commit bb87b62ea40b5a9fff1daf6a734ada000552da94 Author: root Date: Tue Sep 20 19:19:12 2016 +0000 first commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9325160 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.swp +*.pyc + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..984f944 --- /dev/null +++ b/LICENSE @@ -0,0 +1,203 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..ff72fb0 --- /dev/null +++ b/README.rst @@ -0,0 +1,11 @@ +==================================== +Tacker role for OpenStack-Ansible +==================================== + +Ansible role to install OpenStack Tacker. + +Documentation for the project can be found at: + http:// + +The project home is at: + http://launchpad.net/openstack-ansible diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..fc90980 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,158 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## Verbosity Options +debug: False +verbose: True + +# Set the package install state for distribution packages +# Options are 'present' and 'latest' +tacker_package_state: "latest" + +tacker_git_repo: https://git.openstack.org/openstack/tacker +tacker_git_install_branch: master +tacker_requirements_git_repo: https://git.openstack.org/openstack/requirements +tacker_requirements_git_install_branch: master +tacker_developer_mode: false +tacker_developer_constraints: + - "git+{{ tacker_git_repo }}@{{ tacker_git_install_branch }}#egg=tacker" + +#tacker_venv_enabled: true + +# Name of the virtual env to deploy into +tacker_venv_tag: untagged +tacker_bin: "/openstack/venvs/tacker-{{ tacker_venv_tag }}/bin" +#tacker_venv_bin: "/openstack/venvs/tacker-{{ tacker_venv_tag }}/bin" + +# Set the etc dir path where tacker is installed. +# This is used for role access to the db migrations. +# Example: +# tacker_etc_dir: "/usr/local/etc/tacker" +tacker_etc_dir: "{{ tacker_bin | dirname }}/etc/tacker" + +tacker_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/tacker.tgz + + +## System info +tacker_system_user_name: tacker +tacker_system_group_name: tacker +tacker_system_shell: /bin/false +tacker_system_comment: tacker system user +tacker_system_user_home: "/var/lib/{{ tacker_system_user_name }}" + + +## RabbitMQ info + +tacker_rabbitmq_userid: tacker +tacker_rabbitmq_vhost: /tacker +glance_rabbitmq_port: 5672 +glance_rabbitmq_servers: 127.0.0.1 +glance_rabbitmq_use_ssl: False + +## DB info +tacker_galera_database: tacker +tacker_galera_user: tacker + +tacker_role_name: admin +tacker_bind_address: 0.0.0.0 +tacker_service_port: 8888 +tacker_program_name: tacker-server + +## Service Type and Data +tacker_service_region: RegionOne +tacker_service_name: tacker +tacker_service_proto: http +tacker_service_type: nfv-orchestration +tacker_service_description: "tacker service" +tacker_service_publicuri: "{{ tacker_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ tacker_service_port }}" +tacker_service_publicurl: "{{ tacker_service_publicuri }}" +tacker_service_internaluri: "{{ tacker_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ tacker_service_port }}" +tacker_service_internalurl: "{{ tacker_service_internaluri }}" +tacker_service_adminuri: "{{ tacker_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ tacker_service_port }}" +tacker_service_adminurl: "{{ tacker_service_adminuri }}" +tacker_service_registry_proto: "{{ tacker_service_proto }}" +tacker_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(tacker_service_proto) }}" +tacker_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(tacker_service_proto) }}" +tacker_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(tacker_service_proto) }}" + + +#NOTE: move password to tests/test-vars.yml +tacker_service_password: password + +## Keystone +tacker_service_project_domain_id: default +tacker_service_project_name: service +tacker_service_user_domain_id: default +tacker_service_user_name: tacker +tacker_keystone_auth_plugin: password + +tacker_service_in_ldap: false + +# packages that must be installed before anything else +tacker_requires_pip_packages: + - virtualenv + - virtualenv-tools + - python-keystoneclient # Keystoneclient needed to OSA keystone lib + +## Common pip packages +tacker_pip_packages: + - PyMySQL + - tacker + - mysql-python + + +#NOTE: these default should be updated approprietly +# tacker-horizon uses this +tackerclient_git_url: https://github.com/openstack/python-tackerclient.git +tacker_git_branch: "stable/liberty" + +#tacker_git_dest: "{{ tacker_system_user_home }}/tacker" + +# tacker horizon vars +tacker_horizon_venv: "/openstack/venvs/horizon-{{ openstack_release }}" +tacker_horizon_venv_bin: "{{ tacker_horizon_venv }}/bin" +tacker_horizon_enable_path: "{{ tacker_horizon_venv }}/lib/python2.7/site-packages/openstack_dashboard/enabled" +tacker_horizon_git: https://github.com/openstack/tacker-horizon.git + + +## Service Names +tacker_service_names: + - "tacker-server" + +tacker_config_options: --config-file {{ tacker_etc_dir }}/tacker.conf + +## tacker config +tacker_heat_stack_retires: 60 +tacker_heat_stack_retry_wait: 5 + +# heat service paramter for tacker.conf +heat_service_adminurl: "{{ tacker_service_publicuri_proto }}://{{ external_lb_vip_address }}:8004/v1" + + +# This variable is used by the repo_build process to determine +# which host group to check for members of before building the +# pip packages required by this role. The value is picked up +# by the py_pkgs lookup. +tacker_role_project_group: tacker_all + +## Tunable overrides +tacker_tacker_conf_overrides: {} +tacker_api_paste_ini_overrides: {} +tacker_policy_overrides: {} +tacker_rootwrap_overrides: {} + diff --git a/extras/conf.d/tacker.yml.example b/extras/conf.d/tacker.yml.example new file mode 100644 index 0000000..2aa5f63 --- /dev/null +++ b/extras/conf.d/tacker.yml.example @@ -0,0 +1,23 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +tacker_hosts: + aio1: + affinity: + tacker_container: 1 + ip: 172.29.236.100 + diff --git a/extras/env.d/tacker.yml b/extras/env.d/tacker.yml new file mode 100644 index 0000000..09e05b5 --- /dev/null +++ b/extras/env.d/tacker.yml @@ -0,0 +1,40 @@ + --- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +component_skel: + tacker_server: + belongs_to: + - tacker_all + +container_skel: + tacker_container: + belongs_to: + - tacker_containers + contains: + - tacker_server + properties: + service_name: tacker + +physical_skel: + tacker_containers: + belongs_to: + - all_containers + tacker_hosts: + belongs_to: + - hosts + diff --git a/extras/haproxy_tacker.yml b/extras/haproxy_tacker.yml new file mode 100644 index 0000000..1fb549e --- /dev/null +++ b/extras/haproxy_tacker.yml @@ -0,0 +1,9 @@ + - service: + haproxy_service_name: tacker_server + haproxy_backend_nodes: "{{ groups['tacker_server'] | default([]) }}" + haproxy_port: 8888 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" diff --git a/extras/os-tacker-install.yml b/extras/os-tacker-install.yml new file mode 100644 index 0000000..c461b2c --- /dev/null +++ b/extras/os-tacker-install.yml @@ -0,0 +1,101 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +- name: Install tacker server + hosts: tacker_server + #hosts: tacker_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Use the lxc-openstack aa profile + lxc_container: + name: "{{ container_name }}" + container_config: + - "lxc.aa_profile=lxc-openstack" + delegate_to: "{{ physical_host }}" + when: not is_metal | bool + register: container_config + tags: + - lxc-aa-profile + - name: Wait for container ssh + wait_for: + port: "22" + delay: "{{ ssh_delay }}" + search_regex: "OpenSSH" + host: "{{ ansible_ssh_host }}" + delegate_to: "{{ physical_host }}" + when: > + (container_config is defined and container_config | changed) or + (container_extra_config is defined and container_config | changed) + register: ssh_wait_check + until: ssh_wait_check | success + retries: 3 + tags: + - ssh-wait + - name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups['tacker_all'] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + - name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-tacker" } + when: is_metal | bool + tags: + - tacker-logs + - tacker-log-dirs + - name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "{{ item.state }}" + force: "yes" + with_items: + - { src: "/openstack/log/{{ inventory_hostname }}-tacker", dest: "/var/log/tacker", state: "link" } + when: is_metal | bool + tags: + - tacker-logs + roles: + - role: "os_tacker" + tacker_galera_address: "{{ galera_address }}" + tacker_venv_tag: "{{ openstack_release }}" + tacker_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/tacker-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz" + tags: + - "os-tacker" + - { role: "openstack_openrc", tags: [ "openstack-openrc" ] } + - role: "rsyslog_client" + rsyslog_client_log_rotate_file: tacker_log_rotate + rsyslog_client_log_dir: "/var/log/tacker" + rsyslog_client_config_name: "99-tacker-rsyslog-client.conf" + tags: + - "tacker-rsyslog-client" + - "rsyslog-client" + - role: "system_crontab_coordination" + tags: + - "system-crontab-coordination" + vars: + galera_address: "{{ internal_lb_vip_address }}" + ansible_hostname: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/extras/repo_tacker.yml b/extras/repo_tacker.yml new file mode 100644 index 0000000..fdecd67 --- /dev/null +++ b/extras/repo_tacker.yml @@ -0,0 +1,6 @@ + +## Tacker Service +tacker_git_repo: https://git.openstack.org/openstack/tacker +tacker_git_install_branch: 3f4e899f79903a76ffc2562531012801afb6468e # HEAD of master as of 2016-09-16 +tacker_git_dest: "/opt/tacker_{{ tacker_git_install_branch | replace('/', '_') }}" +tacker_git_project_group: tacker_all diff --git a/extras/user_secrets.yml b/extras/user_secrets.yml new file mode 100644 index 0000000..ec1b559 --- /dev/null +++ b/extras/user_secrets.yml @@ -0,0 +1,3 @@ +tacker_service_password: +tacker_container_mysql_password: +tacker_rabbitmq_password: diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..33af4a5 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,35 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Restart tacker services + service: + name: "{{ item }}" + state: restarted + pattern: "{{ item }}" + with_items: "{{ tacker_service_names }}" + failed_when: false + +- name: Restart apache + service: + name: apache2 + state: restarted + delegate_to: "{{ item }}" + with_items: + - "{{ groups['horizon_all'] }}" + + + diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..4a554db --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,44 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +galaxy_info: + author: jrametta + description: Tacker deployment with OpenStack Ansible + company: OpenStack + license: Apache2 + + min_ansible_version: 1.9 + + platforms: + - name: Ubuntu + versions: + - trusty + - xenial + galaxy_tags: + - cloud + - openstack + - tacker + - python + +dependencies: + - pip_install + - role: apt_package_pinning + when: + - ansible_pkg_mgr == 'apt' + - galera_client + - openstack_openrc diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..6c400a5 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,87 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Check init system + command: cat /proc/1/comm + register: _pid1_name + tags: + - always + +- name: Set the name of pid1 + set_fact: + pid1_name: "{{ _pid1_name.stdout }}" + tags: + - always + +- include: tacker_pre_install.yml + tags: + - tacker-install +- include: tacker_install.yml + tags: + - tacker-install + +- include: tacker_install.yml + tags: + - tacker-install + +- include: tacker_post_install.yml + tags: + - tacker-install + - tacker-config + +- include: tacker_init.yml + tags: + - tacker-install + +#- include: tacker_init_common.yml + #tags: + #- tacker-install + +- include: tacker_db_setup.yml + when: > + inventory_hostname == groups['tacker_all'][0] + tags: + - tacker-install + +- include: tacker_service_setup.yml + when: > + inventory_hostname == groups['tacker_all'][0] + tags: + - tacker-install + +#NOTE: comment for now +#- include: tacker_horizon.yml + #when: > + #inventory_hostname == groups['tacker_all'][0] + #tags: + #- tacker-install + #- tacker-horizon + +- name: Flush handlers + meta: flush_handlers diff --git a/tasks/tacker_db_setup.yml b/tasks/tacker_db_setup.yml new file mode 100644 index 0000000..7bb829d --- /dev/null +++ b/tasks/tacker_db_setup.yml @@ -0,0 +1,51 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ tacker_galera_address }}" + name: "{{ tacker_galera_database }}" + state: "present" + tags: + - tacker-db-setup + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ tacker_galera_address }}" + name: "{{ tacker_galera_user }}" + password: "{{ tacker_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ tacker_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + tags: + - tacker-db-setup + +- name: Perform a tacker DB sync + command: "{{ tacker_bin }}/tacker-db-manage + --config-file {{ tacker_etc_dir }}/tacker.conf upgrade head" + become: yes + become_user: "{{ tacker_system_user_name }}" + tags: + - tacker-db-sync + - tacker-setup + - tacker-command-bin + diff --git a/tasks/tacker_horizon.yml b/tasks/tacker_horizon.yml new file mode 100644 index 0000000..bfd02ac --- /dev/null +++ b/tasks/tacker_horizon.yml @@ -0,0 +1,75 @@ +--- +# tacker horizon dashboard setup + +# tacker horizon depends on tacker client +- name: Clone tacker client + git: + repo: "{{ tackerclient_git_url }}" + version: "{{ tacker_git_branch }}" + dest: /tmp/python-tackerclient + force: yes + register: tackerclient_git_clone + delegate_to: "{{ item }}" + with_items: + - "{{ groups['horizon_all'] }}" + until: tackerclient_git_clone|success + retries: 5 + delay: 2 + tags: + - tacker-horizon-install + +- name: Install tacker client into venv + command: python setup.py install + args: + chdir: /tmp/python-tackerclient + creates: /usr/local/bin/tacker + delegate_to: "{{ item }}" + with_items: + - "{{ groups['horizon_all'] }}" + tags: + - tacker-horizon-install + +- name: Clone tacker horizon source + git: + repo: "{{ tacker_horizon_git }}" + version: stable/liberty + dest: /tmp/python-tacker-horizon + force: yes + register: tackerhorizon_git_clone + delegate_to: "{{ item }}" + with_items: + - "{{ groups['horizon_all'] }}" + until: tackerhorizon_git_clone|success + retries: 5 + delay: 2 + tags: + - tacker-horizon-install + +#NOTE: not sure if this is the right way to do this + +- name: Install tacker horizon into venv + command: "{{ tacker_horizon_venv_bin }}/python setup.py install" + args: + chdir: /tmp/python-tacker-horizon + creates: + "{{ tacker_horizon_venv_bin }}/../lib/python2.7/site-packages/tacker_horizon" + delegate_to: "{{ item }}" + notify: Restart apache + with_items: + - "{{ groups['horizon_all'] }}" + tags: + - tacker-horizon-install + +- name: Enable tacker in openstack dashboard + command: cp openstack_dashboard_extensions/_80_nfv.py {{ tacker_horizon_enable_path }}/_80_nfv.py + args: + chdir: /tmp/python-tacker-horizon + creates: "{{ tacker_horizon_enable_path }}/_80_nfv.py" + delegate_to: "{{ item }}" + notify: Restart apache + with_items: + - "{{ groups['horizon_all'] }}" + tags: + - tacker-horizon-install + + diff --git a/tasks/tacker_init.yml b/tasks/tacker_init.yml new file mode 100644 index 0000000..2146f7f --- /dev/null +++ b/tasks/tacker_init.yml @@ -0,0 +1,26 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: tacker_init_common.yml + vars: + program_name: "{{ tacker_program_name }}" + service_name: "{{ tacker_service_name }}" + system_user: "{{ tacker_system_user_name }}" + system_group: "{{ tacker_system_group_name }}" + service_home: "{{ tacker_system_user_home }}" + program_config_options: "{{ tacker_config_options }}" + diff --git a/tasks/tacker_init_common.yml b/tasks/tacker_init_common.yml new file mode 100644 index 0000000..d2564e3 --- /dev/null +++ b/tasks/tacker_init_common.yml @@ -0,0 +1,31 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: tacker_init_upstart.yml + when: pid1_name == "init" + +- include: tacker_init_systemd.yml + when: pid1_name == "systemd" + +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" + notify: + - Restart