openstack
/
openstack-ansible-os_trove
Code Issues Proposed changes

Deploy Openstack-Trove (DBaaS) 

This commit allows the deployer to create 3 containers to run
Trove-API, Trove-Conductor and Trove-Taskmanager.

Change-Id: If93330d48f53745d45af351b9de9a4a733af943a
This commit is contained in:
Donovan Francesco 2016-08-30 14:15:51 +02:00
parent 45d876d06e
commit 3455ec7579
24 changed files with 347 additions and 562 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -62,5 +62,5 @@ releasenotes/build
# Test temp files
tests/plugins
# Vagrant testing artifacts
# Files created by vagrant testing
.vagrant

8
CHANGELOG
View File

@ -1,8 +0,0 @@
CHANGES
=======
* Add scaffolding for OpenStack-CI tests
* Adding trove_extra_service_names and creating database on galera
* Updates
* Update
* Initial Commit

35
defaults/main.yml
View File

@ -17,6 +17,7 @@
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
trove_package_state: "latest"
debug: false
trove_system_group_name: trove
trove_system_user_name: trove
trove_system_user_comment: Trove System User
@ -28,7 +29,6 @@ trove_etc_directory: /etc/trove
trove_api_program_name: trove-api
trove_conductor_program_name: trove-conductor
trove_taskmanager_program_name: trove-taskmanager
trove_guestagent_program_name: trove-guestagent
trove_service_name: trove
trove_service_user_name: trove
@ -38,13 +38,25 @@ trove_service_project_name: service
trove_service_role_names:
- admin
trove_service_region: RegionOne
trove_service_host: "0.0.0.0"
trove_service_port: 8779
trove_service_publicuri_proto: http
trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_bind_port }}"
trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0"
trove_service_internaluri_proto: http
trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_bind_port }}"
trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0"
trove_service_adminuri_proto: http
trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_bind_port }}"
trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0"
trove_auth_url: "{{ keystone_service_internalurl }}"
trove_nova_compute_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_service_port }}/v2.1"
trove_cinder_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}/v1"
trove_swift_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_"
trove_neutron_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}/"
trove_profiler_enabled: false
# If ``trove_api_workers`` is unset the system will use half the number of
# available VCPUS to compute the number of api workers to use.
# trove_api_workers: 16
# trove_api_workers: 16
# Name of the virtual env to deploy into
trove_venv_tag: untagged
@ -83,28 +95,30 @@ trove_ssl_self_signed_regen: false
trove_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
# Database vars
trove_galera_database_name: trove
trove_galera_user: trove
trove_galera_address: "{{ internal_lb_vip_address }}"
trove_db_sync_options:
trove_galera_connection_string: "mysql+pymysql://{{ trove_galera_user}}:{{ trove_galera_password }}@{{ trove_galera_address }}/{{ trove_galera_database_name }}?charset=utf8"
# Rabbit vars
trove_rpc_backend: rabbit
trove_control_exchange: trove
trove_rabbit_notification_topic: notification
trove_rabbitmq_userid: trove
trove_rabbitmq_vhost: /trove
trove_rabbitmq_servers: 127.0.0.1
trove_rabbitmq_use_ssl: False
trove_rabbitmq_port: 5672
trove_rabbitmq_servers: "{{ rabbitmq_servers }}"
# Keystone AuthToken/Middleware
trove_keystone_auth_plugin: password
trove_service_project_domain_name: Default
trove_service_user_domain_name: default
trove_service_project_name: service
#: List of extra programs/services owned by trove
trove_extra_service_names:
- "{{ trove_conductor_program_name }}"
- "{{ trove_taskmanager_program_name }}"
trove_conductor_service_name: "{{ trove_conductor_program_name }}"
trove_taskmanager_service_name: "{{ trove_taskmanager_program_name }}"
#Glance images
trove_glance_images: []
@ -121,6 +135,7 @@ trove_pip_packages:
- MySQL-python
- PyMySQL
- pexpect
- pycrypto
- trove
# This variable is used by the repo_build process to determine

16
extras/haproxy_trove.yml
View File

@ -1,8 +1,8 @@
- service:
haproxy_service_name: trove
haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8779
haproxy_balance_type: http
haproxy_backend_options:
- "httpchk HEAD /"
- service:
haproxy_service_name: trove
haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8779
haproxy_balance_type: http
haproxy_backend_options:
- "httpchk HEAD /"

