to the docker group + user: + name: "{{ item }}" + group: docker + append: yes + with_items: "{{ zun_docker_users }}" + +- name: Drop sudoers file + template: + src: "sudoers.j2" + dest: "/etc/sudoers.d/{{ zun_system_user_name }}_sudoers" + mode: "0440" + owner: "root" + group: "root" + tags: + - sudoers + - zun-sudoers diff --git a/tasks/zun_db_setup.yml b/tasks/zun_db_setup.yml new file mode 100644 index 0000000..0d953ab --- /dev/null +++ b/tasks/zun_db_setup.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Run the galera client role + include_role: + name: galera_client + private: true + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ zun_galera_address }}" + name: "{{ zun_galera_database }}" + state: "present" + delegate_to: "{{ groups['galera_all'][0] }}" + no_log: True + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ zun_galera_address }}" + name: "{{ zun_galera_user }}" + password: "{{ zun_galera_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ zun_galera_database }}.*:ALL" + append_privs: "{{ db_append_privs | default(omit) }}" + delegate_to: "{{ groups['galera_all'][0] }}" + with_items: "{{ grant_list | default(['localhost', '%']) }}" + no_log: True diff --git a/tasks/zun_install.yml b/tasks/zun_install.yml new file mode 100644 index 0000000..103a320 --- /dev/null +++ b/tasks/zun_install.yml @@ -0,0 +1,168 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install distro packages + package: + name: "{{ zun_distro_packages }}" + state: "{{ zun_package_state }}" + update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}" + cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" + +- name: Create developer mode constraint file + copy: + dest: "/opt/developer-pip-constraints.txt" + content: | + {% for item in zun_developer_constraints %} + {{ item }} + {% endfor %} + when: + - zun_developer_mode | bool + +- name: Install required pip packages + pip: + name: "{{ zun_requires_pip_packages }}" + state: "{{ zun_pip_package_state }}" + extra_args: >- + {{ zun_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} + {{ pip_install_options | default('') }} + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + +- name: Retrieve checksum for venv download + uri: + url: "{{ zun_venv_download_url | replace('tgz', 'checksum') }}" + return_content: yes + register: zun_venv_checksum + when: + - zun_venv_download | bool + tags: + - always + +- name: Attempt venv download + get_url: + url: "{{ zun_venv_download_url }}" + dest: "/var/cache/{{ zun_venv_download_url | basename }}" + checksum: "sha1:{{ zun_venv_checksum.content | trim }}" + register: zun_get_venv + when: + - zun_venv_download | bool + tags: + - always + +- name: Remove existing venv + file: + path: "{{ zun_bin | dirname }}" + state: absent + when: + - zun_get_venv | changed + +- name: Create zun venv dir + file: + path: "{{ zun_bin | dirname }}" + state: directory + register: zun_venv_dir + when: + - zun_get_venv | changed + +- name: Unarchive pre-built venv + unarchive: + src: "/var/cache/{{ zun_venv_download_url | basename }}" + dest: "{{ zun_bin | dirname }}" + copy: "no" + when: + - zun_get_venv | changed + notify: + - Manage LB + - Restart zun services + +- name: Install pip packages + pip: + name: "{{ zun_pip_packages }}" + state: "{{ zun_pip_package_state }}" + virtualenv: "{{ zun_bin | dirname }}" + virtualenv_site_packages: "no" + extra_args: >- + {{ zun_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} + {{ pip_install_options | default('') }} + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + when: + - zun_get_venv | failed or zun_get_venv | skipped + notify: + - Manage LB + - Restart zun services + tags: + - zun-pip-packages + +- name: Remove python from path first (CentOS, openSUSE) + file: + path: "{{ zun_bin | dirname }}/bin/python2.7" + state: "absent" + when: + - ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] + - zun_get_venv | changed + +# NOTE(odyssey4me): +# We reinitialize the venv to ensure that the right +# version of python is in the venv, but we do not +# want virtualenv to also replace pip, setuptools +# and wheel so we tell it not to. +# We do not use --always-copy for CentOS/SuSE due +# to https://github.com/pypa/virtualenv/issues/565 +- name: Update virtualenv path + shell: | + find {{ zun_bin }} -name \*.pyc -delete + sed -si '1s/^.*python.*$/#!{{ zun_bin | replace ('/','\/') }}\/python/' {{ zun_bin }}/* + virtualenv {{ zun_bin | dirname }} \ + {{ (ansible_pkg_mgr == 'apt') | ternary('--always-copy', '') }} \ + --no-pip \ + --no-setuptools \ + --no-wheel + when: + - zun_get_venv | changed + tags: + - skip_ansible_lint + +- name: Initialise the upgrade facts + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: zun + option: "{{ item }}" + value: True + with_items: + - "need_service_restart" + - "need_online_data_migrations" + when: + - (zun_get_venv | changed) or + (zun_venv_dir | changed) or + (install_packages | changed) or + (ansible_local is not defined) or + ('openstack_ansible' not in ansible_local) or + ('zun' not in ansible_local['openstack_ansible']) or + ('need_online_data_migrations' not in ansible_local['openstack_ansible']['zun']) or + ('need_service_restart' not in ansible_local['openstack_ansible']['zun']) + +- name: Record the venv tag deployed + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: zun + option: venv_tag + value: "{{ zun_venv_tag }}" diff --git a/tasks/zun_post_install.yml b/tasks/zun_post_install.yml new file mode 100644 index 0000000..8b7a70f --- /dev/null +++ b/tasks/zun_post_install.yml @@ -0,0 +1,66 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Define the docker api + block: + - name: Get docker api version + command: "docker version" + failed_when: false + changed_when: false + register: docker_version + + - name: Set docker api version fact + set_fact: + zun_docker_api_version: "{{ (docker_version.stdout | from_yaml)['Client']['API version'] }}" + when: + - zun_services['zun-compute']['group'] in group_names + +- name: Generate zun config + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ zun_system_user_name }}" + group: "{{ zun_system_group_name }}" + mode: "0640" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "zun.conf.j2" + dest: "/etc/zun/zun.conf" + config_overrides: "{{ zun_zun_conf_overrides }}" + config_type: "ini" + - src: "rootwrap.conf.j2" + dest: "/etc/zun/rootwrap.conf" + config_overrides: "{{ zun_rootwrap_conf_overrides }}" + config_type: "ini" + - src: "api-paste.ini.j2" + dest: "/etc/zun/api-paste.ini" + config_overrides: "{{ zun_api_paste_ini_overrides }}" + config_type: "ini" + notify: + - Manage LB + - Restart zun services + tags: + - zun-config + - zun-post-install + +- name: Synchronize the zun DB schema + command: "{{ zun_bin }}/zun-db-manage --config-dir /etc/zun upgrade" + become: yes + become_user: "{{ zun_system_user_name }}" + changed_when: false + when: + - zun_services['zun-api']['group'] in group_names + - inventory_hostname == ((groups['zun_api'] | intersect(ansible_play_hosts)) | list)[0] diff --git a/tasks/zun_pre_flight.yml b/tasks/zun_pre_flight.yml new file mode 100644 index 0000000..d64ef39 --- /dev/null +++ b/tasks/zun_pre_flight.yml @@ -0,0 +1,129 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Check for zun groups + fail: + msg: >- + The group `{{ item }}` is undefined. Before moving forward + set this group within inventory with at least one host. + when: + - (groups[item] | length) < 1 + with_items: + - "zun_api" + - "zun_compute" + +- name: Check for rabbitmq_all group + fail: + msg: >- + The group `rabbitmq_all` is undefined. Before moving forward + set this group within inventory with at least one host. + when: + - (groups['rabbitmq_all'] | length) < 1 + +- name: Check for rabbitmq password + fail: + msg: >- + The variable `zun_rabbitmq_password` is undefined. Before moving forward + set this variable on the CLI or in a variable file. + when: + - zun_rabbitmq_password is undefined + +- name: Check for galera_all group + fail: + msg: >- + The group `galera_all` is undefined. Before moving forward + set this group within inventory with at least one host. + when: + - (groups['galera_all'] | length) < 1 + +- name: Check for galera root user + fail: + msg: >- + The variable `galera_root_user` is undefined. Before moving forward + set this variable on the CLI or in a variable file. + when: + - galera_root_user is undefined + +- name: Check for galera root password + fail: + msg: >- + The variable `galera_root_password` is undefined. Before moving forward + set this variable on the CLI or in a variable file. + when: + - galera_root_password is undefined + +- name: Check for zun db password + fail: + msg: >- + The variable `zun_galera_password` is undefined. Before moving forward + set this variable on the CLI or in a variable file. + when: + - zun_galera_password is undefined + +- name: Check for zun service password + fail: + msg: >- + The variable `zun_galera_password` is undefined. Before moving forward + set this variable on the CLI or in a variable file. + when: + - zun_galera_password is undefined + +- name: Check for zun kuryr service password + fail: + msg: >- + The variable `zun_kuryr_service_password` is undefined. Before moving forward + set this variable on the CLI or in a variable file. + when: + - zun_kuryr_service_password is undefined + +- name: Check for keystone service admin url + fail: + msg: >- + The variable `keystone_service_adminurl` is undefined. Before moving + forward set this variable on the CLI or in a variable file. + when: + - keystone_service_adminurl is undefined + +- name: Check for keystone service admin user name + fail: + msg: >- + The variable `keystone_admin_user_name` is undefined. Before moving + forward set this variable on the CLI or in a variable file. + when: + - keystone_admin_user_name is undefined + +- name: Check for keystone service admin password + fail: + msg: >- + The variable `keystone_auth_admin_password` is undefined. Before moving + forward set this variable on the CLI or in a variable file. + when: + - keystone_auth_admin_password is undefined + +- name: Check for keystone service admin project name + fail: + msg: >- + The variable `keystone_admin_tenant_name` is undefined. Before moving + forward set this variable on the CLI or in a variable file. + when: + - keystone_admin_tenant_name is undefined + +- name: Check for keystone service admin project name + fail: + msg: >- + The variable `keystone_service_adminuri_insecure` is undefined. Before + moving forward set this variable on the CLI or in a variable file. + when: + - keystone_service_adminuri_insecure is undefined diff --git a/tasks/zun_pre_install.yml b/tasks/zun_pre_install.yml new file mode 100644 index 0000000..a053752 --- /dev/null +++ b/tasks/zun_pre_install.yml @@ -0,0 +1,114 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ zun_system_group_name }}" + gid: "{{ zun_system_group_gid | default(omit) }}" + state: "present" + system: "yes" + tags: + - zun-group + +- name: Remove old key file(s) if found + file: + path: "{{ item }}" + state: "absent" + with_items: + - "{{ zun_system_home_folder }}/.ssh/authorized_keys" + - "{{ zun_system_home_folder }}/.ssh/id_rsa" + - "{{ zun_system_home_folder }}/.ssh/id_rsa.pub" + when: + - zun_recreate_keys | bool + tags: + - zun-key + - zun-key-create + +- name: Create the zun system user + user: + name: "{{ zun_system_user_name }}" + uid: "{{ zun_system_user_uid | default(omit) }}" + group: "{{ zun_system_group_name }}" + comment: "{{ zun_system_comment }}" + shell: "{{ zun_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ zun_system_home_folder }}" + generate_ssh_key: "yes" + tags: + - zun-user + - zun-key + - zun-key-create + +- name: Create zun dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner | default(zun_system_user_name) }}" + group: "{{ item.group | default(zun_system_group_name) }}" + mode: "{{ item.mode | default('0755') }}" + with_items: + - { path: "/openstack", owner: "root", group: "root" } + - { path: "/etc/zun", mode: "0750" } + - { path: "/etc/zun/rootwrap.d", owner: "root", group: "root" } + - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "/var/cache/zun" } + - { path: "{{ zun_system_home_folder }}" } + - { path: "{{ zun_system_home_folder }}/.ssh", mode: "0700" } + - { path: "{{ zun_system_home_folder }}/cache/api" } + - { path: "{{ zun_system_home_folder }}/instances" } + - { path: "{{ zun_lock_path }}" } + - { path: "/var/run/zun" } + tags: + - zun-dirs + +- name: Test for log directory or link + shell: | + if [ -h "{{ zun_log_dir }}" ]; then + chown -h {{ zun_system_user_name }}:{{ zun_system_group_name }} "{{ zun_log_dir }}" + chown -R {{ zun_system_user_name }}:{{ zun_system_group_name }} "$(readlink {{ zun_log_dir }})" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: false + tags: + - zun-dirs + - zun-logs + +- name: Create zun log dir + file: + path: "{{ zun_log_dir }}" + state: directory + owner: "{{ zun_system_user_name }}" + group: "{{ zun_system_group_name }}" + mode: "0755" + when: + - log_dir.rc != 0 + tags: + - zun-dirs + - zun-logs + +- name: Drop sudoers file + template: + src: "sudoers.j2" + dest: "/etc/sudoers.d/{{ zun_system_user_name }}_sudoers" + mode: "0440" + owner: "root" + group: "root" + tags: + - sudoers + - zun-sudoers diff --git a/tasks/zun_service_setup.yml b/tasks/zun_service_setup.yml new file mode 100644 index 0000000..f6fc546 --- /dev/null +++ b/tasks/zun_service_setup.yml @@ -0,0 +1,162 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Run the openstack openrc role + include_role: + name: openstack_openrc + private: true + +# Create a service +- name: Ensure zun service + keystone: + command: "ensure_service" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + service_name: "{{ zun_service_name }}" + service_type: "{{ zun_service_type }}" + description: "{{ zun_service_description }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + until: add_service | success + retries: 5 + delay: 2 + no_log: True + tags: + - zun-api-setup + - zun-service-add + - zun-setup + +# Create an admin user +- name: Ensure zun user + keystone: + command: "ensure_user" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ zun_service_user_name }}" + tenant_name: "{{ zun_service_project_name }}" + password: "{{ zun_service_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: + - not zun_service_in_ldap | bool + until: add_service | success + retries: 5 + delay: 10 + no_log: True + tags: + - zun-api-setup + - zun-service-add + - zun-setup + +# Add a role to the user +- name: Ensure zun user to admin role + keystone: + command: "ensure_user_role" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ zun_service_user_name }}" + tenant_name: "{{ zun_service_project_name }}" + role_name: "{{ zun_service_role_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: + - not zun_service_in_ldap | bool + until: add_service | success + retries: 5 + delay: 10 + no_log: True + tags: + - zun-api-setup + - zun-service-add + - zun-setup + +# Create an endpoint +- name: Ensure zun endpoint + keystone: + command: "ensure_endpoint" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + region_name: "{{ zun_service_region }}" + service_name: "{{ zun_service_name }}" + service_type: "{{ zun_service_type }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_list: + - url: "{{ zun_service_publicurl }}" + interface: "public" + - url: "{{ zun_service_internalurl }}" + interface: "internal" + - url: "{{ zun_service_adminurl }}" + interface: "admin" + register: add_service + until: add_service | success + retries: 5 + delay: 10 + no_log: True + tags: + - zun-api-setup + - zun-service-add + - zun-setup + +# Create an admin user +- name: Ensure zun kuryr user + keystone: + command: "ensure_user" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ zun_kuryr_service_username }}" + tenant_name: "{{ zun_service_project_name }}" + password: "{{ zun_kuryr_service_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not zun_service_in_ldap | bool + until: add_service | success + retries: 5 + delay: 10 + no_log: True + tags: + - zun-api-setup + - zun-service-add + +# Add a role to the user +- name: Ensure zun kuryr user to admin role + keystone: + command: "ensure_user_role" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ zun_kuryr_service_username }}" + tenant_name: "{{ zun_service_project_name }}" + role_name: "{{ zun_service_role_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not zun_service_in_ldap | bool + until: add_service | success + retries: 5 + delay: 10 + no_log: True + tags: + - zun-api-setup + - zun-service-add diff --git a/templates/api-paste.ini.j2 b/templates/api-paste.ini.j2 new file mode 100644 index 0000000..58f7dfe --- /dev/null +++ b/templates/api-paste.ini.j2 @@ -0,0 +1,19 @@ +[pipeline:main] +pipeline = cors request_id osprofiler authtoken api_v1 + +[app:api_v1] +paste.app_factory = zun.api.app:app_factory + +[filter:authtoken] +acl_public_routes = /, /v1 +paste.filter_factory = zun.api.middleware.auth_token:AuthTokenMiddleware.factory + +[filter:osprofiler] +paste.filter_factory = zun.common.profiler:WsgiMiddleware.factory + +[filter:request_id] +paste.filter_factory = oslo_middleware:RequestId.factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = zun diff --git a/templates/kuryr-libnetwork.conf.j2 b/templates/kuryr-libnetwork.conf.j2 new file mode 100644 index 0000000..94c42c1 --- /dev/null +++ b/templates/kuryr-libnetwork.conf.j2 @@ -0,0 +1,268 @@ +[DEFAULT] + +# +# From kuryr_libnetwork +# + +# Directory where Kuryr python module is installed. (string value) +pybasedir = {{ zun_bin }}/../lib/python2.7/site-packages/kuryr_libnetwork + +# Kuryr URL for accessing Kuryr through json rpc. (string value) +#kuryr_uri = http://127.0.0.1:23750 + +# Kuryr plugin scope reported to libnetwork. (string value) +# Possible values: +# local - +# global - +capability_scope = global + +# There is no address-space by default in neutron (string value) +#local_default_address_space = no_address_space + +# There is no address-space by default in neutron (string value) +#global_default_address_space = no_address_space + +# DEPRECATED: Default driver for the desired deployment model (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +#port_driver = kuryr_libnetwork.port_driver.drivers.veth + +# Default driver for the desired deployment model (string value) +#default_port_driver = kuryr_libnetwork.port_driver.drivers.veth + +# Available port drivers (list value) +#enabled_port_drivers = kuryr_libnetwork.port_driver.drivers.veth + +# Do processing external connectivity (boolean value) +process_external_connectivity = false + +# This option allows setting absolute pathto the SSL certificate (string value) +#ssl_cert_file = /var/lib/kuryr/certs/cert.pem + +# This option allows setting absolute pathto the SSL private key (string value) +#ssl_key_file = /var/lib/kuryr/certs/key.pem + +# Enable SSL for Kuryr (boolean value) +#enable_ssl = false + +# If set to true, the logging level will be set to DEBUG instead of the default +# INFO level. (boolean value) +# Note: This option can be changed without restarting. +#debug = false + +# The name of a logging configuration file. This file is appended to any +# existing logging configuration files. For details about logging configuration +# files, see the Python logging module documentation. Note that when logging +# configuration files are used then all logging configuration is set in the +# configuration file and other logging configuration options are ignored (for +# example, logging_context_format_string). (string value) +# Note: This option can be changed without restarting. +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append = + +# Defines the format string for %%(asctime)s in log records. Default: +# %(default)s . This option is ignored if log_config_append is set. (string +# value) +#log_date_format = %Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to send logging output to. If no default is set, +# logging will go to stderr as defined by use_stderr. This option is ignored if +# log_config_append is set. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file = + +# (Optional) The base directory used for relative log_file paths. This option +# is ignored if log_config_append is set. (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = + +# Uses logging handler designed to watch file system. When log file is moved or +# removed this handler will open a new log file with specified path +# instantaneously. It makes sense only if log_file option is specified and +# Linux platform is used. This option is ignored if log_config_append is set. +# (boolean value) +#watch_log_file = false + +# Use syslog for logging. Existing syslog format is DEPRECATED and will be +# changed later to honor RFC5424. This option is ignored if log_config_append +# is set. (boolean value) +#use_syslog = false + +# Enable journald for logging. If running in a systemd environment you may wish +# to enable journal support. Doing so will use the journal native protocol +# which includes structured metadata in addition to log messages.This option is +# ignored if log_config_append is set. (boolean value) +#use_journal = false + +# Syslog facility to receive log lines. This option is ignored if +# log_config_append is set. (string value) +#syslog_log_facility = LOG_USER + +# Use JSON formatting for logging. This option is ignored if log_config_append +# is set. (boolean value) +#use_json = false + +# Log output to standard error. This option is ignored if log_config_append is +# set. (boolean value) +#use_stderr = false + +# Directory for Kuryr vif binding executables. (string value) +bindir = {{ zun_bin }}/../libexec/kuryr + +# Neutron subnetpool name will be prefixed by this. (string value) +#subnetpool_name_prefix = kuryrPool + +# baremetal or nested-containers are the supported values. (string value) +#deployment_type = baremetal + + +[binding] +# Configuration options for container interface binding. + +# +# From kuryr_libnetwork +# + +# The name prefix of the veth endpoint put inside the container. (string value) +veth_dst_prefix = veth + +# Driver to use for binding and unbinding ports. (string value) +# Deprecated group/name - [binding]/driver +#default_driver = kuryr.lib.binding.drivers.veth + +# Drivers to use for binding and unbinding ports. (list value) +#enabled_drivers = kuryr.lib.binding.drivers.veth + +# Specifies the name of the Nova instance interface to link the virtual devices +# to (only applicable to some binding drivers. (string value) +#link_iface = + + +[neutron] +# Configuration options for OpenStack Neutron + +# +# From kuryr_libnetwork +# + +# Authentication URL (string value) +#auth_url = +auth_url = {{ keystone_service_adminurl }} + +# Authentication type to load (string value) +# Deprecated group/name - [neutron]/auth_plugin +#auth_type = +auth_type = {{ zun_keystone_auth_plugin }} + +# PEM encoded Certificate Authority to use when verifying HTTPs connections. +# (string value) +#cafile = + +# PEM encoded client certificate cert file (string value) +#certfile = + +# Collect per-API call timing information. (boolean value) +#collect_timing = false + +# Optional domain ID to use with v3 and v2 parameters. It will be used for both +# the user and project domain in v3 and ignored in v2 authentication. (string +# value) +#default_domain_id = + +# Optional domain name to use with v3 API and v2 parameters. It will be used +# for both the user and project domain in v3 and ignored in v2 authentication. +# (string value) +#default_domain_name = + +# Name of default subnetpool version 4 (string value) +#default_subnetpool_v4 = kuryr + +# Name of default subnetpool version 6 (string value) +#default_subnetpool_v6 = kuryr6 + +# Domain ID to scope to (string value) +#domain_id = + +# Domain name to scope to (string value) +#domain_name = + +# Enable or Disable dhcp for neutron subnets. (string value) +#enable_dhcp = True + +# Type of the neutron endpoint to use. This endpoint will be looked up in the +# keystone catalog and should be one of public, internal or admin. (string +# value) +# Possible values: +# public - +# admin - +# internal - +endpoint_type = internal + +# Verify HTTPS connections. (boolean value) +insecure = {{ keystone_service_internaluri_insecure | bool }} + +# PEM encoded client certificate key file (string value) +#keyfile = + +# User's password (string value) +#password = +password = {{ zun_service_password }} + +# Domain ID containing project (string value) +#project_domain_id = +project_domain_id = {{ zun_service_project_domain_id }} + +# Domain name containing project (string value) +#project_domain_name = + +# Project ID to scope to (string value) +# Deprecated group/name - [neutron]/tenant_id +#project_id = + +# Project name to scope to (string value) +# Deprecated group/name - [neutron]/tenant_name +#project_name = +project_name = {{ zun_service_project_name }} + +# Log requests to multiple loggers. (boolean value) +#split_loggers = false + +# Scope for system operations (string value) +#system_scope = + +# Tenant ID (string value) +#tenant_id = + +# Tenant Name (string value) +#tenant_name = + +# Timeout value for http requests (integer value) +#timeout = + +# Token (string value) +#token = + +# Trust ID (string value) +#trust_id = + +# User's domain id (string value) +#user_domain_id = +user_domain_id = {{ zun_service_user_domain_id }} + +# User's domain name (string value) +#user_domain_name = + +# User id (string value) +#user_id = + +# Username (string value) +# Deprecated group/name - [neutron]/user_name +#username = +username = {{ zun_kuryr_service_username }} + +# Whether a plugging operation is failed if the port to plug does not become +# active (boolean value) +vif_plugging_is_fatal = true + +# Seconds to wait for port to become active (integer value) +#vif_plugging_timeout = 0 diff --git a/templates/rootwrap.conf.j2 b/templates/rootwrap.conf.j2 new file mode 100644 index 0000000..407490b --- /dev/null +++ b/templates/rootwrap.conf.j2 @@ -0,0 +1,27 @@ +# Configuration for zun-rootwrap +# This file should be owned by (and only-writable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writable by root ! +filters_path=/etc/zun/rootwrap.d + +# List of directories to search executables in, in case filters do not +# explicitely specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writable by root ! +exec_dirs={{ zun_bin }},{{ zun_bin }}/libexec/kuryr,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, local0, local1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR diff --git a/templates/sudoers.j2 b/templates/sudoers.j2 new file mode 100644 index 0000000..5f2a2b8 --- /dev/null +++ b/templates/sudoers.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +Defaults:{{ zun_system_user_name }} !requiretty +Defaults:{{ zun_system_user_name }} secure_path="{{ zun_bin }}:{{ zun_bin }}/libexec/kuryr:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +{{ zun_system_user_name }} ALL = (root) NOPASSWD: {{ zun_bin }}/{{ zun_service_name }}-rootwrap diff --git a/templates/systemd-docker-override.conf.j2 b/templates/systemd-docker-override.conf.j2 new file mode 100644 index 0000000..cb68355 --- /dev/null +++ b/templates/systemd-docker-override.conf.j2 @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd --group {{ zun_system_group_name }} -H tcp://localhost:2375 -H unix:///var/run/docker.sock --cluster-store etcd://{% for item in groups['zun_api'] %}{{ hostvars[item]['ansible_host'] }}:2379{% if not loop.last %},{% endif %}{% endfor %} diff --git a/templates/zun.conf.j2 b/templates/zun.conf.j2 new file mode 100644 index 0000000..2a95160 --- /dev/null +++ b/templates/zun.conf.j2 @@ -0,0 +1,2418 @@ +[DEFAULT] + +# +# From oslo.log +# + +# If set to true, the logging level will be set to DEBUG instead of the default +# INFO level. (boolean value) +# Note: This option can be changed without restarting. +#debug = false + +# The name of a logging configuration file. This file is appended to any +# existing logging configuration files. For details about logging configuration +# files, see the Python logging module documentation. Note that when logging +# configuration files are used then all logging configuration is set in the +# configuration file and other logging configuration options are ignored (for +# example, logging_context_format_string). (string value) +# Note: This option can be changed without restarting. +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append = + +# Defines the format string for %%(asctime)s in log records. Default: +# %(default)s . This option is ignored if log_config_append is set. (string +# value) +#log_date_format = %Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to send logging output to. If no default is set, +# logging will go to stderr as defined by use_stderr. This option is ignored if +# log_config_append is set. