From a90e7afc5c99dd7e84480792eb793e4218679104 Mon Sep 17 00:00:00 2001
From: "Kyle L. Henderson" <kyleh@us.ibm.com>
Date: Thu, 15 Sep 2016 08:49:23 -0500
Subject: [PATCH] Update role with fixes for AIO testing

While doing some preliminary testing using a prototype AIO, the
following issues where observed and fixed.

The trove CLI is expecting the service name to be 'database' in
keystone.  Update from 'dbaas' to 'database'.

Add the tenant id to the trove service URLs, they are needed.

Ignore failures when restarting services since all trove services
are attempted to be restarted in all trove containers, which
produces invalid combinations.

When calling the trove-manage CLI to create the DB, provide the
trove conductor conf file so the CLI has the DB connection
information.

Add a blank line after the transport_url specification, otherwise
the following line is added to the URL and forms an invalid value.

Add Nova and Keystone configuration values to the trove api conf
file since they are needed by the trove api service.

Add Nova configuration values for the trove task manager service.

Default to using the internal URL to for nova client.

Change-Id: If70077ea5d66151999b8965c218e4cb853e6f81a
---
 defaults/main.yml                   | 11 ++++++-----
 handlers/main.yml                   |  3 +++
 tasks/trove_db_setup.yml            |  5 ++++-
 templates/trove-conductor.conf.j2   |  2 ++
 templates/trove-taskmanager.conf.j2 |  8 ++++++++
 templates/trove.conf.j2             | 29 +++++++++++++++++++++++++++++
 6 files changed, 52 insertions(+), 6 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 78399b7..2c5221f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -32,7 +32,7 @@ trove_taskmanager_program_name: trove-taskmanager
 
 trove_service_name: trove
 trove_service_user_name: trove
-trove_service_type: dbaas
+trove_service_type: database
 trove_service_description: "OpenStack DBaaS (Trove)"
 trove_service_project_name: service
 trove_service_role_names:
@@ -41,13 +41,13 @@ trove_service_region: RegionOne
 trove_service_host: "0.0.0.0"
 trove_service_port: 8779
 trove_service_publicuri_proto: http
-trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0"
+trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
 trove_service_internaluri_proto: http
-trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0"
+trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
 trove_service_adminuri_proto: http
-trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0"
+trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
 trove_auth_url: "{{ keystone_service_internalurl }}"
-trove_nova_compute_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_service_port }}/v2.1"
+trove_nova_compute_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}/v2.1"
 trove_cinder_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}/v1"
 trove_swift_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_"
 trove_neutron_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}/"
@@ -127,6 +127,7 @@ trove_requires_pip_packages:
   - httplib2
   - python-glanceclient
   - python-keystoneclient
+  - python-memcached
   - python-troveclient
   - virtualenv
   - virtualenv-tools
diff --git a/handlers/main.yml b/handlers/main.yml
index 322090f..6e9e68c 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -20,6 +20,7 @@
     name: "{{ trove_api_program_name }}"
     state: "restarted"
     pattern: "{{ trove_api_program_name }}"
+  failed_when: false
   when: not trove_use_mod_wsgi | bool
 
 - name: Restart trove conductor service
@@ -27,12 +28,14 @@
     name: "{{ trove_conductor_service_name }}"
     state: "restarted"
     pattern: "{{ trove_conductor_service_name }}"
+  failed_when: false
 
 - name: Restart trove taskmanager service
   service:
     name: "{{ trove_taskmanager_service_name }}"
     state: "restarted"
     pattern: "{{ trove_taskmanager_service_name }}"
+  failed_when: false
 
 - name: Restart Apache
   service:
diff --git a/tasks/trove_db_setup.yml b/tasks/trove_db_setup.yml
index 03ce558..52e9c81 100644
--- a/tasks/trove_db_setup.yml
+++ b/tasks/trove_db_setup.yml
@@ -16,6 +16,9 @@
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 - name: Perform a trove DB sync
-  command: "{{ trove_bin }}/trove-manage db_sync {{ trove_db_sync_options }}"
+  command: >
+    {{ trove_bin }}/trove-manage
+    --config-file=/etc/trove/{{ trove_conductor_program_name }}.conf
+    db_sync {{ trove_db_sync_options }}
   become: yes
   become_user: "{{ trove_system_user_name }}"
diff --git a/templates/trove-conductor.conf.j2 b/templates/trove-conductor.conf.j2
index 340323c..642c6b6 100644
--- a/templates/trove-conductor.conf.j2
+++ b/templates/trove-conductor.conf.j2
@@ -6,6 +6,8 @@ trove_auth_url = {{ trove_auth_url }}
 conductor_manager = trove.conductor.manager.Manager
 rpc_backend={{ trove_rpc_backend }}
 transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
+
+{# There must be a blank line above or the following line will be appended to the previous. #}
 control_exchange = {{ trove_control_exchange }}
 
