Integration with Kolla and Kolla-Ansible

1. Add kolla and kolla-ansible integrated patch
2. Add README to introduce how we can build skyline image with kolla
and deploy skyline with kolla-ansible
3. Add kolla folder as irrelevant files into jobs

Change-Id: I0cc7e9ddd62fc3e20564bf8a0d98d5c7b8f8abac

.zuul.yaml

@@ -65,6 +65,7 @@
               - ^.*\.rst$
               - ^.*\.md$
               - ^libs/skyline-console$
+              - ^kolla/.*$
         - skyline-tox-lint-py38:
             irrelevant-files:
               - ^container/.*$
@@ -74,6 +75,7 @@
               - ^.*\.rst$
               - ^.*\.md$
               - ^libs/skyline-console$
+              - ^kolla/.*$
         - skyline-functional-devstack:
             irrelevant-files:
               - ^container/.*$
@@ -81,6 +83,7 @@
               - ^tools/.*$
               - ^.*\.rst$
               - ^.*\.md$
+              - ^kolla/.*$
     gate:
       jobs:
         - skyline-tox-unittest-py38:
@@ -92,6 +95,7 @@
               - ^.*\.rst$
               - ^.*\.md$
               - ^libs/skyline-console$
+              - ^kolla/.*$
         - skyline-tox-lint-py38:
             irrelevant-files:
               - ^container/.*$
@@ -101,6 +105,7 @@
               - ^.*\.rst$
               - ^.*\.md$
               - ^libs/skyline-console$
+              - ^kolla/.*$
         - skyline-functional-devstack:
             irrelevant-files:
               - ^container/.*$
@@ -108,6 +113,7 @@
               - ^tools/.*$
               - ^.*\.rst$
               - ^.*\.md$
+              - ^kolla/.*$
     post:
       jobs:
         - publish-skyline-python-branch-tarball

README-zh_CN.md

@@ -22,6 +22,7 @@ Skyline 的吉祥物是九色鹿。九色鹿源自于敦煌壁画《九色鹿本
     - [依赖工具](#依赖工具)
     - [安装和运行](#安装和运行)
   - [Devstack 集成](#devstack-集成)
+  - [Kolla Ansible 部署](#kolla-ansible-部署)
 
 ## 资源
 
@@ -218,3 +219,7 @@ Skyline 的吉祥物是九色鹿。九色鹿源自于敦煌壁画《九色鹿本
 ## Devstack 集成
 
 [与 Devstack 快速集成，搭建环境。](./devstack/README.rst)
+
+## Kolla Ansible 部署
+
+[使用 Kolla Ansible 部署环境。](./kolla/README-zh_CN.md)

README.md

@@ -22,6 +22,7 @@ Skyline's mascot is the nine-color deer. The nine-color deer comes from Dunhuang
     - [Dependent tools](#dependent-tools)
     - [Install & Run](#install--run)
   - [Devstack Integration](#devstack-integration)
+  - [Kolla Ansible Deployment](#kolla-ansible-deployment)
 
 ## Resources
 
@@ -218,3 +219,7 @@ You can now access the dashboard: `https://<ip_address>:9999`
 ## Devstack Integration
 
 [Fast integration with Devstack to build an environment.](./devstack/README.rst)
+
+## Kolla Ansible Deployment
+
+[Kolla Ansible to build an environment.](./kolla/README.md)

kolla/README-zh_CN.md

@@ -0,0 +1,180 @@
+# Kolla Ansible 部署
+
+## 环境准备
+
+> **部署环境配置建议:**\
+> 2个网络接口\
+> 8GB内存\
+> 100GB磁盘\
+> ubuntu20.04 / centos8
+
+- kolla : `https://github.com/openstack/kolla`
+- kolla-ansible : `https://github.com/openstack/kolla-ansible`
+- kolla skyline patch包 : `https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-xxxxxxx.diff`
+- kolla-ansible skyline patch包 : `https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-ansible-xxxxxxx.diff`
+
+## kolla build docker image
+
+- 若部署环境未安装 kolla
+
+  ```shell
+  cd /opt
+  git clone https://github.com/openstack/kolla
+  curl https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-xxxxxxx.diff -o kolla.diff
+  cd /opt/kolla
+  git apply --check /opt/kolla.diff
+  git apply /opt/kolla.diff
+  sudo pip3 install /opt/kolla
+  ```
+
+- 若部署环境已安装 kolla
+
+  获取 kolla 安装目录
+
+  ```shell
+  KOLLA_PACKAGE_PATH=$(python3 -c "import kolla;from pathlib import Path;print(Path(kolla.__file__).parents[1])")
+  KOLLA_DATA_FILES_PATH=$(python3 -c "import kolla;from pathlib import Path;print(Path(kolla.__file__).parents[4].joinpath('share/kolla'))")
+  ```
+
+  安装 kolla patch 包
+
+  ```shell
+  curl https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-xxxxxxx.diff -o /opt/kolla.diff
+  cd ${KOLLA_PACKAGE_PATH}
+  git apply --check --include='kolla/*' /opt/kolla.diff
+  git apply --include='kolla/*' /opt/kolla.diff
+  cd ${KOLLA_DATA_FILES_PATH}
+  git apply --check --include='docker/*' /opt/kolla.diff
+  git apply --include='docker/*' /opt/kolla.diff
+  ```
+
+### skyline 镜像构建
+
+> **注 : skyline 镜像目前仅支持 ubuntu-source-skyline 版本**
+
+- `-b`:基础镜像类型
+- `-t`:安装方式
+- `-n`:命名空间
+- `--tag`:标签
+- `--registry`:docker仓库
+- `--push`:镜像构建之后自动推送
+
+```shell
+kolla-build -b ubuntu -t source -n kolla --tag master --registry 127.0.0.1:4000 --push skyline
+```
+
+## kolla-ansible install
+
+### kolla-ansible 安装
+
+- 若部署环境未安装 kolla-ansible
+
+  ```shell
+  cd /opt
+  git clone https://github.com/openstack/kolla-ansible
+  curl https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-ansible-xxxxxxx.diff -o kolla-ansible.diff
+  cd /opt/kolla-ansible
+  git apply --check /opt/kolla-ansible.diff
+  git apply /opt/kolla-ansible.diff
+  sudo pip3 install /opt/kolla-ansible
+  ```
+
+- 若部署环境已安装 kolla-ansible
+
+  获取 kolla-ansible 安装目录
+
+  ```shell
+  KOLLA_ANSIBLE_DATA_FILES_PATH=$(python3 -c "import kolla_ansible;from pathlib import Path;print(Path(kolla_ansible.__file__).parents[4].joinpath('share/kolla-ansible'))")
+  ```
+
+  安装 kolla-ansible patch 包
+
+  ```shell
+  curl https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-ansible-xxxxxxx.diff -o /opt/kolla-ansible.diff
+  cd ${KOLLA_ANSIBLE_DATA_FILES_PATH}
+  git apply --check --include='ansible/*' /opt/kolla-ansible.diff
+  git apply --include='ansible/*' /opt/kolla-ansible.diff
+  ```
+
+### 配置文件
+
+- 若没有配置文件(globals.yml/passwords.yml/all-in-one/multinode)，复制配置文件并生成密码
+
+  ```shell
+  sudo mkdir -p /etc/kolla
+  sudo chown $USER:$USER /etc/kolla
+  cp -r kolla-ansible/etc/kolla/* /etc/kolla
+  cp kolla-ansible/ansible/inventory/* .
+  kolla-genpwd
+  ```
+
+- 若已有配置文件，则需要手动更改
+  - 编辑 `all-in-one` 和 `multinode` 并增加以下配置项
+
+    ```bash
+    [skyline:children]
+    control
+    ```
+
+  - 编辑 `/etc/kolla/passwords.yml` 并增加以下配置项，自定义密码或使用 `kolla-genpwd` 命令生成以下配置密码
+
+    ```shell
+    skyline_database_password:
+    skyline_keystone_password:
+    ```
+
+创建并编辑 `/etc/ansible/ansible.cfg` 文件
+
+```bash
+[defaults]
+host_key_checking=False
+pipelining=True
+forks=100
+```
+
+编辑 `/etc/kolla/globals.yml` 文件，根据构建的skyline镜像更改配置项
+
+```bash
+network_interface: "eth0"
+neutron_external_interface: "eth1"
+kolla_internal_vip_address: "192.168.10.250"
+enable_skyline: "yes"
+docker_registry: "127.0.0.1:4000"
+docker_namespace: "kolla"
+kolla_base_distro: "ubuntu"
+kolla_install_type: "source"
+```
+
+### skyline 部署
+
+> **注 : 环境需已安装 Openstack 基础模块**
+
+kolla-ansible 进行 skyline 部署，选择 `all-in-one` 或 `multinode` 配置文件
+
+```shell
+kolla-ansible -i ./all-in-one bootstrap-servers -t skyline
+kolla-ansible -i ./all-in-one prechecks -t skyline
+kolla-ansible -i ./all-in-one deploy -t skyline
+```
+
+## FAQ
+
+### 在 skyline 镜像构建 和 skyline 部署过程中出现本地仓库 "connect: connection refused" 错误
+
+编辑 `/etc/docker/daemon.json` 文件，删除以下配置项
+
+```shell
+bridge: "none"
+```
+
+重启 docker 服务
+
+```shell
+sudo service docker restart
+```
+
+启动本地镜像 registry
+
+```shell
+docker run -d --name registry --restart=always -p 4000:5000 -v registry:/var/lib/registry registry:2
+```