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file = + +# (Optional) The base directory used for relative log_file paths. This option +# is ignored if log_config_append is set. (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = + +# Uses logging handler designed to watch file system. When log file is moved or +# removed this handler will open a new log file with specified path +# instantaneously. It makes sense only if log_file option is specified and +# Linux platform is used. This option is ignored if log_config_append is set. +# (boolean value) +#watch_log_file = false + +# Use syslog for logging. Existing syslog format is DEPRECATED and will be +# changed later to honor RFC5424. This option is ignored if log_config_append +# is set. (boolean value) +#use_syslog = false + +# Enable journald for logging. If running in a systemd environment you may wish +# to enable journal support. Doing so will use the journal native protocol +# which includes structured metadata in addition to log messages.This option is +# ignored if log_config_append is set. (boolean value) +#use_journal = false + +# Syslog facility to receive log lines. This option is ignored if +# log_config_append is set. (string value) +#syslog_log_facility = LOG_USER + +# Use JSON formatting for logging. This option is ignored if log_config_append +# is set. (boolean value) +#use_json = false + +# Log output to standard error. This option is ignored if log_config_append is +# set. (boolean value) +#use_stderr = false + +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages when context is undefined. (string +# value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Additional data to append to log message when logging level for the message +# is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. (string value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s + +# Defines the format string for %(user_identity)s that is used in +# logging_context_format_string. (string value) +#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s + +# List of package logging levels in logger=LEVEL pairs. This option is ignored +# if log_config_append is set. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO + +# Enables or disables publication of error events. (boolean value) +#publish_errors = false + +# The format for an instance that is passed with the log message. (string +# value) +#instance_format = "[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log message. (string +# value) +#instance_uuid_format = "[instance: %(uuid)s] " + +# Interval, number of seconds, of log rate limiting. (integer value) +#rate_limit_interval = 0 + +# Maximum number of logged messages per rate_limit_interval. (integer value) +#rate_limit_burst = 0 + +# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG +# or empty string. Logs with level greater or equal to rate_limit_except_level +# are not filtered. An empty string means that all levels are filtered. (string +# value) +#rate_limit_except_level = CRITICAL + +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + +# +# From oslo.messaging +# + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size = 30 +rpc_conn_pool_size = {{ zun_rpc_conn_pool_size }} + +# The pool size limit for connections expiration policy (integer value) +#conn_pool_min_size = 2 + +# The time-to-live in sec of idle connections in the pool (integer value) +#conn_pool_ttl = 1200 + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. (string value) +#rpc_zmq_bind_address = * + +# MatchMaker driver. (string value) +# Possible values: +# redis - +# sentinel - +# dummy - +#rpc_zmq_matchmaker = redis + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts = 1 + +# Maximum number of ingress messages to locally buffer per topic. Default is +# unlimited. (integer value) +#rpc_zmq_topic_backlog = + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir = /var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match +# "host" option, if running zun. (string value) +#rpc_zmq_host = localhost + +# Number of seconds to wait before all pending messages will be sent after +# closing a socket. The default value of -1 specifies an infinite linger +# period. The value of 0 specifies no linger period. Pending messages shall be +# discarded immediately when the socket is closed. Positive values specify an +# upper bound for the linger period. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_cast_timeout +#zmq_linger = -1 + +# The default number of seconds that poll should wait. Poll raises timeout +# exception when timeout expired. (integer value) +#rpc_poll_timeout = 1 + +# Expiration timeout in seconds of a name service record about existing target +# ( < 0 means no timeout). (integer value) +#zmq_target_expire = 300 + +# Update period in seconds of a name service record about existing target. +# (integer value) +#zmq_target_update = 180 + +# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean +# value) +#use_pub_sub = false + +# Use ROUTER remote proxy. (boolean value) +#use_router_proxy = false + +# This option makes direct connections dynamic or static. It makes sense only +# with use_router_proxy=False which means to use direct connections for direct +# message types (ignored otherwise). (boolean value) +#use_dynamic_connections = false + +# How many additional connections to a host will be made for failover reasons. +# This option is actual only in dynamic connections mode. (integer value) +#zmq_failover_connections = 2 + +# Minimal port number for random ports range. (port value) +# Minimum value: 0 +# Maximum value: 65535 +#rpc_zmq_min_port = 49153 + +# Maximal port number for random ports range. (integer value) +# Minimum value: 1 +# Maximum value: 65536 +#rpc_zmq_max_port = 65536 + +# Number of retries to find free port number before fail with ZMQBindError. +# (integer value) +#rpc_zmq_bind_port_retries = 100 + +# Default serialization mechanism for serializing/deserializing +# outgoing/incoming messages (string value) +# Possible values: +# json - +# msgpack - +#rpc_zmq_serialization = json + +# This option configures round-robin mode in zmq socket. True means not keeping +# a queue when server side disconnects. False means to keep queue and messages +# even if server is disconnected, when the server appears we send all +# accumulated messages to it. (boolean value) +#zmq_immediate = true + +# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any +# other negative value) means to skip any overrides and leave it to OS default; +# 0 and 1 (or any other positive value) mean to disable and enable the option +# respectively. (integer value) +#zmq_tcp_keepalive = -1 + +# The duration between two keepalive transmissions in idle condition. The unit +# is platform dependent, for example, seconds in Linux, milliseconds in Windows +# etc. The default value of -1 (or any other negative value and 0) means to +# skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_idle = -1 + +# The number of retransmissions to be carried out before declaring that remote +# end is not available. The default value of -1 (or any other negative value +# and 0) means to skip any overrides and leave it to OS default. (integer +# value) +#zmq_tcp_keepalive_cnt = -1 + +# The duration between two successive keepalive retransmissions, if +# acknowledgement to the previous keepalive transmission is not received. The +# unit is platform dependent, for example, seconds in Linux, milliseconds in +# Windows etc. The default value of -1 (or any other negative value and 0) +# means to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_intvl = -1 + +# Maximum number of (green) threads to work concurrently. (integer value) +#rpc_thread_pool_size = 100 + +# Expiration timeout in seconds of a sent/received message after which it is +# not tracked anymore by a client/server. (integer value) +#rpc_message_ttl = 300 + +# Wait for message acknowledgements from receivers. This mechanism works only +# via proxy without PUB/SUB. (boolean value) +#rpc_use_acks = false + +# Number of seconds to wait for an ack from a cast/call. After each retry +# attempt this timeout is multiplied by some specified multiplier. (integer +# value) +#rpc_ack_timeout_base = 15 + +# Number to multiply base ack timeout by after each retry attempt. (integer +# value) +#rpc_ack_timeout_multiplier = 2 + +# Default number of message sending attempts in case of any problems occurred: +# positive value N means at most N retries, 0 means no retries, None or -1 (or +# any other negative values) mean to retry forever. This option is used only if +# acknowledgments are enabled. (integer value) +#rpc_retry_attempts = 3 + +# List of publisher hosts SubConsumer can subscribe on. This option has higher +# priority then the default publishers list taken from the matchmaker. (list +# value) +#subscribe_on = + +# Size of executor thread pool when executor is threading or eventlet. (integer +# value) +# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size +#executor_thread_pool_size = 64 + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout = 60 + +# The network address and optional user credentials for connecting to the +# messaging backend, in URL format. The expected format is: +# +# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query +# +# Example: rabbit://rabbitmq:password@127.0.0.1:5672// +# +# For full details on the fields in the URL see the documentation of +# oslo_messaging.TransportURL at +# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html +# (string value) +transport_url = rabbit://{% for host in zun_rabbitmq_servers.split(',') %}{{ zun_rabbitmq_userid }}:{{ zun_rabbitmq_password }}@{{ host }}:{{ zun_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ zun_rabbitmq_vhost }}{% endif %}{% endfor %} + +# DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers +# include amqp and zmq. (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#rpc_backend = rabbit + +# The default exchange under which topics are scoped. May be overridden by an +# exchange name specified in the transport_url option. (string value) +#control_exchange = openstack + +# +# From oslo.service.periodic_task +# + +# Some periodic tasks can be run in a separate process. Should we run them +# here? (boolean value) +#run_external_periodic_tasks = true + +# +# From oslo.service.service +# + +# Enable eventlet backdoor. Acceptable values are 0, , and +# :, where 0 results in listening on a random tcp port number; +# results in listening on the specified port number (and not enabling +# backdoor if that port is in use); and : results in listening on +# the smallest unused port number within the specified range of port numbers. +# The chosen port is displayed in the service's log file. (string value) +#backdoor_port = + +# Enable eventlet backdoor, using the provided path as a unix socket that can +# receive connections. This option is mutually exclusive with 'backdoor_port' +# in that only one should be provided. If both are provided then the existence +# of this option overrides the usage of that option. (string value) +#backdoor_socket = + +# Enables or disables logging values of all registered options when starting a +# service (at DEBUG level). (boolean value) +#log_options = true + +# Specify a timeout after which a gracefully shutdown server will exit. Zero +# value means endless wait. (integer value) +#graceful_shutdown_timeout = 60 + +# +# From zun.conf +# + +# +# Default availability zone for compute services. +# +# This option determines the default availability zone for 'zun-compute' +# services. +# +# Possible values: +# +# * Any string representing an existing availability zone name. +# (string value) +#default_availability_zone = zun + +# +# Default availability zone for containers. +# +# This option determines the default availability zone for containers, which +# will +# be used when a user does not specify one when creating a container. The +# container(s) will be bound to this availability zone for their lifetime. +# +# Possible values: +# +# * Any string representing an existing availability zone name. +# * None, which means that the container can move from one availability zone to +# another during its lifetime if it is moved from one compute node to +# another. +# (string value) +#default_schedule_zone = + +# Defines which driver to use for controlling container. +# Possible values: +# +# * ``docker.driver.DockerDriver`` +# +# Services which consume this: +# +# * ``zun-compute`` +# +# Interdependencies to other options: +# +# * None +# (string value) +#container_driver = docker.driver.DockerDriver + +# Time to sleep (in seconds) during waiting for an event. (integer value) +#default_sleep_time = 1 + +# Maximum time (in seconds) to wait for an event. (integer value) +#default_timeout = 600 + +# Define the cpusets to be excluded from pinning (string value) +#floating_cpu_set = + +# Whether to use infra container. If set to True, +# Zun will create an infra container that serves as a placeholder of a few +# Linux namespaces (i.e. network namespace). Then, one or multiple containers +# could join the namespaces of the infra container thus sharing resources +# inside +# the sandbox (i.e. the network interface). This is typically used to group +# a set of high-coupled containers into a unit. If set to False, infra +# container +# won't be created. +# (boolean value) +use_sandbox = true + +# Define the runtime to create container with. Default value +# in Zun is ``runc``. (string value) +#container_runtime = runc + +# The default memory swap size in MB (default is -1 which enable unlimited +# swap). (integer value) +#default_memory_swap = -1 + +# The minimum memory size in MB allowed to set when run/create container. +# (integer value) +#minimum_memory = 4 + +# The maximum memory size in MB allowed to set when run/create container. +# (integer value) +#maximum_memory = 8192 + +# The minimum number of virtual cpus allowed to set when run/create container. +# (floating point value) +#minimum_cpus = 0.1 + +# The maximum number of virtual cpus allowed to set when run/create container. +# (floating point value) +#maximum_cpus = 16.0 + +# The minimum disk size in GB that user can set when run/create container. +# (integer value) +#minimum_disk = 1 + +# The maximum disk size in GB that user can set when run/create container. +# (integer value) +#maximum_disk = 160 + +# The default memory in MB a container can use (will be used if user do not +# specify container's memory). This value should be in range [minimum_memory, +# maximum_memory]. (integer value) +#default_memory = 2048 + +# The default number of cpus a container can use (will be used if user do not +# specify a container's cpus). This value should be in range [minimum_cpus, +# maximum_cpus] (floating point value) +#default_cpu = 1.0 + +# The default disk size a container can use (will be used if user do not +# specify container's disk). This value should be in range [minimum_disk, +# maximum_disk]. Default is 10 (GiB). (integer value) +#default_disk = 10 + +# MySQL engine to use. (string value) +#mysql_engine = InnoDB + +# Defines the list of image driver to use for downloading image. +# Possible values: +# * ``docker`` +# * ``glance`` +# Services which consume this: +# * ``zun-compute`` +# Interdependencies to other options: +# * None +# (list value) +image_driver_list = glance,docker + +# The default container image driver to use. (string value) +default_image_driver = glance + +# Container image for sandbox container. (string value) +#sandbox_image = kubernetes/pause + +# Image driver for sandbox container. (string value) +#sandbox_image_driver = docker + +# Image pull policy for sandbox image. (string value) +#sandbox_image_pull_policy = ifnotpresent + +# +# The IP address which the host is using to connect to the management network. +# +# Possible values: +# +# * String with valid IP