tacker services + + diff --git a/tasks/tacker_init_systemd.yml b/tasks/tacker_init_systemd.yml new file mode 100644 index 0000000..c7b2abf --- /dev/null +++ b/tasks/tacker_init_systemd.yml @@ -0,0 +1,56 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create TEMP run dir + file: + path: "/var/run/{{ program_name }}" + state: directory + owner: "{{ system_user }}" + group: "{{ system_group }}" + mode: "02755" + +- name: Create TEMP lock dir + file: + path: "/var/lock/{{ program_name }}" + state: directory + owner: "{{ system_user }}" + group: "{{ system_group }}" + mode: "02755" + +- name: Create tempfile.d entry + template: + src: "tacker-systemd-tempfiles.j2" + dest: "/etc/tmpfiles.d/tacker.conf" + mode: "0644" + owner: "root" + group: "root" + +- name: Place the systemd init script + template: + src: "tacker-systemd-init.j2" + dest: "/etc/systemd/system/{{ program_name }}.service" + mode: "0644" + owner: "root" + group: "root" + register: systemd_init + +- name: Reload the systemd daemon + command: "systemctl daemon-reload" + when: systemd_init | changed + notify: + - Restart tacker services + diff --git a/tasks/tacker_init_upstart.yml b/tasks/tacker_init_upstart.yml new file mode 100644 index 0000000..6738e9d --- /dev/null +++ b/tasks/tacker_init_upstart.yml @@ -0,0 +1,35 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Place the init script + template: + src: "tacker-upstart-init.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + register: upstart_init + notify: + - Restart tacker services + +- name: Reload init scripts + shell: | + initctl reload-configuration + when: upstart_init | changed + notify: + - Restart tacker services + diff --git a/tasks/tacker_install.yml b/tasks/tacker_install.yml new file mode 100644 index 0000000..7e0f17f --- /dev/null +++ b/tasks/tacker_install.yml @@ -0,0 +1,146 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: tacker_install_apt.yml + when: + - ansible_pkg_mgr == 'apt' + +- name: Create developer mode constraint file + copy: + dest: "/opt/developer-pip-constraints.txt" + content: | + {% for item in tacker_developer_constraints %} + {{ item }} + {% endfor %} + when: + - tacker_developer_mode | bool + +- name: Clone requirements git repository + git: + repo: "{{ tacker_requirements_git_repo }}" + dest: "/opt/requirements" + clone: yes + update: yes + version: "{{ tacker_requirements_git_install_branch }}" + when: + - tacker_developer_mode | bool + +- name: Add constraints to pip_install_options fact for developer mode + set_fact: + pip_install_options_fact: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt --constraint /opt/requirements/upper-constraints.txt" + when: + - tacker_developer_mode | bool + +- name: Set pip_install_options_fact when not in developer mode + set_fact: + pip_install_options_fact: "{{ pip_install_options|default('') }}" + when: + - not tacker_developer_mode | bool + +- name: Install requires pip packages + pip: + name: "{{ tacker_requires_pip_packages | join(' ') }}" + state: latest + extra_args: "{{ pip_install_options_fact }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + +- name: Get local venv checksum + stat: + path: "/var/cache/{{ tacker_venv_download_url | basename }}" + get_md5: False + when: + - not tacker_developer_mode | bool + register: local_venv_stat + +#- name: Get remote venv checksum + #uri: + #url: "{{ tacker_venv_download_url | replace('tgz', 'checksum') }}" + #return_content: True + #when: + #- not tacker_developer_mode | bool + #register: remote_venv_checksum + +# TODO: When project moves to ansible 2 we can pass this a sha256sum which will: +# a) allow us to remove force: yes +# b) allow the module to calculate the checksum of dest file which would +# result in file being downloaded only if provided and dest sha256sum +# checksums differ +- name: Attempt venv download + get_url: + url: "{{ tacker_venv_download_url }}" + dest: "/var/cache/{{ tacker_venv_download_url | basename }}" + force: yes + ignore_errors: true + register: get_venv + when: + - not tacker_developer_mode | bool + - (local_venv_stat.stat.exists == False or + {{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }}) + +- name: Set tacker get_venv fact + set_fact: + tacker_get_venv: "{{ get_venv }}" + +- name: Remove existing venv + file: + path: "{{ tacker_bin | dirname }}" + state: absent + when: + - tacker_get_venv | changed + +- name: Create tacker venv dir + file: + path: "{{ tacker_bin | dirname }}" + state: directory + register: tacker_venv_dir + +- name: Unarchive pre-built venv + unarchive: + src: "/var/cache/{{ tacker_venv_download_url | basename }}" + dest: "{{ tacker_bin | dirname }}" + copy: "no" + when: + - not tacker_developer_mode | bool + - tacker_get_venv | changed or tacker_venv_dir | changed + notify: + - Restart tacker services + +- name: Install pip packages + pip: + name: "{{ tacker_pip_packages | join(' ') }}" + state: latest + virtualenv: "{{ tacker_bin | dirname }}" + virtualenv_site_packages: "no" + extra_args: "{{ pip_install_options_fact }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + when: + - tacker_get_venv | failed or tacker_developer_mode | bool + notify: + - Restart tacker services + +- name: Update virtualenv path + command: > + virtualenv-tools --update-path=auto {{ tacker_bin | dirname }} + when: + - not tacker_developer_mode | bool + - tacker_get_venv | success diff --git a/tasks/tacker_install_apt.yml b/tasks/tacker_install_apt.yml new file mode 100644 index 0000000..b907be8 --- /dev/null +++ b/tasks/tacker_install_apt.yml @@ -0,0 +1,40 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache +#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged +#in 1.9.x or we move to 2.0 (if tested working) + +- name: Check apt last update file + stat: + path: /var/cache/apt + register: apt_cache_stat + +- name: Update apt if needed + apt: + update_cache: yes + when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}" + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: "{{ tacker_package_state }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: "{{ tacker_distro_packages }}" diff --git a/tasks/tacker_messaging_setup.yml b/tasks/tacker_messaging_setup.yml new file mode 100644 index 0000000..279b2b0 --- /dev/null +++ b/tasks/tacker_messaging_setup.yml @@ -0,0 +1,27 @@ +--- +# tacker messaging setup + + +- name: Ensure Rabbitmq vhost + rabbitmq_vhost: + name: "{{ tacker_rabbitmq_vhost }}" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" + tags: + - tacker-rabbitmq + - tacker-rabbitmq-vhost + +- name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ tacker_rabbitmq_userid }}" + password: "{{ tacker_rabbitmq_password }}" + vhost: "{{ tacker_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" + tags: + - tacker-rabbitmq + - tacker-rabbitmq-user + diff --git a/tasks/tacker_post_install.yml b/tasks/tacker_post_install.yml new file mode 100644 index 0000000..875db4a --- /dev/null +++ b/tasks/tacker_post_install.yml @@ -0,0 +1,62 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#- name: Get tacker command path + #command: which {{ tacker_program_name }} + #register: tacker_command_path + #when: + #- not tacker_venv_enabled | bool + #tags: + #- tacker-command-bin + +#- name: Set tacker command path + #set_fact: + #tacker_bin: "{{ tacker_command_path.stdout | dirname }}" + #when: + #- not tacker_venv_enabled | bool + #tags: + #- tacker-command-bin + +- name: Drop tacker Config(s) + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ tacker_system_user_name }}" + group: "{{ tacker_system_group_name }}" + mode: "0644" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "etc/tacker/tacker.conf.j2" + dest: "{{ tacker_etc_dir }}/tacker.conf" + config_overrides: "{{ tacker_tacker_conf_overrides }}" + config_type: "ini" + - src: "etc/tacker/api-paste.ini.j2" + dest: "{{ tacker_etc_dir }}/api-paste.ini" + config_overrides: "{{ tacker_api_paste_ini_overrides }}" + config_type: "ini" + - src: "etc/tacker/rootwrap.conf.j2" + dest: "{{ tacker_etc_dir}}/rootwrap.conf" + config_overrides: "{{ tacker_rootwrap_overrides }}" + config_type: "ini" + - src: "etc/tacker/policy.json.j2" + dest: "{{ tacker_etc_dir }}/policy.json" + config_overrides: "{{ tacker_policy_overrides }}" + config_type: "json" + notify: + - Restart tacker services + diff --git a/tasks/tacker_pre_install.yml b/tasks/tacker_pre_install.yml new file mode 100644 index 0000000..29f11dd --- /dev/null +++ b/tasks/tacker_pre_install.yml @@ -0,0 +1,80 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: create the system group + group: + name: "{{ tacker_system_group_name }}" + state: "present" + system: "yes" + +- name: Create the tacker system user + user: + name: "{{ tacker_system_user_name }}" + group: "{{ tacker_system_group_name }}" + comment: "{{ tacker_system_comment }}" + shell: "{{ tacker_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ tacker_system_user_home }}" + +- name: Create tacker directories + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(tacker_system_user_name) }}" + group: "{{ item.group|default(tacker_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/openstack", mode: "0755", owner: "root", group: "root" } + - { path: "/etc/tacker" } + - { path: "/var/cache/tacker" } + - { path: "{{ tacker_system_user_home }}" } + +#- name: Create tacker venv dir + #file: + #path: "{{ item.path }}" + #state: directory + #with_items: + #- { path: "/openstack/venvs" } + #- { path: "{{ tacker_venv_bin }}" } + #when: tacker_venv_enabled | bool + #tags: + #- tacker-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/tacker" ]; then + chown -h {{ tacker_system_user_name }}:{{ tacker_system_group_name }} "/var/log/tacker" + chown -R {{ tacker_system_user_name }}:{{ tacker_system_group_name }} "$(readlink /var/log/tacker)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + +- name: Create tacker log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(tacker_system_user_name) }}" + group: "{{ item.group|default(tacker_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/tacker" } + when: log_dir.rc != 0 + diff --git a/tasks/tacker_service_setup.yml b/tasks/tacker_service_setup.yml new file mode 100644 index 0000000..7e1b861 --- /dev/null +++ b/tasks/tacker_service_setup.yml @@ -0,0 +1,93 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create a service +- name: Ensure tacker service + keystone: + command: "ensure_service" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + service_name: "{{ tacker_service_name }}" + service_type: "{{ tacker_service_type }}" + description: "{{ tacker_service_description }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 + +# Create an admin user +- name: Ensure tacker user + keystone: + command: "ensure_user" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ tacker_service_user_name }}" + tenant_name: "{{ tacker_service_project_name }}" + password: "{{ tacker_service_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not tacker_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + +# Add a role to the user +- name: Ensure tacker user to admin role + keystone: + command: "ensure_user_role" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ tacker_service_user_name }}" + tenant_name: "{{ tacker_service_project_name }}" + role_name: "{{ tacker_role_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not tacker_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + +# Create an endpoint +- name: Ensure tacker endpoint + keystone: + command: "ensure_endpoint" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + region_name: "{{ tacker_service_region }}" + service_name: "{{ tacker_service_name }}" + service_type: "{{ tacker_service_type }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_list: + - url: "{{ tacker_service_publicurl }}" + interface: "public" + - url: "{{ tacker_service_internalurl }}" + interface: "internal" + - url: "{{ tacker_service_adminurl }}" + interface: "admin" + register: add_service + until: add_service|success + retries: 5 + delay: 10 diff --git a/templates/etc/tacker/api-paste.ini.j2 b/templates/etc/tacker/api-paste.ini.j2 new file mode 100644 index 0000000..1e44ef2 --- /dev/null +++ b/templates/etc/tacker/api-paste.ini.j2 @@ -0,0 +1,30 @@ +[composite:tacker] +use = egg:Paste#urlmap +/: tackerversions +/v1.0: tackerapi_v1_0 + +[composite:tackerapi_v1_0] +use = call:tacker.auth:pipeline_factory +noauth = request_id catch_errors extensions tackerapiapp_v1_0 +keystone = request_id catch_errors authtoken keystonecontext extensions tackerapiapp_v1_0 + +[filter:request_id] +paste.filter_factory = oslo_middleware:RequestId.factory + +[filter:catch_errors] +paste.filter_factory = oslo_middleware:CatchErrors.factory + +[filter:keystonecontext] +paste.filter_factory = tacker.auth:TackerKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:extensions] +paste.filter_factory = tacker.api.extensions:extension_middleware_factory + +[app:tackerversions] +paste.app_factory = tacker.api.versions:Versions.factory + +[app:tackerapiapp_v1_0] +paste.app_factory = tacker.api.v1.router:APIRouter.factory diff --git a/templates/etc/tacker/api-paste.ini.j2.liberty b/templates/etc/tacker/api-paste.ini.j2.liberty new file mode 100644 index 0000000..19da28c --- /dev/null +++ b/templates/etc/tacker/api-paste.ini.j2.liberty @@ -0,0 +1,30 @@ +[composite:tacker] +use = egg:Paste#urlmap +/: tackerversions +/v1.0: tackerapi_v1_0 + +[composite:tackerapi_v1_0] +use = call:tacker.auth:pipeline_factory +noauth = request_id catch_errors extensions tackerapiapp_v1_0 +keystone = request_id catch_errors authtoken keystonecontext extensions tackerapiapp_v1_0 + +[filter:request_id] +paste.filter_factory = oslo.middleware:RequestId.factory + +[filter:catch_errors] +paste.filter_factory = oslo.middleware:CatchErrors.factory + +[filter:keystonecontext] +paste.filter_factory = tacker.auth:TackerKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:extensions] +paste.filter_factory = tacker.api.extensions:extension_middleware_factory + +[app:tackerversions] +paste.app_factory = tacker.api.versions:Versions.factory + +[app:tackerapiapp_v1_0] +paste.app_factory = tacker.api.v1.router:APIRouter.factory diff --git a/templates/etc/tacker/policy.json.j2 b/templates/etc/tacker/policy.json.j2 new file mode 100644 index 0000000..b38bc69 --- /dev/null +++ b/templates/etc/tacker/policy.json.j2 @@ -0,0 +1,10 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", + "admin_only": "rule:context_is_admin", + "regular_user": "", + "shared": "field:vims:shared=True", + "default": "rule:admin_or_owner", + + "get_vim": "rule:admin_or_owner or rule:shared" +} diff --git a/templates/etc/tacker/policy.json.j2.liberty b/templates/etc/tacker/policy.json.j2.liberty new file mode 100644 index 0000000..369e0a8 --- /dev/null +++ b/templates/etc/tacker/policy.json.j2.liberty @@ -0,0 +1,136 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", + "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", + "admin_only": "rule:context_is_admin", + "regular_user": "", + "shared": "field:networks:shared=True", + "shared_firewalls": "field:firewalls:shared=True", + "external": "field:networks:router:external=True", + "default": "rule:admin_or_owner", + + "subnets:private:read": "rule:admin_or_owner", + "subnets:private:write": "rule:admin_or_owner", + "subnets:shared:read": "rule:regular_user", + "subnets:shared:write": "rule:admin_only", + + "create_subnet": "rule:admin_or_network_owner", + "get_subnet": "rule:admin_or_owner or rule:shared", + "update_subnet": "rule:admin_or_network_owner", + "delete_subnet": "rule:admin_or_network_owner", + + "create_network": "", + "get_network": "rule:admin_or_owner or rule:shared or