diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index f2f9a03a..d25f6a9d 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -1,6 +1,6 @@ -OpenStack keystone -################## -:tags: openstack, keystone, cloud, ansible +os_keystone +######## +:tags: openstack, cloud, ansible :category: \*nix contributor guidelines diff --git a/LICENSE b/LICENSE index e06d2081..8f71f43f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Apache License + Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ diff --git a/README.rst b/README.rst index 41dcafa8..c202ce93 100644 --- a/README.rst +++ b/README.rst @@ -17,6 +17,4 @@ This role will install the following: roles: - { role: "os_keystone", tags: [ "os-keystone" ] } vars: - external_lb_vip_address: 172.16.24.1 - internal_lb_vip_address: 192.168.0.1 keystone_galera_address: "{{ internal_lb_vip_address }}" diff --git a/defaults/main.yml b/defaults/main.yml index b5d7f792..40a4b70c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -17,9 +17,6 @@ debug: False verbose: True -## APT Cache options -cache_timeout: 600 - # Name of the virtual env to deploy into keystone_venv_tag: untagged keystone_venv_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin" @@ -86,14 +83,20 @@ keystone_memcached_max_compare_and_set_retry: 16 keystone_galera_user: keystone keystone_galera_database: keystone # Database tuning +keystone_database_enabled: true +keystone_database_connection_string: mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8 keystone_database_idle_timeout: 200 keystone_database_min_pool_size: 5 keystone_database_max_pool_size: 120 keystone_database_pool_timeout: 30 ## RabbitMQ info +keystone_messaging_enabled: true +keystone_rabbitmq_port: 5671 keystone_rabbitmq_userid: keystone keystone_rabbitmq_vhost: /keystone +keystone_rabbitmq_servers: localhost +keystone_rabbitmq_use_ssl: false ## Role info keystone_role_name: admin @@ -109,6 +112,7 @@ keystone_admin_description: Admin Tenant #keystone_secure_proxy_ssl_header: X-Forwarded-For ## Service Type and Data +keystone_service_setup: true keystone_service_region: RegionOne keystone_service_name: keystone keystone_service_port: 5000 @@ -137,6 +141,9 @@ keystone_service_publicurl: "{{ keystone_service_publicurl_v3 }}" keystone_service_internalurl: "{{ keystone_service_internalurl_v3 }}" keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}" +keystone_service_internaluri_insecure: false +keystone_service_adminuri_insecure: false + ## Set this value to override the "public_endpoint" keystone.conf variable #keystone_public_endpoint: "{{ keystone_service_publicuri }}" @@ -152,8 +159,8 @@ keystone_ssl: false keystone_ssl_cert: /etc/ssl/certs/keystone.pem keystone_ssl_key: /etc/ssl/private/keystone.key keystone_ssl_ca_cert: /etc/ssl/certs/keystone-ca.pem -keystone_ssl_protocol: "{{ ssl_protocol }}" -keystone_ssl_cipher_suite: "{{ ssl_cipher_suite }}" +keystone_ssl_protocol: "{{ ssl_protocol|default('ALL -SSLv2 -SSLv3') }}" +keystone_ssl_cipher_suite: "{{ ssl_cipher_suite|default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS') }}" # if using a self-signed certificate, set this to true to regenerate it keystone_ssl_self_signed_regen: false @@ -336,25 +343,11 @@ keystone_sp_apt_packages: # Keystone notification settings keystone_ceilometer_enabled: false -# Common apt packages -keystone_apt_packages: - - apache2 - - apache2-utils - - debhelper - - dh-apparmor - - docutils-common - - git - - libapache2-mod-wsgi - - libjs-sphinxdoc - - libjs-underscore - - libldap2-dev - - libsasl2-dev - - libxslt1.1 - - rsync - -keystone_idp_apt_packages: - - ssl-cert - - xmlsec1 +keystone_git_repo: https://git.openstack.org/openstack/keystone +keystone_git_install_branch: master +keystone_developer_mode: false +keystone_developer_constraints: + - "git+{{ keystone_git_repo }}@{{ keystone_git_install_branch }}#egg=keystone" # Keystone packages that must be installed before anything else keystone_requires_pip_packages: diff --git a/doc/Makefile b/doc/Makefile new file mode 100644 index 00000000..9ead39f6 --- /dev/null +++ b/doc/Makefile @@ -0,0 +1,195 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) +$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " applehelp to make an Apple Help Book" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + @echo " coverage to run coverage check of the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-os_keystone.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-os_keystone.qhc" + +applehelp: + $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp + @echo + @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." + @echo "N.B. You won't be able to view it unless you put it in" \ + "~/Library/Documentation/Help or install it in your application" \ + "bundle." + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-os_keystone" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-os_keystone" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +coverage: + $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage + @echo "Testing of coverage in the sources finished, look at the " \ + "results in $(BUILDDIR)/coverage/python.