diff --git a/.gitignore b/.gitignore index ca2ac14..0fd5a6b 100755 --- a/.gitignore +++ b/.gitignore @@ -62,5 +62,5 @@ releasenotes/build # Test temp files tests/plugins -# Vagrant testing artifacts +# Files created by vagrant testing .vagrant diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index 8a20168..0000000 --- a/CHANGELOG +++ /dev/null @@ -1,8 +0,0 @@ -CHANGES -======= - -* Add scaffolding for OpenStack-CI tests -* Adding trove_extra_service_names and creating database on galera -* Updates -* Update -* Initial Commit diff --git a/defaults/main.yml b/defaults/main.yml index 6b0130e..78399b7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -17,6 +17,7 @@ # (c) 2016 Paul Stevens trove_package_state: "latest" +debug: false trove_system_group_name: trove trove_system_user_name: trove trove_system_user_comment: Trove System User @@ -28,7 +29,6 @@ trove_etc_directory: /etc/trove trove_api_program_name: trove-api trove_conductor_program_name: trove-conductor trove_taskmanager_program_name: trove-taskmanager -trove_guestagent_program_name: trove-guestagent trove_service_name: trove trove_service_user_name: trove @@ -38,13 +38,25 @@ trove_service_project_name: service trove_service_role_names: - admin trove_service_region: RegionOne +trove_service_host: "0.0.0.0" trove_service_port: 8779 trove_service_publicuri_proto: http -trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_bind_port }}" +trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0" trove_service_internaluri_proto: http -trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_bind_port }}" +trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0" trove_service_adminuri_proto: http -trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_bind_port }}" +trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0" +trove_auth_url: "{{ keystone_service_internalurl }}" +trove_nova_compute_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_service_port }}/v2.1" +trove_cinder_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}/v1" +trove_swift_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_" +trove_neutron_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}/" +trove_profiler_enabled: false + +# If ``trove_api_workers`` is unset the system will use half the number of +# available VCPUS to compute the number of api workers to use. +# trove_api_workers: 16 +# trove_api_workers: 16 # Name of the virtual env to deploy into trove_venv_tag: untagged @@ -83,28 +95,30 @@ trove_ssl_self_signed_regen: false trove_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}" # Database vars + trove_galera_database_name: trove trove_galera_user: trove +trove_galera_address: "{{ internal_lb_vip_address }}" trove_db_sync_options: +trove_galera_connection_string: "mysql+pymysql://{{ trove_galera_user}}:{{ trove_galera_password }}@{{ trove_galera_address }}/{{ trove_galera_database_name }}?charset=utf8" # Rabbit vars trove_rpc_backend: rabbit +trove_control_exchange: trove +trove_rabbit_notification_topic: notification trove_rabbitmq_userid: trove trove_rabbitmq_vhost: /trove -trove_rabbitmq_servers: 127.0.0.1 trove_rabbitmq_use_ssl: False trove_rabbitmq_port: 5672 +trove_rabbitmq_servers: "{{ rabbitmq_servers }}" # Keystone AuthToken/Middleware trove_keystone_auth_plugin: password trove_service_project_domain_name: Default trove_service_user_domain_name: default -trove_service_project_name: service -#: List of extra programs/services owned by trove -trove_extra_service_names: - - "{{ trove_conductor_program_name }}" - - "{{ trove_taskmanager_program_name }}" +trove_conductor_service_name: "{{ trove_conductor_program_name }}" +trove_taskmanager_service_name: "{{ trove_taskmanager_program_name }}" #Glance images trove_glance_images: [] @@ -121,6 +135,7 @@ trove_pip_packages: - MySQL-python - PyMySQL - pexpect + - pycrypto - trove # This variable is used by the repo_build process to determine diff --git a/extras/haproxy_trove.yml b/extras/haproxy_trove.yml index 8682800..4bfd540 100644 --- a/extras/haproxy_trove.yml +++ b/extras/haproxy_trove.yml @@ -1,8 +1,8 @@ - - service: - haproxy_service_name: trove - haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8779 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" + - service: + haproxy_service_name: trove + haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8779 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" diff --git a/extras/os-trove-install.yml b/extras/os-trove-install.yml index c07ec32..17875ed 100644 --- a/extras/os-trove-install.yml +++ b/extras/os-trove-install.yml @@ -59,5 +59,8 @@ rsyslog_client_config_name: "99-trove-rsyslog-client.conf" tags: - "trove-rsyslog-client" + - role: "system_crontab_coordination" + tags: + - "system-crontab-coordination" vars: is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/extras/user_secrets.yml b/extras/user_secrets.yml new file mode 100755 index 0000000..79156d3 --- /dev/null +++ b/extras/user_secrets.yml @@ -0,0 +1,4 @@ +--- +trove_galera_password: +trove_rabbitmq_password: +trove_service_password: diff --git a/handlers/main.yml b/handlers/main.yml index 033788e..322090f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,33 +1,38 @@ --- -# Copyright 2015, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# trove_service_names should exclude the API if {{ trove_use_mod_wsgi }} +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens - name: Restart trove API services service: - name: "{{ item }}" + name: "{{ trove_api_program_name }}" state: "restarted" - pattern: "{{ item }}" + pattern: "{{ trove_api_program_name }}" when: not trove_use_mod_wsgi | bool - with_items: "{{ trove_api_program_name }}" -- name: Restart trove extra services +- name: Restart trove conductor service service: - name: "{{ item }}" + name: "{{ trove_conductor_service_name }}" state: "restarted" - pattern: "{{ item }}" - with_items: "{{ trove_extra_service_names }}" + pattern: "{{ trove_conductor_service_name }}" + +- name: Restart trove taskmanager service + service: + name: "{{ trove_taskmanager_service_name }}" + state: "restarted" + pattern: "{{ trove_taskmanager_service_name }}" - name: Restart Apache service: diff --git a/tasks/main.yml b/tasks/main.yml index 151ad28..14b09eb 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,18 +1,20 @@ --- -# Copyright 2015, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens - name: Gather variables for each operating system include_vars: "{{ item }}" with_first_found: @@ -54,12 +56,12 @@ - trove-install - include: trove_service_setup.yml - when: inventory_hostname == groups['trove_all'][0] + when: inventory_hostname == groups['trove_api'][0] tags: - trove-install - include: trove_db_setup.yml - when: inventory_hostname == groups['trove_all'][0] + when: inventory_hostname == groups['trove_conductor'][0] tags: - trove-install diff --git a/tasks/trove_db_setup.yml b/tasks/trove_db_setup.yml index bfe7882..03ce558 100644 --- a/tasks/trove_db_setup.yml +++ b/tasks/trove_db_setup.yml @@ -15,7 +15,6 @@ # # (c) 2016 Donovan Francesco # (c) 2016 Paul Stevens - - name: Perform a trove DB sync command: "{{ trove_bin }}/trove-manage db_sync {{ trove_db_sync_options }}" become: yes diff --git a/tasks/trove_init.yml b/tasks/trove_init.yml index 97f3247..1d0680f 100644 --- a/tasks/trove_init.yml +++ b/tasks/trove_init.yml @@ -1,18 +1,20 @@ --- -# Copyright 2015, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens - include: trove_init_common.yml vars: program_name: "{{ trove_api_program_name }}" @@ -20,11 +22,22 @@ system_user: "{{ trove_system_user_name }}" system_group: "{{ trove_system_group_name }}" service_home: "{{ trove_system_user_home }}" + when: inventory_hostname in groups['trove_api'] - include: trove_init_common.yml vars: - program_name: "{{ trove_metricd_program_name }}" - service_name: "{{ trove_service_name }}" + program_name: "{{ trove_conductor_program_name }}" + service_name: "{{ trove_conductor_service_name }}" system_user: "{{ trove_system_user_name }}" system_group: "{{ trove_system_group_name }}" service_home: "{{ trove_system_user_home }}" + when: inventory_hostname in groups['trove_conductor'] + +- include: trove_init_common.yml + vars: + program_name: "{{ trove_taskmanager_program_name }}" + service_name: "{{ trove_taskmanager_service_name }}" + system_user: "{{ trove_system_user_name }}" + system_group: "{{ trove_system_group_name }}" + service_home: "{{ trove_system_user_home }}" + when: inventory_hostname in groups['trove_taskmanager'] diff --git a/tasks/trove_init_common.yml b/tasks/trove_init_common.yml index f057493..b4f36b0 100644 --- a/tasks/trove_init_common.yml +++ b/tasks/trove_init_common.yml @@ -1,18 +1,20 @@ --- -# Copyright 2016, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens - include: trove_init_upstart.yml when: pid1_name == "init" @@ -25,5 +27,6 @@ enabled: "yes" notify: - Restart trove API services - - Restart trove extra services + - Restart trove conductor service + - Restart trove taskmanager service - Restart Apache diff --git a/tasks/trove_init_systemd.yml b/tasks/trove_init_systemd.yml index 88ca09a..fae3808 100644 --- a/tasks/trove_init_systemd.yml +++ b/tasks/trove_init_systemd.yml @@ -1,18 +1,20 @@ --- -# Copyright 2016, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens - name: Create TEMP run dir file: path: "/var/run/{{ program_name }}" @@ -51,5 +53,6 @@ when: systemd_init | changed notify: - Restart trove API services - - Restart trove extra services + - Restart trove conductor service + - Restart trove taskmanager service - Restart Apache diff --git a/tasks/trove_init_upstart.yml b/tasks/trove_init_upstart.yml index 28df511..f39bf26 100644 --- a/tasks/trove_init_upstart.yml +++ b/tasks/trove_init_upstart.yml @@ -1,18 +1,20 @@ --- -# Copyright 2015, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens - name: Place the init script template: src: "trove-upstart-init.j2" @@ -23,7 +25,8 @@ register: upstart_init notify: - Restart trove API services - - Restart trove extra services + - Restart trove conductor service + - Restart trove taskmanager service - Restart Apache - name: Reload init scripts @@ -32,5 +35,6 @@ when: upstart_init | changed notify: - Restart trove API services - - Restart trove extra services + - Restart trove conductor service + - Restart trove taskmanager