kolla/README.md

@@ -0,0 +1,179 @@
+# Kolla Ansible Deployment
+
+## Environments
+
+> **Requirements:**\
+> 2 network interfaces\
+> 8GB main memory\
+> 100GB disk space\
+> ubuntu20.04 / centos8
+
+- kolla : `https://github.com/openstack/kolla`
+- kolla-ansible : `https://github.com/openstack/kolla-ansible`
+- kolla skyline patch : `https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-xxxxxxx.diff`
+- kolla-ansible skyline patch : `https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-ansible-xxxxxxx.diff`
+
+## kolla build docker image
+
+- If kolla is not installed in the deployment environment
+
+  ```shell
+  cd /opt
+  git clone https://github.com/openstack/kolla-ansible
+  curl https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-ansible-xxxxxxx.diff -o kolla-ansible.diff
+  cd /opt/kolla-ansible
+  git apply --check /opt/kolla-ansible.diff
+  git apply /opt/kolla-ansible.diff
+  sudo pip3 install /opt/kolla-ansible
+  ```
+
+- If kolla has been installed in the deployment environment
+
+  Get the kolla installation directory:
+
+  ```shell
+  KOLLA_PACKAGE_PATH=$(python3 -c "import kolla;from pathlib import Path;print(Path(kolla.__file__).parents[1])")
+  KOLLA_DATA_FILES_PATH=$(python3 -c "import kolla;from pathlib import Path;print(Path(kolla.__file__).parents[4].joinpath('share/kolla'))")
+  ```
+
+  Install kolla patch
+
+  ```shell
+  curl https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-xxxxxxx.diff -o /opt/kolla.diff
+  cd ${KOLLA_PACKAGE_PATH}
+  git apply --check --include='kolla/*' /opt/kolla.diff
+  git apply --include='kolla/*' /opt/kolla.diff
+  cd ${KOLLA_DATA_FILES_PATH}
+  git apply --check --include='docker/*' /opt/kolla.diff
+  git apply --include='docker/*' /opt/kolla.diff
+  ```
+
+### Build skyline image
+
+> **Note : Only provide ubuntu-source-skyline of skyline image**
+
+- `-b`: The distro type of the base image
+- `-t`: The method of the OpenStack install
+- `-n`: The Docker namespace name
+- `--tag`: Docker tag
+- `--registry`: The docker registry host
+- `--push`: Push images after building
+
+```shell
+kolla-build -b ubuntu -t source -n kolla --tag master --registry 127.0.0.1:4000 --push skyline
+```
+
+## Kolla Ansible Install
+
+### kolla-ansible install
+
+- If kolla-ansible is not installed in the deployment environment
+
+  ```shell
+  cd /opt
+  git clone https://github.com/openstack/kolla-ansible
+  curl https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-ansible-xxxxxxx.diff -o kolla-ansible.diff
+  cd /opt/kolla-ansible
+  git apply --check /opt/kolla-ansible.diff
+  git apply /opt/kolla-ansible.diff
+  sudo pip3 install /opt/kolla-ansible
+  ```
+
+- If kolla-ansible has been installed in the deployment environment
+
+  Get the kolla-ansible installation directory:
+
+  ```shell
+  KOLLA_ANSIBLE_DATA_FILES_PATH=$(python3 -c "import kolla_ansible;from pathlib import Path;print(Path(kolla_ansible.__file__).parents[4].joinpath('share/kolla-ansible'))")
+  ```
+
+  Install kolla-ansible patch
+
+  ```shell
+  curl https://opendev.org/skyline/skyline-apiserver/src/branch/master/kolla/kolla-ansible-xxxxxxx.diff -o /opt/kolla-ansible.diff
+  cd ${KOLLA_ANSIBLE_DATA_FILES_PATH}
+  git apply --check --include='ansible/*' /opt/kolla-ansible.diff
+  git apply --include='ansible/*' /opt/kolla-ansible.diff
+  ```
+
+### Configuration
+
+- If the configuration file does not exist(globals.yml/passwords.yml/all-in-one/multinode), copy the
+  configuration files and generate passwords
+
+  ```shell
+  cp -r kolla-ansible/etc/kolla/* /etc/kolla
+  cp kolla-ansible/ansible/inventory/* /etc/kolla
+  kolla-genpwd
+  ```
+
+- If the configuration file exists(globals.yml/passwords.yml/all-in-one/multinode), modify it
+  manually
+  - Edit `/etc/kolla/all-in-one` and `/etc/kolla/multinode`, add the following options
+
+    ```bash
+    [skyline:children]
+    control
+    ```
+
+  - Edit `/etc/kolla/passwords.yml` and add the following options, then generate passwords manually
+    or by running `kolla-genpwd`
+
+    ```shell
+    skyline_database_password:
+    skyline_keystone_password:
+    ```
+
+Edit `/etc/ansible/ansible.cfg` file
+
+```bash
+[defaults]
+host_key_checking=False
+pipelining=True
+forks=100
+```
+
+Edit `/etc/kolla/globals.yml` file, for example:
+
+```bash
+network_interface: "eth0"
+neutron_external_interface: "eth1"
+kolla_internal_vip_address: "192.168.10.250"
+enable_skyline: "yes"
+docker_registry: "127.0.0.1:4000"
+docker_namespace: "kolla"
+kolla_base_distro: "ubuntu"
+kolla_install_type: "source"
+```
+
+### Skyline Deployment
+
+> **Note : Openstack basic modules have been installed**
+
+```shell
+kolla-ansible -i ./all-in-one bootstrap-servers -t skyline
+kolla-ansible -i ./all-in-one prechecks -t skyline
+kolla-ansible -i ./all-in-one deploy -t skyline
+```
+
+## FAQ
+
+### Local Repository Error "connect: Connection refused" occurred during skyline image build and skyline deployment
+
+Edit `/etc/docker/daemon.json` file and Delete the following options
+
+```shell
+bridge: "none"
+```
+
+Restart docker service
+
+```shell
+sudo service docker restart
+```
+
+Run local registry
+
+```shell
+docker run -d --name registry --restart=always -p 4000:5000 -v registry:/var/lib/registry registry:2
+```