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." + +livehtml: html + sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100644 index 00000000..a4450f61 --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,290 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +# +# openstack-ansible-os_keystone documentation build configuration file, created by +# sphinx-quickstart on Mon Apr 13 20:42:26 2015. +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'oslosphinx' +] + +# The link to the browsable source code (for the left hand menu) +oslosphinx_cgit_link = 'http://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone' + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = 'openstack-ansible-os_keystone' +copyright = '2015, openstack-ansible-os_keystone contributors' +author = 'openstack-ansible-os_keystone contributors' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = 'master' +# The full version, including alpha/beta/rc tags. +release = 'master' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# html_theme = 'alabaster' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +# html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr' +# html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +# html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +# html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'openstack-ansible-os_keystonedoc' + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', + + # Latex figure (float) alignment + # 'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, 'openstack-ansible-os_keystone.tex', + 'openstack-ansible-os_keystone Documentation', + 'openstack-ansible-os_keystone contributors', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, 'openstack-ansible-os_keystone', + 'openstack-ansible-os_keystone Documentation', + [author], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, 'openstack-ansible-os_keystone', + 'openstack-ansible-os_keystone Documentation', + author, 'openstack-ansible-os_keystone', 'One line description of project.', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 00000000..313b1c6b --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,14 @@ +os_keystone Docs +============= + +Tell us what the role is supposed to do? + +Basic Role Example +^^^^^^^^^^^^^^^^^^ + +Tell us how to use the role. + +.. code-block:: yaml + + - role: "$ROLENAME" + ROLE_VARS... diff --git a/meta/main.yml b/meta/main.yml index 7c2c07bf..2d2afff1 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -31,10 +31,13 @@ galaxy_info: - openstack dependencies: - apt_package_pinning - - galera_client - - openstack_openrc - - pip_lock_down + - role: galera_client + when: + - keystone_database_enabled | bool + - role: pip_lock_down + when: + - not keystone_developer_mode | bool - role: memcached_server - when: > - 'memcache' in keystone_token_driver and - 'fernet' not in keystone_token_provider + when: + - "'memcache' in keystone_token_driver" + - "'fernet' not in keystone_token_provider" diff --git a/readme.rst b/readme.rst new file mode 100644 index 00000000..4356561e --- /dev/null +++ b/readme.rst @@ -0,0 +1,22 @@ +os_keystone role +############# +:tags: openstack, cloud, ansible, os_keystone +:category: \*nix + +os_keystone Role + +.. code-block:: yaml + + - name: os_keystone role + hosts: "hosts" + user: root + roles: + - { role: "os_keystone" } + + +Note. The template role has the template name within it. Please change the name +throughout the code base. + +.. code-block:: bsah + + find . -type f -exec sed -i 's/os_keystone/CHANGE_ME_PLEASE/g' {} \; diff --git a/run_tests.sh b/run_tests.sh new file mode 100644 index 00000000..f0a8f3e5 --- /dev/null +++ b/run_tests.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -euov + +FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true} + +# prep the host +if [ "$(which apt-get)" ]; then + apt-get install -y build-essential python2.7 python-dev git-core +fi + +# get pip, if necessary +if [ ! "$(which pip)" ]; then + curl --silent --show-error --retry 5 \ + https://bootstrap.pypa.io/get-pip.py | sudo python2.7 +fi + +# install tox +pip install tox + +# run through each tox env and execute the test +for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do + if [ "${tox_env}" != "ansible-functional" ]; then + tox -e ${tox_env} + elif [ "${tox_env}" == "ansible-functional" ]; then + if ${FUNCTIONAL_TEST}; then + tox -e ${tox_env} + fi + fi +done diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 00000000..9ec2ab8e --- /dev/null +++ b/setup.cfg @@ -0,0 +1,24 @@ +[metadata] +name = openstack-ansible-os_keystone +summary = os_keystone for OpenStack Ansible +description-file = + README.rst +author = OpenStack +author-email = openstack-dev@lists.openstack.org +home-page = http://www.openstack.org/ +classifier = + Intended Audience :: Developers + Intended Audience :: System Administrators + License :: OSI Approved :: Apache Software License + Operating System :: POSIX :: Linux + +[build_sphinx] +all_files = 1 +build-dir = doc/build +source-dir = doc/source + +[pbr] +warnerrors = True + +[wheel] +universal = 1 diff --git a/setup.py b/setup.py new file mode 100644 index 00000000..70c2b3f3 --- /dev/null +++ b/setup.