rule:external", + "get_network:router:external": "rule:regular_user", + "get_network:segments": "rule:admin_only", + "get_network:provider:network_type": "rule:admin_only", + "get_network:provider:physical_network": "rule:admin_only", + "get_network:provider:segmentation_id": "rule:admin_only", + "get_network:queue_id": "rule:admin_only", + "create_network:shared": "rule:admin_only", + "create_network:router:external": "rule:admin_only", + "create_network:segments": "rule:admin_only", + "create_network:provider:network_type": "rule:admin_only", + "create_network:provider:physical_network": "rule:admin_only", + "create_network:provider:segmentation_id": "rule:admin_only", + "update_network": "rule:admin_or_owner", + "update_network:segments": "rule:admin_only", + "update_network:shared": "rule:admin_only", + "update_network:provider:network_type": "rule:admin_only", + "update_network:provider:physical_network": "rule:admin_only", + "update_network:provider:segmentation_id": "rule:admin_only", + "delete_network": "rule:admin_or_owner", + + "create_port": "", + "create_port:mac_address": "rule:admin_or_network_owner", + "create_port:fixed_ips": "rule:admin_or_network_owner", + "create_port:port_security_enabled": "rule:admin_or_network_owner", + "create_port:binding:host_id": "rule:admin_only", + "create_port:binding:profile": "rule:admin_only", + "create_port:mac_learning_enabled": "rule:admin_or_network_owner", + "get_port": "rule:admin_or_owner", + "get_port:queue_id": "rule:admin_only", + "get_port:binding:vif_type": "rule:admin_only", + "get_port:binding:vif_details": "rule:admin_only", + "get_port:binding:host_id": "rule:admin_only", + "get_port:binding:profile": "rule:admin_only", + "update_port": "rule:admin_or_owner", + "update_port:fixed_ips": "rule:admin_or_network_owner", + "update_port:port_security_enabled": "rule:admin_or_network_owner", + "update_port:binding:host_id": "rule:admin_only", + "update_port:binding:profile": "rule:admin_only", + "update_port:mac_learning_enabled": "rule:admin_or_network_owner", + "delete_port": "rule:admin_or_owner", + + "create_router:external_gateway_info:enable_snat": "rule:admin_only", + "update_router:external_gateway_info:enable_snat": "rule:admin_only", + + "create_firewall": "", + "get_firewall": "rule:admin_or_owner", + "create_firewall:shared": "rule:admin_only", + "get_firewall:shared": "rule:admin_only", + "update_firewall": "rule:admin_or_owner", + "update_firewall:shared": "rule:admin_only", + "delete_firewall": "rule:admin_or_owner", + + "create_firewall_policy": "", + "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls", + "create_firewall_policy:shared": "rule:admin_or_owner", + "update_firewall_policy": "rule:admin_or_owner", + "delete_firewall_policy": "rule:admin_or_owner", + + "create_firewall_rule": "", + "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls", + "update_firewall_rule": "rule:admin_or_owner", + "delete_firewall_rule": "rule:admin_or_owner", + + "create_qos_queue": "rule:admin_only", + "get_qos_queue": "rule:admin_only", + + "update_agent": "rule:admin_only", + "delete_agent": "rule:admin_only", + "get_agent": "rule:admin_only", + + "create_dhcp-network": "rule:admin_only", + "delete_dhcp-network": "rule:admin_only", + "get_dhcp-networks": "rule:admin_only", + "create_l3-router": "rule:admin_only", + "delete_l3-router": "rule:admin_only", + "get_l3-routers": "rule:admin_only", + "get_dhcp-agents": "rule:admin_only", + "get_l3-agents": "rule:admin_only", + "get_loadbalancer-agent": "rule:admin_only", + "get_loadbalancer-pools": "rule:admin_only", + + "create_router": "rule:regular_user", + "get_router": "rule:admin_or_owner", + "update_router:add_router_interface": "rule:admin_or_owner", + "update_router:remove_router_interface": "rule:admin_or_owner", + "delete_router": "rule:admin_or_owner", + + "create_floatingip": "rule:regular_user", + "update_floatingip": "rule:admin_or_owner", + "delete_floatingip": "rule:admin_or_owner", + "get_floatingip": "rule:admin_or_owner", + + "create_network_profile": "rule:admin_only", + "update_network_profile": "rule:admin_only", + "delete_network_profile": "rule:admin_only", + "get_network_profiles": "", + "get_network_profile": "", + "update_policy_profiles": "rule:admin_only", + "get_policy_profiles": "", + "get_policy_profile": "", + + "create_metering_label": "rule:admin_only", + "delete_metering_label": "rule:admin_only", + "get_metering_label": "rule:admin_only", + + "create_metering_label_rule": "rule:admin_only", + "delete_metering_label_rule": "rule:admin_only", + "get_metering_label_rule": "rule:admin_only", + + "get_service_provider": "rule:regular_user", + "get_lsn": "rule:admin_only", + "create_lsn": "rule:admin_only" +} diff --git a/templates/etc/tacker/rootwrap.conf.j2 b/templates/etc/tacker/rootwrap.conf.j2 new file mode 100644 index 0000000..9c51bd4 --- /dev/null +++ b/templates/etc/tacker/rootwrap.conf.j2 @@ -0,0 +1,34 @@ +# Configuration for tacker-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/tacker/rootwrap.d,/usr/share/tacker/rootwrap + +# List of directories to search executables in, in case filters do not +# explicitely specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, local0, local1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR + +[xenapi] +# XenAPI configuration is only required by the L2 agent if it is to +# target a XenServer/XCP compute host's dom0. +xenapi_connection_url= +xenapi_connection_username=root +xenapi_connection_password= diff --git a/templates/etc/tacker/rootwrap.conf.j2.liberty b/templates/etc/tacker/rootwrap.conf.j2.liberty new file mode 100644 index 0000000..9c51bd4 --- /dev/null +++ b/templates/etc/tacker/rootwrap.conf.j2.liberty @@ -0,0 +1,34 @@ +# Configuration for tacker-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/tacker/rootwrap.d,/usr/share/tacker/rootwrap + +# List of directories to search executables in, in case filters do not +# explicitely specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, local0, local1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR + +[xenapi] +# XenAPI configuration is only required by the L2 agent if it is to +# target a XenServer/XCP compute host's dom0. +xenapi_connection_url= +xenapi_connection_username=root +xenapi_connection_password= diff --git a/templates/etc/tacker/tacker.conf.devstack_master b/templates/etc/tacker/tacker.conf.devstack_master new file mode 100644 index 0000000..4108810 --- /dev/null +++ b/templates/etc/tacker/tacker.conf.devstack_master @@ -0,0 +1,311 @@ +[DEFAULT] +nova_region_name = RegionOne +nova_api_insecure = False +nova_ca_certificates_file = +nova_admin_auth_url = http://10.18.133.120/identity_v2_admin +nova_admin_tenant_id = service +nova_admin_password = devstack +nova_admin_user_name = nova +nova_url = http://127.0.0.1:8774/v2 +auth_strategy = keystone +policy_file = /etc/tacker/policy.json +debug = True +logging_context_format_string = %(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s +use_syslog = False +state_path = /opt/stack/data/tacker +transport_url = rabbit://stackrabbit:devstack@10.18.133.120:5672/ + +# +# From tacker.common.config +# + +# The host IP to bind to (string value) +#bind_host = 0.0.0.0 + +# The port to bind to (integer value) +#bind_port = 9890 + +# The API paste config file to use (string value) +#api_paste_config = api-paste.ini + +# The path for API extensions (string value) +#api_extensions_path = + +# The service plugins Tacker will use (list value) +#service_plugins = nfvo,vnfm,commonservices + +# The policy file to use (string value) +#policy_file = policy.json + +# The type of authentication to use (string value) +#auth_strategy = keystone + +# Allow the usage of the bulk API (boolean value) +#allow_bulk = true + +# Allow the usage of the pagination (boolean value) +#allow_pagination = false + +# Allow the usage of the sorting (boolean value) +#allow_sorting = false + +# The maximum number of items returned in a single response, value was +# 'infinite' or negative integer means no limit (string value) +#pagination_max_limit = -1 + +# The hostname Tacker is running on (string value) +#host = stellarstack-1473375405-000 + +# URL for connection to nova (string value) +#nova_url = http://127.0.0.1:8774/v2 + +# Username for connecting to nova in admin context (string value) +#nova_admin_username = + +# Password for connection to nova in admin context (string value) +#nova_admin_password = + +# The uuid of the admin nova tenant (string value) +#nova_admin_tenant_id = + +# Authorization URL for connecting to nova in admin