kolla/kolla-0ba97fd.diff

@@ -0,0 +1,360 @@
+From 0ba97fdcee8b832f6f9586ce1af52de8a66c4182 Mon Sep 17 00:00:00 2001
+From: yangshaoxue <yang.shaoxue@99cloud.net>
+Date: Fri, 24 Sep 2021 10:03:16 +0800
+Subject: [PATCH] Skyline: Add skyline dockerfile
+
+Add skyline dockerfile
+
+Change-Id: I4e528760fd4520a5cc9b18d8564716671b9f6e74
+---
+
+diff --git a/docker/openstack-base/Dockerfile.j2 b/docker/openstack-base/Dockerfile.j2
+index f0b3309..ee7d269 100644
+--- a/docker/openstack-base/Dockerfile.j2
++++ b/docker/openstack-base/Dockerfile.j2
+@@ -330,6 +330,12 @@
+ 
+ ENV PATH /var/lib/kolla/venv/bin:$PATH
+ 
++{% set setuptools_pip_packages = [
++    'setuptools==57.5.0'
++] %}
++
++RUN {{ macros.install_pip(setuptools_pip_packages | customizable("pip_packages"), constraints = false) }}
++
+ RUN {{ macros.install_pip(openstack_base_pip_packages | customizable("pip_packages")) }}
+ 
+ {% endif %}
+diff --git a/docker/skyline/skyline-apiserver-base/Dockerfile.j2 b/docker/skyline/skyline-apiserver-base/Dockerfile.j2
+new file mode 100644
+index 0000000..bc7ee3d
+--- /dev/null
++++ b/docker/skyline/skyline-apiserver-base/Dockerfile.j2
+@@ -0,0 +1,18 @@
++FROM {{ namespace }}/{{ image_prefix }}skyline-policy-manager-base:{{ tag }}
++{% block labels %}
++LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
++{% endblock %}
++
++{% block skyline_apiserver_base_header %}{% endblock %}
++
++{% import "macros.j2" as macros with context %}
++
++{% set skyline_apiserver_base_pip_packages = [
++    '/skyline-apiserver',
++] %}
++
++ADD skyline-apiserver-base-archive /skyline-apiserver-base-source
++RUN ln -s skyline-apiserver-base-source/* skyline-apiserver \
++    && {{ macros.install_pip(skyline_apiserver_base_pip_packages | customizable("pip_packages"), constraints = false) }}
++
++{% block skyline_apiserver_base_footer %}{% endblock %}
+diff --git a/docker/skyline/skyline-base/Dockerfile.j2 b/docker/skyline/skyline-base/Dockerfile.j2
+new file mode 100644
+index 0000000..cd2e902
+--- /dev/null
++++ b/docker/skyline/skyline-base/Dockerfile.j2
+@@ -0,0 +1,32 @@
++FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }}
++{% block labels %}
++LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
++{% endblock %}
++
++{% block skyline_base_header %}{% endblock %}
++
++{% import "macros.j2" as macros with context %}
++
++{{ macros.configure_user(name='skyline') }}
++
++{% set skyline_base_packages = [
++    'nginx',
++    'traceroute',
++    'vim',
++    'wget'
++] %}
++
++{% if base_package_type == 'rpm' %}
++    {% set skyline_base_packages = skyline_base_packages + [
++    ] %}
++{% elif base_package_type == 'deb' %}
++    {% set skyline_base_packages = skyline_base_packages + [
++        'iputils-ping',
++        'locales-all',
++        'ssl-cert'
++    ] %}
++{% endif %}
++
++{{ macros.install_packages(skyline_base_packages | customizable("packages")) }}
++
++{% block skyline_base_footer %}{% endblock %}
+diff --git a/docker/skyline/skyline-config-base/Dockerfile.j2 b/docker/skyline/skyline-config-base/Dockerfile.j2
+new file mode 100644
+index 0000000..496b5dd
+--- /dev/null
++++ b/docker/skyline/skyline-config-base/Dockerfile.j2
+@@ -0,0 +1,18 @@
++FROM {{ namespace }}/{{ image_prefix }}skyline-console-base:{{ tag }}
++{% block labels %}
++LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
++{% endblock %}
++
++{% block skyline_config_base_header %}{% endblock %}
++
++{% import "macros.j2" as macros with context %}
++
++{% set skyline_config_base_pip_packages = [
++    '/skyline-config',
++] %}
++
++ADD skyline-config-base-archive /skyline-config-base-source
++RUN ln -s skyline-config-base-source/* skyline-config \
++    && {{ macros.install_pip(skyline_config_base_pip_packages | customizable("pip_packages"), constraints = false) }}
++
++{% block skyline_config_base_footer %}{% endblock %}
+diff --git a/docker/skyline/skyline-console-base/Dockerfile.j2 b/docker/skyline/skyline-console-base/Dockerfile.j2
+new file mode 100644
+index 0000000..9b25733
+--- /dev/null
++++ b/docker/skyline/skyline-console-base/Dockerfile.j2
+@@ -0,0 +1,18 @@
++FROM {{ namespace }}/{{ image_prefix }}skyline-log-base:{{ tag }}
++{% block labels %}
++LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
++{% endblock %}
++
++{% block skyline_console_base_header %}{% endblock %}
++
++{% import "macros.j2" as macros with context %}
++
++{% set skyline_console_base_pip_packages = [
++    '/skyline-console',
++] %}
++
++ADD skyline-console-base-archive /skyline-console-base-source
++RUN ln -s skyline-console-base-source/* skyline-console \
++    && {{ macros.install_pip(skyline_console_base_pip_packages | customizable("pip_packages"), constraints = false) }}
++
++{% block skyline_console_base_footer %}{% endblock %}
+diff --git a/docker/skyline/skyline-log-base/Dockerfile.j2 b/docker/skyline/skyline-log-base/Dockerfile.j2
+new file mode 100644
+index 0000000..db0d992
+--- /dev/null
++++ b/docker/skyline/skyline-log-base/Dockerfile.j2
+@@ -0,0 +1,18 @@
++FROM {{ namespace }}/{{ image_prefix }}skyline-base:{{ tag }}
++{% block labels %}
++LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
++{% endblock %}
++
++{% block skyline_log_base_header %}{% endblock %}
++
++{% import "macros.j2" as macros with context %}
++
++{% set skyline_log_base_pip_packages = [
++    '/skyline-log',
++] %}
++
++ADD skyline-log-base-archive /skyline-log-base-source
++RUN ln -s skyline-log-base-source/* skyline-log \
++    && {{ macros.install_pip(skyline_log_base_pip_packages | customizable("pip_packages"), constraints = false) }}
++
++{% block skyline_log_base_footer %}{% endblock %}
+diff --git a/docker/skyline/skyline-nginx-base/Dockerfile.j2 b/docker/skyline/skyline-nginx-base/Dockerfile.j2
+new file mode 100644
+index 0000000..15d6769
+--- /dev/null
++++ b/docker/skyline/skyline-nginx-base/Dockerfile.j2
+@@ -0,0 +1,19 @@
++FROM {{ namespace }}/{{ image_prefix }}skyline-apiserver-base:{{ tag }}
++{% block labels %}
++LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
++{% endblock %}
++
++{% block skyline_nginx_base_header %}{% endblock %}
++
++{% import "macros.j2" as macros with context %}
++
++{% set skyline_nginx_base_pip_packages = [
++    '/skyline-nginx',
++] %}
++
++ADD skyline-nginx-base-archive /skyline-nginx-base-source