service - Restart Apache diff --git a/tasks/trove_install.yml b/tasks/trove_install.yml index 62e874b..c402273 100644 --- a/tasks/trove_install.yml +++ b/tasks/trove_install.yml @@ -1,18 +1,20 @@ --- -# Copyright 2015, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens - include: trove_install_apt.yml when: - ansible_pkg_mgr == 'apt' @@ -119,7 +121,8 @@ - trove_get_venv | changed or trove_venv_dir | changed notify: - Restart trove API services - - Restart trove extra services + - Restart trove conductor service + - Restart trove taskmanager service - Restart Apache - name: Install pip packages @@ -137,7 +140,8 @@ - trove_get_venv | failed or trove_developer_mode | bool notify: - Restart trove API services - - Restart trove extra services + - Restart trove conductor service + - Restart trove taskmanager service - Restart Apache - name: Update virtualenv path diff --git a/tasks/trove_install_apt.yml b/tasks/trove_install_apt.yml index 5db1f03..6f401b0 100644 --- a/tasks/trove_install_apt.yml +++ b/tasks/trove_install_apt.yml @@ -1,22 +1,23 @@ --- -# Copyright 2015, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens #TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache #when https://github.com/ansible/ansible-modules-core/pull/1517 is merged #in 1.9.x or we move to 2.0 (if tested working) - - name: Check apt last update file stat: path: /var/cache/apt diff --git a/tasks/trove_post_install.yml b/tasks/trove_post_install.yml index 14202ca..005c5ab 100644 --- a/tasks/trove_post_install.yml +++ b/tasks/trove_post_install.yml @@ -1,19 +1,21 @@ --- -# Copyright 2015, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -- name: Drop trove Config(s) +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens +- name: Drop trove api Config(s) config_template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -31,18 +33,54 @@ dest: "/etc/trove/trove.conf" config_overrides: "{{ trove_config_overrides }}" config_type: "ini" + notify: + - Restart Apache + - Restart trove API services + when: inventory_hostname in groups['trove_api'] + +- name: Drop trove-conductor Config(s) + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ trove_system_user_name }}" + group: "{{ trove_system_group_name }}" + mode: "0644" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "trove-api-paste.ini.j2" + dest: "/etc/trove/api-paste.ini" + config_overrides: "{{ trove_api_paste_ini_overrides }}" + config_type: "ini" - src: "trove-conductor.conf.j2" dest: "/etc/trove/trove-conductor.conf" config_overrides: "{{ trove_conductor_config_overrides }}" config_type: "ini" + notify: + - Restart trove conductor service + when: inventory_hostname in groups['trove_conductor'] + +- name: Drop trove-taskmanager Config(s) + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ trove_system_user_name }}" + group: "{{ trove_system_group_name }}" + mode: "0644" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "trove-api-paste.ini.j2" + dest: "/etc/trove/api-paste.ini" + config_overrides: "{{ trove_api_paste_ini_overrides }}" + config_type: "ini" - src: "trove-taskmanager.conf.j2" dest: "/etc/trove/trove-taskmanager.conf" config_overrides: "{{ trove_taskmanager_config_overrides }}" config_type: "ini" notify: - - Restart Apache - - Restart trove API services - - Restart trove extra services + - Restart trove taskmanager service + when: inventory_hostname in groups['trove_taskmanager'] - name: Drop trove WSGI Configs template: @@ -51,6 +89,8 @@ owner: "{{ trove_system_user_name }}" group: "{{ trove_system_group_name }}" mode: "0755" - when: trove_use_mod_wsgi | bool + when: + - trove_use_mod_wsgi | bool + - inventory_hostname in groups['trove_api'] notify: - Restart Apache diff --git a/tasks/trove_pre_install.yml b/tasks/trove_pre_install.yml index 7901d7f..172da16 100644 --- a/tasks/trove_pre_install.yml +++ b/tasks/trove_pre_install.yml @@ -1,18 +1,20 @@ --- -# Copyright 2015, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens - name: Create the system group group: name: "{{ trove_system_group_name }}" @@ -54,7 +56,9 @@ with_items: - { path: "/var/www/cgi-bin", owner: root, group: root } - { path: "/var/www/cgi-bin/trove" } - when: trove_use_mod_wsgi | bool + when: + - trove_use_mod_wsgi | bool + - inventory_hostname in groups['trove_api'] - name: Test for log directory or link shell: | diff --git a/tasks/trove_service_setup.yml b/tasks/trove_service_setup.yml index 479ef4e..179a370 100644 --- a/tasks/trove_service_setup.yml +++ b/tasks/trove_service_setup.yml @@ -1,72 +1,62 @@ --- -# Copyright 2015, Rackspace US, Inc. +# Copyright 2016 Internet Solutions (Pty) Ltd # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -# Create a service -- name: Ensure trove service +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens +- name: Ensure the service for trove exists keystone: command: "ensure_service" endpoint: "{{ keystone_service_adminurl }}" login_user: "{{ keystone_admin_user_name }}" login_password: "{{ keystone_auth_admin_password }}" login_project_name: "{{ keystone_admin_tenant_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" service_name: "{{ trove_service_name }}" service_type: "{{ trove_service_type }}" description: "{{ trove_service_description }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_service - until: add_service|success + register: add_trove_service + until: add_trove_service |success retries: 5 delay: 2 + tags: + - trove-api-setup + - trove-service-add + - trove-setup -# Create the project if needed, assumed to be in default domain. -# In many cases this will be present but under some circumstances the project -# may be unique to trove, esp. when Swift is used for storage. -- name: Ensure trove project - keystone: - command: ensure_project - project_name: "{{ trove_service_project_name }}" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - description: "{{ trove_service_project_description }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_project - until: add_project|success - retries: 5 - delay: 10 - -# Create an admin user -- name: Ensure trove user +- name: Ensure the trove user exists keystone: command: "ensure_user" endpoint: "{{ keystone_service_adminurl }}" login_user: "{{ keystone_admin_user_name }}" login_password: "{{ keystone_auth_admin_password }}" login_project_name: "{{ keystone_admin_tenant_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" user_name: "{{ trove_service_user_name }}" tenant_name: "{{ trove_service_project_name }}" password: "{{ trove_service_password }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_user - until: add_user|success + register: add_trove_user + until: add_trove_user |success retries: 5 - delay: 10 + delay: 2 + tags: + - trove-api-setup + - trove-service-add + - trove-user-add + - trove-setup -# Add a role to the user -- name: Ensure trove user maps to admin role +- name: Ensure the trove user has the admin role keystone: command: "ensure_user_role" endpoint: "{{ keystone_service_adminurl }}" @@ -75,25 +65,25 @@ login_project_name: "{{ keystone_admin_tenant_name }}" user_name: "{{ trove_service_user_name }}" tenant_name: "{{ trove_service_project_name }}" - role_name: "{{ trove_role_name }}" + role_name: "{{ item }}" insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_admin_role - until: add_admin_role|success + register: ensure_trove_roles + until: ensure_trove_roles |success retries: 5 - delay: 10 + delay: 2 + with_items: "{{ trove_service_role_names }}" -# Create an endpoint -- name: Ensure trove endpoint +- name: Ensure the trove endpoint is registered keystone: command: "ensure_endpoint" endpoint: "{{ keystone_service_adminurl }}" login_user: "{{ keystone_admin_user_name }}" login_password: "{{ keystone_auth_admin_password }}" login_project_name: "{{ keystone_admin_tenant_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" region_name: "{{ trove_service_region }}" service_name: "{{ trove_service_name }}" service_type: "{{ trove_service_type }}" - insecure: "{{ keystone_service_adminuri_insecure }}" endpoint_list: - url: "{{ trove_service_publicurl }}" interface: "public" @@ -101,7 +91,7 @@ interface: "internal" - url: "{{ trove_service_adminurl }}" interface: "admin" - register: add_endpoint - until: add_endpoint|success + register: add_trove_endpoints + until: add_trove_endpoints |success retries: 5 - delay: 10 + delay: 2 diff --git a/templates/trove-conductor.conf.j2 b/templates/trove-conductor.conf.j2 index 69bddd1..340323c 100644 --- a/templates/trove-conductor.conf.j2 +++ b/templates/trove-conductor.conf.j2 @@ -1,62 +1,20 @@ #{{ ansible_managed }} # Do not edit this file manually, your changes will be overwritten. [DEFAULT] -verbose = True -debug = True -trove_auth_url = http://0.0.0.0:5000/v2.0 - -# The manager class to use for conductor. (string value) +debug = {{ debug }} +trove_auth_url = {{ trove_auth_url }} conductor_manager = trove.conductor.manager.Manager - -#===================== RPC Configuration ================================= - -# URL representing the messaging driver to use and its full configuration. -# If not set, we fall back to the 'rpc_backend' option and driver specific -# configuration. -#transport_url= - -# The messaging driver to use. Options include rabbit, qpid and zmq. -# Default is rabbit. (string value) -#rpc_backend=rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the 'transport_url option. -control_exchange = trove +rpc_backend={{ trove_rpc_backend }} +transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %} +control_exchange = {{ trove_control_exchange }} [profiler] -# If False fully disable profiling feature. -#enabled = False +enabled = {{ trove_profiler_enabled }} # If False doesn't trace SQL requests. #trace_sqlalchemy = True [database] -connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove +connection = "{{ trove_galera_connection_string }}" [oslo_messaging_rabbit] -# The RabbitMQ broker address where a single node is used. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host=localhost - -# The RabbitMQ broker port where a single node is used. (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port=5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -#rabbit_userid=guest - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -rabbit_password=f7999d1955c5014aa32c - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -#rabbit_virtual_host=/ +rabbit_use_ssl={{ trove_rabbitmq_use_ssl }} diff --git a/templates/trove-taskmanager.conf.j2 b/templates/trove-taskmanager.conf.j2 index b421328..8cf216a 100644 --- a/templates/trove-taskmanager.conf.j2 +++ b/templates/trove-taskmanager.conf.j2 @@ -1,85 +1,31 @@ #{{ ansible_managed }} # Do not edit this file manually, your changes will be overwritten. [DEFAULT] -# Show more verbose log output (sets INFO log level output) -verbose = True - -# Show debugging output in logs (sets DEBUG log level output) -debug = True - -# Update the service and instance statuses if the instances fails to become -# active within the configured usage_timeout. -# usage_timeout = 600 -# restore_usage_timeout = 36000 +debug = {{ debug }} update_status_on_fail = True - -#================= RPC Configuration ================================ - -# URL representing the messaging driver to use and its full configuration. -# If not set, we fall back to the 'rpc_backend' option and driver specific -# configuration. -#transport_url= - -# The messaging driver to use. Options include rabbit, qpid and zmq. -# Default is rabbit. (string value) -#rpc_backend=rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the 'transport_url option. -control_exchange = trove - -#DB Api Implementation +rpc_backend={{ trove_rpc_backend }} +transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %} +control_exchange = {{ trove_control_exchange }} db_api_implementation = trove.db.sqlalchemy.api - -# Configuration options for talking to nova via the novaclient. -trove_auth_url = http://0.0.0.0:5000/v2.0 -#nova_compute_url = http://localhost:8774/v2 -#cinder_url = http://localhost:8776/v1 -#swift_url = http://localhost:8080/v1/AUTH_ -#neutron_url = http://localhost:9696/ - -# nova_compute_url, cinder_url, swift_url, and heat_url can all be fetched -# from Keystone. To fetch from Keystone, comment out nova_compute_url, -# cinder_url, swift_url, and heat_url and optionally uncomment the lines below. - -# Region name of this node. Used when searching catalog. Default value is None. -#os_region_name = RegionOne -# Service type to use when searching catalog. -#nova_compute_service_type = compute -# Service type to use when searching catalog. -#cinder_service_type = volumev2 -# Service type to use when searching catalog. -#swift_service_type = object-store -# Service type to use when searching catalog. -#heat_service_type = orchestration -# Service type to use when searching catalog. -#neutron_service_type = network - -# Config options for enabling volume service +trove_auth_url = {{ trove_auth_url }} +nova_compute_url = {{ trove_nova_compute_url }} +cinder_url = {{ trove_cinder_url }} +swift_url = {{ trove_swift_url }} +neutron_url = {{ trove_neutron_url }} +os_region_name = {{ trove_service_region }} +nova_compute_service_type = compute +cinder_service_type = volumev2 +swift_service_type = object-store +heat_service_type = orchestration +neutron_service_type = network trove_volume_support = True block_device_mapping = vdb device_path = /dev/vdb mount_point = /var/lib/mysql volume_time_out=30 server_delete_time_out=480 - -# Nova server boot options -# sets the --config-drive argument when doing a nova boot -# (controls how file injection is handled by nova) use_nova_server_config_drive = False - -# Configuration options for talking to nova via the novaclient. -# These options are for an admin user in your keystone config. -# It proxy's the token received from the user to send to nova via this admin users creds, -# basically acting like the client via that proxy token. -nova_proxy_admin_user = admin -nova_proxy_admin_pass = 3de4922d8b6ac5a1aad9 -nova_proxy_admin_tenant_id = - -# Manager impl for the taskmanager taskmanager_manager=trove.taskmanager.manager.Manager - -# Manager sends Exists Notifications exists_notification_transformer = trove.extensions.mgmt.instances.models.NovaNotificationTransformer exists_notification_ticks = 30 notification_service_id = mysql:2f3ff068-2bfb-4f70-9a9d-a6bb65bc084b @@ -115,46 +61,14 @@ agent_replication_snapshot_timeout = 36000 # Whether to use nova's contrib api for create server with volume use_nova_server_volume = False -# Config option for filtering the IP address that DNS uses -# For nova-network, set this to the appropriate network label defined in nova -# For neutron, set this to .* since users can specify custom network labels -# You can also optionally specify regex'es to match the actual IP addresses -# ip_regex (white-list) is applied before black_list_regex in the filter chain -network_label_regex = ^private$ +network_label_regex = .* #ip_regex = ^(15.