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python +# Copyright (c) 2013 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT +import setuptools + +setuptools.setup( + setup_requires=['pbr'], + pbr=True) diff --git a/tasks/keystone_db_setup.yml b/tasks/keystone_db_setup.yml index d9064222..d315b926 100644 --- a/tasks/keystone_db_setup.yml +++ b/tasks/keystone_db_setup.yml @@ -13,32 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ keystone_galera_address }}" - name: "{{ keystone_galera_database }}" - state: "present" - tags: - - keystone-db-setup - -- name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ keystone_galera_address }}" - name: "{{ keystone_galera_user }}" - password: "{{ keystone_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ keystone_galera_database }}.*:ALL" - with_items: - - "localhost" - - "%" - tags: - - keystone-db-setup - - name: Perform a Keystone DB sync command: "{{ keystone_bin }}/keystone-manage db_sync" become: yes diff --git a/tasks/keystone_idp_setup.yml b/tasks/keystone_idp_setup.yml index 4400ad7a..1ab74d1b 100644 --- a/tasks/keystone_idp_setup.yml +++ b/tasks/keystone_idp_setup.yml @@ -28,3 +28,5 @@ - include: keystone_idp_metadata.yml - include: keystone_idp_sp_setup.yml + when: + - keystone_service_setup | bool \ No newline at end of file diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml index 5aeac5f3..1e6e410f 100644 --- a/tasks/keystone_install.yml +++ b/tasks/keystone_install.yml @@ -13,63 +13,33 @@ # See the License for the specific language governing permissions and # limitations under the License. -#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache -#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged -#in 1.9.x or we move to 2.0 (if tested working) -- name: Check apt last update file - stat: - path: /var/cache/apt - register: apt_cache_stat +- include: keystone_install_apt.yml + when: + - ansible_pkg_mgr == 'apt' tags: - - keystone-apt-packages + - install-apt -- name: Update apt if needed - apt: - update_cache: yes - when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}" - tags: - - keystone-apt-packages - -- name: Install apt packages - apt: - pkg: "{{ item }}" - state: latest - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - with_items: keystone_apt_packages +- name: Create developer mode constraint file + copy: + dest: "/opt/developer-pip-constraints.txt" + content: | + {% for item in keystone_developer_constraints %} + {{ item }} + {% endfor %} + when: + - keystone_developer_mode | bool tags: - keystone-install - - keystone-apt-packages + - keystone-pip-packages -- name: Install IdP apt packages - apt: - pkg: "{{ item }}" - state: latest - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - with_items: keystone_idp_apt_packages - when: keystone_idp is defined +- name: Set constraint file fact for developer mode + set_fact: + pip_install_options: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt" + when: + - keystone_developer_mode | bool tags: - keystone-install - - keystone-apt-packages - -- name: Install SP apt packages - apt: - pkg: "{{ item }}" - state: latest - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - with_items: keystone_sp_apt_packages - when: keystone_sp is defined - tags: - - keystone-install - - keystone-apt-packages + - keystone-pip-packages - name: Install requires pip packages pip: @@ -89,7 +59,9 @@ stat: path: "/var/cache/{{ keystone_venv_download_url | basename }}" get_md5: False - when: keystone_venv_enabled | bool + when: + - not keystone_developer_mode | bool + - keystone_venv_enabled | bool register: local_venv_stat tags: - keystone-install @@ -99,7 +71,9 @@ uri: url: "{{ keystone_venv_download_url | replace('tgz', 'checksum') }}" return_content: True - when: keystone_venv_enabled | bool + when: + - not keystone_developer_mode | bool + - keystone_venv_enabled | bool register: remote_venv_checksum tags: - keystone-install @@ -118,6 +92,7 @@ ignore_errors: true register: get_venv when: + - not keystone_developer_mode | bool - keystone_venv_enabled | bool - (local_venv_stat.stat.exists == False or {{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }}) @@ -149,6 +124,7 @@ path: "{{ keystone_venv_bin | dirname }}" state: directory when: + - not keystone_developer_mode | bool - keystone_venv_enabled | bool - keystone_get_venv | changed tags: @@ -161,6 +137,7 @@ dest: "{{ keystone_venv_bin | dirname }}" copy: "no" when: + - not keystone_developer_mode | bool - keystone_venv_enabled | bool - keystone_get_venv | changed notify: @@ -173,6 +150,7 @@ command: > virtualenv-tools --update-path=auto {{ keystone_venv_bin | dirname }} when: + - not keystone_developer_mode | bool - keystone_venv_enabled | bool - keystone_get_venv | success tags: @@ -193,7 +171,7 @@ with_items: keystone_pip_packages when: - keystone_venv_enabled | bool - - keystone_get_venv | failed + - keystone_get_venv | failed or keystone_developer_mode | bool notify: - Restart Apache tags: @@ -210,7 +188,9 @@ retries: 5 delay: 2 with_items: keystone_pip_packages - when: not keystone_venv_enabled | bool + when: + - not keystone_developer_mode | bool + - not keystone_venv_enabled | bool notify: - Restart Apache tags: diff --git a/tasks/keystone_install_apt.yml b/tasks/keystone_install_apt.yml new file mode 100644 index 00000000..7eea5b4b --- /dev/null +++ b/tasks/keystone_install_apt.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Update apt sources + apt: + update_cache: yes + cache_valid_time: 600 + register: apt_update + until: apt_update|success + retries: 5 + delay: 2 + tags: + - keystone-apt-packages + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: keystone_apt_packages + tags: + - keystone-install + - keystone-apt-packages + +- name: Install IdP apt packages + apt: + pkg: "{{ item }}" + state: latest + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: keystone_idp_apt_packages + when: keystone_idp is defined + tags: + - keystone-install + - keystone-apt-packages + +- name: Install SP apt packages + apt: + pkg: "{{ item }}" + state: latest + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: keystone_sp_apt_packages + when: keystone_sp is defined + tags: + - keystone-install + - keystone-apt-packages + +- name: Install developer mode apt packages + apt: + pkg: "{{ item }}" + state: latest + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: keystone_developer_apt_packages + when: + - keystone_developer_mode | bool + tags: + - keystone-install + - keystone-apt-packages diff --git a/tasks/keystone_pre_install.yml b/tasks/keystone_pre_install.yml index 3fb9eb1d..dd90fdef 100644 --- a/tasks/keystone_pre_install.yml +++ b/tasks/keystone_pre_install.yml @@ -118,7 +118,3 @@ tags: - keystone-dirs - keystone-logs - -- include: keystone_messaging_setup.yml - when: > - inventory_hostname == groups['keystone_all'][0] diff --git a/tasks/main.yml b/tasks/main.yml index f7b278f4..87576f00 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,6 +13,15 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + - include: keystone_pre_install.yml - include: keystone_install.yml - include: keystone_post_install.yml @@ -25,41 +34,48 @@ - include: keystone_fernet.yml tags: - keystone-fernet - when: > - 'fernet' in keystone_token_provider + when: + - "'fernet' in keystone_token_provider" + - keystone_service_setup | bool - include: keystone_federation_sp_setup.yml - when: > - keystone_sp is defined + when: + - keystone_sp is defined - include: keystone_db_setup.yml - when: > - inventory_hostname == groups['keystone_all'][0] + when: + - keystone_database_enabled | bool + - inventory_hostname == groups['keystone_all'][0] - include: keystone_token_cleanup.yml - when: > - 'sql' in keystone_token_driver + when: + - "'sql' in keystone_token_driver" - include: keystone_ssl.yml - include: keystone_apache.yml - include: keystone_service_setup.yml - when: > - inventory_hostname == groups['keystone_all'][0] + when: + - keystone_service_setup | bool + - inventory_hostname == groups['keystone_all'][0] - include: keystone_ldap_setup.yml + when: + - keystone_service_setup | bool tags: - keystone-config - keystone-ldap - include: keystone_federation_sp_idp_setup.yml - when: > - keystone_sp is defined and - inventory_hostname == groups['keystone_all'][0] + when: + when: + - keystone_service_setup | bool + - keystone_sp is defined + - inventory_hostname == groups['keystone_all'][0] - name: Flush handlers meta: flush_handlers - include: keystone_idp_setup.yml - when: > - keystone_idp is defined + when: + - keystone_idp is defined diff --git a/templates/keystone-wsgi.py.j2 b/templates/keystone-wsgi.py.j2 index 400ee7f8..53d0e46e 100644 --- a/templates/keystone-wsgi.py.j2 +++ b/templates/keystone-wsgi.py.j2 @@ -19,30 +19,30 @@ activate_this = os.path.expanduser("{{ keystone_venv_bin }}/activate_this.py") execfile(activate_this, dict(__file__=activate_this)) {% endif %} -import os +import pbr.version +_version_ = pbr.version.VersionInfo('keystone').version_string() -from oslo_log import log -from oslo_log import versionutils - -from keystone.i18n import _LW -from keystone.server import wsgi as wsgi_server - - -name = os.path.basename(__file__) -LOG = log.getLogger(__name__) - - -def deprecation_warning(): - versionutils.report_deprecated_feature( - LOG, - _LW('httpd/keystone.py is deprecated as of Mitaka' - ' in favor of keystone-wsgi-admin and keystone-wsgi-public' - ' and may be removed in O.') +#TODO(cloudnull) This should be removed in the N time frame +if '2015' in _version_: + from keystone.server import wsgi as wsgi_server + name = os.path.basename(__file__) + application = wsgi_server.initialize_application(name) +else: + import os + from oslo_log import log + from oslo_log import versionutils + from keystone.i18n import _LW + from keystone.server import wsgi as wsgi_server + name = os.path.basename(__file__) + LOG = log.getLogger(__name__) + def deprecation_warning(): + versionutils.report_deprecated_feature( + LOG, + _LW('httpd/keystone.py is deprecated as of Mitaka' + ' in favor of keystone-wsgi-admin and keystone-wsgi-public' + ' and may be removed in O.') + ) + application = wsgi_server.initialize_application( + name, + post_log_configured_function=deprecation_warning ) - -# NOTE(ldbragst): 'application' is required in this context by WSGI spec. -# The following is a reference to Python Paste Deploy documentation -# http://pythonpaste.org/deploy/ -application = wsgi_server.initialize_application( - name, - post_log_configured_function=deprecation_warning) diff --git a/templates/keystone.conf.j2 b/templates/keystone.conf.j2 index 13182568..0d1926b6 100644 --- a/templates/keystone.conf.j2 +++ b/templates/keystone.conf.j2 @@ -54,12 +54,15 @@ saml2 = keystone.auth.plugins.mapped.Mapped methods = {{ keystone_auth_methods }} {% endif %} + +{% if keystone_database_enabled | bool %} [database] -connection = mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8 +connection = {{ keystone_database_connection_string }} idle_timeout = {{ keystone_database_idle_timeout }} min_pool_size = {{ keystone_database_min_pool_size }} max_pool_size = {{ keystone_database_max_pool_size }} pool_timeout = {{ keystone_database_pool_timeout }} +{% endif %} [fernet_tokens] @@ -146,13 +149,15 @@ admin_bind_host = {{ keystone_bind_address }} admin_port = {{ keystone_admin_port }} public_port = {{ keystone_service_port }} +{% if keystone_messaging_enabled | bool %} [oslo_messaging_rabbit] -rabbit_port = {{ rabbitmq_port }} +rabbit_port = {{ keystone_rabbitmq_port }} rabbit_userid = {{ keystone_rabbitmq_userid }} rabbit_password = {{ keystone_rabbitmq_password }} rabbit_virtual_host = {{ keystone_rabbitmq_vhost }} -rabbit_hosts = {{ rabbitmq_servers }} -rabbit_use_ssl = {{ rabbitmq_use_ssl }} +rabbit_hosts = {{ keystone_rabbitmq_servers }} +rabbit_use_ssl = {{ keystone_rabbitmq_use_ssl }} +{% endif %} {% if keystone_sp is defined %} [federation] diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 00000000..f9f762ea --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,6 @@ +ansible-lint +ansible>=1.9.1,<2.0.0 + +# this is required for the docs build jobs +sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 +oslosphinx>=2.5.0 # Apache-2.0 diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml new file mode 100644 index 00000000..a3c64552 --- /dev/null +++ b/tests/ansible-role-requirements.yml @@ -0,0 +1,49 @@ +- name: plugins + src: https://github.com/os-cloud/openstack-ansible-plugins + path: ../../ + scm: git + version: master +- name: apt_package_pinning + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + scm: git + version: master +- name: pip_install + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + scm: git + version: master +- name: pip_lock_down + src: https://git.openstack.org/openstack/openstack-ansible-pip_lock_down + scm: git + version: master +- name: memcached_server + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + scm: git + version: master +- name: py_from_git + src: https://git.openstack.org/openstack/openstack-ansible-py_from_git + scm: git + version: master +- name: lxc_hosts + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + scm: git + version: master +- name: lxc_container_create + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + scm: git + version: master +- name: openstack_hosts + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + scm: git + version: master +- name: galera_client + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + scm: git + version: master +- name: galera_server + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + scm: git + version: master +- name: rabbitmq_server + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + scm: git + version: master diff --git a/tests/ansible.cfg b/tests/ansible.cfg new file mode 100644 index 00000000..abf86baf --- /dev/null +++ b/tests/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +host_key_checking = False + +[ssh_connection] +control_path = /tmp/%%h-%%r \ No newline at end of file diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 00000000..6c0833a9 --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +[all] +localhost ansible_connection=local ansible_become=True diff --git a/tests/stand-alone b/tests/stand-alone new file mode 100644 index 00000000..6d4d22ca --- /dev/null +++ b/tests/stand-alone @@ -0,0 +1,5 @@ +[all] +localhost ansible_connection=local ansible_become=True + +[keystone_all] +localhost ansible_connection=local \ No newline at end of file diff --git a/tests/stand-alone.yml b/tests/stand-alone.yml new file mode 100644 index 00000000..a6f4cb5f --- /dev/null +++ b/tests/stand-alone.yml @@ -0,0 +1,26 @@ +- name: Playbook for role testing + hosts: localhost + user: root + gather_facts: true + roles: + - role: "{{ rolename | basename }}" + vars: + external_lb_vip_address: 10.100.100.102 + internal_lb_vip_address: 10.100.100.102 + keystone_galera_address: 10.100.100.101 + keystone_galera_database: keystone + keystone_venv_tag: "testing" + keystone_developer_mode: true + keystone_auth_admin_token: "SuperSecreteTestToken" + keystone_auth_admin_password: "SuperSecretePassword" + keystone_database_enabled: false + keystone_service_setup: false + keystone_service_password: "secrete" + keystone_rabbitmq_password: "secrete" + keystone_container_mysql_password: "SuperSecrete" + keystone_rabbitmq_port: 5671 + keystone_rabbitmq_userid: keystone + keystone_rabbitmq_vhost: /keystone + keystone_rabbitmq_servers: 10.100.100.101 + keystone_rabbitmq_use_ssl: false + galera_client_drop_config_file: false diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 00000000..e71eb43a --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,227 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for pre-role testing 1of3 + hosts: 127.0.0.1 + connection: local + become: false + pre_tasks: + - name: Create ssh key pair for root + user: + name: "{{ ansible_ssh_user }}" + generate_ssh_key: "yes" + ssh_key_bits: 2048 + ssh_key_file: ".ssh/id_rsa" + - name: get the calling users key + command: cat ~/.ssh/id_rsa.pub + register: key_get + - set_fact: + lxc_container_ssh_key: "{{ key_get.stdout }}" + +- name: Playbook for pre-role testing 2of3 + hosts: localhost + connection: local + pre_tasks: + - name: Ensure root's new public ssh key is in authorized_keys + authorized_key: + user: root + key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + manage_dir: no + - set_fact: + lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + roles: + - role: "lxc_hosts" + lxc_net_address: 10.100.100.1 + lxc_net_dhcp_range: 10.100.100.2,10.100.100.253 + lxc_net_bridge: lxcbr0 + lxc_kernel_options: + - { key: 'fs.inotify.max_user_instances', value: 1024 } + lxc_container_caches: + - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" + name: "trusty.tgz" + sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" + chroot_path: trusty/rootfs-amd64 + # The $HOME directory is mocked to work with tox + # by defining the 'ansible_env' hash. This should + # NEVER be done outside of testing. + ansible_env: ## NEVER DO THIS OUTSIDE OF TESTING + HOME: "/tmp" + - role: "py_from_git" + git_repo: "https://github.com/lxc/python2-lxc" + git_dest: "/opt/lxc_python2" + git_install_branch: "master" + post_tasks: + # THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A + # HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV. + - name: Ensure the lxc lib is on the host + command: /usr/local/bin/pip install /opt/lxc_python2 + # Inventory is being pre-loaded using a post tasks instead of through a dynamic + # inventory system. While this is not a usual method for deployment it's being + # done for functional testing. + - name: Create container hosts + add_host: + groups: "all,all_containers,rabbitmq_all,galera_all,service_all" + hostname: "{{ item.name }}" + inventory_hostname: "{{ item.name }}" + ansible_ssh_host: "{{ item.address }}" + ansible_become: true + properties: + service_name: "{{ item.service }}" + container_networks: + management_address: + address: "{{ item.address }}" + bridge: "lxcbr0" + interface: "eth1" + netmask: "255.255.252.0" + type: "veth" + physical_host: localhost + container_name: "{{ item.name }}" + with_items: + - { name: "service1", service: "service1", address: "10.100.100.101" } + - name: Create container hosts + add_host: + groups: "all,all_containers,keystone_all" + hostname: "{{ item.name }}" + inventory_hostname: "{{ item.name }}" + ansible_ssh_host: "{{ item.address }}" + ansible_become: true + properties: + service_name: "{{ item.service }}" + container_networks: + management_address: + address: "{{ item.address }}" + bridge: "lxcbr0" + interface: "eth1" + netmask: "255.255.252.0" + type: "veth" + physical_host: localhost + container_name: "{{ item.name }}" + with_items: + - { name: "keystone1", service: "keystone1", address: "10.100.100.102" } + - { name: "keystone2", service: "keystone2", address: "10.100.100.103" } + +- name: Playbook for