++RUN ln -s skyline-nginx-base-source/* skyline-nginx \
++    && sed -i "s#/var/log#/var/log/kolla#g" /skyline-nginx/skyline_nginx/templates/nginx.conf.j2 \
++    && {{ macros.install_pip(skyline_nginx_base_pip_packages | customizable("pip_packages"), constraints = false) }}
++
++{% block skyline_nginx_base_footer %}{% endblock %}
+diff --git a/docker/skyline/skyline-policy-manager-base/Dockerfile.j2 b/docker/skyline/skyline-policy-manager-base/Dockerfile.j2
+new file mode 100644
+index 0000000..bbc9ffc
+--- /dev/null
++++ b/docker/skyline/skyline-policy-manager-base/Dockerfile.j2
+@@ -0,0 +1,18 @@
++FROM {{ namespace }}/{{ image_prefix }}skyline-config-base:{{ tag }}
++{% block labels %}
++LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
++{% endblock %}
++
++{% block skyline_policy_manager_base_header %}{% endblock %}
++
++{% import "macros.j2" as macros with context %}
++
++{% set skyline_policy_manager_base_pip_packages = [
++    '/skyline-policy-manager',
++] %}
++
++ADD skyline-policy-manager-base-archive /skyline-policy-manager-base-source
++RUN ln -s skyline-policy-manager-base-source/* skyline-policy-manager \
++    && {{ macros.install_pip(skyline_policy_manager_base_pip_packages | customizable("pip_packages"), constraints = false) }}
++
++{% block skyline_policy_manager_base_footer %}{% endblock %}
+diff --git a/docker/skyline/skyline/Dockerfile.j2 b/docker/skyline/skyline/Dockerfile.j2
+new file mode 100644
+index 0000000..00a69ef
+--- /dev/null
++++ b/docker/skyline/skyline/Dockerfile.j2
+@@ -0,0 +1,14 @@
++FROM {{ namespace }}/{{ image_prefix }}skyline-nginx-base:{{ tag }}
++{% block labels %}
++LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
++{% endblock %}
++
++{% block skyline_header %}{% endblock %}
++
++{% import "macros.j2" as macros with context %}
++
++COPY extend_start.sh /usr/local/bin/kolla_extend_start
++RUN chmod 755 /usr/local/bin/kolla_extend_start
++
++{% block skyline_footer %}{% endblock %}
++{% block footer %}{% endblock %}
+diff --git a/docker/skyline/skyline/extend_start.sh b/docker/skyline/skyline/extend_start.sh
+new file mode 100644
+index 0000000..621002e
+--- /dev/null
++++ b/docker/skyline/skyline/extend_start.sh
+@@ -0,0 +1,26 @@
++#!/bin/bash
++
++if [[ ! -d "/var/log/kolla/skyline" ]]; then
++    mkdir -p /var/log/kolla/skyline
++fi
++if [[ $(stat -c %a /var/log/kolla/skyline) != "755" ]]; then
++    chmod 755 /var/log/kolla/skyline
++fi
++
++if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
++    # TODO ugly path
++    pushd /var/lib/kolla/venv/lib/python3.8/site-packages/skyline_apiserver/db/alembic
++    alembic upgrade head
++    popd
++    exit 0
++fi
++
++if [[ -n "${SSL_CERTFILE}" && -n "${SSL_KEYFILE}" ]]; then
++    nginx-generator -o /etc/nginx/nginx.conf --ssl-certfile "${SSL_CERTFILE}" --ssl-keyfile "${SSL_KEYFILE}"
++else
++    nginx-generator -o /etc/nginx/nginx.conf
++fi
++
++sed -i "s/listen 9999/listen ${LISTEN_ADDRESS}:9999/" /etc/nginx/nginx.conf
++
++nginx
+diff --git a/kolla/common/config.py b/kolla/common/config.py
+index f5075a3..1024002 100755
+--- a/kolla/common/config.py
++++ b/kolla/common/config.py
+@@ -32,12 +32,12 @@
+     'debian': 'Debian GNU/Linux 11 (bullseye)',
+     'ubuntu': 'Ubuntu 20.04',
+ }
+-OPENSTACK_RELEASE = 'xena'
++OPENSTACK_RELEASE = 'master'
+ 
+ # This is noarch repository so we will use it on all architectures
+-DELOREAN = "https://trunk.rdoproject.org/centos8-xena/" \
++DELOREAN = "https://trunk.rdoproject.org/centos8-master/" \
+     "consistent/delorean.repo"
+-DELOREAN_DEPS = "https://trunk.rdoproject.org/centos8-xena/" \
++DELOREAN_DEPS = "https://trunk.rdoproject.org/centos8-master/" \
+     "delorean-deps.repo"
+ 
+ INSTALL_TYPE_CHOICES = ['binary', 'source']
+@@ -136,6 +136,7 @@
+                     'proxysql',
+                     'openvswitch',
+                     'rabbitmq',
++                    'skyline'
+                 ],
+                 help='Default images'),
+ ]
+@@ -595,6 +596,30 @@
+         'type': 'url',
+         'location': ('$tarballs_base/openstack/senlin/'
+                      'senlin-${openstack_branch}.tar.gz')},
++    'skyline-log-base': {
++        'type': 'url',
++        'location': ('$tarballs_base/skyline/skyline-apiserver/'
++                     'skyline-log-${openstack_branch}.tar.gz')},
++    'skyline-console-base': {
++        'type': 'url',
++        'location': ('$tarballs_base/skyline/skyline-apiserver/'
++                     'skyline-console-${openstack_branch}.tar.gz')},
++    'skyline-config-base': {
++        'type': 'url',
++        'location': ('$tarballs_base/skyline/skyline-apiserver/'
++                     'skyline-config-${openstack_branch}.tar.gz')},
++    'skyline-policy-manager-base': {
++        'type': 'url',
++        'location': ('$tarballs_base/skyline/skyline-apiserver/'
++                     'skyline-policy-manager-${openstack_branch}.tar.gz')},
++    'skyline-apiserver-base': {
++        'type': 'url',
++        'location': ('$tarballs_base/skyline/skyline-apiserver/'
++                     'skyline-apiserver-${openstack_branch}.tar.gz')},
++    'skyline-nginx-base': {
++        'type': 'url',
++        'location': ('$tarballs_base/skyline/skyline-apiserver/'
++                     'skyline-nginx-${openstack_branch}.tar.gz')},
+     'solum-base': {
+         'type': 'url',
+         'location': ('$tarballs_base/openstack/solum/'
+@@ -945,6 +970,10 @@
+     'proxysql-user': {
+         'uid': 42487,
+         'gid': 42487,
++    },
++    'skyline-user': {
++        'uid': 42488,
++        'gid': 42488,
+     }
+ }
+ 
+diff --git a/kolla/image/build.py b/kolla/image/build.py
+index a868726..f4ec4d8 100755
+--- a/kolla/image/build.py
++++ b/kolla/image/build.py
+@@ -96,6 +96,7 @@
+         "solum-base",
+         "vmtp",
+         "zun-base",
++        "skyline-base",
+     },
+ 
+     'source+aarch64': {
+@@ -108,6 +109,7 @@
+         "nova-spicehtml5proxy",  # Missing spicehtml5 package
+         "ovsdpdk",               # Not supported on CentOS
+         "tgtd",                  # Not supported on CentOS 8
++        "skyline-base",
+     },
+ 
+     'debian': {
+@@ -115,6 +117,7 @@
+                          # Debian 'buster'
+         "ovn-base",      # needs more checking
+         "qdrouterd",
++        "skyline-base",
+     },
+ 
+     'ubuntu': {