address. Default is IPv4 address of this host. +# +# Related options: +# +# * docker_remote_api_host +# * etcd_host +# * wsproxy_host +# * host_ip +# * my_block_storage_ip +# (string value) +#my_ip = + +# +# Hostname, FQDN or IP address of this host. This can be an opaque identifier. +# It is not necessarily a hostname, FQDN, or IP address. However, the node name +# must be valid within an AMQP key, and if using ZeroMQ, a valid hostname, +# FQDN, or IP address. +# +# Possible values: +# +# * String with hostname, FQDN or IP address. Default is hostname of this host. +# (string value) +#host = + +# +# The IP address which is used to connect to the block storage network. +# Possible values: +# * String with valid IP address. Default is IP address of this host. +# Related options: +# * my_ip - if my_block_storage_ip is not set, then my_ip value is used. +# (string value) +#my_block_storage_ip = $my_ip + +# Directory where the zun python module is installed. (string value) +#pybasedir = /openstack/venvs/zun/local/lib/python2.7/site-packages/zun + +# Directory where zun binaries are installed. (string value) +#bindir = $pybasedir/bin + +# Top-level directory for maintaining zun's state. (string value) +#state_path = $pybasedir + +# Max interval size between periodic tasks execution in seconds. (integer +# value) +#periodic_interval_max = 60 + +# Max interval size between periodic tasks execution in seconds. (integer +# value) +#service_down_time = 180 + +# +# Interval to sync container states between the database and the docker. +# +# The interval that Zun checks the actual container state and +# the state that Zun has recorded in its database. If they are inconsistent, +# Zun will update the database according to the actual container state. +# +# Possible values: +# * 0: Will run at the default periodic interval. +# * Any value < 0: Disables the option. +# * Any positive integer in seconds. +# +# (integer value) +#sync_container_state_interval = 60 + +# Path to the rootwrap configuration file to use for running commands as root. +# (string value) +#rootwrap_config = /etc/zun/rootwrap.conf + + +[api] + +# +# From zun.conf +# + +# The port for the zun API server. (port value) +# Minimum value: 0 +# Maximum value: 65535 +port = {{ zun_service_port }} + +# The listen IP for the zun API server. The default is ``$my_ip``, the IP +# address of this host. (IP address value) +host_ip = {{ ansible_host }} + +# Enable the integrated stand-alone API to service requests via HTTPS instead +# of HTTP. If there is a front-end service performing HTTPS offloading from the +# service, this option should be False; note, you will want to change public +# API endpoint to represent SSL termination URL with 'public_endpoint' option. +# (boolean value) +#enable_ssl_api = false + +# Number of workers for zun-api service. The default will be the number of CPUs +# available. (integer value) +workers = {{ zun_api_threads }} + +# The maximum number of items returned in a single response from a collection +# resource. (integer value) +#max_limit = 1000 + +# Configuration file for WSGI definition of API. (string value) +#api_paste_config = api-paste.ini + +# Enable image validation. (boolean value) +#enable_image_validation = true + + +[cinder_client] + +# +# From zun.conf +# + +# Type of endpoint in Identity service catalog to use for communication with +# the OpenStack service. (string value) +endpoint_type = {{ zun_service_endpoint_type }} + +# Version of Cinder API to use in cinderclient. (string value) +#api_version = 3 + +# Optional CA cert file to use in SSL connections. (string value) +#ca_file = + +# If set, then the server's certificate will not be verified. (boolean value) +#insecure = false + + +[compute] + +# +# From zun.conf +# + +# The queue to add compute tasks to. (string value) +#topic = zun-compute + +# +# Sets the scope of the check for unique container names. +# The default doesn't check for unique names. If a scope for the name check is +# set, a launch of a new container with a duplicate name will result in an +# ''ContainerAlreadyExists'' error. The uniqueness is case-insensitive. +# Setting this option can increase the usability for end users as they don't +# have to distinguish among containers with the same name by their IDs. +# Possible values: +# * '': An empty value means that no uniqueness check is done and duplicate +# names are possible. +# * "project": The container name check is done only for containers within the +# same project. +# * "global": The container name check is done for all containers regardless of +# the project. +# (string value) +# Possible values: +# '' - +# project - +# global - +#unique_container_name_scope = + +# restart the containers which are runningbefore the host reboots. (boolean +# value) +#resume_container_state = true + +# reserve disk for docker images (floating point value) +#reserve_disk_for_image = 0.2 + + +[cors] + +# +# From oslo.middleware.cors +# + +# Indicate whether this resource may be shared with the domain received in the +# requests "origin" header. Format: "://[:]", no trailing +# slash. Example: https://horizon.example.com (list value) +#allowed_origin = + +# Indicate that the actual request can include user credentials (boolean value) +#allow_credentials = true + +# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple +# Headers. (list value) +#expose_headers = + +# Maximum cache age of CORS preflight requests. (integer value) +#max_age = 3600 + +# Indicate which methods can be used during the actual request. (list value) +#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH + +# Indicate which header field names may be used during the actual request. +# (list value) +#allow_headers = + + +{% if group_names | intersect(zun_services.keys() | difference('zun-compute') | map('extract', zun_services, 'group') | list) | count > 0 %} +[database] + +# +# From oslo.db +# + +# If True, SQLite uses synchronous mode. (boolean value) +#sqlite_synchronous = true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend = sqlalchemy + +# The SQLAlchemy connection string to use to connect to the database. (string +# value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection = +connection = mysql+pymysql://{{ zun_galera_user }}:{{ zun_galera_password }}@{{ zun_galera_address }}/{{ zun_galera_database }}?charset=utf8{% if zun_galera_use_ssl | bool %}&ssl_ca={{ zun_galera_ssl_ca_cert }}{% endif %} + +# The SQLAlchemy connection string to use to connect to the slave database. +# (string value) +#slave_connection = + +# The SQL mode to be used for MySQL sessions. This option, including the +# default, overrides any server-set SQL mode. To use whatever SQL mode is set +# by the server configuration, set this to no value. Example: mysql_sql_mode= +# (string value) +#mysql_sql_mode = TRADITIONAL + +# If True, transparently enables support for handling MySQL Cluster (NDB). +# (boolean value) +#mysql_enable_ndb = false + +# Connections which have been present in the connection pool longer than this +# number of seconds will be replaced with a new one the next time they are +# checked out from the pool. (integer value) +# Deprecated group/name - [DATABASE]/idle_timeout +# Deprecated group/name - [database]/idle_timeout +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#connection_recycle_time = 3600 + +# DEPRECATED: Minimum number of SQL connections to keep open in a pool. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: The option to set the minimum pool size is not supported by +# sqlalchemy. +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool. Setting a value of +# 0 indicates no limit. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size = 5 +max_pool_size = {{ zun_db_max_pool_size }} + +# Maximum number of database connection retries during startup. Set to -1 to +# specify an infinite retry count. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries = 10 + +# Interval between retries of opening a SQL connection. (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval = 10 + +# If set, use this value for max_overflow with SQLAlchemy. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow = 50 +max_overflow = {{ zun_db_max_overflow }} + +# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer +# value) +# Minimum value: 0 +# Maximum value: 100 +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug = 0 + +# Add Python stack traces to SQL as comment strings. (boolean value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace = false + +# If set, use this value for pool_timeout with SQLAlchemy. (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout = +pool_timeout = {{ zun_db_pool_timeout }} + +# Enable the experimental use of database reconnect on connection lost. +# (boolean value) +#use_db_reconnect = false + +# Seconds between retries of a database transaction. (integer value) +#db_retry_interval = 1 + +# If True, increases the interval between retries of a database operation up to +# db_max_retry_interval. (boolean value) +#db_inc_retry_interval = true + +# If db_inc_retry_interval is set, the maximum seconds between retries of a +# database operation. (integer value) +#db_max_retry_interval = 10 + +# Maximum retries in case of connection error or deadlock error before error is +# raised. Set to -1 to specify an infinite retry count. (integer value) +#db_max_retries = 20 + +# Optional URL parameters to append onto the connection URL at connect time; +# specify as param1=value1¶m2=value2&... (string value) +#connection_parameters = +{% endif %} + + +[docker] + +# +# From zun.conf +# + +{% if zun_docker_api_version != false %} +# Docker remote api version. Override it according to specific docker api +# version in your environment. (string value) +docker_remote_api_version = {{ zun_docker_api_version }} +{% endif %} + +# Default timeout in seconds for docker client operations. (integer value) +#default_timeout = 60 + +# API endpoint of docker daemon (string value) +#api_url = unix:///var/run/docker.sock + +# Remote API endpoint of docker daemon (string value) +#docker_remote_api_url = tcp://$docker_remote_api_host:$docker_remote_api_port + +# If set, ignore any SSL validation issues (boolean value) +#api_insecure = false + +# Location of CA certificates file for securing docker api requests +# (tlscacert). (string value) +#ca_file = + +# Location of TLS certificate file for securing docker api requests (tlscert). +# (string value) +#cert_file = + +# Location of TLS private key file for securing docker api requests (tlskey). +# (string value) +#key_file = + +# Defines the remote api host for the docker daemon. (string value) +#docker_remote_api_host = $my_ip + +# Defines the remote api port for the docker daemon. (string value) +#docker_remote_api_port = 2375 + +# Timeout in seconds for executing a command in a docker container. (integer +# value) +#execute_timeout = 5 + +# Root directory of persistent Docker state. (string value) +#docker_data_root = /var/lib/docker + + +[etcd] + +# +# From zun.conf +# + +# Host IP address on which etcd service running. The default is ``$my_ip``, the +# IP address of this host. (host address value) +#etcd_host = $my_ip + +# Port on which etcd listen client request. (port value) +# Minimum value: 0 +# Maximum value: 65535 +#etcd_port = 2379 + + +[glance] + +# +# From zun.conf +# + +# Shared directory where glance images located. If specified, docker will try +# to load the image from the shared directory by image ID. (string value) +#images_directory = $state_path/images + + +[glance_client] + +# +# From zun.conf +# + +# Region in Identity service catalog to use for communication with the +# OpenStack service. (string value) +#region_name = + +# Type of endpoint in Identity service catalog to use for communication with +# the OpenStack service. (string value) +endpoint_type = {{ zun_service_endpoint_type }} + +# Version of Glance API to use in glanceclient. (string value) +#api_version = 2 + +# Optional CA cert file to use in SSL connections. (string value) +#ca_file = + +# Optional PEM-formatted certificate chain file. (string value) +#cert_file = + +# Optional PEM-formatted file that contains the private key. (string value) +#key_file = + +# If set, then the server's certificate will not be verified. (boolean value) +#insecure = false +insecure = {{ keystone_service_internaluri_insecure | bool }} + + +[keystone_auth] + +# +# From zun.conf +# + +# Authentication type to load (string value) +# Deprecated group/name - [keystone_auth]/auth_plugin +#auth_type = +auth_type = {{ zun_keystone_auth_plugin }} + +# Config Section from which to load plugin specific options (string value) +#auth_section = + +# Authentication URL (string value) +#auth_url = +auth_url = {{ keystone_service_adminurl }} + +# Scope for system operations (string value) +#system_scope = + +# Domain ID to scope to (string value) +#domain_id = + +# Domain name to scope to (string value) +#domain_name = + +# Project ID to scope to (string value) +# Deprecated group/name - [keystone_auth]/tenant_id +#project_id = + +# Project name to scope to (string value) +# Deprecated group/name - [keystone_auth]/tenant_name +#project_name = +project_name = {{ zun_service_project_name }} + +# Domain ID containing project (string value) +#project_domain_id = +project_domain_id = {{ zun_service_project_domain_id }} + +# Domain name containing project (string value) +#project_domain_name = + +# Trust ID (string value) +#trust_id = + +# Optional domain ID to use with v3 and v2 parameters. It will be used for both +# the user and project domain in v3 and ignored in v2 authentication. (string +# value) +#default_domain_id = + +# Optional domain name to use with v3 API and v2 parameters. It will be used +# for both the user and project domain in v3 and ignored in v2 authentication. +# (string value) +#default_domain_name = + +# User id (string value) +#user_id = + +# Username (string value) +# Deprecated group/name - [keystone_auth]/user_name +#username = +username = {{ zun_service_user_name }} + +# User's domain id (string value) +#user_domain_id = +user_domain_id = {{ zun_service_user_domain_id }} + +# User's domain name (string value) +#user_domain_name = + +# User's password (string value) +#password = +password = {{ zun_service_password }} + + +[keystone_authtoken] + +# +# From keystonemiddleware.auth_token +# + +# Authentication URL (string value) +#auth_url = +auth_url = {{ keystone_service_adminurl }} + +# Complete "public" Identity API endpoint. This endpoint should not be an +# "admin" endpoint, as it should be accessible by all end users. +# Unauthenticated clients are redirected to this endpoint to authenticate. +# Although this endpoint should ideally be unversioned, client support in the +# wild varies. If you're using a versioned v2 endpoint here, then this should +# *not* be the same endpoint the service user utilizes for validating tokens, +# because normal end