From eeb535aa2ed2f8753b192337567543c6e281e091 Mon Sep 17 00:00:00 2001 From: Andrew Smith Date: Wed, 31 May 2017 08:50:54 -0400 Subject: [PATCH] Add qdrouterd role for messaging infrastructure component Adding the role needed to run the qdrouterd as an infrastructure component which provides a messaging backend for the oslo.messaging AMQP 1.0 driver. The qdrouterd will provide direct messaging capabilities for the RPC messaging pattern in support of hybrid messaging deployments. Implements: blueprint qdrouterd-role Change-Id: I74c654b3c70f61f81c2c7efa87f076a62a4a2dd8 --- ansible/group_vars/all.yml | 8 +++ ansible/inventory/all-in-one | 3 + ansible/inventory/multinode | 3 + ansible/roles/qdrouterd/defaults/main.yml | 22 ++++++ ansible/roles/qdrouterd/handlers/main.yml | 21 ++++++ ansible/roles/qdrouterd/meta/main.yml | 3 + .../roles/qdrouterd/tasks/add_sasl_user.yml | 16 +++++ ansible/roles/qdrouterd/tasks/check.yml | 1 + ansible/roles/qdrouterd/tasks/config.yml | 72 +++++++++++++++++++ ansible/roles/qdrouterd/tasks/deploy.yml | 7 ++ ansible/roles/qdrouterd/tasks/main.yml | 2 + ansible/roles/qdrouterd/tasks/precheck.yml | 28 ++++++++ ansible/roles/qdrouterd/tasks/pull.yml | 10 +++ ansible/roles/qdrouterd/tasks/reconfigure.yml | 2 + ansible/roles/qdrouterd/tasks/upgrade.yml | 5 ++ .../templates/qdrouterd-sasl.conf.j2 | 4 ++ .../qdrouterd/templates/qdrouterd.conf.j2 | 58 +++++++++++++++ .../qdrouterd/templates/qdrouterd.json.j2 | 29 ++++++++ ansible/site.yml | 9 +++ etc/kolla/globals.yml | 1 + etc/kolla/passwords.yml | 5 ++ .../add-qdrouterd-role-3bb4c184804e1f98.yaml | 5 ++ 22 files changed, 314 insertions(+) create mode 100644 ansible/roles/qdrouterd/defaults/main.yml create mode 100644 ansible/roles/qdrouterd/handlers/main.yml create mode 100644 ansible/roles/qdrouterd/meta/main.yml create mode 100644 ansible/roles/qdrouterd/tasks/add_sasl_user.yml create mode 100644 ansible/roles/qdrouterd/tasks/check.yml create mode 100644 ansible/roles/qdrouterd/tasks/config.yml create mode 100644 ansible/roles/qdrouterd/tasks/deploy.yml create mode 100644 ansible/roles/qdrouterd/tasks/main.yml create mode 100644 ansible/roles/qdrouterd/tasks/precheck.yml create mode 100644 ansible/roles/qdrouterd/tasks/pull.yml create mode 100644 ansible/roles/qdrouterd/tasks/reconfigure.yml create mode 100644 ansible/roles/qdrouterd/tasks/upgrade.yml create mode 100644 ansible/roles/qdrouterd/templates/qdrouterd-sasl.conf.j2 create mode 100644 ansible/roles/qdrouterd/templates/qdrouterd.conf.j2 create mode 100644 ansible/roles/qdrouterd/templates/qdrouterd.json.j2 create mode 100644 releasenotes/notes/add-qdrouterd-role-3bb4c184804e1f98.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 7eaacd14aa..5130a08566 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -234,6 +234,8 @@ panko_api_port: "8977" placement_api_port: "8780" +qdrouterd_port: "15676" + rabbitmq_port: "5672" rabbitmq_management_port: "15672" rabbitmq_cluster_port: "25672" @@ -385,6 +387,7 @@ enable_octavia: "no" enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}" enable_osprofiler: "no" enable_panko: "no" +enable_qdrouterd: "no" enable_rally: "no" enable_sahara: "no" enable_searchlight: "no" @@ -430,6 +433,11 @@ rabbitmq_user: "openstack" rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin" outward_rabbitmq_user: "openstack" +#################### +# Qdrouterd options +#################### +qdrouterd_user: "openstack" + #################### # HAProxy options #################### diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 04f8b01313..7792763243 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -80,6 +80,9 @@ control [outward-rabbitmq:children] control +[qdrouterd:children] +control + [mongodb:children] control diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 66ff970d6a..5d8af51980 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -101,6 +101,9 @@ control [outward-rabbitmq:children] control +[qdrouterd:children] +control + [mongodb:children] control diff --git a/ansible/roles/qdrouterd/defaults/main.yml b/ansible/roles/qdrouterd/defaults/main.yml new file mode 100644 index 0000000000..f4b58ca26f --- /dev/null +++ b/ansible/roles/qdrouterd/defaults/main.yml @@ -0,0 +1,22 @@ +--- +project_name: "qdrouterd" + +qdrouterd_services: + qdrouterd: + container_name: qdrouterd + group: qdrouterd + enabled: true + image: "{{ qdrouterd_image_full }}" + volumes: + - "{{ node_config_directory }}/qdrouterd/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "qdrouterd:/var/lib/qdrouterd/" + - "kolla_logs:/var/log/kolla/" + + +#################### +# Docker +#################### +qdrouterd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-qdrouterd" +qdrouterd_tag: "{{ openstack_release }}" +qdrouterd_image_full: "{{ qdrouterd_image }}:{{ qdrouterd_tag }}" diff --git a/ansible/roles/qdrouterd/handlers/main.yml b/ansible/roles/qdrouterd/handlers/main.yml new file mode 100644 index 0000000000..807a181a20 --- /dev/null +++ b/ansible/roles/qdrouterd/handlers/main.yml @@ -0,0 +1,21 @@ +--- +- name: Restart qdrouterd container + vars: + service_name: "qdrouterd" + service: "{{ qdrouterd_services[service_name] }}" + config_json: "{{ qdrouterd_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + qdrouterd_container: "{{ check_qdrouterd_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + when: + - action != "config" + - inventory_hostname in groups[service.group] + - service.enabled | bool + - config_json.changed | bool + or qdrouterd_confs.changed | bool + or qdrouterd_sasl_confs.changed | bool + or qdrouterd_container.changed | bool diff --git a/ansible/roles/qdrouterd/meta/main.yml b/ansible/roles/qdrouterd/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/qdrouterd/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/qdrouterd/tasks/add_sasl_user.yml b/ansible/roles/qdrouterd/tasks/add_sasl_user.yml new file mode 100644 index 0000000000..78437ec907 --- /dev/null +++ b/ansible/roles/qdrouterd/tasks/add_sasl_user.yml @@ -0,0 +1,16 @@ +--- +- name: Wait for qdrouterd is up + wait_for: + host: "{{ api_interface_address }}" + port: "{{ qdrouterd_port }}" + connect_timeout: 1 + state: started + when: + - action != "config" + +- name: Create qdrouterd sasl user + shell: echo {{ qdrouterd_password }} | docker exec -u root -i qdrouterd saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u AMQP {{ qdrouterd_user }} + run_once: true + changed_when: true + when: + - action != "config" diff --git a/ansible/roles/qdrouterd/tasks/check.yml b/ansible/roles/qdrouterd/tasks/check.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/qdrouterd/tasks/check.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/qdrouterd/tasks/config.yml b/ansible/roles/qdrouterd/tasks/config.yml new file mode 100644 index 0000000000..2f9fbf4db0 --- /dev/null +++ b/ansible/roles/qdrouterd/tasks/config.yml @@ -0,0 +1,72 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item.key }}" + state: "directory" + recurse: yes + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ qdrouterd_services }}" + +- name: Copying over config.json files for services + template: + src: "{{ item.key }}.json.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + register: qdrouterd_config_jsons + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ qdrouterd_services }}" + notify: + - Restart qdrouterd container + +- name: Copying over qdrouterd config + vars: + service: "{{ qdrouterd_services['qdrouterd'] }}" + template: + src: "{{ item }}" + dest: "{{ node_config_directory }}/qdrouterd/qdrouterd.conf" + register: qdrouterd_confs + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + with_first_found: + - "{{ node_custom_config }}/qdrouterd/{{ inventory_hostname }}/qdrouterd.conf" + - "{{ node_custom_config }}/qdrouterd/qdrouterd.conf" + - "qdrouterd.conf.j2" + notify: + - Restart qdrouterd container + +- name: Copying over qdrouterd sasl config + vars: + service: "{{ qdrouterd_services['qdrouterd'] }}" + template: + src: "{{ item }}" + dest: "{{ node_config_directory }}/qdrouterd/qdrouterd-sasl.conf" + register: qdrouterd_sasl_confs + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + with_first_found: + - "{{ node_custom_config }}/qdrouterd/{{ inventory_hostname }}/qdrouterd-sasl.conf" + - "{{ node_custom_config }}/qdrouterd/qdrouterd-sasl.conf" + - "qdrouterd-sasl.conf.j2" + notify: + - Restart qdrouterd container + +- name: Check qdrouterd containers + kolla_docker: + action: "compare_container" + common_options: "{{ docker_common_options }}" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + volumes: "{{ item.value.volumes }}" + register: check_qdrouterd_containers + when: + - action != "config" + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ qdrouterd_services }}" + notify: + - Restart qdrouterd container diff --git a/ansible/roles/qdrouterd/tasks/deploy.yml b/ansible/roles/qdrouterd/tasks/deploy.yml new file mode 100644 index 0000000000..fc4218ac0c --- /dev/null +++ b/ansible/roles/qdrouterd/tasks/deploy.yml @@ -0,0 +1,7 @@ +--- +- include: config.yml + +- name: Flush handlers + meta: flush_handlers + +- include: add_sasl_user.yml diff --git a/ansible/roles/qdrouterd/tasks/main.yml b/ansible/roles/qdrouterd/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/qdrouterd/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/qdrouterd/tasks/precheck.yml b/ansible/roles/qdrouterd/tasks/precheck.yml new file mode 100644 index 0000000000..5cec762a74 --- /dev/null +++ b/ansible/roles/qdrouterd/tasks/precheck.yml @@ -0,0 +1,28 @@ +--- +- name: Get container facts + kolla_container_facts: + name: + - qdrouterd + register: container_facts + +- name: Checking free port for Qdrouterd + wait_for: + host: "{{ api_interface_address }}" + port: "{{ qdrouterd_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - container_facts['qdrouterd'] is not defined + - inventory_hostname in groups['qdrouterd'] + +- name: Check if all qdrouterd hostnames are resolvable + command: "getent ahostsv4 {{ hostvars[item]['ansible_hostname'] }}" + changed_when: false + register: qdrouterd_hostnames + with_items: "{{ groups['qdrouterd'] }}" + +- fail: msg="Hostname has to resolve to IP address of api_interface" + with_items: "{{ qdrouterd_hostnames.results }}" + when: + - "item.stdout.find(hostvars[item['item']]['ansible_' ~ hostvars[item['item']]['api_interface']]['ipv4']['address']) == -1" diff --git a/ansible/roles/qdrouterd/tasks/pull.yml b/ansible/roles/qdrouterd/tasks/pull.yml new file mode 100644 index 0000000000..a4f2e91a2f --- /dev/null +++ b/ansible/roles/qdrouterd/tasks/pull.yml @@ -0,0 +1,10 @@ +--- +- name: Pulling qdrouterd image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ item.value.image }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ qdrouterd_services }}" diff --git a/ansible/roles/qdrouterd/tasks/reconfigure.yml b/ansible/roles/qdrouterd/tasks/reconfigure.yml new file mode 100644 index 0000000000..e078ef1318 --- /dev/null +++ b/ansible/roles/qdrouterd/tasks/reconfigure.yml @@ -0,0 +1,2 @@ +--- +- include: deploy.yml diff --git a/ansible/roles/qdrouterd/tasks/upgrade.yml b/ansible/roles/qdrouterd/tasks/upgrade.yml new file mode 100644 index 0000000000..dd26ecc34d --- /dev/null +++ b/ansible/roles/qdrouterd/tasks/upgrade.yml @@ -0,0 +1,5 @@ +--- +- include: config.