pre-role testing 3of3 + hosts: all_containers + connection: local + gather_facts: false + roles: + - role: "lxc_container_create" + lxc_container_release: trusty + lxc_container_backing_store: dir + global_environment_variables: + PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + post_tasks: + - name: Wait for ssh to be available + local_action: + module: wait_for + port: "{{ ansible_ssh_port | default('22') }}" + host: "{{ ansible_ssh_host | default(inventory_hostname) }}" + search_regex: OpenSSH + delay: 1 + +- name: Playbook for role testing + hosts: service_all + user: root + gather_facts: true + roles: + - role: "rabbitmq_server" + rabbitmq_cookie_token: secrete + - role: "galera_server" + galera_root_password: secrete + galera_root_user: root + galera_innodb_buffer_pool_size: 512M + galera_innodb_log_buffer_size: 32M + galera_server_id: "{{ inventory_hostname | string_2_int }}" + galera_wsrep_node_name: "{{ inventory_hostname }}" + galera_wsrep_provider_options: + - { option: "gcache.size", value: "32M" } + galera_server_id: "{{ inventory_hostname | string_2_int }}" + +- name: Playbook for role testing + hosts: keystone_all + user: root + gather_facts: true + pre_tasks: + - name: Ensure Rabbitmq vhost + rabbitmq_vhost: + name: "{{ keystone_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.100.101" + when: inventory_hostname == groups['keystone_all'][0] + tags: + - aodh-rabbitmq + - aodh-rabbitmq-vhost + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ keystone_rabbitmq_userid }}" + password: "{{ keystone_rabbitmq_password }}" + vhost: "{{ keystone_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.100.101" + when: inventory_hostname == groups['keystone_all'][0] + tags: + - aodh-rabbitmq + - aodh-rabbitmq-user + - name: Create DB for service + mysql_db: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + state: "present" + delegate_to: "10.100.100.101" + when: inventory_hostname == groups['keystone_all'][0] + tags: + - mysql-db-setup + - name: Grant access to the DB for the service + mysql_user: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + password: "{{ keystone_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ keystone_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.100.101" + when: inventory_hostname == groups['keystone_all'][0] + tags: + - mysql-db-setup + roles: + - role: "{{ rolename | basename }}" + vars: + external_lb_vip_address: 10.100.100.102 + internal_lb_vip_address: 10.100.100.102 + keystone_galera_address: 10.100.100.101 + keystone_galera_database: keystone + keystone_venv_tag: "testing" + keystone_developer_mode: true + keystone_auth_admin_token: "SuperSecreteTestToken" + keystone_auth_admin_password: "SuperSecretePassword" + keystone_service_password: "secrete" + keystone_rabbitmq_password: "secrete" + keystone_container_mysql_password: "SuperSecrete" + keystone_rabbitmq_port: 5671 + keystone_rabbitmq_userid: keystone + keystone_rabbitmq_vhost: /keystone + keystone_rabbitmq_servers: 10.100.100.101 + keystone_rabbitmq_use_ssl: false + galera_client_drop_config_file: false diff --git a/tox.ini b/tox.ini new file mode 100644 index 00000000..a60495e8 --- /dev/null +++ b/tox.ini @@ -0,0 +1,186 @@ +[tox] +minversion = 1.6 +skipsdist = True +envlist = docs,linters,functional + + +[testenv] +usedevelop = True +install_command = pip install -U {opts} {packages} +setenv = VIRTUAL_ENV={envdir} +deps = -r{toxinidir}/test-requirements.txt +commands = /usr/bin/find . -type f -name "*.pyc" -delete + + +[testenv:docs] +commands= + python setup.py build_sphinx + + +# environment used by the -infra templated docs job +[testenv:venv] +deps = -r{toxinidir}/test-requirements.txt +commands = {posargs} + + +[testenv:pep8] +deps = + flake8 +whitelist_externals = + bash +commands = + # Run hacking/flake8 check for all python files + bash -c "grep --recursive --binary-files=without-match \ + --files-with-match '^.!.*python$' \ + --exclude-dir .eggs \ + --exclude-dir .git \ + --exclude-dir .tox \ + --exclude-dir *.egg-info \ + --exclude-dir doc \ + {toxinidir} | xargs flake8 --verbose" + +[flake8] +# Ignores the following rules due to how ansible modules work in general +# F403 'from ansible.module_utils.basic import *' used; +# unable to detect undefined names +# H303 No wildcard (*) import. +ignore=F403,H303 + + +[testenv:bashate] +deps = + bashate +whitelist_externals = + bash +commands = + # Run bashate check for all bash scripts + # Ignores the following rules: + # E003: Indent not multiple of 4 (we prefer to use multiples of 2) + # E006: Line longer than 79 columns (as many scripts use jinja + # templating, this is very difficult) + # E040: Syntax error determined using `bash -n` (as many scripts + # use jinja templating, this will often fail and the syntax + # error will be discovered in execution anyway) + bash -c "grep --recursive --binary-files=without-match \ + --files-with-match '^.!.