|123.) #black_list_regex = ^(10.0.0.) # Datastore templates template_path = /etc/trove/templates/ - -# ============ Notification System configuration =========================== - -# Sets the notification driver used by oslo.messaging. Options include -# messaging, messagingv2, log and routing. Default is 'noop' -# notification_driver=noop - -# Topics used for OpenStack notifications, list value. Default is 'notifications'. -# notification_topics=notifications - -# ============ Logging information ============================= -#log_dir = /integration/report -#log_file = trove-taskmanager.log - -# ============ PyDev remote dubugging ============================= - -# Enable or disable pydev remote debugging. -# There are three values allowed: 'disabled', 'enabled' and 'auto' -# If value is 'auto' tries to connect to remote debugger server, -# but in case of error continue running with disabled debugging pydev_debug = disabled -# remote debug server host and port options -#pydev_debug_host = localhost -#pydev_debug_port = 5678 - -# path to pydevd library. It will be used if pydevd is absent in sys.path -#pydev_path = - # ================= Guestagent related ======================== #guest_config = /etc/trove/trove-guestagent.conf # Use 'guest_info = /etc/guest_info' for pre-Kilo compatibility @@ -164,72 +78,23 @@ pydev_debug = disabled #cloudinit_location = /etc/trove/cloudinit [database] - -# SQLAlchemy connection string for the reference implementation -# registry server. Any valid SQLAlchemy connection string is fine. -# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine -connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove -# connection = mysql://root:root@localhost/trove - -# Period in seconds after which SQLAlchemy should reestablish its connection -# to the database. -# -# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop -# idle connections. This can result in 'MySQL Gone Away' exceptions. If you -# notice this, you can lower this value to ensure that SQLAlchemy reconnects -# before MySQL can drop the connection. +connection = "{{ trove_galera_connection_string }}" idle_timeout = 3600 -# ================= Security groups related ======================== -# Each future datastore implementation should implement -# its own oslo group with defined in it: -# - tcp_ports; upd_ports; - [profiler] -# If False fully disable profiling feature. -#enabled = False +enabled = {{ trove_profiler_enabled }} # If False doesn't trace SQL requests. #trace_sqlalchemy = True [oslo_messaging_rabbit] -# The RabbitMQ broker address where a single node is used. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host=localhost - -# The RabbitMQ broker port where a single node is used. (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port=5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -#rabbit_userid=guest - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -rabbit_password=f7999d1955c5014aa32c - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -#rabbit_virtual_host=/ +rabbit_use_ssl={{ trove_rabbitmq_use_ssl }} [mysql] -# Format (single port or port range): A, B-C -# where C greater than B tcp_ports = 3306 volume_support = True device_path = /dev/vdb [redis] -# Format (single port or port range): A, B-C -# where C greater than B tcp_ports = 6379 # redis uses local storage volume_support = False diff --git a/templates/trove.conf.j2 b/templates/trove.conf.j2 index f93842f..c2ee56f 100644 --- a/templates/trove.conf.j2 +++ b/templates/trove.conf.j2 @@ -1,87 +1,26 @@ # {{ ansible_managed }} +{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %} +{% set api_threads = _api_threads if _api_threads > 0 else 1 %} [DEFAULT] -# Show more verbose log output (sets INFO log level output) -verbose = True - -# Show debugging output in logs (sets DEBUG log level output) -debug = False - -# Address to bind the API server -bind_host = 0.0.0.0 - -# Port the bind the API server to -bind_port = 8779 - -# Number of workers for the API service. The default will -# be the number of CPUs available. (integer value) -#trove_api_workers=None - -#===================== RPC Configuration ================================= - -# URL representing the messaging driver to use and its full configuration. -# If not set, we fall back to the 'rpc_backend' option and driver specific -# configuration. -#transport_url= - -# The messaging driver to use. Options include rabbit, qpid and zmq. -# Default is rabbit. (string value) -#rpc_backend=rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the 'transport_url option. -control_exchange = trove - -# Maximum line size of message headers to be accepted. -# max_header_line may need to be increased when using large tokens -# (typically those generated by the Keystone v3 API with big service -# catalogs) -# max_header_line = 16384 - -#DB Api Implementation +debug = {{ debug }} +bind_host = {{ trove_service_host }} +bind_port = {{ trove_service_port }} +trove_api_workers={{ trove_api_workers | default(api_threads) }} +rpc_backend={{ trove_rpc_backend }} +transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %} +control_exchange = {{ trove_control_exchange }} db_api_implementation = "trove.db.sqlalchemy.api" - -# Configuration options for talking to nova via the novaclient. -trove_auth_url = http://0.0.0.0:5000/v2.0 -#nova_compute_url = http://localhost:8774/v2 -#cinder_url = http://localhost:8776/v1 -#swift_url = http://localhost:8080/v1/AUTH_ -#neutron_url = http://localhost:9696/ - -# nova_compute_url, cinder_url, swift_url, and heat_url can all be fetched -# from Keystone. To fetch from Keystone, comment out nova_compute_url, -# cinder_url, swift_url, and heat_url and optionally uncomment the lines below. - -# Region name of this node. Used when searching catalog. Default value is None. -#os_region_name = RegionOne -# Service type to use when searching catalog. -#nova_compute_service_type = compute -# Service type to use when searching catalog. -#cinder_service_type = volumev2 -# Service type to use when searching catalog. -#swift_service_type = object-store -# Service type to use when searching catalog. -#heat_service_type = orchestration -# Service type to use when searching catalog. -#neutron_service_type = network - -# Config option for showing the IP address that nova doles out -# For nova-network, set this to the appropriate network label defined in nova -# For neutron, set this to .