kolla/kolla-ansible-3d98604.diff

@@ -0,0 +1,848 @@
+From 3d98604c16f7d60127122df5185843873a8ff70d Mon Sep 17 00:00:00 2001
+From: yangshaoxue <yang.shaoxue@99cloud.net>
+Date: Thu, 23 Sep 2021 16:50:17 +0800
+Subject: [PATCH] Skyline: Add skyline role
+
+Add skyline role
+
+Depends-On: https://review.opendev.org/c/openstack/kolla/+/810796
+
+Change-Id: I5243c88ffbdb72fd3ad2e0eb6a41bd2b341f89b8
+---
+
+diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
+index d27139d..2afe4d2 100644
+--- a/ansible/group_vars/all.yml
++++ b/ansible/group_vars/all.yml
+@@ -47,10 +47,13 @@
+ # Valid options are [ binary, source ]
+ kolla_install_type: "source"
+ 
++kolla_admin_vip_address: "{{ kolla_internal_vip_address }}"
++kolla_admin_fqdn: "{{ kolla_internal_fqdn if kolla_same_internal_admin_vip | bool else kolla_admin_vip_address }}"
+ kolla_internal_vip_address: "{{ kolla_internal_address | default('') }}"
+ kolla_internal_fqdn: "{{ kolla_internal_vip_address }}"
+ kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
+ kolla_same_external_internal_vip: "{{ kolla_external_vip_address == kolla_internal_vip_address }}"
++kolla_same_internal_admin_vip: "{{ kolla_internal_vip_address == kolla_admin_vip_address }}"
+ kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}"
+ 
+ kolla_enable_sanity_checks: "no"
+@@ -481,6 +484,13 @@
+ skydive_analyzer_port: "8085"
+ skydive_agents_port: "8090"
+ 
++skyline_port: "9999"
++skyline_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
++skyline_cert: "{{ container_config_directory }}/skyline-cert.pem"
++skyline_key: "{{ container_config_directory }}/skyline-key.pem"
++skyline_ssl_certfile: "{{ skyline_cert if skyline_enable_tls_backend | bool else '' }}"
++skyline_ssl_keyfile: "{{ skyline_key if skyline_enable_tls_backend | bool else '' }}"
++
+ solum_application_deployment_port: "9777"
+ solum_image_builder_port: "9778"
+ 
+@@ -691,6 +701,7 @@
+ enable_sahara: "no"
+ enable_senlin: "no"
+ enable_skydive: "no"
++enable_skyline: "no"
+ enable_solum: "no"
+ enable_storm: "{{ enable_monasca | bool and monasca_enable_alerting_pipeline | bool }}"
+ enable_swift: "no"
+diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one
+index 66e17b4..c1d9925 100644
+--- a/ansible/inventory/all-in-one
++++ b/ansible/inventory/all-in-one
+@@ -213,6 +213,9 @@
+ [skydive:children]
+ monitoring
+ 
++[skyline:children]
++control
++
+ [redis:children]
+ control
+ 
+diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode
+index 63247ff..bd94759 100644
+--- a/ansible/inventory/multinode
++++ b/ansible/inventory/multinode
+@@ -231,6 +231,9 @@
+ [skydive:children]
+ monitoring
+ 
++[skyline:children]
++control
++
+ [redis:children]
+ control
+ 
+diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml
+index 94d6d63..30e6ea3 100644
+--- a/ansible/roles/common/tasks/config.yml
++++ b/ansible/roles/common/tasks/config.yml
+@@ -229,6 +229,7 @@
+       - { name: "sahara", enabled: "{{ enable_sahara | bool }}" }
+       - { name: "senlin", enabled: "{{ enable_senlin | bool }}" }
+       - { name: "skydive", enabled: "{{ enable_skydive | bool }}" }
++      - { name: "skyline", enabled: "{{ enable_skyline | bool }}" }
+       - { name: "solum", enabled: "{{ enable_solum | bool }}" }
+       - { name: "storm", enabled: "{{ enable_storm | bool }}" }
+       - { name: "swift", enabled: "{{ enable_swift | bool }}" }
+diff --git a/ansible/roles/skyline/defaults/main.yml b/ansible/roles/skyline/defaults/main.yml
+new file mode 100644
+index 0000000..72e49ab
+--- /dev/null
++++ b/ansible/roles/skyline/defaults/main.yml
+@@ -0,0 +1,187 @@
++---
++project_name: "skyline"
++
++skyline_services:
++  skyline:
++    container_name: "skyline"
++    group: skyline
++    enabled: true
++    image: "{{ skyline_image_full }}"
++    volumes: "{{ skyline_volumes }}"
++    haproxy:
++      skyline:
++        enabled: "{{ enable_skyline|bool }}"
++        mode: "tcp"
++        port: "{{ skyline_port }}"
++        listen_port: "{{ skyline_port }}"
++        frontend_tcp_extra:
++          - "option clitcpka"
++          - "timeout client 3600s"
++        backend_tcp_extra:
++          - "option srvtcpka"
++          - "timeout server 3600s"
++        custom_member_list: "{{ internal_haproxy_members.split(';') }}"
++      skyline_external:
++        enabled: "{{ enable_skyline|bool }}"
++        mode: "tcp"
++        external: true
++        port: "{{ skyline_port }}"
++        listen_port: "{{ skyline_port }}"
++        frontend_tcp_extra:
++          - "option clitcpka"
++          - "timeout client 3600s"
++        backend_tcp_extra:
++          - "option srvtcpka"
++          - "timeout server 3600s"
++        custom_member_list: "{{ external_haproxy_members.split(';') }}"
++      skyline_admin:
++        enabled: "{{ enable_skyline|bool and not kolla_same_internal_admin_vip|bool }}"
++        mode: "tcp"
++        external: false
++        port: "{{ skyline_port }}"
++        listen_port: "{{ skyline_port }}"
++        frontend_tcp_extra:
++          - "option clitcpka"
++          - "timeout client 3600s"
++        backend_tcp_extra:
++          - "option srvtcpka"
++          - "timeout server 3600s"
++        custom_member_list: "{{ admin_haproxy_members.split(';') }}"
++
++####################
++# Registry config
++####################
++openstack_skyline_auth: "{{ openstack_auth }}"
++skyline_keystone_user: skyline
++skyline_admin_endpoint: "{{ admin_protocol }}://{{ kolla_admin_fqdn | put_address_in_context('url') }}:{{ skyline_port }}"
++skyline_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ skyline_port }}"
++skyline_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ skyline_port }}"
++skyline_ks_services:
++  - name: "skyline"
++    type: "panel"
++    description: "Custom API"
++    endpoints:
++      - {'interface': 'admin', 'url': '{{ skyline_admin_endpoint }}'}
++      - {'interface': 'internal', 'url': '{{ skyline_internal_endpoint }}'}
++      - {'interface': 'public', 'url': '{{ skyline_public_endpoint }}'}
++skyline_ks_users:
++  - project: service
++    user: "{{ skyline_keystone_user }}"
++    password: "{{ skyline_keystone_password }}"
++    role: admin
++
++####################
++# Database config
++####################
++skyline_database_name: skyline
++skyline_database_user: skyline
++skyline_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
++
++####################
++# HAProxy
++####################
++internal_haproxy_members: "{% for host in groups['skyline'] %}server {{ hostvars[host]['ansible_hostname'] }} {{ 'api' | kolla_address(host) }}:{{ skyline_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}"
++external_haproxy_members: "{% for host in groups['skyline'] %}server {{ host }} {{ host }}:{{ skyline_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}"