3
extras/os-trove-install.yml
View File

@ -59,5 +59,8 @@
rsyslog_client_config_name: "99-trove-rsyslog-client.conf"
tags:
- "trove-rsyslog-client"
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
vars:
is_metal: "{{ properties.is_metal|default(false) }}"

4
extras/user_secrets.yml Executable file
View File

@ -0,0 +1,4 @@
---
trove_galera_password:
trove_rabbitmq_password:
trove_service_password:

27
handlers/main.yml
View File

@ -1,33 +1,38 @@
---
# Copyright 2015, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# trove_service_names should exclude the API if {{ trove_use_mod_wsgi }}
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Restart trove API services
service:
name: "{{ item }}"
name: "{{ trove_api_program_name }}"
state: "restarted"
pattern: "{{ item }}"
pattern: "{{ trove_api_program_name }}"
when: not trove_use_mod_wsgi | bool
with_items: "{{ trove_api_program_name }}"
- name: Restart trove extra services
- name: Restart trove conductor service
service:
name: "{{ item }}"
name: "{{ trove_conductor_service_name }}"
state: "restarted"
pattern: "{{ item }}"
with_items: "{{ trove_extra_service_names }}"
pattern: "{{ trove_conductor_service_name }}"
- name: Restart trove taskmanager service
service:
name: "{{ trove_taskmanager_service_name }}"
state: "restarted"
pattern: "{{ trove_taskmanager_service_name }}"
- name: Restart Apache
service:

12
tasks/main.yml
View File

@ -1,18 +1,20 @@
---
# Copyright 2015, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
@ -54,12 +56,12 @@
- trove-install
- include: trove_service_setup.yml
when: inventory_hostname == groups['trove_all'][0]
when: inventory_hostname == groups['trove_api'][0]
tags:
- trove-install
- include: trove_db_setup.yml
when: inventory_hostname == groups['trove_all'][0]
when: inventory_hostname == groups['trove_conductor'][0]
tags:
- trove-install

1
tasks/trove_db_setup.yml
View File

@ -15,7 +15,6 @@
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Perform a trove DB sync
command: "{{ trove_bin }}/trove-manage db_sync {{ trove_db_sync_options }}"
become: yes

23
tasks/trove_init.yml
View File

@ -1,18 +1,20 @@
---
# Copyright 2015, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- include: trove_init_common.yml
vars:
program_name: "{{ trove_api_program_name }}"
@ -20,11 +22,22 @@
system_user: "{{ trove_system_user_name }}"
system_group: "{{ trove_system_group_name }}"
service_home: "{{ trove_system_user_home }}"
when: inventory_hostname in groups['trove_api']
- include: trove_init_common.yml
vars:
program_name: "{{ trove_metricd_program_name }}"
service_name: "{{ trove_service_name }}"
program_name: "{{ trove_conductor_program_name }}"
service_name: "{{ trove_conductor_service_name }}"
system_user: "{{ trove_system_user_name }}"
system_group: "{{ trove_system_group_name }}"
service_home: "{{ trove_system_user_home }}"
when: inventory_hostname in groups['trove_conductor']
- include: trove_init_common.yml
vars:
program_name: "{{ trove_taskmanager_program_name }}"
service_name: "{{ trove_taskmanager_service_name }}"
system_user: "{{ trove_system_user_name }}"
system_group: "{{ trove_system_group_name }}"
service_home: "{{ trove_system_user_home }}"
when: inventory_hostname in groups['trove_taskmanager']

11
tasks/trove_init_common.yml
View File

@ -1,18 +1,20 @@
---
# Copyright 2016, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- include: trove_init_upstart.yml
when: pid1_name == "init"
@ -25,5 +27,6 @@
enabled: "yes"
notify:
- Restart trove API services
- Restart trove extra services
- Restart trove conductor service
- Restart trove taskmanager service
- Restart Apache

11
tasks/trove_init_systemd.yml
View File

@ -1,18 +1,20 @@
---
# Copyright 2016, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Create TEMP run dir
file:
path: "/var/run/{{ program_name }}"
@ -51,5 +53,6 @@
when: systemd_init | changed
notify:
- Restart trove API services
- Restart trove extra services
- Restart trove conductor service
- Restart trove taskmanager service
- Restart Apache

14
tasks/trove_init_upstart.yml
View File

@ -1,18 +1,20 @@
---
# Copyright 2015, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Place the init script
template:
src: "trove-upstart-init.j2"
@ -23,7 +25,8 @@
register: upstart_init
notify:
- Restart trove API services
- Restart trove extra services
- Restart trove conductor service
- Restart trove taskmanager service
- Restart Apache
- name: Reload init scripts
@ -32,5 +35,6 @@
when: upstart_init | changed
notify:
- Restart trove API services
- Restart trove extra services
- Restart trove conductor service
- Restart trove taskmanager service
- Restart Apache