* since users can specify custom network labels -# You can also optionally specify regex'es to match the actual IP addresses -# ip_regex (white-list) is applied before black_list_regex in the filter chain -network_label_regex = ^private$ +trove_auth_url = {{ trove_auth_url }} +os_region_name = {{ trove_service_region }} +network_label_regex = .* #network_label_regex = .* //with neutron enabled #ip_regex = ^(15.|123.) #black_list_regex = ^10.0.0. - -# Config options for enabling volume service trove_volume_support = True block_device_mapping = vdb device_path = /dev/vdb -# Maximum volume size for an instance max_accepted_volume_size = 10 max_instances_per_tenant = 5 -# Maximum volume capacity (in GB) spanning across all trove volumes per tenant max_volumes_per_tenant = 100 max_backups_per_tenant = 5 volume_time_out=30 @@ -111,7 +50,6 @@ dns_service_type = dns network_driver = trove.network.nova.NovaNetwork default_neutron_networks = - # Taskmanager queue name taskmanager_queue = taskmanager @@ -129,51 +67,12 @@ reboot_time_out = 60 # Trove api-paste file name api_paste_config = api-paste.ini - -# ============ Notification System configuration =========================== - -# Sets the notification driver used by oslo.messaging. Options include -# messaging, messagingv2, log and routing. Default is 'noop' -# notification_driver=noop - -# Topics used for OpenStack notifications, list value. Default is 'notifications'. -# notification_topics=notifications - -# ============ Logging information ============================= -#log_dir = /integration/report -#log_file = trove-api.log - - [database] - -# SQLAlchemy connection string for the reference implementation -# registry server. Any valid SQLAlchemy connection string is fine. -# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine -# connection = sqlite:///trove_test.sqlite -connection = mysql://root:e1a2c042c828d3566d0a@localhost/trove -#connection = postgresql://trove:trove@localhost/trove - -# Period in seconds after which SQLAlchemy should reestablish its connection -# to the database. -# -# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop -# idle connections. This can result in 'MySQL Gone Away' exceptions. If you -# notice this, you can lower this value to ensure that SQLAlchemy reconnects -# before MySQL can drop the connection. +connection = "{{ trove_galera_connection_string }}" idle_timeout = 3600 - - -# ============ SSL configuration (and enablement) ============================= -# In order to enable SSL for the trove api server, uncomment -# the cert_file and key_file - and of course have those files -# accessible. The existence of those setting and files will -# enable SSL. - [profiler] -# If False fully disable profiling feature. -#enabled = False -# If False doesn't trace SQL requests. +enabled = {{ trove_profiler_enabled }} #trace_sqlalchemy = True [ssl] @@ -184,38 +83,10 @@ idle_timeout = 3600 #ca_file = /path/to/ca_file [oslo_messaging_rabbit] -# The RabbitMQ broker address where a single node is used. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host=localhost - -# The RabbitMQ broker port where a single node is used. (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port=5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -#rabbit_userid=guest - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -rabbit_password=f7999d1955c5014aa32c - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -#rabbit_virtual_host=/ +rabbit_use_ssl={{ trove_rabbitmq_use_ssl }} [mysql] root_on_create = False -# Format (single port or port range): A, B-C -# where C greater than B tcp_ports = 3306 volume_support = True device_path = /dev/vdb @@ -224,7 +95,6 @@ device_path = /dev/vdb ignore_users = os_admin, root ignore_dbs = mysql, information_schema, performance_schema - [redis] tcp_ports = 6379 #redis uses local storage @@ -256,61 +126,3 @@ device_path = /dev/vdb cluster_support = True cluster_member_count = 3 api_strategy = trove.common.strategies.cluster.experimental.vertica.api.VerticaAPIStrategy - - -# ============ CORS configuration ============================= - -[cors] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain received in the -# requests "origin" header. (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple -# Headers. (list value) -#expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual request. -# (list