context (string value) +#nova_admin_auth_url = http://localhost:5000/v2.0 + +# CA file for novaclient to verify server certificates (string value) +#nova_ca_certificates_file = + +# If True, ignore any SSL validation issues (boolean value) +#nova_api_insecure = false + +# Name of nova region to use. Useful if keystone manages more than one region. +# (string value) +#nova_region_name = + +# Where to store Tacker state files. This directory must be writable by the +# agent. (string value) +#state_path = /var/lib/tacker + +# +# From tacker.service +# + +# Seconds between running periodic tasks (integer value) +#periodic_interval = 40 + +# Number of separate worker processes for service (integer value) +#api_workers = 0 + +# Range of seconds to randomly delay when starting the periodic task scheduler +# to reduce stampeding. (Disable by setting to 0) (integer value) +#periodic_fuzzy_delay = 5 + +# +# From tacker.wsgi +# + +# Number of backlog requests to configure the socket with (integer value) +#backlog = 4096 + +# Sets the value of TCP_KEEPIDLE in seconds for each server socket. Not +# supported on OS X. (integer value) +#tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen (integer value) +#retry_until_window = 30 + +# Max header line to accommodate large tokens (integer value) +#max_header_line = 16384 + +# Enable SSL on the API server (boolean value) +#use_ssl = false + +# CA certificate file to use to verify connecting clients (string value) +#ssl_ca_file = + +# Certificate file to use when starting the server securely (string value) +#ssl_cert_file = + +# Private key file to use when starting the server securely (string value) +#ssl_key_file = + + +[monitor] + +# +# From tacker.vnfm.monitor +# + +# check interval for monitor (integer value) +#check_intvl = 10 + + +[monitor_http_ping] + +# +# From tacker.vnfm.monitor_drivers.http_ping.http_ping +# + +# number of times to retry (integer value) +#retry = 5 + +# number of seconds to wait for a response (integer value) +#timeout = 1 + +# HTTP port number to send request (integer value) +#port = 80 + + +[monitor_ping] + +# +# From tacker.vnfm.monitor_drivers.ping.ping +# + +# number of ICMP packets to send (string value) +#count = 1 + +# number of seconds to wait for a response (string value) +#timeout = 1 + +# number of seconds to wait between packets (string value) +#interval = 1 + + +[nfvo] + +# +# From tacker.nfvo.nfvo_plugin +# + +# VIM driver for launching VNFs (list value) +#vim_drivers = openstack + +# Interval to check for VIM health (integer value) +#monitor_interval = 30 + + +[nfvo_vim] +default_vim = VIM0 + +# +# From tacker.vnfm.vim_client +# + +# DEPRECATED: Default VIM for launching VNFs. This option is deprecated and +# will be removed in Ocata release. (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +#default_vim = + + +[openwrt] + +# +# From tacker.vnfm.mgmt_drivers.openwrt.openwrt +# + +# user name to login openwrt (string value) +#user = root + +# password to login openwrt (string value) +#password = + + +[tacker] + +# +# From tacker.vnfm.monitor +# + +# Monitor driver to communicate with Hosting VNF/logical service instance +# tacker plugin will use (list value) +#monitor_driver = ping,http_ping + +# +# From tacker.vnfm.plugin +# + +# MGMT driver to communicate with Hosting VNF/logical service instance tacker +# plugin will use (list value) +#mgmt_driver = noop,openwrt + +# Time interval to wait for VM to boot (integer value) +#boot_wait = 30 + +# Hosting vnf drivers tacker plugin will use (list value) +#infra_driver = nova,heat,noop,openstack + + +[tacker_heat] +stack_retry_wait = 5 +stack_retries = 60 +heat_uri = http://10.18.133.120:8004/v1 + +# +# From tacker.vnfm.infra_drivers.heat.heat +# + +# Number of attempts to retry for stack creation/deletion (integer value) +#stack_retries = 60 + +# Wait time (in seconds) between consecutive stack create/delete retries +# (integer value) +#stack_retry_wait = 5 + +# Flavor Extra Specs (dict value) +#flavor_extra_specs = + + +[vim_keys] + +# +# From tacker.nfvo.drivers.vim.openstack_driver +# + +# Dir.path to store fernet keys. (string value) +#openstack = /etc/tacker/vim/fernet_keys + + +[vim_monitor] + +# +# From tacker.nfvo.drivers.vim.openstack_driver +# + +# number of ICMP packets to send (string value) +#count = 1 + +# number of seconds to wait for a response (string value) +#timeout = 1 + +# number of seconds to wait between packets (string value) +#interval = 1 + +[database] +connection = mysql+pymysql://root:devstack@127.0.0.1/tacker?charset=utf8 + +[keystone_authtoken] +memcached_servers = 10.18.133.120:11211 +signing_dir = /var/cache/tacker +cafile = /opt/stack/data/ca-bundle.pem +auth_uri = http://10.18.133.120/identity +project_domain_name = Default +project_name = service +user_domain_name = Default +password = devstack +username = tacker +auth_url = http://10.18.133.120/identity_v2_admin +auth_type = password + +[tacker_nova] +region_name = RegionOne +project_domain_id = default +project_name = service +user_domain_id = default +password = devstack +username = nova +auth_url = http://10.18.133.120/identity_v2_admin +auth_plugin = password + +[agent] +root_helper = sudo /usr/local/bin/tacker-rootwrap /etc/tacker/rootwrap.conf diff --git a/templates/etc/tacker/tacker.conf.j2 b/templates/etc/tacker/tacker.conf.j2 new file mode 100644 index 0000000..c50a169 --- /dev/null +++ b/templates/etc/tacker/tacker.conf.j2 @@ -0,0 +1,425 @@ +# {{ ansible_managed }} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} + + +# Where to store Tacker state files. This directory must be writable by the +# user executing the agent. +state_path = {{ tacker_system_user_home }} + +# Where to store lock files +lock_path = $state_path/lock + +policy_file = {{ tacker_etc_dir }}/policy.json + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +# log_dir = + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ tacker_bind_address }} + +# Port the bind the API server to +bind_port = {{ tacker_service_port }} + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of tacker.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Tacker core plugin entrypoint to be loaded from the +# tacker.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the tacker source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +# core_plugin = +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# tacker.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the tacker source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = vnfm,nfvo + +# Paste configuration file +# api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Tacker is +# being used in conjunction with nova security groups +# allow_overlapping_ips = False +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = tacker.openstack.common.rpc.impl_kombu +# Size of RPC thread pool +# rpc_thread_pool_size = 64 +# Size of RPC connection pool +# rpc_conn_pool_size = 30 +# Seconds to wait for a response from call or multicall +# rpc_response_timeout = 60 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# rpc_cast_timeout = 30 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = tacker.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = tacker + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# IP address of the RabbitMQ installation +# rabbit_host = localhost +# Password of the RabbitMQ server +# rabbit_password = guest +# Port where RabbitMQ server is running/listening +# rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +# rabbit_userid = guest +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false + +# QPID +# rpc_backend=tacker.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=tacker.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = tacker.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = tacker.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = tacker.