14
tasks/trove_install.yml
View File

@ -1,18 +1,20 @@
---
# Copyright 2015, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- include: trove_install_apt.yml
when:
- ansible_pkg_mgr == 'apt'
@ -119,7 +121,8 @@
- trove_get_venv | changed or trove_venv_dir | changed
notify:
- Restart trove API services
- Restart trove extra services
- Restart trove conductor service
- Restart trove taskmanager service
- Restart Apache
- name: Install pip packages
@ -137,7 +140,8 @@
- trove_get_venv | failed or trove_developer_mode | bool
notify:
- Restart trove API services
- Restart trove extra services
- Restart trove conductor service
- Restart trove taskmanager service
- Restart Apache
- name: Update virtualenv path

9
tasks/trove_install_apt.yml
View File

@ -1,22 +1,23 @@
---
# Copyright 2015, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
#TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
#in 1.9.x or we move to 2.0 (if tested working)
- name: Check apt last update file
stat:
path: /var/cache/apt

56
tasks/trove_post_install.yml
View File

@ -1,19 +1,21 @@
---
# Copyright 2015, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Drop trove Config(s)
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Drop trove api Config(s)
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@ -31,18 +33,54 @@
dest: "/etc/trove/trove.conf"
config_overrides: "{{ trove_config_overrides }}"
config_type: "ini"
notify:
- Restart Apache
- Restart trove API services
when: inventory_hostname in groups['trove_api']
- name: Drop trove-conductor Config(s)
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ trove_system_user_name }}"
group: "{{ trove_system_group_name }}"
mode: "0644"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "trove-api-paste.ini.j2"
dest: "/etc/trove/api-paste.ini"
config_overrides: "{{ trove_api_paste_ini_overrides }}"
config_type: "ini"
- src: "trove-conductor.conf.j2"
dest: "/etc/trove/trove-conductor.conf"
config_overrides: "{{ trove_conductor_config_overrides }}"
config_type: "ini"
notify:
- Restart trove conductor service
when: inventory_hostname in groups['trove_conductor']
- name: Drop trove-taskmanager Config(s)
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ trove_system_user_name }}"
group: "{{ trove_system_group_name }}"
mode: "0644"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "trove-api-paste.ini.j2"
dest: "/etc/trove/api-paste.ini"
config_overrides: "{{ trove_api_paste_ini_overrides }}"
config_type: "ini"
- src: "trove-taskmanager.conf.j2"
dest: "/etc/trove/trove-taskmanager.conf"
config_overrides: "{{ trove_taskmanager_config_overrides }}"
config_type: "ini"
notify:
- Restart Apache
- Restart trove API services
- Restart trove extra services
- Restart trove taskmanager service
when: inventory_hostname in groups['trove_taskmanager']
- name: Drop trove WSGI Configs
template:
@ -51,6 +89,8 @@
owner: "{{ trove_system_user_name }}"
group: "{{ trove_system_group_name }}"
mode: "0755"
when: trove_use_mod_wsgi | bool
when:
- trove_use_mod_wsgi | bool
- inventory_hostname in groups['trove_api']
notify:
- Restart Apache

12
tasks/trove_pre_install.yml
View File

@ -1,18 +1,20 @@
---
# Copyright 2015, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Create the system group
group:
name: "{{ trove_system_group_name }}"
@ -54,7 +56,9 @@
with_items:
- { path: "/var/www/cgi-bin", owner: root, group: root }
- { path: "/var/www/cgi-bin/trove" }
when: trove_use_mod_wsgi | bool
when:
- trove_use_mod_wsgi | bool
- inventory_hostname in groups['trove_api']
- name: Test for log directory or link
shell: |