users may not be able to reach that endpoint. (string +# value) +# Deprecated group/name - [keystone_authtoken]/auth_uri +#www_authenticate_uri = +www_authenticate_uri = {{ keystone_service_internaluri }} + +# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not +# be an "admin" endpoint, as it should be accessible by all end users. +# Unauthenticated clients are redirected to this endpoint to authenticate. +# Although this endpoint should ideally be unversioned, client support in the +# wild varies. If you're using a versioned v2 endpoint here, then this should +# *not* be the same endpoint the service user utilizes for validating tokens, +# because normal end users may not be able to reach that endpoint. This option +# is deprecated in favor of www_authenticate_uri and will be removed in the S +# release. (string value) +# This option is deprecated for removal since Queens. +# Its value may be silently ignored in the future. +# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri +# and will be removed in the S release. +#auth_uri = + +# API version of the admin Identity API endpoint. (string value) +auth_version = v3 + +# Do not handle authorization requests within the middleware, but delegate the +# authorization decision to downstream WSGI components. (boolean value) +#delay_auth_decision = false + +# Request timeout value for communicating with Identity API server. (integer +# value) +#http_connect_timeout = + +# How many times are we trying to reconnect when communicating with Identity +# API Server. (integer value) +#http_request_max_retries = 3 + +# Request environment key where the Swift cache object is stored. When +# auth_token middleware is deployed with a Swift cache, use this option to have +# the middleware share a caching backend with swift. Otherwise, use the +# ``memcached_servers`` option instead. (string value) +#cache = + +# Required if identity server requires client certificate (string value) +#certfile = + +# Required if identity server requires client certificate (string value) +#keyfile = + +# A PEM encoded Certificate Authority to use when verifying HTTPs connections. +# Defaults to system CAs. (string value) +#cafile = + +# Verify HTTPS connections. (boolean value) +#insecure = false +insecure = {{ keystone_service_internaluri_insecure | bool }} + +# The region in which the identity server can be found. (string value) +#region_name = +region_name = {{ keystone_service_region }} + +# DEPRECATED: Directory used to cache files related to PKI tokens. This option +# has been deprecated in the Ocata release and will be removed in the P +# release. (string value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. +#signing_dir = + +# Optionally specify a list of memcached server(s) to use for caching. If left +# undefined, tokens will instead be cached in-process. (list value) +# Deprecated group/name - [keystone_authtoken]/memcache_servers +#memcached_servers = +memcached_servers = {{ memcached_servers }} + +# In order to prevent excessive effort spent validating tokens, the middleware +# caches previously-seen tokens for a configurable duration (in seconds). Set +# to -1 to disable caching completely. (integer value) +#token_cache_time = 300 +token_cache_time = 300 + +# DEPRECATED: Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of revocation +# events combined with a low cache duration may significantly reduce +# performance. Only valid for PKI tokens. This option has been deprecated in +# the Ocata release and will be removed in the P release. (integer value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. +#revocation_cache_time = 10 + +# (Optional) If defined, indicate whether token data should be authenticated or +# authenticated and encrypted. If MAC, token data is authenticated (with HMAC) +# in the cache. If ENCRYPT, token data is encrypted and authenticated in the +# cache. If the value is not one of these options or empty, auth_token will +# raise an exception on initialization. (string value) +# Possible values: +# None - +# MAC - +# ENCRYPT - +#memcache_security_strategy = None +memcache_security_strategy = ENCRYPT + +# (Optional, mandatory if memcache_security_strategy is defined) This string is +# used for key derivation. (string value) +#memcache_secret_key = +memcache_secret_key = {{ memcached_encryption_key }} + +# (Optional) Number of seconds memcached server is considered dead before it is +# tried again. (integer value) +#memcache_pool_dead_retry = 300 + +# (Optional) Maximum total number of open connections to every memcached +# server. (integer value) +#memcache_pool_maxsize = 10 + +# (Optional) Socket timeout in seconds for communicating with a memcached +# server. (integer value) +#memcache_pool_socket_timeout = 3 + +# (Optional) Number of seconds a connection to memcached is held unused in the +# pool before it is closed. (integer value) +#memcache_pool_unused_timeout = 60 + +# (Optional) Number of seconds that an operation will wait to get a memcached +# client connection from the pool. (integer value) +#memcache_pool_conn_get_timeout = 10 + +# (Optional) Use the advanced (eventlet safe) memcached client pool. The +# advanced pool will only work under python 2.x. (boolean value) +#memcache_use_advanced_pool = false + +# (Optional) Indicate whether to set the X-Service-Catalog header. If False, +# middleware will not ask for service catalog on token validation and will not +# set the X-Service-Catalog header. (boolean value) +#include_service_catalog = true + +# Used to control the use and type of token binding. Can be set to: "disabled" +# to not check token binding. "permissive" (default) to validate binding +# information if the bind type is of a form known to the server and ignore it +# if not. "strict" like "permissive" but if the bind type is unknown the token +# will be rejected. "required" any form of token binding is needed to be +# allowed. Finally the name of a binding method that must be present in tokens. +# (string value) +#enforce_token_bind = permissive + +# DEPRECATED: If true, the revocation list will be checked for cached tokens. +# This requires that PKI tokens are configured on the identity server. (boolean +# value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. +#check_revocations_for_cached = false + +# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, so put +# the preferred one first for performance. The result of the first hash will be +# stored in the cache. This will typically be set to multiple values only while +# migrating from a less secure algorithm to a more secure one. Once all the old +# tokens are expired this option should be set to a single value for better +# performance. (list value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. +#hash_algorithms = md5 + +# A choice of roles that must be present in a service token. Service tokens are +# allowed to request that an expired token can be used and so this check should +# tightly control that only actual services should be sending this token. Roles +# here are applied as an ANY check so any role in this list must be present. +# For backwards compatibility reasons this currently only affects the +# allow_expired check. (list value) +#service_token_roles = service + +# For backwards compatibility reasons we must let valid service tokens pass +# that don't pass the service_token_roles check as valid. Setting this true +# will become the default in a future release and should be enabled if +# possible. (boolean value) +service_token_roles_required = true + +# Authentication type to load (string value) +# Deprecated group/name - [keystone_authtoken]/auth_plugin +#auth_type = +auth_type = {{ zun_keystone_auth_plugin }} + +# Config Section from which to load plugin specific options (string value) +#auth_section = + +# Username (string value) +# Deprecated group/name - [keystone_auth]/user_name +#username = +username = {{ zun_service_user_name }} + +# User's domain id (string value) +#user_domain_id = +user_domain_id = {{ zun_service_user_domain_id }} + +# User's domain name (string value) +#user_domain_name = + +# User's password (string value) +#password = +password = {{ zun_service_password }} + + +[matchmaker_redis] + +# +# From oslo.messaging +# + +# DEPRECATED: Host to locate redis. (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#host = 127.0.0.1 + +# DEPRECATED: Use this port to connect to redis host. (port value) +# Minimum value: 0 +# Maximum value: 65535 +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#port = 6379 + +# DEPRECATED: Password for Redis server (optional). (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#password = + +# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., +# [host:port, host1:port ... ] (list value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#sentinel_hosts = + +# Redis replica set name. (string value) +#sentinel_group_name = oslo-messaging-zeromq + +# Time in ms to wait between connection attempts. (integer value) +#wait_timeout = 2000 + +# Time in ms to wait before the transaction is killed. (integer value) +#check_timeout = 20000 + +# Timeout in ms on blocking socket operations. (integer value) +#socket_timeout = 10000 + + +[network] + +# +# From zun.conf +# + +# Defines which driver to use for container network. (string value) +#driver = kuryr + +# The network plugin driver name, you can find it by docker plugin list. +# (string value) +#driver_name = kuryr + + +[neutron_client] + +# +# From zun.conf +# + +# Type of endpoint in Identity service catalog to use for communication with +# the OpenStack service. (string value) +endpoint_type = {{ zun_service_endpoint_type }} + +# Optional CA cert file to use in SSL connections. (string value) +#ca_file = + +# Optional PEM-formatted certificate chain file. (string value) +#cert_file = + +# Optional PEM-formatted file that contains the private key. (string value) +#key_file = + +# If set, then the server's certificate will not be verified. (boolean value) +#insecure = false +insecure = {{ keystone_service_adminuri_insecure | bool }} + + +[oslo_concurrency] + +# +# From oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +#disable_process_locking = false + +# Directory to use for lock files. For security, the specified directory +# should only be writable by the user running the processes that need locking. +# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, +# a lock path must be set. (string value) +lock_path = /var/lib/zun/tmp + + +[oslo_messaging_amqp] + +# +# From oslo.messaging +# + +# Name for the AMQP container. must be globally unique. Defaults to a generated +# UUID (string value) +#container_name = + +# Timeout for inactive connections (in seconds) (integer value) +#idle_timeout = 0 + +# Debug: dump AMQP frames to stdout (boolean value) +#trace = false + +# Attempt to connect via SSL. If no other ssl-related parameters are given, it +# will use the system's CA-bundle to verify the server's certificate. (boolean +# value) +#ssl = false + +# CA certificate PEM file used to verify the server's certificate (string +# value) +#ssl_ca_file = + +# Self-identifying certificate PEM file for client authentication (string +# value) +#ssl_cert_file = + +# Private key PEM file used to sign ssl_cert_file certificate (optional) +# (string value) +#ssl_key_file = + +# Password for decrypting ssl_key_file (if encrypted) (string value) +#ssl_key_password = + +# By default SSL checks that the name in the server's certificate matches the +# hostname in the transport_url. In some configurations it may be preferable to +# use the virtual hostname instead, for example if the server uses the Server +# Name Indication TLS extension (rfc6066) to provide a certificate per virtual +# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the +# virtual host name instead of the DNS name. (boolean value) +#ssl_verify_vhost = false + +# DEPRECATED: Accept clients using either SSL or plain TCP (boolean value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Not applicable - not a SSL server +#allow_insecure_clients = false + +# Space separated list of acceptable SASL mechanisms (string value) +#sasl_mechanisms = + +# Path to directory that contains the SASL configuration (string value) +#sasl_config_dir = + +# Name of configuration file (without .conf suffix) (string value) +#sasl_config_name = + +# SASL realm to use if no realm present in username (string value) +#sasl_default_realm = + +# DEPRECATED: User name for message broker authentication (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Should use configuration option transport_url to provide the +# username. +#username = + +# DEPRECATED: Password for message broker authentication (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Should use configuration option transport_url to provide the +# password. +#password = + +# Seconds to pause before attempting to re-connect. (integer value) +# Minimum value: 1 +#connection_retry_interval = 1 + +# Increase the connection_retry_interval by this many seconds after each +# unsuccessful failover attempt. (integer value) +# Minimum value: 0 +#connection_retry_backoff = 2 + +# Maximum limit for connection_retry_interval + connection_retry_backoff +# (integer value) +# Minimum value: 1 +#connection_retry_interval_max = 30 + +# Time to pause between re-connecting an AMQP 1.0 link that failed due to a +# recoverable error. (integer value) +# Minimum value: 1 +#link_retry_delay = 10 + +# The maximum number of attempts to re-send a reply message which failed due to +# a recoverable error. (integer value) +# Minimum value: -1 +#default_reply_retry = 0 + +# The deadline for an rpc reply message delivery. (integer value) +# Minimum value: 5 +#default_reply_timeout = 30 + +# The deadline for an rpc cast or call message delivery. Only used when caller +# does not provide a timeout expiry. (integer value) +# Minimum value: 5 +#default_send_timeout = 30 + +# The deadline for a sent notification message delivery. Only used when caller +# does not provide a timeout expiry. (integer value) +# Minimum value: 5 +#default_notify_timeout = 30 + +# The duration to schedule a purge of idle sender links. Detach link after +# expiry. (integer value) +# Minimum value: 1 +#default_sender_link_timeout = 600 + +# Indicates the addressing mode used by the driver. +# Permitted values: +# 'legacy' - use legacy non-routable addressing +# 'routable' - use routable addresses +# 'dynamic' - use legacy addresses if the message bus does not support routing +# otherwise use routable addressing (string value) +#addressing_mode = dynamic + +# Enable virtual host support for those message buses that do not natively +# support virtual hosting (such as qpidd). When set to true the virtual host +# name will be added to all message bus addresses, effectively creating a +# private 'subnet' per virtual host. Set to False if the message bus supports +# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative +# as the name of the virtual host. (boolean value) +#pseudo_vhost = true + +# address prefix used when sending to a specific server (string value) +#server_request_prefix = exclusive + +# address prefix used when broadcasting to all servers (string value) +#broadcast_prefix = broadcast + +# address prefix when sending to any server in group (string value) +#group_request_prefix = unicast + +# Address prefix for all generated RPC addresses (string value) +#rpc_address_prefix = openstack.org/om/rpc + +# Address prefix for all generated Notification addresses (string value) +#notify_address_prefix = openstack.org/om/notify + +# Appended to the address prefix when sending a fanout message. Used by the +# message bus to identify fanout messages. (string value) +#multicast_address = multicast + +# Appended to the address prefix when sending to a particular RPC/Notification +# server. Used by the message bus to identify messages sent to a single +# destination. (string value) +#unicast_address = unicast + +# Appended to the address prefix when sending to a group of consumers. Used by +# the message bus to identify messages that should be delivered in a round- +# robin fashion across consumers. (string value) +#anycast_address = anycast + +# Exchange name used in notification addresses. +# Exchange name resolution precedence: +# Target.exchange if set +# else default_notification_exchange if set +# else control_exchange if set +# else 'notify' (string value) +#default_notification_exchange = + +# Exchange name used in RPC addresses. +# Exchange name resolution precedence: +# Target.exchange if set +# else default_rpc_exchange if set +# else control_exchange if set +# else 'rpc' (string value) +#default_rpc_exchange = + +# Window size for incoming RPC Reply messages. (integer value) +# Minimum value: 1 +#reply_link_credit = 200 + +# Window size for incoming RPC Request messages (integer value) +# Minimum value: 1 +#rpc_server_credit = 100 + +# Window size for incoming Notification messages (integer value) +# Minimum value: 1 +#notify_server_credit = 100 + +# Send messages of this type pre-settled. +# Pre-settled messages will not receive acknowledgement +# from the peer. Note well: pre-settled messages may be +# silently discarded if the delivery fails. +# Permitted values: +# 'rpc-call' - send RPC Calls pre-settled +# 'rpc-reply'- send RPC Replies pre-settled +# 'rpc-cast' - Send RPC Casts pre-settled +# 'notify' - Send Notifications pre-settled +# (multi valued) +#pre_settled = rpc-cast +#pre_settled = rpc-reply + + +[oslo_messaging_kafka] + +# +# From oslo.messaging +# + +# DEPRECATED: Default Kafka broker Host (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#kafka_default_host = localhost + +# DEPRECATED: Default Kafka broker Port (port value) +# Minimum value: 0 +# Maximum value: 65535 +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#kafka_default_port = 9092 + +# Max fetch bytes of Kafka consumer (integer value) +#kafka_max_fetch_bytes = 1048576 + +# Default timeout(s) for Kafka consumers (floating point value) +#kafka_consumer_timeout = 1.0 + +# DEPRECATED: Pool Size for Kafka Consumers (integer value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Driver no longer uses connection pool. +#pool_size = 10 + +# DEPRECATED: The pool size limit for connections expiration policy (integer +# value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Driver no longer uses connection pool. +#conn_pool_min_size = 2 + +# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer +# value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Driver no longer uses connection pool. +#conn_pool_ttl = 1200 + +# Group id for Kafka consumer. Consumers in one group will coordinate message +# consumption (string value) +#consumer_group = oslo_messaging_consumer + +# Upper bound on the delay for KafkaProducer batching in seconds (floating +# point value) +#producer_batch_timeout = 0.0 + +# Size of batch for the producer async send (integer value) +#producer_batch_size = 16384 + +# Enable asynchronous consumer commits (boolean value) +#enable_auto_commit = false + +# The maximum number of records returned in a poll call (integer value) +#max_poll_records = 500 + +# Protocol used to communicate with brokers (string value) +# Possible values: +# PLAINTEXT - +# SASL_PLAINTEXT - +# SSL - +# SASL_SSL - +#security_protocol = PLAINTEXT + +# Mechanism when security protocol is SASL (string value) +#sasl_mechanism = PLAIN + +# CA certificate PEM file used to verify the server certificate (string value) +#ssl_cafile = + + +[oslo_messaging_notifications] + +# +# From oslo.messaging +# + +# The Drivers(s) to handle sending notifications. Possible values are +# messaging, messagingv2, routing, log, test, noop (multi valued) +# Deprecated group/name - [DEFAULT]/notification_driver +driver = messagingv2 + +# A URL representing the messaging driver to use for notifications. If not set, +# we fall back to the same configuration used for RPC. (string value) +# Deprecated group/name - [DEFAULT]/notification_transport_url +#transport_url = +transport_url = rabbit://{% for host in zun_rabbitmq_telemetry_servers.split(',') %}{{ zun_rabbitmq_telemetry_userid }}:{{ zun_rabbitmq_telemetry_password }}@{{ host }}:{{ zun_rabbitmq_telemetry_port }}{% if not loop.last %},{% else %}/{{ zun_rabbitmq_telemetry_vhost }}{% endif %}{% endfor %} + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +# Deprecated group/name - [DEFAULT]/notification_topics +#topics = notifications +{% if zun_ceilometer_enabled or zun_designate_enabled %} +{% set notification_topics = [] %} +{% if neutron_ceilometer_enabled %} +{% set _ = notification_topics.append('notifications') %} +{% endif %} +{% if neutron_designate_enabled %} +{% set _ = notification_topics.append(zun_notifications_designate) %} +{% endif %} +topics = {{ notification_topics | join(',') }} +{% endif %} + +# The maximum number of attempts to re-send a notification message which failed +# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite +# (integer value) +#retry = -1 + + +[oslo_messaging_rabbit] + +# +# From oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_durable_queues +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues = false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete = false + +# Connect over SSL. (boolean value) +# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl +#ssl = false +ssl = {{ zun_rabbitmq_use_ssl }} + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version +#ssl_version = + +# SSL key file (valid only if SSL enabled). (string value) +# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile +#ssl_key_file = + +# SSL cert file (valid only if SSL enabled). (string value) +# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile +#ssl_cert_file = + +# SSL certification authority file (valid only if SSL enabled). (string value) +# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs +#ssl_ca_file = + +# How long to wait before reconnecting in response to an AMQP consumer cancel +# notification. (floating point value) +#kombu_reconnect_delay = 1.0 + +# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not +# be used. This option may not be available in future versions. (string value) +#kombu_compression = + +# How long to wait a missing client before abandoning to send it its replies. +# This value should not be longer than rpc_response_timeout. (integer value) +# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout +#kombu_missing_consumer_retry_timeout = 60 + +# Determines how the next RabbitMQ node is chosen in case the one we are +# currently connected to becomes unavailable. Takes effect only if more than +# one RabbitMQ node is provided in config. (string value) +# Possible values: +# round-robin - +# shuffle - +#kombu_failover_strategy = round-robin + +# DEPRECATED: The RabbitMQ broker address where a single node is used. (string +# value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#rabbit_host = localhost + +# DEPRECATED: The RabbitMQ broker port where a single node is used. (port +# value) +# Minimum value: 0 +# Maximum value: 65535 +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#rabbit_port = 5672 + +# DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#rabbit_hosts = $rabbit_host:$rabbit_port + +# DEPRECATED: The RabbitMQ userid. (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#rabbit_userid = guest + +# DEPRECATED: The RabbitMQ password. (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#rabbit_password = guest + +# The RabbitMQ login method. (string value) +# Possible values: +# PLAIN - +# AMQPLAIN - +# RABBIT-CR-DEMO - +#rabbit_login_method = AMQPLAIN + +# DEPRECATED: The RabbitMQ virtual host. (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Replaced by [DEFAULT]/transport_url +#rabbit_virtual_host = / + +# How frequently to retry connecting with RabbitMQ. (integer value) +#rabbit_retry_interval = 1 + +# How long to backoff for between retries when connecting to RabbitMQ. (integer +# value) +#rabbit_retry_backoff = 2 + +# Maximum interval of RabbitMQ connection retries. Default is 30 seconds. +# (integer value) +#rabbit_interval_max = 30 + +# DEPRECATED: Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +#rabbit_max_retries = 0 + +# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this +# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring +# is no longer controlled by the x-ha-policy argument when declaring a queue. +# If you just want to make sure that all queues (except those with auto- +# generated names) are mirrored across all nodes, run: "rabbitmqctl set_policy +# HA '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value) +#rabbit_ha_queues = false + +# Positive integer representing duration in seconds for queue TTL (x-expires). +# Queues which are unused for the duration of the TTL are automatically +# deleted. The parameter affects only reply and fanout queues. (integer value) +# Minimum value: 1 +#rabbit_transient_queues_ttl = 1800 + +# Specifies the number of messages to prefetch. Setting to zero allows +# unlimited messages. (integer value) +#rabbit_qos_prefetch_count = 0 + +# Number of seconds after which the Rabbit broker is considered down if +# heartbeat's keep-alive fails (0 disable the heartbeat). EXPERIMENTAL (integer +# value) +#heartbeat_timeout_threshold = 60 + +# How often times during the heartbeat_timeout_threshold we check the +# heartbeat. (integer value) +#heartbeat_rate = 2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) +#fake_rabbit = false + + +[oslo_messaging_zmq] + +# +# From oslo.messaging +# + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. (string value) +#rpc_zmq_bind_address = * + +# MatchMaker driver. (string value) +# Possible values: +# redis - +# sentinel - +# dummy - +#rpc_zmq_matchmaker = redis + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts = 1 + +# Maximum number of ingress messages to locally buffer per topic. Default is +# unlimited. (integer value) +#rpc_zmq_topic_backlog = + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir = /var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP address. Must match +# "host" option, if running zun. (string value) +#rpc_zmq_host = localhost + +# Number of seconds to wait before all pending messages will be sent after +# closing a socket. The default value of -1 specifies an infinite linger +# period. The value of 0 specifies no linger period. Pending messages shall be +# discarded immediately when the socket is closed. Positive values specify an +# upper bound for the linger period. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_cast_timeout +#zmq_linger = -1 + +# The default number of seconds that poll should wait. Poll raises timeout +# exception when timeout expired. (integer value) +#rpc_poll_timeout = 1 + +# Expiration timeout in seconds of a name service record about existing target +# ( < 0 means no timeout). (integer value) +#zmq_target_expire = 300 + +# Update period in seconds of a name service record about existing target. +# (integer value) +#zmq_target_update = 180 + +# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean +# value) +#use_pub_sub = false + +# Use ROUTER remote proxy. (boolean value) +#use_router_proxy = false + +# This option makes direct connections dynamic or static. It makes sense only +# with use_router_proxy=False which means to use direct connections for direct +# message types (ignored otherwise). (boolean value) +#use_dynamic_connections = false + +# How many additional connections to a host will be made for failover reasons. +# This option is actual only in dynamic connections mode. (integer value) +#zmq_failover_connections = 2 + +# Minimal port number for random ports range. (port value) +# Minimum value: 0 +# Maximum value: 65535 +#rpc_zmq_min_port = 49153 + +# Maximal port number for random ports range. (integer value) +# Minimum value: 1 +# Maximum value: 65536 +#rpc_zmq_max_port = 65536 + +# Number of retries to find free port number before fail with ZMQBindError. +# (integer value) +#rpc_zmq_bind_port_retries = 100 + +# Default serialization mechanism for serializing/deserializing +# outgoing/incoming messages (string value) +# Possible values: +# json - +# msgpack - +#rpc_zmq_serialization = json + +# This option configures round-robin mode in zmq socket. True means not keeping +# a queue when server side disconnects. False means to keep queue and messages +# even if server is disconnected, when the server appears we send all +# accumulated messages to it. (boolean value) +#zmq_immediate = true + +# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any +# other negative value) means to skip any overrides and leave it to OS default; +# 0 and 1 (or any other positive value) mean to disable and enable the option +# respectively. (integer value) +#zmq_tcp_keepalive = -1 + +# The duration between two keepalive transmissions in idle condition. The unit +# is platform dependent, for example, seconds in Linux, milliseconds in Windows +# etc. The default value of -1 (or any other negative value and 0) means to +# skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_idle = -1 + +# The number of retransmissions to be carried out before declaring that remote +# end is not available. The default value of -1 (or any other negative value +# and 0) means to skip any overrides and leave it to OS default. (integer +# value) +#zmq_tcp_keepalive_cnt = -1 + +# The duration between two successive keepalive retransmissions, if +# acknowledgement to the previous keepalive transmission is not received. The +# unit is platform dependent, for example, seconds in Linux, milliseconds in +# Windows etc. The default value of -1 (or any other negative value and 0) +# means to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_intvl = -1 + +# Maximum number of (green) threads to work concurrently. (integer value) +#rpc_thread_pool_size = 100 + +# Expiration timeout in seconds of a sent/received message after which it is +# not tracked anymore by a client/server. (integer value) +#rpc_message_ttl = 300 + +# Wait for message acknowledgements from receivers. This mechanism works only +# via proxy without PUB/SUB. (boolean value) +#rpc_use_acks = false + +# Number of seconds to wait for an ack from a cast/call. After each retry +# attempt this timeout is multiplied by some specified multiplier. (integer +# value) +#rpc_ack_timeout_base = 15 + +# Number to multiply base ack timeout by after each retry attempt. (integer +# value) +#rpc_ack_timeout_multiplier = 2 + +# Default number of message sending attempts in case of any problems occurred: +# positive value N means at most N retries, 0 means no retries, None or -1 (or +# any other negative values) mean to retry forever. This option is used only if +# acknowledgments are enabled. (integer value) +#rpc_retry_attempts = 3 + +# List of publisher hosts SubConsumer can subscribe on. This option has higher +# priority then the default publishers list taken from the matchmaker. (list +# value) +#subscribe_on = + + +[oslo_policy] + +# +# From oslo.policy +# + +# This option controls whether or not to enforce scope when evaluating +# policies. If ``True``, the scope of the token used in the request is compared +# to the ``scope_types`` of the policy being enforced. If the scopes do not +# match, an ``InvalidScope`` exception will be raised. If ``False``, a message +# will be logged informing operators that policies are being invoked with +# mismatching scope. (boolean value) +#enforce_scope = false + +# The file that defines policies. (string value) +#policy_file = policy.json + +# Default rule. Enforced when a requested rule is not found. (string value) +#policy_default_rule = default + +# Directories where policy configuration files are stored. They can be relative +# to any directory in the search path defined by the config_dir option, or +# absolute paths. The file defined by policy_file must exist for these +# directories to be searched. Missing or empty directories are ignored. (multi +# valued) +#policy_dirs = policy.d + +# Content Type to send and receive data for REST based policy check (string +# value) +# Possible values: +# application/x-www-form-urlencoded - +# application/json - +#remote_content_type = application/x-www-form-urlencoded + +# server identity verification for REST based policy check (boolean value) +#remote_ssl_verify_server_crt = false + +# Absolute path to ca cert file for REST based policy check (string value) +#remote_ssl_ca_crt_file = + +# Absolute path to client cert for REST based policy check (string value) +#remote_ssl_client_crt_file = + +# Absolute path client key file REST based policy check (string value) +#remote_ssl_client_key_file = + + +[pci] + +# +# From zun.conf +# + +# +# An alias for a PCI passthrough device requirement. +# +# Possible Values: +# +# * A list of JSON values which describe the aliases. For example: +# +# alias = { +# "name": "QuickAssist", +# "product_id": "0443", +# "vendor_id": "8086", +# "device_type": "PCI" +# } +# +# defines an alias for the Intel QuickAssist card. (multi valued). Valid key +# values are : +# +# * "name": Name of the PCI alias. +# * "product_id": Product ID of the device in hexadecimal. +# * "vendor_id": Vendor ID of the device in hexadecimal. +# * "device_type": Type of PCI device. Valid values are: "type-PCI", +# "PF" and "VF". +# (multi valued) +#alias = + +# +# White list of PCI devices available to VMs. +# +# Possible values: +# +# * A JSON dictionary which describe a whitelisted PCI device. It should take +# the following format: +# +# ["vendor_id": "",] ["product_id": "",] +# ["address": "[[[[]:]]:][][.[]]" | +# "devname": "",] +# {"": "",} +# +# Where '[' indicates zero or one occurrences, '{' indicates zero or multiple +# occurrences, and '|' mutually exclusive options. Note that any missing +# fields are automatically wildcarded. +# +# Valid key values are : +# +# * "vendor_id": Vendor ID of the device in hexadecimal. +# * "product_id": Product ID of the device in hexadecimal. +# * "address": PCI address of the device. +# * "devname": Device name of the device (for e.g. interface name). Not all +# PCI devices have a name. +# * "": Additional and used for matching PCI devices. +# Supported : "physical_network". +# +# The address key supports traditional glob style and regular expression +# syntax. Valid examples are: +# +# passthrough_whitelist = {"devname":"eth0", +# "physical_network":"physnet"} +# passthrough_whitelist = {"address":"*:0a:00.*"} +# passthrough_whitelist = {"address":":0a:00.", +# "physical_network":"physnet1"} +# passthrough_whitelist = {"vendor_id":"1137", +# "product_id":"0071"} +# passthrough_whitelist = {"vendor_id":"1137", +# "product_id":"0071", +# "address": "0000:0a:00.1", +# "physical_network":"physnet1"} +# passthrough_whitelist = {"address":{"domain": ".*", +# "bus": "02", "slot": "01", +# "function": "[2-7]"}, +# "physical_network":"physnet1"} +# passthrough_whitelist = {"address":{"domain": ".*", +# "bus": "02", "slot": "0[1-2]", +# "function": ".*"}, +# "physical_network":"physnet1"} +# +# The following are invalid, as they specify mutually exclusive options: +# +# passthrough_whitelist = {"devname":"eth0", +# "physical_network":"physnet", +# "address":"*:0a:00.*"} +# +# * A JSON list of JSON dictionaries corresponding to the above format. For +# example: +# +# passthrough_whitelist = [{"product_id":"0001", "vendor_id":"8086"}, +# {"product_id":"0002", "vendor_id":"8086"}] +# (multi valued) +#passthrough_whitelist = + + +[profiler] +# +# OSprofiler library allows to trace requests going through various OpenStack +# services and create the accumulated report of what time was spent on each +# request processing step. + +# +# From zun.conf +# + +# +# Enables the profiling for all services on this node. Default value is False +# (fully disable the profiling feature). +# +# Possible values: +# +# * True: Enables the feature +# * False: Disables the feature. The profiling cannot be started via this +# project +# operations. If the profiling is triggered by another project, this project +# part +# will be empty. +# (boolean value) +# Deprecated group/name - [profiler]/profiler_enabled +#enabled = false + +# +# Enables SQL requests profiling in services. Default value is False (SQL +# requests won't be traced). +# +# Possible values: +# +# * True: Enables SQL requests profiling. Each SQL query will be part of the +# trace and can the be analyzed by how much time was spent for that. +# * False: Disables SQL requests profiling. The spent time is only shown on a +# higher level of operations. Single SQL queries cannot be analyzed this +# way. +# (boolean value) +#trace_sqlalchemy = false + +# +# Secret key(s) to use for encrypting context data for performance profiling. +# This string value should have the following format: +# [,,...], +# where each key is some random string. A user who triggers the profiling via +# the REST API has to set one of these keys in the headers of the REST API call +# to include profiling results of this node for this particular project. +# +# Both "enabled" flag and "hmac_keys" config options should be set to enable +# profiling. Also, to generate correct profiling information across all +# services +# at least one key needs to be consistent between OpenStack projects. This +# ensures it can be used from client side to generate the trace, containing +# information from all possible resources. (string value) +#hmac_keys = SECRET_KEY + +# +# Connection string for a notifier backend. Default value is messaging:// which +# sets the notifier to oslo_messaging. +# +# Examples of possible values: +# +# * messaging://: use oslo_messaging driver for sending notifications. +# * mongodb://127.0.0.1:27017 : use mongodb driver for sending notifications. +# * elasticsearch://127.0.0.1:9200 : use elasticsearch driver for sending +# notifications. +# (string value) +#connection_string = messaging:// + +# +# Document type for notification indexing in elasticsearch. +# (string value) +#es_doc_type = notification + +# +# This parameter is a time value parameter (for example: es_scroll_time=2m), +# indicating for how long the nodes that participate in the search will +# maintain +# relevant resources in order to continue and support it. +# (string value) +#es_scroll_time = 2m + +# +# Elasticsearch splits large requests in batches. This parameter defines +# maximum size of each batch (for example: es_scroll_size=10000). +# (integer value) +#es_scroll_size = 10000 + +# +# Redissentinel provides a timeout option on the connections. +# This parameter defines that timeout (for example: socket_timeout=0.1). +# (floating point value) +#socket_timeout = 0.1 + +# +# Redissentinel uses a service name to identify a master redis service. +# This parameter defines the name (for example: +# sentinal_service_name=mymaster). +# (string value) +#sentinel_service_name = mymaster + +# +# Enable filter traces that contain error/exception to a separated place. +# Default value is set to False. +# +# Possible values: +# +# * True: Enable filter traces that contain error/exception. +# * False: Disable the filter. +# (boolean value) +#filter_error_trace = false + + +[scheduler] + +# +# From zun.conf +# + +# +# The class of the driver used by the scheduler. +# +# The options are chosen from the entry points under the namespace +# 'zun.scheduler.driver' in 'setup.cfg'. +# +# Possible values: +# +# * A string, where the string corresponds to the class name of a scheduler +# driver. There are a number of options available: +# ** 'chance_scheduler', which simply picks a host at random +# ** A custom scheduler driver. In this case, you will be responsible for +# creating and maintaining the entry point in your 'setup.cfg' file +# (string value) +# Possible values: +# chance_scheduler - +# fake_scheduler - +# filter_scheduler - +#driver = filter_scheduler +driver = {{ zun_scheduler_driver }} + +# +# Filters that the scheduler can use. +# +# An unordered list of the filter classes the zun scheduler may apply. Only +# the +# filters specified in the 'scheduler_enabled_filters' option will be used, but +# any filter appearing in that option must also be included in this list. +# +# By default, this is set to all filters that are included with zun. +# +# This option is only used by the FilterScheduler and its subclasses; if you +# use +# a different scheduler, this option has no effect. +# +# Possible values: +# +# * A list of zero or more strings, where each string corresponds to the name +# of +# a filter that may be used for selecting a host +# +# Related options: +# +# * scheduler_enabled_filters +# (multi valued) +#available_filters = zun.scheduler.filters.all_filters +available_filters = {{ zun_scheduler_available_filters }} + +# +# Filters that the scheduler will use. +# +# An ordered list of filter class names that will be used for filtering +# hosts. Ignore the word 'default' in the name of this option: these filters +# will +# *always* be applied, and they will be applied in the order they are listed so +# place your most restrictive filters first to make the filtering process more +# efficient. +# +# This option is only used by the FilterScheduler and its subclasses; if you +# use +# a different scheduler, this option has no effect. +# +# Possible values: +# +# * A list of zero or more strings, where each string corresponds to the name +# of +# a filter to be used for selecting a host +# +# Related options: +# +# * All of the filters in this option *must* be present in the +# 'scheduler_available_filters' option, or a SchedulerHostFilterNotFound +# exception will be raised. +# (list value) +#enabled_filters = AvailabilityZoneFilter,CPUFilter,RamFilter,ComputeFilter,DiskFilter +enabled_filters = {{ zun_scheduler_default_filters }} + +[ssl] + +# +# From zun.conf +# + +# CA certificate file to use to verify connecting clients. (string value) +# Deprecated group/name - [DEFAULT]/ssl_ca_file +#ca_file = + +# Certificate file to use when starting the server securely. (string value) +# Deprecated group/name - [DEFAULT]/ssl_cert_file +#cert_file = + +# Private key file to use when starting the server securely. (string value) +# Deprecated group/name - [DEFAULT]/ssl_key_file +#key_file = + +# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and +# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some +# distributions. (string value) +#version = + +# Sets the list of available ciphers. value should be a string in the OpenSSL +# cipher list format. (string value) +#ciphers = + + +[volume] + +# +# From zun.conf +# + +# Defines which driver to use for container volume. (string value) +#driver = cinder + +# At which the docker volume will create. (string value) +#volume_dir = $state_path/mnt + +# Default filesystem type for volume. (string value) +#fstype = ext4 + +# +# Use multipath connection of volume +# +# Volumes can be connected as multipath devices. This will provide high +# availability and fault tolerance. +# (boolean value) +use_multipath = true + + +[websocket_proxy] +# +# Users use the websocket proxy to connect to containers, instead of +# connecting to containers directly, hence protects the socket daemon. + +# +# From zun.conf +# + +# +# The URL an end user would use to connect to the ``zun-wsproxy`` service. +# +# The ``zun-wsproxy`` service is called with this token enriched URL +# and establishes the connection to the proper instance. +# +# Related options: +# +# * The IP address must be the same as the address to which the +# ``zun-wsproxy`` service is listening (see option ``wsproxy_host`` +# in this section). +# * The port must be the same as ``wsproxy_port``in this section. +# (uri value) +#base_url = ws://$wsproxy_host:$wsproxy_port/ + +# +# The IP address which is used by the ``zun-wsproxy`` service to listen +# for incoming requests. +# +# The ``zun-wsproxy`` service listens on this IP address for incoming +# connection requests. +# +# Related options: +# +# * Ensure that this is the same IP address which is defined in the option +# ``base_url`` of this section or use ``0.0.0.0`` to listen on all addresses. +# (string value) +wsproxy_host = 0.0.0.0 + +# +# The port number which is used by the ``zun-wsproxy`` service to listen +# for incoming requests. +# +# The ``zun-wsproxy`` service listens on this port number for incoming +# connection requests. +# +# Related options: +# +# * Ensure that this is the same port number as that defined in the option +# ``base_url`` of this section. +# (port value) +# Minimum value: 0 +# Maximum value: 65535 +wsproxy_port = 6784 + +# +# Adds list of allowed origins to the console websocket proxy to allow +# connections from other origin hostnames. +# Websocket proxy matches the host header with the origin header to +# prevent cross-site requests. This list specifies if any there are +# values other than host are allowed in the origin header. +# +# Possible values: +# +# * A list where each element is an allowed origin hostnames, else an empty +# list +# (list value) +#allowed_origins = + + +[zun_client] + +# +# From zun.conf +# + +# Region in Identity service catalog to use for communication with the +# OpenStack service. (string value) +#region_name = + +# Type of endpoint in Identity service catalog to use for communication with +# the OpenStack service. (string value) +endpoint_type = {{ zun_service_endpoint_type }} + +# Optional CA cert file to use in SSL connections. (string value) +#ca_file = + +# Optional PEM-formatted certificate chain file. (string value) +#cert_file = + +# Optional PEM-formatted file that contains the private key. (string value) +#key_file = + +# If set, then the server's certificate will not be verified. (boolean value) +#insecure = false +insecure = {{ keystone_service_internaluri_insecure | bool }} diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 0000000..82506c5 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,9 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +bashate>=0.5.1 # Apache-2.0 +flake8<2.6.0,>=2.5.4 # MIT +pyasn1!