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/qdrouterd/templates/qdrouterd-sasl.conf.j2 b/ansible/roles/qdrouterd/templates/qdrouterd-sasl.conf.j2 new file mode 100644 index 0000000000..bf213635ff --- /dev/null +++ b/ansible/roles/qdrouterd/templates/qdrouterd-sasl.conf.j2 @@ -0,0 +1,4 @@ +pwcheck_method: auxprop +auxprop_plugin: sasldb +sasldb_path: /var/lib/qdrouterd/qdrouterd.sasldb +mech_list: ANONYMOUS PLAIN diff --git a/ansible/roles/qdrouterd/templates/qdrouterd.conf.j2 b/ansible/roles/qdrouterd/templates/qdrouterd.conf.j2 new file mode 100644 index 0000000000..c268c1b66e --- /dev/null +++ b/ansible/roles/qdrouterd/templates/qdrouterd.conf.j2 @@ -0,0 +1,58 @@ + +router { + mode: standalone + id: Router.A + workerThreads: 4 + saslConfigPath: /etc/sasl2 + saslConfigName: qdrouterd +} + +listener { + addr: {{ api_interface_address }} + port: {{ qdrouterd_port }} + role: normal + authenticatePeer: no +} + +address { + prefix: unicast + distribution: closest +} +address { + prefix: exclusive + distribution: closest +} +address { + prefix: broadcast + distribution: multicast +} +address { + prefix: openstack.org/om/rpc/multicast + distribution: multicast +} +address { + prefix: openstack.org/om/rpc/unicast + distribution: closest +} +address { + prefix: openstack.org/om/rpc/anycast + distribution: balanced +} +address { + prefix: openstack.org/om/notify/multicast + distribution: multicast +} +address { + prefix: openstack.org/om/notify/unicast + distribution: closest +} +address { + prefix: openstack.org/om/notify/anycast + distribution: balanced +} + +log { + module: DEFAULT + enable: info+ + output: /var/log/kolla/qdrouterd/qdrouterd.log +} diff --git a/ansible/roles/qdrouterd/templates/qdrouterd.json.j2 b/ansible/roles/qdrouterd/templates/qdrouterd.json.j2 new file mode 100644 index 0000000000..193ec196d6 --- /dev/null +++ b/ansible/roles/qdrouterd/templates/qdrouterd.json.j2 @@ -0,0 +1,29 @@ +{ + "command": "/usr/sbin/qdrouterd", + "config_files": [ + { + "source": "{{ container_config_directory }}/qdrouterd.conf", + "dest": "/etc/qpid-dispatch/qdrouterd.conf", + "owner": "qdrouterd", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/qdrouterd-sasl.conf", + "dest": "/etc/sasl2/qdrouterd.conf", + "owner": "qdrouterd", + "perm": "0600" + } + ], + "permissions": [ + { + "path": "/var/lib/qdrouterd", + "owner": "qdrouterd:qdrouterd", + "recurse": true + }, + { + "path": "/var/log/kolla/qdrouterd", + "owner": "qdrouterd:qdrouterd", + "recurse": true + } + ] +} diff --git a/ansible/site.yml b/ansible/site.yml index f8f1cc3505..0ed2edc28c 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -192,6 +192,15 @@ role_rabbitmq_user: '{{ outward_rabbitmq_user }}', when: enable_outward_rabbitmq | bool } +- name: Apply role qdrouterd + gather_facts: false + hosts: qdrouterd + serial: '{{ serial|default("0") }}' + roles: + - { role: qdrouterd, + tags: qdrouterd, + when: enable_qdrouterd | bool } + - name: Apply role etcd gather_facts: false hosts: etcd diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 17de9774a9..eddd0c4bea 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -185,6 +185,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}" #enable_osprofiler: "no" #enable_panko: "no" +#enable_qdrouterd: "no" #enable_rally: "no" #enable_sahara: "no" #enable_searchlight: "no" diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 50b99c5351..2a0b23dccd 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -175,6 +175,11 @@ gnocchi_project_id: gnocchi_resource_id: gnocchi_user_id: +#################### +# Qdrouterd options +#################### +qdrouterd_password: + #################### # RabbitMQ options #################### diff --git a/releasenotes/notes/add-qdrouterd-role-3bb4c184804e1f98.yaml b/releasenotes/notes/add-qdrouterd-role-3bb4c184804e1f98.yaml new file mode 100644 index 0000000000..00b2256386 --- /dev/null +++ b/releasenotes/notes/add-qdrouterd-role-3bb4c184804e1f98.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add qdrouterd ansible role (apache qpid-dispatch-router) for direct + messaging infrastructure component. Oslo.messaging amqp driver supports + qdrouterd for rpc messaging backend communications.