78
tasks/trove_service_setup.yml
View File

@ -1,72 +1,62 @@
---
# Copyright 2015, Rackspace US, Inc.
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Create a service
- name: Ensure trove service
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Ensure the service for trove exists
keystone:
command: "ensure_service"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
service_name: "{{ trove_service_name }}"
service_type: "{{ trove_service_type }}"
description: "{{ trove_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
register: add_trove_service
until: add_trove_service |success
retries: 5
delay: 2
tags:
- trove-api-setup
- trove-service-add
- trove-setup
# Create the project if needed, assumed to be in default domain.
# In many cases this will be present but under some circumstances the project
# may be unique to trove, esp. when Swift is used for storage.
- name: Ensure trove project
keystone:
command: ensure_project
project_name: "{{ trove_service_project_name }}"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
description: "{{ trove_service_project_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_project
until: add_project|success
retries: 5
delay: 10
# Create an admin user
- name: Ensure trove user
- name: Ensure the trove user exists
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
user_name: "{{ trove_service_user_name }}"
tenant_name: "{{ trove_service_project_name }}"
password: "{{ trove_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_user
until: add_user|success
register: add_trove_user
until: add_trove_user |success
retries: 5
delay: 10
delay: 2
tags:
- trove-api-setup
- trove-service-add
- trove-user-add
- trove-setup
# Add a role to the user
- name: Ensure trove user maps to admin role
- name: Ensure the trove user has the admin role
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
@ -75,25 +65,25 @@
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ trove_service_user_name }}"
tenant_name: "{{ trove_service_project_name }}"
role_name: "{{ trove_role_name }}"
role_name: "{{ item }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_admin_role
until: add_admin_role|success
register: ensure_trove_roles
until: ensure_trove_roles |success
retries: 5
delay: 10
delay: 2
with_items: "{{ trove_service_role_names }}"
# Create an endpoint
- name: Ensure trove endpoint
- name: Ensure the trove endpoint is registered
keystone:
command: "ensure_endpoint"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
region_name: "{{ trove_service_region }}"
service_name: "{{ trove_service_name }}"
service_type: "{{ trove_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ trove_service_publicurl }}"
interface: "public"
@ -101,7 +91,7 @@
interface: "internal"
- url: "{{ trove_service_adminurl }}"
interface: "admin"
register: add_endpoint
until: add_endpoint|success
register: add_trove_endpoints
until: add_trove_endpoints |success
retries: 5
delay: 10
delay: 2

58
templates/trove-conductor.conf.j2
View File

@ -1,62 +1,20 @@
#{{ ansible_managed }}
# Do not edit this file manually, your changes will be overwritten.
[DEFAULT]
verbose = True
debug = True
trove_auth_url = http://0.0.0.0:5000/v2.0
# The manager class to use for conductor. (string value)
debug = {{ debug }}
trove_auth_url = {{ trove_auth_url }}
conductor_manager = trove.conductor.manager.Manager
#===================== RPC Configuration =================================
# URL representing the messaging driver to use and its full configuration.
# If not set, we fall back to the 'rpc_backend' option and driver specific
# configuration.
#transport_url=<None>
# The messaging driver to use. Options include rabbit, qpid and zmq.
# Default is rabbit. (string value)
#rpc_backend=rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the 'transport_url option.
control_exchange = trove
rpc_backend={{ trove_rpc_backend }}
transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
control_exchange = {{ trove_control_exchange }}
[profiler]
# If False fully disable profiling feature.
#enabled = False
enabled = {{ trove_profiler_enabled }}
# If False doesn't trace SQL requests.
#trace_sqlalchemy = True
[database]
connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove
connection = "{{ trove_galera_connection_string }}"
[oslo_messaging_rabbit]
# The RabbitMQ broker address where a single node is used. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_host
#rabbit_host=localhost
# The RabbitMQ broker port where a single node is used. (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_port
#rabbit_port=5672
# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
#rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
#rabbit_userid=guest
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
rabbit_password=f7999d1955c5014aa32c
# The RabbitMQ virtual host. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
#rabbit_virtual_host=/
rabbit_use_ssl={{ trove_rabbitmq_use_ssl }}