=0.2.3,>=0.1.8 # BSD +pyOpenSSL>=17.1.0 # Apache-2.0 +requests>=2.14.2 # Apache-2.0 +ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml new file mode 100644 index 0000000..29975e9 --- /dev/null +++ b/tests/ansible-role-requirements.yml @@ -0,0 +1,68 @@ +- name: apt_package_pinning + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + scm: git + version: master +- name: pip_install + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + scm: git + version: master +- name: galera_client + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + scm: git + version: master +- name: memcached_server + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + scm: git + version: master +- name: openstack_hosts + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + scm: git + version: master +- name: lxc_hosts + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + scm: git + version: master +- name: lxc_container_create + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + scm: git + version: master +- name: galera_server + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + scm: git + version: master +- name: rabbitmq_server + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + scm: git + version: master +- name: openstack_openrc + src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc + scm: git + version: master +- name: os_keystone + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + scm: git + version: master +- name: os_glance + src: https://git.openstack.org/openstack/openstack-ansible-os_glance + scm: git + version: master +- name: etcd + scm: git + src: https://github.com/logan2211/ansible-etcd + version: master +- name: os_neutron + src: https://git.openstack.org/openstack/openstack-ansible-os_neutron + scm: git + version: master +- name: os_tempest + src: https://git.openstack.org/openstack/openstack-ansible-os_tempest + scm: git + version: master +- name: systemd_service + src: https://git.openstack.org/openstack/ansible-role-systemd_service + scm: git + version: master +- name: python_venv_build + src: https://git.openstack.org/openstack/ansible-role-python_venv_build + scm: git + version: master diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml new file mode 100644 index 0000000..2245b74 --- /dev/null +++ b/tests/group_vars/all_containers.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +container_name: "{{ inventory_hostname }}" +container_networks: + management_address: + address: "{{ ansible_host }}" + bridge: "br-mgmt" + interface: "eth1" + netmask: "255.255.255.0" + type: "veth" + tunnel_address: + address: "{{ tunnel_address }}" + bridge: "br-vxlan" + interface: "eth2" + netmask: "255.255.255.0" + type: "veth" + vlan_address: + bridge: "br-vlan" + interface: "eth12" + netmask: null + type: "veth" +physical_host: localhost +properties: + service_name: "{{ inventory_hostname }}" diff --git a/tests/host_vars/infra1.yml b/tests/host_vars/infra1.yml new file mode 100644 index 0000000..15318d8 --- /dev/null +++ b/tests/host_vars/infra1.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.101 +ansible_become: True +ansible_user: root +tunnel_address: 10.1.2.101 diff --git a/tests/host_vars/localhost.yml b/tests/host_vars/localhost.yml new file mode 100644 index 0000000..4c84cab --- /dev/null +++ b/tests/host_vars/localhost.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_host: 10.1.1.1 +ansible_python_interpreter: "/usr/bin/python2" + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth12" + network_vxlan_ranges: "1:1000" +neutron_local_ip: 10.1.2.1 + +bridges: + - name: "br-mgmt" + ip_addr: "10.1.1.1" + - name: "br-vxlan" + ip_addr: "10.1.2.1" + - name: "br-vlan" + ip_addr: "10.1.3.1" + veth_peer: "eth12" diff --git a/tests/host_vars/openstack1.yml b/tests/host_vars/openstack1.yml new file mode 100644 index 0000000..e08a3c7 --- /dev/null +++ b/tests/host_vars/openstack1.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth12" + network_vxlan_ranges: "1:1000" +ansible_host: 10.1.1.102 +ansible_become: True +ansible_user: root +tunnel_address: 10.1.2.102 +neutron_local_ip: 10.1.2.102 diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..a627174 --- /dev/null +++ b/tests/inventory @@ -0,0 +1,86 @@ +[all] +localhost +infra1 +openstack1 + +[all_containers] +infra1 +openstack1 + +[rabbitmq_all] +infra1 + +[galera_all] +infra1 + +[memcached_all] +infra1 + +[service_all:children] +rabbitmq_all +galera_all +memcached_all + +[keystone_all] +openstack1 + +[glance_api] +openstack1 + +[glance_registry] +openstack1 + +[glance_all:children] +glance_api +glance_registry + +[neutron_agent] +openstack1 + +[neutron_dhcp_agent] +openstack1 + +[neutron_linuxbridge_agent] +openstack1 + +[neutron_openvswitch_agent] +openstack1 + +[neutron_metering_agent] +openstack1 + +[neutron_l3_agent] +openstack1 + +[neutron_lbaas_agent] +openstack1 + +[neutron_metadata_agent] +openstack1 + +[neutron_server] +openstack1 + +[neutron_all:children] +neutron_agent +neutron_dhcp_agent +neutron_linuxbridge_agent +neutron_openvswitch_agent +neutron_metering_agent +neutron_l3_agent +neutron_lbaas_agent +neutron_metadata_agent +neutron_server + +[zun_api] +openstack1 + +[zun_compute] +localhost + +[zun_all:children] +zun_api +zun_compute + +[utility_all] +infra1 diff --git a/tests/test-install-zun.yml b/tests/test-install-zun.yml new file mode 100644 index 0000000..d0cf7b1 --- /dev/null +++ b/tests/test-install-zun.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Installation and setup of Zun + hosts: zun_all + become: true + roles: + - role: "os_zun" + zun_rabbitmq_password: secrete + zun_galera_password: secrete + zun_service_password: secrete + zun_kuryr_service_password: secrete + zun_developer_mode: true + zun_galera_address: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}" + zun_rabbitmq_servers: "{{ hostvars[groups['rabbitmq_all'][0]]['ansible_host'] }}" + zun_service_publicuri: "http://{{ hostvars[groups['keystone_all'][0]]['ansible_host'] }}:9517" + zun_service_adminuri: "http://{{ hostvars[groups['keystone_all'][0]]['ansible_host'] }}:9517" + zun_service_internaluri: "http://{{ hostvars[groups['keystone_all'][0]]['ansible_host'] }}:9517" + tags: + - "os-zun" diff --git a/tests/test-zun-check.yml b/tests/test-zun-check.yml new file mode 100644 index 0000000..4a5b605 --- /dev/null +++ b/tests/test-zun-check.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create a zun image + hosts: zun_compute + become: true + tasks: + - name: Pull cirros image + command: docker pull cirros + + - name: Upload image into glance + shell: | + . /root/openrc + docker save cirros | /openstack/venvs/zun-untagged/bin/openstack image create zun-cirros --public --container-format docker --disk-format raw + +- name: Run zun service check + hosts: zun_api[0] + become: true + tasks: + - name: Check zun service is functional + shell: | + . /root/openrc + /openstack/venvs/zun-untagged/bin/openstack appcontainer service list + + - name: Create zun container + shell: | + . /root/openrc + /openstack/venvs/zun-untagged/bin/openstack appcontainer run --name container-check --net network=private zun-cirros ping 127.0.0.1 diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..f1b874f --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Setup the host +- import_playbook: common/test-setup-host.yml +- import_playbook: common/test-repo-setup.yml + +# Install RabbitMQ/MariaDB +- import_playbook: common/test-install-infra.yml + +# Install Keystone +- import_playbook: common/test-install-keystone.yml + +# Install Glance +- import_playbook: common/test-install-glance.yml + +# Install Neutron +- import_playbook: common/test-install-neutron.yml + +# Install Zun +- import_playbook: test-install-zun.yml + +# Install Tempest +- import_playbook: common/test-install-tempest.yml + vars: + tempest_plugins: + - name: zun-tempest-plugin + repo: git://git.openstack.org/openstack/zun-tempest-plugin + branch: master + +# Run some additional tests with Zun to validate everything is working +- import_playbook: test-zun-check.yml diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..a0e745c --- /dev/null +++ b/tox.ini @@ -0,0 +1,142 @@ +[tox] +minversion = 2.0 +skipsdist = True +envlist = docs,linters,functional + + +[testenv] +usedevelop = True +install_command = + pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages} +deps = + -r{toxinidir}/test-requirements.txt +commands = + /usr/bin/find . -type f -name "*.pyc" -delete +passenv = + HOME + USER + http_proxy + HTTP_PROXY + https_proxy + HTTPS_PROXY + no_proxy + NO_PROXY +whitelist_externals = + bash +setenv = + PYTHONUNBUFFERED=1 + ROLE_NAME=os_zun + TEST_IDEMPOTENCE=false + VIRTUAL_ENV={envdir} + WORKING_DIR={toxinidir} + + +[testenv:docs] +deps = -r{toxinidir}/doc/requirements.txt +commands= + bash -c "rm -rf doc/build" + doc8 doc + sphinx-build -b html doc/source doc/build/html + + +[doc8] +# Settings for doc8: +extensions = .rst + + +[testenv:releasenotes] +deps = -r{toxinidir}/doc/requirements.txt +commands = + sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html + + +# environment used by the -infra templated docs job +[testenv:venv] +commands = + {posargs} + + +[testenv:pep8] +commands = + bash -c "{toxinidir}/tests/common/test-pep8.sh" + + +[flake8] +# Ignores the following rules due to how ansible modules work in general +# F403 'from ansible.module_utils.basic import *' used; +# unable to detect undefined names +ignore=F403 + + +[testenv:bashate] +commands = + bash -c "{toxinidir}/tests/common/test-bashate.sh" + + +[testenv:ansible] +deps = + {[testenv]deps} + -rhttps://git.openstack.org/cgit/openstack/openstack-ansible/plain/global-requirement-pins.txt + -rhttps://git.openstack.org/cgit/openstack/openstack-ansible-tests/plain/test-ansible-deps.txt + + +[testenv:ansible-syntax] +deps = + {[testenv:ansible]deps} +commands = + bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh" + + +[testenv:ansible-lint] +deps = + {[testenv:ansible]deps} +commands = + bash -c "{toxinidir}/tests/common/test-ansible-lint.sh" + + +[testenv:functional] +deps = + {[testenv:ansible]deps} +commands = + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" + + +[testenv:upgrade] +deps = + {[testenv:ansible]deps} +setenv = + {[testenv]setenv} + TEST_PLAYBOOK={toxinidir}/tests/test-upgrade.yml + CLONE_UPGRADE_TESTS=yes +commands = + bash -c "{toxinidir}/tests/test-zun-upgrades.sh" + + +[testenv:func_lxd] +deps = + {[testenv:ansible]deps} +setenv = + {[testenv]setenv} + ANSIBLE_OVERRIDES={toxinidir}/tests/os_zun-overrides-lxd.yml +commands = + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" + + +[testenv:ssl] +deps = + {[testenv:ansible]deps} +setenv = + {[testenv]setenv} + ANSIBLE_PARAMETERS=-vvv -e galera_use_ssl=True +commands = + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" + + +[testenv:linters] +deps = + {[testenv:ansible]deps} +commands = + {[testenv:pep8]commands} + {[testenv:bashate]commands} + {[testenv:ansible-lint]commands} + {[testenv:ansible-syntax]commands} diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..1e8cb3e --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Compile a list of the services on a host based on whether +# the host is in the host group and the service is enabled. +# +filtered_zun_services: |- + {% set services = [] %} + {% for key, value in zun_services.items() %} + {% if (value['group'] in group_names) and + (('condition' not in value) or + ('condition' in value and value['condition'])) %} + {% set _ = value.update({'service_key': key}) %} + {% set _ = services.append(value) %} + {% endif %} + {% endfor %} + {{ services | sort(attribute='start_order') }} diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml new file mode 100644 index 0000000..f6a6f7b --- /dev/null +++ b/vars/redhat-7.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +zun_docker_repo: + - name: "docker-ce" + uri: "https://download.docker.com/linux/centos/docker-ce.repo" + +# Common yum packages +zun_distro_packages: + - git + +zun_distro_compute_packages: + - docker + - pciutils diff --git a/vars/suse-42.yml b/vars/suse-42.yml new file mode 100644 index 0000000..0b16b13 --- /dev/null +++ b/vars/suse-42.yml @@ -0,0 +1,29 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +zun_docker_repo: + - name: "OBS:Virtualization:containers" + uri: "http://download.opensuse.org/repositories/Virtualization:/containers/openSUSE_Leap_{{ ansible_distribution_version }}/" + +# Common zypp packages +zun_distro_packages: + - device-mapper-persistent-data + - git + - yum-utils + - lvm2 + +zun_distro_compute_packages: + - docker-ce + - pciutils diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml new file mode 100644 index 0000000..3ff35a5 --- /dev/null +++ b/vars/ubuntu-16.04.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +zun_docker_repo: + - name: "docker-ce" + uri: "https://download.docker.com/linux/ubuntu" + gpg_uri: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" + +# Common apt packages +zun_distro_packages: + - ca-certificates + - curl + - git + - software-properties-common + +zun_distro_compute_packages: + - docker-ce + - pciutils + +## APT Cache options +cache_timeout: 600 diff --git a/vars/ubuntu-18.04.yml b/vars/ubuntu-18.04.yml new file mode 100644 index 0000000..3ff35a5 --- /dev/null +++ b/vars/ubuntu-18.04.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +zun_docker_repo: + - name: "docker-ce" + uri: "https://download.docker.com/linux/ubuntu" + gpg_uri: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" + +# Common apt packages +zun_distro_packages: + - ca-certificates + - curl + - git + - software-properties-common + +zun_distro_compute_packages: + - docker-ce + - pciutils + +## APT Cache options +cache_timeout: 600