++admin_haproxy_members: "{% for host in groups['skyline'] %}server {{ host }} {{ host }}:{{ skyline_port }} check inter 2000 rise 2 fall 5{% if not loop.first %} backup{% endif %};{% endfor %}"
++
++####################
++# Docker image
++####################
++skyline_distro: "{{ kolla_base_distro }}"
++skyline_install_type: "{{ kolla_install_type }}"
++skyline_release: "{{ openstack_release }}"
++
++skyline_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ skyline_distro }}-{{ skyline_install_type }}-skyline"
++skyline_tag: "{{ skyline_release }}"
++skyline_image_full: "{{ skyline_image }}:{{ skyline_tag }}"
++
++####################
++# Skyline config
++####################
++debug: false
++log_dir: /var/log/kolla/
++skyline_show_raw_sql: false
++skyline_access_token_expire_seconds: 3600
++skyline_access_token_renew_seconds: 1800
++skyline_backend_cors_origins: []
++skyline_nginx_prefix: /api/openstack
++skyline_base_domains:
++  - heat_user_domain
++skyline_base_roles:
++  - keystone_system_admin
++  - keystone_system_reader
++  - keystone_project_admin
++  - keystone_project_member
++  - keystone_project_reader
++  - nova_system_admin
++  - nova_system_reader
++  - nova_project_admin
++  - nova_project_member
++  - nova_project_reader
++  - cinder_system_admin
++  - cinder_system_reader
++  - cinder_project_admin
++  - cinder_project_member
++  - cinder_project_reader
++  - glance_system_admin
++  - glance_system_reader
++  - glance_project_admin
++  - glance_project_member
++  - glance_project_reader
++  - neutron_system_admin
++  - neutron_system_reader
++  - neutron_project_admin
++  - neutron_project_member
++  - neutron_project_reader
++  - heat_system_admin
++  - heat_system_reader
++  - heat_project_admin
++  - heat_project_member
++  - heat_project_reader
++  - placement_system_admin
++  - placement_system_reader
++  - panko_system_admin
++  - panko_system_reader
++  - panko_project_admin
++  - panko_project_member
++  - panko_project_reader
++  - ironic_system_admin
++  - ironic_system_reader
++  - octavia_system_admin
++  - octavia_system_reader
++  - octavia_project_admin
++  - octavia_project_member
++  - octavia_project_reader
++skyline_extension_mapping:
++  fwaas_v2: neutron_firewall
++  vpnaas: neutron_vpn
++skyline_service_mapping:
++  compute: nova
++  identity: keystone
++  image: glance
++  network: neutron
++  orchestration: heat
++  placement: placement
++  volumev3: cinder
++skyline_system_admin_roles:
++  - admin
++  - system_admin
++skyline_system_reader_roles:
++  - system_reader
++skyline_keystone_url: "{{ keystone_internal_url }}/v3/"
++skyline_secret_key: aCtmgbcUqYUy_HNVg5BDXCaeJgJQzHJXwqbXr0Nmb2o
++skyline_session_name: session
++skyline_reclaim_instance_interval: 604800
++
++skyline_gunicorn_debug_level: debug
++skyline_gunicorn_timeout: 3600
++skyline_gunicorn_keepalive: 5
++
++###################
++# volumes
++###################
++skyline_volumes:
++  - "kolla_logs:{{ log_dir }}"
++  - "/etc/localtime:/etc/localtime:ro"
++  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
++  - "{{ node_config_directory }}/skyline/:{{ container_config_directory }}/:ro"
+diff --git a/ansible/roles/skyline/handlers/main.yml b/ansible/roles/skyline/handlers/main.yml
+new file mode 100644
+index 0000000..9108b03
+--- /dev/null
++++ b/ansible/roles/skyline/handlers/main.yml
+@@ -0,0 +1,19 @@
++---
++- name: Restart skyline container
++  vars:
++    service_name: skyline
++    service: "{{ skyline_services[service_name] }}"
++  become: true
++  kolla_docker:
++    action: "recreate_or_restart_container"
++    common_options: "{{ docker_common_options }}"
++    environment:
++      SSL_KEYFILE:
++      SSL_CERTFILE:
++      LISTEN_ADDRESS: "{{ api_interface_address | put_address_in_context('url') }}"
++      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
++    name: "{{ service.container_name }}"
++    image: "{{ service.image }}"
++    volumes: "{{ service.volumes }}"
++  when:
++    - kolla_action != "config"
+diff --git a/ansible/roles/skyline/tasks/bootstrap.yml b/ansible/roles/skyline/tasks/bootstrap.yml
+new file mode 100644
+index 0000000..175fb1c
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/bootstrap.yml
+@@ -0,0 +1,52 @@
++---
++- name: Creating skyline database
++  become: true
++  kolla_toolbox:
++    module_name: mysql_db
++    module_args:
++      login_host: "{{ database_address }}"
++      login_port: "{{ database_port }}"
++      login_user: "{{ database_user }}"
++      login_password: "{{ database_password }}"
++      name: "{{ skyline_database_name }}"
++  register: database
++  run_once: True
++  delegate_to: "{{ groups['skyline'][0] }}"
++
++- name: Creating skyline database user and setting permissions
++  become: true
++  kolla_toolbox:
++    module_name: mysql_user
++    module_args:
++      login_host: "{{ database_address }}"
++      login_port: "{{ database_port }}"
++      login_user: "{{ database_user }}"
++      login_password: "{{ database_password }}"
++      name: "{{ skyline_database_user }}"
++      password: "{{ skyline_database_password }}"
++      host: "%"
++      priv: "{{ skyline_database_name }}.*:ALL"
++      append_privs: "yes"
++  run_once: True
++  delegate_to: "{{ groups['skyline'][0] }}"
++
++- name: Creating boostrap container
++  vars:
++    service_name: skyline
++    service: "{{ skyline_services[service_name] }}"
++  become: true
++  kolla_docker:
++    action: "start_container"
++    name: "bootstrap_{{ service.container_name }}"
++    common_options: "{{ docker_common_options }}"
++    image: "{{ service.image }}"
++    detach: False
++    restart_policy: no
++    volumes: "{{ service.volumes }}"
++    environment:
++      KOLLA_BOOTSTRAP:
++      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
++    labels:
++      BOOTSTRAP:
++  run_once: True
++  delegate_to: "{{ groups['skyline'][0] }}"
+diff --git a/ansible/roles/skyline/tasks/check.yml b/ansible/roles/skyline/tasks/check.yml
+new file mode 100644
+index 0000000..ed97d53
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/check.yml
+@@ -0,0 +1 @@
++---
+diff --git a/ansible/roles/skyline/tasks/config.yml b/ansible/roles/skyline/tasks/config.yml
+new file mode 100644
+index 0000000..ed5697a
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/config.yml
+@@ -0,0 +1,83 @@
++---
++- name: Ensuring config directories exist
++  become: true
++  file:
++    path: "{{ node_config_directory }}/{{ item.key }}"
++    state: "directory"
++    recurse: yes
++  when:
++    - inventory_hostname in groups[item.value.group]
++    - item.value.enabled | bool
++  with_dict: "{{ skyline_services }}"
++
++- name: Ensuring log directories exist
++  file:
++    path: "{{ docker_runtime_directory or '/var/lib/docker' }}/volumes/kolla_logs/_data/{{ item.key }}"
++    state: directory
++    recurse: yes
++  when:
++    - inventory_hostname in groups[item.value.group]
++    - item.value.enabled | bool