173
templates/trove-taskmanager.conf.j2
View File

@ -1,85 +1,31 @@
#{{ ansible_managed }}
# Do not edit this file manually, your changes will be overwritten.
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = True
# Show debugging output in logs (sets DEBUG log level output)
debug = True
# Update the service and instance statuses if the instances fails to become
# active within the configured usage_timeout.
# usage_timeout = 600
# restore_usage_timeout = 36000
debug = {{ debug }}
update_status_on_fail = True
#================= RPC Configuration ================================
# URL representing the messaging driver to use and its full configuration.
# If not set, we fall back to the 'rpc_backend' option and driver specific
# configuration.
#transport_url=<None>
# The messaging driver to use. Options include rabbit, qpid and zmq.
# Default is rabbit. (string value)
#rpc_backend=rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the 'transport_url option.
control_exchange = trove
#DB Api Implementation
rpc_backend={{ trove_rpc_backend }}
transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
control_exchange = {{ trove_control_exchange }}
db_api_implementation = trove.db.sqlalchemy.api
# Configuration options for talking to nova via the novaclient.
trove_auth_url = http://0.0.0.0:5000/v2.0
#nova_compute_url = http://localhost:8774/v2
#cinder_url = http://localhost:8776/v1
#swift_url = http://localhost:8080/v1/AUTH_
#neutron_url = http://localhost:9696/
# nova_compute_url, cinder_url, swift_url, and heat_url can all be fetched
# from Keystone. To fetch from Keystone, comment out nova_compute_url,
# cinder_url, swift_url, and heat_url and optionally uncomment the lines below.
# Region name of this node. Used when searching catalog. Default value is None.
#os_region_name = RegionOne
# Service type to use when searching catalog.
#nova_compute_service_type = compute
# Service type to use when searching catalog.
#cinder_service_type = volumev2
# Service type to use when searching catalog.
#swift_service_type = object-store
# Service type to use when searching catalog.
#heat_service_type = orchestration
# Service type to use when searching catalog.
#neutron_service_type = network
# Config options for enabling volume service
trove_auth_url = {{ trove_auth_url }}
nova_compute_url = {{ trove_nova_compute_url }}
cinder_url = {{ trove_cinder_url }}
swift_url = {{ trove_swift_url }}
neutron_url = {{ trove_neutron_url }}
os_region_name = {{ trove_service_region }}
nova_compute_service_type = compute
cinder_service_type = volumev2
swift_service_type = object-store
heat_service_type = orchestration
neutron_service_type = network
trove_volume_support = True
block_device_mapping = vdb
device_path = /dev/vdb
mount_point = /var/lib/mysql
volume_time_out=30
server_delete_time_out=480
# Nova server boot options
# sets the --config-drive argument when doing a nova boot
# (controls how file injection is handled by nova)
use_nova_server_config_drive = False
# Configuration options for talking to nova via the novaclient.
# These options are for an admin user in your keystone config.
# It proxy's the token received from the user to send to nova via this admin users creds,
# basically acting like the client via that proxy token.
nova_proxy_admin_user = admin
nova_proxy_admin_pass = 3de4922d8b6ac5a1aad9
nova_proxy_admin_tenant_id =
# Manager impl for the taskmanager
taskmanager_manager=trove.taskmanager.manager.Manager
# Manager sends Exists Notifications
exists_notification_transformer = trove.extensions.mgmt.instances.models.NovaNotificationTransformer
exists_notification_ticks = 30
notification_service_id = mysql:2f3ff068-2bfb-4f70-9a9d-a6bb65bc084b
@ -115,46 +61,14 @@ agent_replication_snapshot_timeout = 36000
# Whether to use nova's contrib api for create server with volume
use_nova_server_volume = False
# Config option for filtering the IP address that DNS uses
# For nova-network, set this to the appropriate network label defined in nova
# For neutron, set this to .* since users can specify custom network labels
# You can also optionally specify regex'es to match the actual IP addresses
# ip_regex (white-list) is applied before black_list_regex in the filter chain
network_label_regex = ^private$
network_label_regex = .*
#ip_regex = ^(15.|123.)
#black_list_regex = ^(10.0.0.)
# Datastore templates
template_path = /etc/trove/templates/
# ============ Notification System configuration ===========================
# Sets the notification driver used by oslo.messaging. Options include
# messaging, messagingv2, log and routing. Default is 'noop'
# notification_driver=noop
# Topics used for OpenStack notifications, list value. Default is 'notifications'.
# notification_topics=notifications
# ============ Logging information =============================
#log_dir = /integration/report
#log_file = trove-taskmanager.log
# ============ PyDev remote dubugging =============================
# Enable or disable pydev remote debugging.
# There are three values allowed: 'disabled', 'enabled' and 'auto'
# If value is 'auto' tries to connect to remote debugger server,
# but in case of error continue running with disabled debugging
pydev_debug = disabled
# remote debug server host and port options
#pydev_debug_host = localhost
#pydev_debug_port = 5678
# path to pydevd library. It will be used if pydevd is absent in sys.path
#pydev_path = <path>
# ================= Guestagent related ========================
#guest_config = /etc/trove/trove-guestagent.conf
# Use 'guest_info = /etc/guest_info' for pre-Kilo compatibility
@ -164,72 +78,23 @@ pydev_debug = disabled
#cloudinit_location = /etc/trove/cloudinit
[database]
# SQLAlchemy connection string for the reference implementation
# registry server. Any valid SQLAlchemy connection string is fine.
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove
# connection = mysql://root:root@localhost/trove
# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
#
# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
# idle connections. This can result in 'MySQL Gone Away' exceptions. If you
# notice this, you can lower this value to ensure that SQLAlchemy reconnects
# before MySQL can drop the connection.
connection = "{{ trove_galera_connection_string }}"
idle_timeout = 3600
# ================= Security groups related ========================
# Each future datastore implementation should implement
# its own oslo group with defined in it:
# - tcp_ports; upd_ports;
[profiler]
# If False fully disable profiling feature.
#enabled = False
enabled = {{ trove_profiler_enabled }}
# If False doesn't trace SQL requests.
#trace_sqlalchemy = True
[oslo_messaging_rabbit]
# The RabbitMQ broker address where a single node is used. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_host
#rabbit_host=localhost
# The RabbitMQ broker port where a single node is used. (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_port
#rabbit_port=5672
# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
#rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
#rabbit_userid=guest
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
rabbit_password=f7999d1955c5014aa32c
# The RabbitMQ virtual host. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
#rabbit_virtual_host=/
rabbit_use_ssl={{ trove_rabbitmq_use_ssl }}
[mysql]
# Format (single port or port range): A, B-C
# where C greater than B
tcp_ports = 3306
volume_support = True
device_path = /dev/vdb
[redis]
# Format (single port or port range): A, B-C
# where C greater than B
tcp_ports = 6379
# redis uses local storage
volume_support = False