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +# default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +# notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +# agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# tacker server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to tacker server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +# api_workers = 0 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +# rpc_workers = 0 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== tacker nova interactions ========== +# Send notification to nova when port status is active. +# notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +# notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +# nova_url = http://127.0.0.1:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +# nova_region_name = + +# Username for connection to nova in admin context +# nova_admin_username = + +# The uuid of the admin nova tenant +# nova_admin_tenant_id = + +# Password for connection to nova in admin context. +# nova_admin_password = + +# Authorization URL for connection to nova in admin context. +# nova_admin_auth_url = + +# CA file for novaclient to verify server certificates +# nova_ca_certificates_file = + +# Boolean to control ignoring SSL errors on the nova url +# nova_api_insecure = False + +# Number of seconds between sending events to nova if there are any events to send +# send_events_interval = 2 + +# ======== end of tacker nova interactions ========== + +[agent] +# Use "sudo tacker-rootwrap /etc/tacker/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +# root_helper = sudo +root_helper = sudo {{ tacker_bin }}/tacker-rootwrap {{ tacker_etc_dir }}/rootwrap.conf + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +# report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +signing_dir = /var/cache/tacker +# cafile = /opt/stack/data/ca-bundle.pem +project_domain_name = {{ tacker_service_project_domain_id }} +project_name = {{ tacker_service_project_name }} +user_domain_name = {{ tacker_service_user_domain_id }} +username = {{ tacker_service_user_name }} +password = {{ tacker_service_password }} +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} +auth_type = {{ tacker_keystone_auth_plugin }} +#memcached_servers = memcache:11211 + + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/tacker +# Replace 127.0.0.1 above with the IP address of the database used by the +# main tacker server. (Leave it as is if the database runs on this host.) +# connection = sqlite:// +# NOTE: In deployment the [database] section and its connection attribute may +# be set in the corresponding core plugin '.ini' file. However, it is suggested +# to put the [database] section and its connection attribute in this +# configuration file. +connection = mysql://{{ tacker_galera_user }}:{{ tacker_container_mysql_password }}@{{ tacker_galera_address }}/{{ tacker_galera_database }}?charset=utf8 + +# Database engine for which script will be generated when using offline +# migration +# engine = + +# The SQLAlchemy connection string used to connect to the slave database +# slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +# retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +# min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +# max_pool_size = 10 + +# Timeout in seconds before idle sql connections are reaped +# idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +# max_overflow = 20 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +# connection_debug = 0 + +# Add python stack traces to SQL as comment strings +# connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +# pool_timeout = 10 + +[tacker] +# Specify drivers for hosting device +infra_driver = heat,nova,noop + +# Specify drivers for mgmt +mgmt_driver = noop,openwrt + +# Specify drivers for monitoring +monitor_driver = ping, http_ping + +[nfvo_vim] +# Supported VIM drivers, resource orchestration controllers such as OpenStack, kvm +#Default VIM driver is OpenStack +#vim_drivers = openstack +#Default VIM placement if vim id is not provided +default_vim = VIM0 + +[vim_keys] +#openstack = /etc/tacker/vim/fernet_keys +[tacker_nova] +# parameters for novaclient to talk to nova +region_name = {{ service_region }} +project_domain_id = {{ nova_service_project_domain_id }} +project_name = {{ nova_service_project_name }} +user_domain_id = {{ nova_service_user_domain_id }} +password = {{ nova_service_password }} +username = {{ nova_service_user_name }} +auth_url = {{ keystone_service_adminuri }} +auth_plugin = {{ nova_keystone_auth_plugin }} + +[tacker_heat] +heat_uri = {{ heat_service_adminurl }} +stack_retries = {{ tacker_heat_stack_retires }} +stack_retry_wait = {{ tacker_heat_stack_retry_wait }} diff --git a/templates/etc/tacker/tacker.conf.j2.liberty b/templates/etc/tacker/tacker.conf.j2.liberty new file mode 100644 index 0000000..7b0cb11 --- /dev/null +++ b/templates/etc/tacker/tacker.conf.j2.liberty @@ -0,0 +1,445 @@ +# {{ ansible_managed }} + +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} + + +# Where to store Tacker state files. This directory must be writable by the +# user executing the agent. +state_path = {{ tacker_system_user_home }} + +# Where to store lock files +lock_path = $state_path/lock + +policy_file = {{ tacker_etc_dir }}/policy.json + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +# log_dir = + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ tacker_bind_address }} + +# Port the bind the API server to +bind_port = {{ tacker_service_port }} + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of tacker.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Tacker core plugin entrypoint to be loaded from the +# tacker.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the tacker source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +# core_plugin = +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# tacker.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the tacker source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = tacker.vm.plugin.VNFMPlugin + +# Paste configuration file +# api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Tacker is +# being used in conjunction with nova security groups +# allow_overlapping_ips = False +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = tacker.openstack.common.rpc.impl_kombu +# Size of RPC thread pool +# rpc_thread_pool_size = 64 +# Size of RPC connection pool +# rpc_conn_pool_size = 30 +# Seconds to wait for a response from call or multicall +# rpc_response_timeout = 60 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# rpc_cast_timeout = 30 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = tacker.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = tacker + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# IP address of the RabbitMQ installation +# rabbit_host = localhost +# Password of the RabbitMQ server +# rabbit_password = guest +# Port where RabbitMQ server is running/listening +# rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +# rabbit_userid = guest +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false + +# QPID +# rpc_backend=tacker.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=tacker.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = tacker.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = tacker.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = tacker.