value) -#allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID - - -[cors.subdomain] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain received in the -# requests "origin" header. (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple -# Headers. (list value) -#expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual request. -# (list value) -#allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID diff --git a/tests/test-prepare-keys.yml b/tests/test-prepare-keys.yml index a4fad4f..e9eb352 100644 --- a/tests/test-prepare-keys.yml +++ b/tests/test-prepare-keys.yml @@ -13,21 +13,94 @@ # See the License for the specific language governing permissions and # limitations under the License. -# NOTE: we use become_user because setting become: no or become: false -# doesn't seem to override the ansible_become=true in the -# inventory - name: Playbook for establishing ssh keys hosts: localhost - become_user: "{{ ansible_ssh_user }}" - pre_tasks: + connection: local + gather_facts: false + become: true + tasks: + - name: Ensure root has a .ssh directory + file: + path: /root/.ssh + state: directory + owner: root + group: root + mode: 0700 + - name: Create ssh key pair for root user: - name: "{{ ansible_ssh_user }}" - generate_ssh_key: "yes" + name: root + generate_ssh_key: yes ssh_key_bits: 2048 - ssh_key_file: ".ssh/id_rsa" - - name: Get the calling user's key - command: cat ~/.ssh/id_rsa.pub - register: key_get - - set_fact: - lxc_container_ssh_key: "{{ key_get.stdout }}" + ssh_key_file: /root/.ssh/id_rsa + + - name: Get root private key + command: cat /root/.ssh/id_rsa + register: private_key_get + changed_when: false + + - name: Get root public key + command: cat /root/.ssh/id_rsa.pub + register: public_key_get + changed_when: false + + - name: Set key facts + set_fact: + root_public_key: "{{ public_key_get.stdout }}" + root_private_key: "{{ private_key_get.stdout }}" + lxc_container_ssh_key: "{{ public_key_get.stdout }}" + + - name: Ensure root can ssh to localhost + authorized_key: + user: "root" + key: "{{ root_public_key }}" + + +- name: Playbook for establishing user ssh keys + hosts: localhost + connection: local + gather_facts: false + become: false + tasks: + # Shell used because facts may not be ready yet + - name: Get user home directory + shell: "getent passwd '{{ ansible_ssh_user }}' | cut -d':' -f6" + register: user_home + changed_when: false + + - name: Set local user home fact + set_fact: + calling_user_home: "{{ user_home.stdout }}" + + - name: Ensure user has a .ssh directory + file: + path: "{{ calling_user_home }}/.ssh" + state: directory + owner: "{{ ansible_ssh_user }}" + group: "{{ ansible_ssh_user }}" + mode: 0700 + when: ansible_ssh_user != 'root' + + - name: Ensure user has the known private key + copy: + content: "{{ root_private_key }}" + dest: "{{ calling_user_home }}/.ssh/id_rsa" + owner: "{{ ansible_ssh_user }}" + group: "{{ ansible_ssh_user }}" + mode: "0600" + when: ansible_ssh_user != 'root' + + - name: Ensure user has the known public key + copy: + content: "{{ root_public_key }}" + dest: "{{ calling_user_home }}/.ssh/id_rsa.pub" + owner: "{{ ansible_ssh_user }}" + group: "{{ ansible_ssh_user }}" + mode: "0600" + when: ansible_ssh_user != 'root' + + - name: Ensure local user can ssh to localhost + authorized_key: + user: "{{ ansible_ssh_user }}" + key: "{{ root_public_key }}" + when: ansible_ssh_user != 'root' diff --git a/tests/test-vars.yml b/tests/test-vars.yml index 13c618b..427781d 100644 --- a/tests/test-vars.yml +++ b/tests/test-vars.yml @@ -72,6 +72,10 @@ trove_venv_tag: "testing" openrc_os_auth_url: "http://127.0.0.1:5000/v3" openrc_os_domain_name: "Default" openrc_os_password: "{{ keystone_auth_admin_password }}" +neutron_service_port: 9696 +swift_proxy_port: 8080 +cinder_service_port: 8776 +nova_service_port: 8774 rabbitmq_port: 5672 rabbitmq_servers: 10.100.102.101 diff --git a/tox.ini b/tox.ini index 0f87f54..b20e2e2 100755 --- a/tox.ini +++ b/tox.ini @@ -94,7 +94,7 @@ commands = [testenv:ansible] deps = {[testenv]deps} - ansible==2.1.1.0 + ansible==1.9.4 ansible-lint>=2.7.0,<3.0.0 setenv = {[testenv]setenv} @@ -161,23 +161,14 @@ deps = setenv = {[testenv:ansible]setenv} commands = - echo -e "\n *******************************************************\n" \ - "**** Functional Testing is still to be implemented ****\n" \ - "**** TODO: Write tests here ****\n" \ - "*******************************************************\n" - # As a temporary measure, while functional testing is being worked on, we - # will not execute the functional test. This allows other patches to be - # worked on while the functional testing is being worked out. - #{[testenv:ansible]commands} - #ansible-playbook -i {toxinidir}/tests/inventory \ - # -e "rolename={toxinidir}" \ - # -e "install_test_packages=True" \ - # {toxinidir}/tests/test.yml -vvvv + {[testenv:ansible]commands} + ansible-playbook -i {toxinidir}/tests/inventory \ + -e "rolename={toxinidir}" \ + -e "install_test_packages=True" \ + {toxinidir}/tests/test.yml -vvvv bash -c 'mkdir -p {toxinidir}/logs' bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true' - - [testenv:linters] deps = {[testenv:ansible]deps}