218
templates/trove.conf.j2
View File

@ -1,87 +1,26 @@
# {{ ansible_managed }}
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = True
# Show debugging output in logs (sets DEBUG log level output)
debug = False
# Address to bind the API server
bind_host = 0.0.0.0
# Port the bind the API server to
bind_port = 8779
# Number of workers for the API service. The default will
# be the number of CPUs available. (integer value)
#trove_api_workers=None
#===================== RPC Configuration =================================
# URL representing the messaging driver to use and its full configuration.
# If not set, we fall back to the 'rpc_backend' option and driver specific
# configuration.
#transport_url=<None>
# The messaging driver to use. Options include rabbit, qpid and zmq.
# Default is rabbit. (string value)
#rpc_backend=rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the 'transport_url option.
control_exchange = trove
# Maximum line size of message headers to be accepted.
# max_header_line may need to be increased when using large tokens
# (typically those generated by the Keystone v3 API with big service
# catalogs)
# max_header_line = 16384
#DB Api Implementation
debug = {{ debug }}
bind_host = {{ trove_service_host }}
bind_port = {{ trove_service_port }}
trove_api_workers={{ trove_api_workers | default(api_threads) }}
rpc_backend={{ trove_rpc_backend }}
transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
control_exchange = {{ trove_control_exchange }}
db_api_implementation = "trove.db.sqlalchemy.api"
# Configuration options for talking to nova via the novaclient.
trove_auth_url = http://0.0.0.0:5000/v2.0
#nova_compute_url = http://localhost:8774/v2
#cinder_url = http://localhost:8776/v1
#swift_url = http://localhost:8080/v1/AUTH_
#neutron_url = http://localhost:9696/
# nova_compute_url, cinder_url, swift_url, and heat_url can all be fetched
# from Keystone. To fetch from Keystone, comment out nova_compute_url,
# cinder_url, swift_url, and heat_url and optionally uncomment the lines below.
# Region name of this node. Used when searching catalog. Default value is None.
#os_region_name = RegionOne
# Service type to use when searching catalog.
#nova_compute_service_type = compute
# Service type to use when searching catalog.
#cinder_service_type = volumev2
# Service type to use when searching catalog.
#swift_service_type = object-store
# Service type to use when searching catalog.
#heat_service_type = orchestration
# Service type to use when searching catalog.
#neutron_service_type = network
# Config option for showing the IP address that nova doles out
# For nova-network, set this to the appropriate network label defined in nova
# For neutron, set this to .* since users can specify custom network labels
# You can also optionally specify regex'es to match the actual IP addresses
# ip_regex (white-list) is applied before black_list_regex in the filter chain
network_label_regex = ^private$
trove_auth_url = {{ trove_auth_url }}
os_region_name = {{ trove_service_region }}
network_label_regex = .*
#network_label_regex = .* //with neutron enabled
#ip_regex = ^(15.|123.)
#black_list_regex = ^10.0.0.
# Config options for enabling volume service
trove_volume_support = True
block_device_mapping = vdb
device_path = /dev/vdb
# Maximum volume size for an instance
max_accepted_volume_size = 10
max_instances_per_tenant = 5
# Maximum volume capacity (in GB) spanning across all trove volumes per tenant
max_volumes_per_tenant = 100
max_backups_per_tenant = 5
volume_time_out=30
@ -111,7 +50,6 @@ dns_service_type = dns
network_driver = trove.network.nova.NovaNetwork
default_neutron_networks =
# Taskmanager queue name
taskmanager_queue = taskmanager
@ -129,51 +67,12 @@ reboot_time_out = 60
# Trove api-paste file name
api_paste_config = api-paste.ini
# ============ Notification System configuration ===========================
# Sets the notification driver used by oslo.messaging. Options include
# messaging, messagingv2, log and routing. Default is 'noop'
# notification_driver=noop
# Topics used for OpenStack notifications, list value. Default is 'notifications'.
# notification_topics=notifications
# ============ Logging information =============================
#log_dir = /integration/report