 [profiler]
diff --git a/templates/trove-taskmanager.conf.j2 b/templates/trove-taskmanager.conf.j2
index 8cf216a..2a70726 100644
--- a/templates/trove-taskmanager.conf.j2
+++ b/templates/trove-taskmanager.conf.j2
@@ -5,6 +5,8 @@ debug = {{ debug }}
 update_status_on_fail = True
 rpc_backend={{ trove_rpc_backend }}
 transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
+
+{# There must be a blank line above or the following line will be appended to the previous. #}
 control_exchange = {{ trove_control_exchange }}
 db_api_implementation = trove.db.sqlalchemy.api
 trove_auth_url = {{ trove_auth_url }}
@@ -48,6 +50,12 @@ dns_service_type = dns
 network_driver = trove.network.nova.NovaNetwork
 default_neutron_networks =
 
+# Nova
+nova_compute_url = {{ trove_nova_compute_url }}
+nova_proxy_admin_user = {{ trove_service_user_name }}
+nova_proxy_admin_pass = {{ trove_service_password }}
+nova_proxy_admin_tenant_name = {{ trove_service_project_name }}
+
 # Trove Security Groups for Instances
 trove_security_groups_support = True
 trove_security_group_rule_cidr = 0.0.0.0/0
diff --git a/templates/trove.conf.j2 b/templates/trove.conf.j2
index c2ee56f..3c650d2 100644
--- a/templates/trove.conf.j2
+++ b/templates/trove.conf.j2
@@ -8,6 +8,8 @@ bind_port = {{ trove_service_port }}
 trove_api_workers={{ trove_api_workers | default(api_threads) }}
 rpc_backend={{ trove_rpc_backend }}
 transport_url = rabbit://{% for host in trove_rabbitmq_servers.split(',') %}{{ trove_rabbitmq_userid }}:{{ trove_rabbitmq_password }}@{{ host }}:{{ trove_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ trove_rabbitmq_vhost }}{% endif %}{% endfor %}
+
+{# There must be a blank line above or the following line will be appended to the previous. #}
 control_exchange = {{ trove_control_exchange }}
 db_api_implementation = "trove.db.sqlalchemy.api"
 trove_auth_url = {{ trove_auth_url }}
@@ -46,6 +48,12 @@ dns_instance_entry_factory = trove.dns.designate.driver.DesignateInstanceEntryFa
 dns_endpoint_url = http://127.0.0.1/v1/
 dns_service_type = dns
 
+# Nova
+nova_compute_url = {{ trove_nova_compute_url }}
+nova_proxy_admin_user = {{ trove_service_user_name }}
+nova_proxy_admin_pass = {{ trove_service_password }}
+nova_proxy_admin_tenant_name = {{ trove_service_project_name }}
+
 # Neutron
 network_driver = trove.network.nova.NovaNetwork
 default_neutron_networks =
@@ -55,6 +63,7 @@ taskmanager_queue = taskmanager
 
 # Auth
 admin_roles = admin
+auth_strategy = keystone
 
 # Guest related conf
 agent_heartbeat_time = 10
@@ -67,6 +76,26 @@ reboot_time_out = 60
 # Trove api-paste file name
 api_paste_config = api-paste.ini
 
+[keystone_authtoken]
+insecure = {{ keystone_service_internaluri_insecure | bool }}
+auth_plugin = {{ trove_keystone_auth_plugin }}
+auth_url = {{ keystone_service_adminuri }}
+auth_uri = {{ keystone_service_internaluri }}
+project_domain_id = {{ trove_service_project_domain_id }}
+user_domain_id = {{ trove_service_user_domain_id }}
+project_name = {{ trove_service_project_name }}
+username = {{ trove_service_user_name }}
+password = {{ trove_service_password }}
+region_name = {{ keystone_service_region }}
+
+memcached_servers = {{ memcached_servers }}
+token_cache_time = 300
+revocation_cache_time = 60
+
+# if your memcached server is shared, use these settings to avoid cache poisoning
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcached_encryption_key }}
+
 [database]
 connection = "{{ trove_galera_connection_string }}"
 idle_timeout = 3600