*\(ba\)\?sh$' \ + --exclude-dir .tox \ + --exclude-dir .git \ + {toxinidir} | xargs bashate --error . --verbose --ignore=E003,E006,E040" + + +[testenv:ansible-syntax] +passenv = + HOME +setenv = + # TODO (odyssey4me) These are only here as they are non-standard folder + # names for Ansible 1.9.x. We are using the standard folder names for + # Ansible v2.x. We can remove this when we move to Ansible 2.x. + ANSIBLE_ACTION_PLUGINS = {homedir}/.ansible/plugins/action + ANSIBLE_CALLBACK_PLUGINS = {homedir}/.ansible/plugins/callback + ANSIBLE_FILTER_PLUGINS = {homedir}/.ansible/plugins/filter + ANSIBLE_LOOKUP_PLUGINS = {homedir}/.ansible/plugins/lookup + # This is required as the default is the current path or a path specified in + # ansible.cfg + ANSIBLE_LIBRARY = {homedir}/.ansible/plugins/library + # This is required as the default is '/etc/ansible/roles' or a path specified + # in ansible.cfg + ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/.. +deps = + ansible>1.9,<2.0 +whitelist_externals = + git + rm +commands = + rm -rf {homedir}/.ansible + git clone https://git.openstack.org/openstack/openstack-ansible-plugins {homedir}/.ansible/plugins + ansible-galaxy install \ + --role-file={toxinidir}/tests/ansible-role-requirements.yml \ + --ignore-errors \ + --force + ansible-playbook -i {toxinidir}/tests/inventory \ + --syntax-check \ + --list-tasks \ + -e "rolename={toxinidir}" \ + {toxinidir}/tests/test.yml + + +[testenv:ansible-lint] +deps = + ansible>1.9,<2.0 + ansible-lint +whitelist_externals = + bash +commands = + ansible-lint {toxinidir}/tests/test.yml + + +[testenv:functional] +passenv = + HOME +setenv = + ANSIBLE_HOST_KEY_CHECKING = False + # TODO (odyssey4me) These are only here as they are non-standard folder + # names for Ansible 1.9.x. We are using the standard folder names for + # Ansible v2.x. We can remove this when we move to Ansible 2.x. + ANSIBLE_ACTION_PLUGINS = {homedir}/.ansible/plugins/action + ANSIBLE_CALLBACK_PLUGINS = {homedir}/.ansible/plugins/callback + ANSIBLE_FILTER_PLUGINS = {homedir}/.ansible/plugins/filter + ANSIBLE_LOOKUP_PLUGINS = {homedir}/.ansible/plugins/lookup + # This is required as the default is the current path or a path specified in + # ansible.cfg + ANSIBLE_LIBRARY = {homedir}/.ansible/plugins/library + # This is required as the default is '/etc/ansible/roles' or a path specified + # in ansible.cfg + ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/.. +deps = + ansible>1.9,<2.0 +whitelist_externals = + git + rm +commands = + rm -rf {homedir}/.ansible + git clone https://git.openstack.org/openstack/openstack-ansible-plugins {homedir}/.ansible/plugins + ansible-galaxy install \ + --role-file={toxinidir}/tests/ansible-role-requirements.yml \ + --ignore-errors \ + --force + ansible-playbook -i {toxinidir}/tests/inventory \ + -e "rolename={toxinidir}" \ + {toxinidir}/tests/test.yml + ansible-playbook -i {toxinidir}/tests/stand-alone \ + -e "rolename={toxinidir}" \ + {toxinidir}/tests/stand-alone.yml + + +[testenv:linters] +passenv = + HOME +setenv = + # TODO (odyssey4me) These are only here as they are non-standard folder + # names for Ansible 1.9.x. We are using the standard folder names for + # Ansible v2.x. We can remove this when we move to Ansible 2.x. + ANSIBLE_ACTION_PLUGINS = {homedir}/.ansible/plugins/action + ANSIBLE_CALLBACK_PLUGINS = {homedir}/.ansible/plugins/callback + ANSIBLE_FILTER_PLUGINS = {homedir}/.ansible/plugins/filter + ANSIBLE_LOOKUP_PLUGINS = {homedir}/.ansible/plugins/lookup + # This is required as the default is the current path or a path specified in + # ansible.cfg + ANSIBLE_LIBRARY = {homedir}/.ansible/plugins/library + # This is required as the default is '/etc/ansible/roles' or a path specified + # in ansible.cfg + ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/.. +deps = + {[testenv:pep8]deps} + {[testenv:bashate]deps} + {[testenv:ansible-lint]deps} + # note that the ansible-syntax deps are omitted on purpose as the + # ansible-lint env contains duplicate items in its dep list +whitelist_externals = + bash + git + rm +commands = + {[testenv:pep8]commands} + {[testenv:bashate]commands} + {[testenv:ansible-lint]commands} + {[testenv:ansible-syntax]commands} diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml new file mode 100644 index 00000000..cf5d2366 --- /dev/null +++ b/vars/ubuntu-14.04.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Common apt packages +keystone_apt_packages: + - apache2 + - apache2-utils + - debhelper + - dh-apparmor + - docutils-common + - git + - libffi-dev + - libapache2-mod-wsgi + - libjs-sphinxdoc + - libjs-underscore + - libldap2-dev + - libsasl2-dev + - libxslt1.1 + - libxslt1-dev + - libxml2-dev + - python-dev + - rsync + +keystone_idp_apt_packages: + - ssl-cert + - xmlsec1 + +keystone_developer_apt_packages: + - build-essential \ No newline at end of file