#log_file = trove-api.log
[database]
# SQLAlchemy connection string for the reference implementation
# registry server. Any valid SQLAlchemy connection string is fine.
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
# connection = sqlite:///trove_test.sqlite
connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove
#connection = postgresql://trove:trove@localhost/trove
# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
#
# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
# idle connections. This can result in 'MySQL Gone Away' exceptions. If you
# notice this, you can lower this value to ensure that SQLAlchemy reconnects
# before MySQL can drop the connection.
connection = "{{ trove_galera_connection_string }}"
idle_timeout = 3600
# ============ SSL configuration (and enablement) =============================
# In order to enable SSL for the trove api server, uncomment
# the cert_file and key_file - and of course have those files
# accessible. The existence of those setting and files will
# enable SSL.
[profiler]
# If False fully disable profiling feature.
#enabled = False
# If False doesn't trace SQL requests.
enabled = {{ trove_profiler_enabled }}
#trace_sqlalchemy = True
[ssl]
@ -184,38 +83,10 @@ idle_timeout = 3600
#ca_file = /path/to/ca_file
[oslo_messaging_rabbit]
# The RabbitMQ broker address where a single node is used. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_host
#rabbit_host=localhost
# The RabbitMQ broker port where a single node is used. (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_port
#rabbit_port=5672
# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
#rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
#rabbit_userid=guest
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
rabbit_password=f7999d1955c5014aa32c
# The RabbitMQ virtual host. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
#rabbit_virtual_host=/
rabbit_use_ssl={{ trove_rabbitmq_use_ssl }}
[mysql]
root_on_create = False
# Format (single port or port range): A, B-C
# where C greater than B
tcp_ports = 3306
volume_support = True
device_path = /dev/vdb
@ -224,7 +95,6 @@ device_path = /dev/vdb
ignore_users = os_admin, root
ignore_dbs = mysql, information_schema, performance_schema
[redis]
tcp_ports = 6379
#redis uses local storage
@ -256,61 +126,3 @@ device_path = /dev/vdb
cluster_support = True
cluster_member_count = 3
api_strategy = trove.common.strategies.cluster.experimental.vertica.api.VerticaAPIStrategy
# ============ CORS configuration =============================
[cors]
#
# From oslo.middleware.cors
#
# Indicate whether this resource may be shared with the domain received in the
# requests "origin" header. (list value)
#allowed_origin = <None>
# Indicate that the actual request can include user credentials (boolean value)
#allow_credentials = true
# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
#expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600
# Indicate which methods can be used during the actual request. (list value)
#allow_methods = GET,PUT,POST,DELETE,PATCH
# Indicate which header field names may be used during the actual request.
# (list value)
#allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
[cors.subdomain]
#
# From oslo.middleware.cors
#
# Indicate whether this resource may be shared with the domain received in the
# requests "origin" header. (list value)
#allowed_origin = <None>
# Indicate that the actual request can include user credentials (boolean value)
#allow_credentials = true
# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
# Headers. (list value)
#expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
# Maximum cache age of CORS preflight requests. (integer value)
#max_age = 3600
# Indicate which methods can be used during the actual request. (list value)
#allow_methods = GET,PUT,POST,DELETE,PATCH
# Indicate which header field names may be used during the actual request.
# (list value)
#allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID

99
tests/test-prepare-keys.yml
View File

@ -13,21 +13,94 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE: we use become_user because setting become: no or become: false
# doesn't seem to override the ansible_become=true in the
# inventory
- name: Playbook for establishing ssh keys
hosts: localhost
become_user: "{{ ansible_ssh_user }}"
pre_tasks:
connection: local
gather_facts: false
become: true
tasks:
- name: Ensure root has a .ssh directory
file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: 0700
- name: Create ssh key pair for root
user:
name: "{{ ansible_ssh_user }}"
generate_ssh_key: "yes"
name: root
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: ".ssh/id_rsa"
- name: Get the calling user's key
command: cat ~/.ssh/id_rsa.pub
register: key_get
- set_fact:
lxc_container_ssh_key: "{{ key_get.stdout }}"
ssh_key_file: /root/.ssh/id_rsa
- name: Get root private key
command: cat /root/.ssh/id_rsa
register: private_key_get
changed_when: false
- name: Get root public key
command: cat /root/.ssh/id_rsa.pub
register: public_key_get
changed_when: false
- name: Set key facts
set_fact:
root_public_key: "{{ public_key_get.stdout }}"
root_private_key: "{{ private_key_get.stdout }}"
lxc_container_ssh_key: "{{ public_key_get.stdout }}"
- name: Ensure root can ssh to localhost
authorized_key:
user: "root"
key: "{{ root_public_key }}"
- name: Playbook for establishing user ssh keys
hosts: localhost
connection: local
gather_facts: false
become: false
tasks:
# Shell used because facts may not be ready yet
- name: Get user home directory
shell: "getent passwd '{{ ansible_ssh_user }}' | cut -d':' -f6"
register: user_home
changed_when: false
- name: Set local user home fact
set_fact:
calling_user_home: "{{ user_home.stdout }}"
- name: Ensure user has a .ssh directory
file:
path: "{{ calling_user_home }}/.ssh"
state: directory
owner: "{{ ansible_ssh_user }}"
group: "{{ ansible_ssh_user }}"
mode: 0700
when: ansible_ssh_user != 'root'
- name: Ensure user has the known private key
copy:
content: "{{ root_private_key }}"
dest: "{{ calling_user_home }}/.ssh/id_rsa"
owner: "{{ ansible_ssh_user }}"
group: "{{ ansible_ssh_user }}"
mode: "0600"
when: ansible_ssh_user != 'root'
- name: Ensure user has the known public key
copy:
content: "{{ root_public_key }}"
dest: "{{ calling_user_home }}/.ssh/id_rsa.pub"
owner: "{{ ansible_ssh_user }}"
group: "{{ ansible_ssh_user }}"
mode: "0600"
when: ansible_ssh_user != 'root'
- name: Ensure local user can ssh to localhost
authorized_key:
user: "{{ ansible_ssh_user }}"
key: "{{ root_public_key }}"
when: ansible_ssh_user != 'root'

4
tests/test-vars.yml
View File

@ -72,6 +72,10 @@ trove_venv_tag: "testing"
openrc_os_auth_url: "http://127.0.0.1:5000/v3"
openrc_os_domain_name: "Default"
openrc_os_password: "{{ keystone_auth_admin_password }}"
neutron_service_port: 9696
swift_proxy_port: 8080
cinder_service_port: 8776
nova_service_port: 8774
rabbitmq_port: 5672
rabbitmq_servers: 10.100.102.101

21
tox.ini
View File

@ -94,7 +94,7 @@ commands =
[testenv:ansible]
deps =
{[testenv]deps}
ansible==2.1.1.0
ansible==1.9.4
ansible-lint>=2.7.0,<3.0.0
setenv =
{[testenv]setenv}
@ -161,23 +161,14 @@ deps =
setenv =
{[testenv:ansible]setenv}
commands =
echo -e "\n *******************************************************\n" \
"**** Functional Testing is still to be implemented ****\n" \
"**** TODO: Write tests here ****\n" \
"*******************************************************\n"
# As a temporary measure, while functional testing is being worked on, we
# will not execute the functional test. This allows other patches to be
# worked on while the functional testing is being worked out.
#{[testenv:ansible]commands}
#ansible-playbook -i {toxinidir}/tests/inventory \
# -e "rolename={toxinidir}" \
# -e "install_test_packages=True" \
# {toxinidir}/tests/test.yml -vvvv
{[testenv:ansible]commands}
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-e "install_test_packages=True" \
{toxinidir}/tests/test.yml -vvvv
bash -c 'mkdir -p {toxinidir}/logs'
bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
[testenv:linters]
deps =
{[testenv:ansible]deps}