++  with_dict: "{{ skyline_services }}"
++
++- include_tasks: copy-certs.yml
++  when:
++    - skyline_enable_tls_backend | bool
++
++- name: Copying over config.yaml files for services
++  become: true
++  template:
++    src: "{{ item.key }}.yaml.j2"
++    dest: "{{ node_config_directory }}/{{ item.key }}/skyline.yaml"
++    mode: "0660"
++  when:
++    - inventory_hostname in groups[item.value.group]
++    - item.value.enabled | bool
++  with_dict: "{{ skyline_services }}"
++  notify:
++    - "Restart {{ item.key }} container"
++
++- name: Copying over gunicorn.py files for services
++  become: true
++  template:
++    src: "gunicorn.py.j2"
++    dest: "{{ node_config_directory }}/{{ item.key }}/gunicorn.py"
++    mode: "0660"
++  when:
++    - inventory_hostname in groups[item.value.group]
++    - item.value.enabled | bool
++  with_dict: "{{ skyline_services }}"
++  notify:
++    - "Restart {{ item.key }} container"
++
++- name: Copying over config.json files for services
++  become: true
++  template:
++    src: "{{ item.key }}.json.j2"
++    dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
++    mode: "0660"
++  when:
++    - inventory_hostname in groups[item.value.group]
++    - item.value.enabled | bool
++  with_dict: "{{ skyline_services }}"
++  notify:
++    - "Restart {{ item.key }} container"
++
++- name: Check skyline containers
++  become: true
++  kolla_docker:
++    action: "compare_container"
++    common_options: "{{ docker_common_options }}"
++    name: "{{ item.value.container_name }}"
++    image: "{{ item.value.image }}"
++    volumes: "{{ item.value.volumes }}"
++    environment:
++      SSL_CERTFILE: "{{ skyline_ssl_certfile }}"
++      SSL_KEYFILE: "{{ skyline_ssl_keyfile }}"
++  register: check_skyline_containers
++  when:
++    - inventory_hostname in groups[item.value.group]
++    - item.value.enabled | bool
++  with_dict: "{{ skyline_services }}"
++  notify:
++    - "Restart {{ item.key }} container"
+diff --git a/ansible/roles/skyline/tasks/copy-certs.yml b/ansible/roles/skyline/tasks/copy-certs.yml
+new file mode 100644
+index 0000000..3f39794
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/copy-certs.yml
+@@ -0,0 +1,6 @@
++---
++- name: "Copy certificates and keys for {{ project_name }}"
++  import_role:
++    role: service-cert-copy
++  vars:
++    project_services: "{{ skyline_services }}"
+diff --git a/ansible/roles/skyline/tasks/deploy.yml b/ansible/roles/skyline/tasks/deploy.yml
+new file mode 100644
+index 0000000..0d49d33
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/deploy.yml
+@@ -0,0 +1,13 @@
++---
++- include: precheck.yml
++
++- include: pull.yml
++
++- include: register.yml
++
++- include: config.yml
++
++- include: bootstrap.yml
++
++- name: Flush handlers
++  meta: flush_handlers
+diff --git a/ansible/roles/skyline/tasks/loadbalancer.yml b/ansible/roles/skyline/tasks/loadbalancer.yml
+new file mode 100644
+index 0000000..d4759ea
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/loadbalancer.yml
+@@ -0,0 +1,7 @@
++---
++- name: "Configure haproxy for {{ project_name }}"
++  import_role:
++    name: haproxy-config
++  vars:
++    project_services: "{{ skyline_services }}"
++  tags: always
+diff --git a/ansible/roles/skyline/tasks/main.yml b/ansible/roles/skyline/tasks/main.yml
+new file mode 100644
+index 0000000..bc5d1e6
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/main.yml
+@@ -0,0 +1,2 @@
++---
++- include_tasks: "{{ kolla_action }}.yml"
+diff --git a/ansible/roles/skyline/tasks/precheck.yml b/ansible/roles/skyline/tasks/precheck.yml
+new file mode 100644
+index 0000000..8cfcb92
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/precheck.yml
+@@ -0,0 +1,18 @@
++---
++- name: Get container facts
++  become: true
++  kolla_container_facts:
++    name:
++      - skyline
++  register: container_facts
++
++- name: Checking free port for Skyline
++  wait_for:
++    host: "{{ api_interface_address }}"
++    port: "{{ skyline_port }}"
++    connect_timeout: 1
++    timeout: 1
++    state: stopped
++  when:
++    - container_facts['skyline'] is not defined
++    - inventory_hostname in groups['skyline']
+diff --git a/ansible/roles/skyline/tasks/pull.yml b/ansible/roles/skyline/tasks/pull.yml
+new file mode 100644
+index 0000000..53f9c5f
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/pull.yml
+@@ -0,0 +1,3 @@
++---
++- import_role:
++    role: service-images-pull
+diff --git a/ansible/roles/skyline/tasks/reconfigure.yml b/ansible/roles/skyline/tasks/reconfigure.yml
+new file mode 100644
+index 0000000..f670a5b
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/reconfigure.yml
+@@ -0,0 +1,2 @@
++---
++- include_tasks: deploy.yml
+diff --git a/ansible/roles/skyline/tasks/register.yml b/ansible/roles/skyline/tasks/register.yml
+new file mode 100644
+index 0000000..f0ec84e
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/register.yml
+@@ -0,0 +1,8 @@
++---
++- import_role:
++    name: service-ks-register
++  vars:
++    service_ks_register_auth: "{{ openstack_skyline_auth }}"
++    service_ks_register_services: "{{ skyline_ks_services }}"
++    service_ks_register_users: "{{ skyline_ks_users }}"
++  tags: always
+diff --git a/ansible/roles/skyline/tasks/stop.yml b/ansible/roles/skyline/tasks/stop.yml
+new file mode 100644
+index 0000000..a8e9278
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/stop.yml
+@@ -0,0 +1,11 @@
++---
++- name: "Stopping skyline containers"
++  vars:
++    service: "{{ item.value }}"
++  docker_container:
++    name: "{{ service.container_name }}"
++    state: stopped
++  when:
++    - service.enabled | bool
++    - service.container_name not in skip_stop_containers
++  with_dict: "{{ skyline_services }}"
+diff --git a/ansible/roles/skyline/tasks/upgrade.yml b/ansible/roles/skyline/tasks/upgrade.yml
+new file mode 100644
+index 0000000..90c46fa
+--- /dev/null
++++ b/ansible/roles/skyline/tasks/upgrade.yml
+@@ -0,0 +1,7 @@
++---
++- include_tasks: register.yml
++
++- include_tasks: config.yml
++
++- name: Flush handlers
++  meta: flush_handlers
+diff --git a/ansible/roles/skyline/templates/gunicorn.py.j2 b/ansible/roles/skyline/templates/gunicorn.py.j2
+new file mode 100644
+index 0000000..a6190e3
+--- /dev/null
++++ b/ansible/roles/skyline/templates/gunicorn.py.j2
+@@ -0,0 +1,12 @@
++import multiprocessing
++
++bind = "unix:/var/lib/skyline/skyline.sock"
++workers = (1 + multiprocessing.cpu_count()) // 2
++worker_class = "uvicorn.workers.UvicornWorker"
++timeout = {{ skyline_gunicorn_timeout }}
++keepalive = {{ skyline_gunicorn_keepalive }}
++reuse_port = True
++proc_name = "{{ project_name }}"
++log_level = "{{ skyline_gunicorn_debug_level }}"
++accesslog = "{{ log_dir }}skyline/access.log"
++errorlog = "{{ log_dir }}skyline/error.log"
+diff --git a/ansible/roles/skyline/templates/skyline.json.j2 b/ansible/roles/skyline/templates/skyline.json.j2
+new file mode 100644