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +# default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +# notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +# agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# tacker server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to tacker server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +# api_workers = 0 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +# rpc_workers = 0 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== tacker nova interactions ========== +# Send notification to nova when port status is active. +# notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +# notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +# nova_url = http://127.0.0.1:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +# nova_region_name = + +# Username for connection to nova in admin context +# nova_admin_username = + +# The uuid of the admin nova tenant +# nova_admin_tenant_id = + +# Password for connection to nova in admin context. +# nova_admin_password = + +# Authorization URL for connection to nova in admin context. +# nova_admin_auth_url = + +# CA file for novaclient to verify server certificates +# nova_ca_certificates_file = + +# Boolean to control ignoring SSL errors on the nova url +# nova_api_insecure = False + +# Number of seconds between sending events to nova if there are any events to send +# send_events_interval = 2 + +# ======== end of tacker nova interactions ========== + +[agent] +# Use "sudo tacker-rootwrap /etc/tacker/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +# root_helper = sudo +root_helper = sudo {{ tacker_bin }}/tacker-rootwrap {{ tacker_etc_dir }}/rootwrap.conf + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +# report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +signing_dir = /var/cache/tacker +# cafile = /opt/stack/data/ca-bundle.pem +project_domain_id = {{ tacker_service_project_domain_id }} +project_name = {{ tacker_service_project_name }} +user_domain_id = {{ tacker_service_user_domain_id }} +password = {{ tacker_service_password }} +username = {{ tacker_service_user_name }} +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} +auth_plugin = {{ tacker_keystone_auth_plugin }} +# identity_uri = {{ keystone_service_internaluri }} + + + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/tacker +# Replace 127.0.0.1 above with the IP address of the database used by the +# main tacker server. (Leave it as is if the database runs on this host.) +# connection = sqlite:// +# NOTE: In deployment the [database] section and its connection attribute may +# be set in the corresponding core plugin '.ini' file. However, it is suggested +# to put the [database] section and its connection attribute in this +# configuration file. +connection = mysql+pymysql://{{ tacker_galera_user }}:{{ tacker_container_mysql_password }}@{{ tacker_galera_address }}/{{ tacker_galera_database }}?charset=utf8 + +# Database engine for which script will be generated when using offline +# migration +# engine = + +# The SQLAlchemy connection string used to connect to the slave database +# slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +# retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +# min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +# max_pool_size = 10 + +# Timeout in seconds before idle sql connections are reaped +# idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +# max_overflow = 20 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +# connection_debug = 0 + +# Add python stack traces to SQL as comment strings +# connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +# pool_timeout = 10 + +[servicevm] +# Specify drivers for hosting device +# exmpale: infra_driver = noop +# exmpale: infra_driver = nova +# exmpale: infra_driver = heat +infra_driver = heat + +# Specify drivers for mgmt +mgmt_driver = noop +mgmt_driver = openwrt +{% if install_tacker_mgmt_driver_extras %} +mgmt_driver = bsc +mgmt_driver = vyatta +{% endif %} + +# Specify drivers for monitoring +monitor_driver = ping +monitor_driver = http_ping + +[servicevm_nova] +# parameters for novaclient to talk to nova +region_name = {{ service_region }} +project_domain_id = {{ nova_service_project_domain_id }} +project_name = {{ nova_service_project_name }} +user_domain_id = {{ nova_service_user_domain_id }} +password = {{ nova_service_password }} +username = {{ nova_service_user_name }} +auth_url = {{ keystone_service_adminuri }} +auth_plugin = {{ nova_keystone_auth_plugin }} + +[servicevm_heat] +heat_uri = {{ heat_service_adminurl }} +# heat_uri = http://localhost:8004/v1 +stack_retries = {{ tacker_heat_stack_retires }} +stack_retry_wait = {{ tacker_heat_stack_retry_wait }} + +[servicevm_agent] +# VM agent requires that an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) +# that supports L3 agent +# interface_driver = tacker.agent.linux.interface.OVSInterfaceDriver + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +# ovs_use_veth = False + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +# use_namespaces = True diff --git a/templates/tacker-systemd-init.j2 b/templates/tacker-systemd-init.j2 new file mode 100644 index 0000000..eaa69e7 --- /dev/null +++ b/templates/tacker-systemd-init.j2 @@ -0,0 +1,25 @@ +# {{ ansible_managed }} + +[Unit] +Description=tacker openstack service +After=syslog.target +After=network.target + +[Service] +Type=simple +User={{ system_user }} +Group={{ system_group }} + +{% if program_override is defined %} +ExecStart={{ program_override }} {{ program_config_options|default('') }} --log-file=/var/log/tacker/{{ program_name }}.log +{% else %} +ExecStart={{ tacker_bin }}/{{ program_name }} {{ program_config_options|default('') }} --log-file=/var/log/tacker/{{ program_name }}.log +{% endif %} + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 +Restart=on-failure +RestartSec=150 + +[Install] +WantedBy=multi-user.target diff --git a/templates/tacker-systemd-tempfiles.j2 b/templates/tacker-systemd-tempfiles.j2 new file mode 100644 index 0000000..b723d85 --- /dev/null +++ b/templates/tacker-systemd-tempfiles.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +D /var/lock/{{ program_name }} 2755 {{ system_user }} {{ system_group }} +D /var/run/{{ program_name }} 2755 {{ system_user }} {{ system_group }} diff --git a/templates/tacker-upstart-init.j2 b/templates/tacker-upstart-init.j2 new file mode 100644 index 0000000..cec73ec --- /dev/null +++ b/templates/tacker-upstart-init.j2 @@ -0,0 +1,41 @@ +# {{ ansible_managed }} + +# vim:set ft=upstart ts=2 et: + +description "{{ tacker_program_name }}" + +start on runlevel [2345] +stop on runlevel [016] + +respawn +respawn limit 10 5 + +# Set the RUNBIN environment variable +env RUNBIN="{{ tacker_bin }}/{{ tacker_program_name }}" + +# Change directory to service users home +chdir "{{ tacker_system_user_home }}" + +# Pre start actions +pre-start script + mkdir -p "/var/run/{{ tacker_program_name }}" + chown {{ tacker_system_user_name }}:{{ tacker_system_group_name }} "/var/run/{{ tacker_program_name }}" + + mkdir -p "/var/lock/{{ tacker_program_name }}" + chown {{ tacker_system_user_name }}:{{ tacker_system_group_name }} "/var/lock/{{ tacker_program_name }}" + +end script + +# Post stop actions +post-stop script + rm "/var/run/{{ tacker_program_name }}/{{ tacker_program_name }}.pid" +end script + +# Run the start up job +exec start-stop-daemon --start \ + --chuid {{ tacker_system_user_name }} \ + --make-pidfile \ + --pidfile /var/run/{{ tacker_program_name }}/{{ tacker_program_name }}.pid \ + --exec "{{ program_override|default('$RUNBIN') }}" \ + -- {{ program_config_options|default('') }} \ + --log-file=/var/log/tacker/{{ tacker_program_name }}.log diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..d18580b --- /dev/null +++ b/tests/inventory @@ -0,0 +1 @@ +localhost \ No newline at end of file diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..9eda09e --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - os_tacker \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..35f370d --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,17 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml new file mode 100644 index 0000000..4906bc1 --- /dev/null +++ b/vars/ubuntu-14.04.yml @@ -0,0 +1,27 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +tacker_distro_packages: + - rsync + - git + #- remove after testing + - python-pip + #- remove after testing + - python-mysqldb diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml new file mode 100644 index 0000000..4906bc1 --- /dev/null +++ b/vars/ubuntu-16.04.yml @@ -0,0 +1,27 @@ +--- +# (C)2016 Brocade Communications Systems, Inc. +# 130 Holger Way, San Jose, CA 95134. +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## APT Cache options +cache_timeout: 600 + +tacker_distro_packages: + - rsync + - git + #- remove after testing + - python-pip + #- remove after testing + - python-mysqldb