+index 0000000..ee4559d
+--- /dev/null
++++ b/ansible/roles/skyline/templates/skyline.json.j2
+@@ -0,0 +1,36 @@
++{
++    "command": "gunicorn -c /etc/skyline/gunicorn.py skyline_apiserver.main:app",
++    "config_files": [
++        {
++            "source": "{{ container_config_directory }}/skyline.yaml",
++            "dest": "/etc/skyline/skyline.yaml",
++            "owner": "skyline",
++            "perm": "0600"
++        },
++        {
++            "source": "{{ container_config_directory }}/gunicorn.py",
++            "dest": "/etc/skyline/gunicorn.py",
++            "owner": "skyline",
++            "perm": "0600"
++        }{% if skyline_enable_tls_backend | bool %},
++        {
++            "source": "{{ container_config_directory }}/skyline-cert.pem",
++            "dest": "/etc/skyline/certs/skyline-cert.pem",
++            "owner": "skyline",
++            "perm": "0600"
++        },
++        {
++            "source": "{{ container_config_directory }}/skyline-key.pem",
++            "dest": "/etc/skyline/certs/skyline-key.pem",
++            "owner": "skyline",
++            "perm": "0600"
++        }{% endif %}
++        ],
++    "permissions": [
++        {
++            "path": "/var/log/kolla/skyline",
++            "owner": "skyline:skyline",
++            "recurse": true
++        }
++    ]
++}
+diff --git a/ansible/roles/skyline/templates/skyline.yaml.j2 b/ansible/roles/skyline/templates/skyline.yaml.j2
+new file mode 100644
+index 0000000..6b7b4b5
+--- /dev/null
++++ b/ansible/roles/skyline/templates/skyline.yaml.j2
+@@ -0,0 +1,113 @@
++default:
++  access_token_expire: {{ skyline_access_token_expire_seconds }}
++  access_token_renew: {{ skyline_access_token_renew_seconds }}
++  cors_allow_origins: {{ skyline_backend_cors_origins }}
++  database_url: mysql://{{ skyline_database_user }}:{{ skyline_database_password }}@{{ skyline_database_address }}/{{ skyline_database_name }}
++  debug: {{ debug }}
++  log_dir: {{ log_dir }}
++  secret_key: {{ skyline_secret_key }}
++  session_name: {{ skyline_session_name }}
++developer:
++  show_raw_sql: {{ skyline_show_raw_sql }}
++openstack:
++  base_domains:
++  - heat_user_domain
++  base_roles:
++  - keystone_system_admin
++  - keystone_system_reader
++  - keystone_project_admin
++  - keystone_project_member
++  - keystone_project_reader
++  - nova_system_admin
++  - nova_system_reader
++  - nova_project_admin
++  - nova_project_member
++  - nova_project_reader
++  - cinder_system_admin
++  - cinder_system_reader
++  - cinder_project_admin
++  - cinder_project_member
++  - cinder_project_reader
++  - glance_system_admin
++  - glance_system_reader
++  - glance_project_admin
++  - glance_project_member
++  - glance_project_reader
++  - neutron_system_admin
++  - neutron_system_reader
++  - neutron_project_admin
++  - neutron_project_member
++  - neutron_project_reader
++  - heat_system_admin
++  - heat_system_reader
++  - heat_project_admin
++  - heat_project_member
++  - heat_project_reader
++  - placement_system_admin
++  - placement_system_reader
++  - panko_system_admin
++  - panko_system_reader
++  - panko_project_admin
++  - panko_project_member
++  - panko_project_reader
++  - ironic_system_admin
++  - ironic_system_reader
++  - octavia_system_admin
++  - octavia_system_reader
++  - octavia_project_admin
++  - octavia_project_member
++  - octavia_project_reader
++  default_region: RegionOne
++  extension_mapping:
++    fwaas_v2: neutron_firewall
++    vpnaas: neutron_vpn
++  interface_type: public
++  keystone_url: {{ skyline_keystone_url }}
++  nginx_prefix: {{ skyline_nginx_prefix }}
++  reclaim_instance_interval: {{ skyline_reclaim_instance_interval }}
++  service_mapping:
++    baremetal: ironic
++    compute: nova
++    identity: keystone
++    image: glance
++    load-balancer: octavia
++    network: neutron
++    orchestration: heat
++    placement: placement
++    volumev3: cinder
++  system_admin_roles:
++  - admin
++  - system_admin
++  system_project: service
++  system_project_domain: Default
++  system_reader_roles:
++  - system_reader
++  system_user_domain: Default
++  system_user_name: skyline
++  system_user_password: {{ skyline_keystone_password }}
++setting:
++  base_settings:
++  - flavor_families
++  - gpu_models
++  - usb_models
++  flavor_families:
++  - architecture: x86_architecture
++    categories:
++    - name: general_purpose
++      properties: []
++    - name: compute_optimized
++      properties: []
++    - name: memory_optimized
++      properties: []
++    - name: high_clock_speed
++      properties: []
++  - architecture: heterogeneous_computing
++    categories:
++    - name: compute_optimized_type_with_gpu
++      properties: []
++    - name: visualization_compute_optimized_type_with_gpu
++      properties: []
++  gpu_models:
++  - nvidia_t4
++  usb_models:
++  - usb_c
+diff --git a/ansible/site.yml b/ansible/site.yml
+index dc0be8e..daa2a50 100644
+--- a/ansible/site.yml
++++ b/ansible/site.yml
+@@ -68,6 +68,7 @@
+         - enable_sahara_{{ enable_sahara | bool }}
+         - enable_senlin_{{ enable_senlin | bool }}
+         - enable_skydive_{{ enable_skydive | bool }}
++        - enable_skyline_{{ enable_skyline | bool }}
+         - enable_solum_{{ enable_solum | bool }}
+         - enable_storm_{{ enable_storm | bool }}
+         - enable_swift_{{ enable_swift | bool }}
+@@ -308,6 +309,11 @@
+           tags: skydive
+           when: enable_skydive | bool
+         - include_role:
++            name: skyline
++            tasks_from: loadbalancer
++          tags: skyline
++          when: enable_skyline | bool
++        - include_role:
+             name: solum
+             tasks_from: loadbalancer
+           tags: solum
+@@ -1091,6 +1097,17 @@
+         tags: skydive,
+         when: enable_skydive | bool }
+ 
++- name: Apply role skyline
++  gather_facts: false
++  hosts:
++    - skyline
++    - '&enable_skyline_True'
++  serial: '{{ kolla_serial|default("0") }}'
++  roles:
++    - { role: skyline,
++        tags: skyline,
++        when: enable_skyline | bool }
++
+ - name: Apply role vitrage
+   gather_facts: false
+   hosts:
+diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
+index d7c89b7..4146a21 100644
+--- a/etc/kolla/globals.yml
++++ b/etc/kolla/globals.yml
+@@ -392,6 +392,7 @@
+ #enable_sahara: "no"
+ #enable_senlin: "no"
+ #enable_skydive: "no"
++#enable_skyline: "no"
+ #enable_solum: "no"
+ #enable_storm: "{{ enable_monasca | bool }}"
+ #enable_swift: "no"
+diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
+index 9b0dd99..35cc94f 100644
+--- a/etc/kolla/passwords.yml
++++ b/etc/kolla/passwords.yml
+@@ -251,3 +251,9 @@
+ # Ceph RadosGW options
+ ####################
+ ceph_rgw_keystone_password:
++
++####################
++# Skyline options
++####################
++skyline_database_password:
++skyline_keystone_password: