Initial commit

The repository will be consist of: [+] redis services definitions includes redis-sentinel and slave.The redis used by zmq driver as matchmaker (servers discovering). By default redis deployment is just single master: ---------------------------------------------- configs: redis: deployment: single node1: - redis To enable HA mode can be used next configuration: ---------------------------------------------- configs: redis: deployment: ha node1: - redis <---require just one master per deployment node[2-5]: - redis-slave - redis-sentinel Depend on redis.deployment option value a config of services which use redis can be switched. ---------------------------------------------- {{ if redis.deployment == ha }} // related configs [+] zmq-proxy - the central proxy which perform a message redirection to endpoints to avoid direct connections between openstack services (n^2 connections). To allow an OpenStack service configuration and dependencies switching between ZMQ and RabbitMQ back-ends can be used next config section (rabbitmq is default): messaging: backend: rpc: zmq notifications: rabbitmq Because there is cases when back-end name is not actually name of depended service, like `zmq` backend name != `zmq-proxy` and `redis`, there is special section of dependencies definiton: messaging: dependencies: zmq: zmq-proxy Services, which uses oslo.messaging can specify messaging dependency by generic way: dependencies: - {{ messaging.dependencies[messaging.backend.rpc] }} - {{ messaging.dependencies[messaging.backend.notifications] }} Change-Id: I63cd5d008eb8e97903e303f37ac8a90616d4c4a2
2016-11-30 19:52:52 +03:00 · 2016-11-30 19:52:52 +03:00 · 0555a639df
parent 44d36dee6a
commit 0555a639df
15 changed files with 335 additions and 0 deletions
--- a/docker/redis/Dockerfile.j2
+++ b/docker/redis/Dockerfile.j2
@ -0,0 +1,23 @@
+FROM {{ image_spec("base-tools") }}
+MAINTAINER {{ maintainer }}
+
+COPY redis_sudoers /etc/sudoers.d/redis_sudoers
+RUN chmod 750 /etc/sudoers.d && \
+    chmod 440 /etc/sudoers.d/redis_sudoers
+
+RUN useradd redis -G microservices && \
+    apt-get update && \
+    apt-get install --no-install-recommends -y build-essential make gcc curl && \
+
+    src=redis-{{ redis_version }} && \
+    curl -L http://download.redis.io/releases/$src.tar.gz -o $src.tar.gz && \
+    tar xzf $src.tar.gz && chown -R redis: ./$src && \
+    su -c "make -C ./$src" redis && make install -C ./$src && \
+
+    usermod -s /bin/false redis && \
+    apt-get remove -y --purge build-essential make gcc && \
+    rm -f $src.tar.gz && rm -rf $src && \
+    rm -rf /var/lib/{apt,dpkg,cache,log}/ && \
+    mkdir /etc/redis && chown -R redis: /etc/redis
+
+USER redis
--- a/docker/redis/redis_sudoers
+++ b/docker/redis/redis_sudoers
@ -0,0 +1 @@
+%microservices ALL=(root) NOPASSWD: /bin/chown -R redis\: /var/lib/redis /var/log/ccp/redis
--- a/docker/zmq-proxy/Dockerfile.j2
+++ b/docker/zmq-proxy/Dockerfile.j2
@ -0,0 +1,10 @@
+FROM {{ image_spec("openstack-base") }}
+MAINTAINER {{ maintainer }}
+
+COPY zmq_sudoers /etc/sudoers.d/zmq_sudoers
+RUN chmod 750 /etc/sudoers.d && \
+    chmod 440 /etc/sudoers.d/zmq_sudoers && \
+    useradd zmq-proxy -G microservices -s /bin/false && \
+    mkdir -p /etc/ccp/zmq && chown -R zmq-proxy /etc/ccp/zmq
+
+USER zmq-proxy
--- a/docker/zmq-proxy/zmq_sudoers
+++ b/docker/zmq-proxy/zmq_sudoers
@ -0,0 +1 @@
+%microservices ALL=(root) NOPASSWD: /bin/chown -R zmq-proxy /var/log/ccp/zmq
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@ -0,0 +1,27 @@
+configs:
+  messaging:
+    dependencies:
+      zmq: zmq-proxy
+  zmq:
+    matchmaker: redis
+    sentinel:
+      master_group: master
+    proxy:
+      ports:
+        frontend:
+          cont: 50001
+        backend:
+          cont: 50002
+        publisher:
+          cont: 50003
+  redis:
+    deployment: single
+    ports:
+      server:
+        cont: 6379
+      sentinel:
+        cont: 26379
+    password: r00tme
+    quorum: 2
+versions:
+  redis_version: 3.2.3
--- a/service/files/redis.conf.j2
+++ b/service/files/redis.conf.j2
@ -0,0 +1,54 @@
+pidfile /var/run/redis/redis-server.pid
+logfile /var/log/ccp/redis/redis.log
+dir /var/lib/redis
+
+bind {{ network_topology["private"]["address"] }}
+port {{ redis.ports.server.cont }}
+
+# requirepass {{ redis.password }}
+# masterauth {{ redis.password }}
+
+protected-mode no
+timeout 0
+tcp-keepalive 300
+loglevel notice
+databases 16
+save 900 1
+save 300 10
+save 60 10000
+stop-writes-on-bgsave-error yes
+rdbcompression yes
+rdbchecksum yes
+dbfilename dump.rdb
+slave-serve-stale-data yes
+slave-read-only yes
+repl-diskless-sync no
+repl-diskless-sync-delay 5
+repl-disable-tcp-nodelay no
+slave-priority 100
+appendonly no
+appendfilename "appendonly.aof"
+appendfsync everysec
+no-appendfsync-on-rewrite no
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+aof-load-truncated yes
+lua-time-limit 5000
+slowlog-log-slower-than 10000
+slowlog-max-len 128
+latency-monitor-threshold 0
+notify-keyspace-events ""
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+list-max-ziplist-entries 512
+list-max-ziplist-value 64
+set-max-intset-entries 512
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+hll-sparse-max-bytes 3000
+activerehashing yes
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit slave 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+hz 10
+aof-rewrite-incremental-fsync yes
--- a/service/files/sentinel.conf.j2
+++ b/service/files/sentinel.conf.j2
@ -0,0 +1,13 @@
+port {{ redis.ports.sentinel.cont }}
+logfile "/var/log/ccp/redis/sentinel.log"
+protected-mode no
+
+sentinel announce-ip {{ network_topology["private"]["address"] }}
+sentinel announce-port {{ redis.ports.sentinel.cont }}
+
+# master definiton
+sentinel monitor {{ zmq.sentinel.master_group }} {{ address('redis') }} {{ redis.ports.server.cont }} {{ redis.quorum }}
+# sentinel auth-pass master {{ redis.password }}
+sentinel down-after-milliseconds  {{ zmq.sentinel.master_group }} 60000
+sentinel failover-timeout  {{ zmq.sentinel.master_group }} 180000
+sentinel parallel-syncs {{ zmq.sentinel.master_group }} 1
--- a/service/files/zmq-proxy.conf.j2
+++ b/service/files/zmq-proxy.conf.j2
@ -0,0 +1,24 @@
+[zmq_proxy_opts]
+host={{ network_topology["private"]["address"] }}
+frontend-port={{ zmq.proxy.ports.frontend.cont }}
+backend-port={{ zmq.proxy.ports.backend.cont }}
+publisher-port={{ zmq.proxy.ports.publisher.cont }}
+
+{% if zmq.matchmaker == 'redis' %}
+[oslo_messaging_zmq]
+rpc_zmq_matchmaker=redis
+
+[matchmaker_redis]
+password={{ redis.password }}
+
+{% if redis.deployment == 'single' %}
+host={{ address('redis') }}
+port={{ redis.ports.server.cont }}
+{% endif %}
+
+{% if redis.deployment == 'ha' %}
+sentinel_hosts={{address('redis-sentinel')}}:{{ redis.ports.sentinel.cont }}
+sentinel_group_name={{zmq.sentinel.master_group}}
+{% endif %}
+
+{% endif %}
--- a/service/redis-sentinel.yaml
+++ b/service/redis-sentinel.yaml
@ -0,0 +1,33 @@
+dsl_version: 0.1.0
+service:
+  name: redis-sentinel
+  kind: DaemonSet
+  ports:
+    - {{ redis.ports.sentinel }}
+  containers:
+    - name: redis-sentinel
+      image: redis
+      probes:
+        readiness: "true"
+        liveness:
+          command: 'true'
+          type: 'exec'
+      pre:
+        - name: chown-logs-dir
+          command: "sudo /bin/chown -R redis: /var/lib/redis /var/log/ccp/redis"
+      daemon:
+        files:
+          - sentinel-conf
+        command: redis-server /etc/redis/sentinel.conf --sentinel
+        dependencies:
+          - redis
+          - redis-slave
+      volumes:
+        - name: redis-logs
+          path: "/var/log/ccp/redis"
+          type: host
+          readOnly: False
+files:
+  sentinel-conf:
+    path: /etc/redis/sentinel.conf
+    content: sentinel.conf.j2
--- a/service/redis-slave.yaml
+++ b/service/redis-slave.yaml
@ -0,0 +1,38 @@
+dsl_version: 0.1.0
+service:
+  name: redis-slave
+  kind: DaemonSet
+  ports:
+    - {{ redis.ports.server }}
+  containers:
+    - name: redis-slave
+      image: redis
+      probes:
+        readiness: "true"
+        liveness:
+          command: "true"
+          type: "exec"
+      pre:
+        - name: chown-logs-dir
+          command: "sudo /bin/chown -R redis: /var/lib/redis /var/log/ccp/redis"
+      daemon:
+        files:
+          - redis-conf
+        command: >
+                redis-server /etc/redis/redis.conf
+                --slaveof {{ address('redis') }} {{ redis.ports.server.cont }}
+        dependencies:
+          - redis
+      volumes:
+        - name: redis-logs
+          path: "/var/log/ccp/redis"
+          type: host
+          readOnly: False
+        - name: redis-data
+          path: "/var/lib/redis"
+          type: host
+          readOnly: False
+files:
+  redis-conf:
+    path: /etc/redis/redis.conf
+    content: redis.conf.j2
--- a/service/redis.yaml
+++ b/service/redis.yaml
@ -0,0 +1,34 @@
+dsl_version: 0.1.0
+service:
+  name: redis
+  kind: DaemonSet
+  ports:
+    - {{ redis.ports.server }}
+  containers:
+    - name: redis
+      image: redis
+      probes:
+        readiness: 'true'
+        liveness:
+          command: 'true'
+          type: 'exec'
+      pre:
+        - name: chown-logs-dir
+          command: "sudo /bin/chown -R redis: /var/lib/redis /var/log/ccp/redis"
+      daemon:
+        files:
+          - redis-conf
+        command: redis-server /etc/redis/redis.conf
+      volumes:
+        - name: redis-logs
+          path: "/var/log/ccp/redis"
+          type: host
+          readOnly: False
+        - name: redis-data
+          path: "/var/lib/redis"
+          type: host
+          readOnly: False
+files:
+  redis-conf:
+    path: /etc/redis/redis.conf
+    content: redis.conf.j2
--- a/service/zmq-proxy.yaml
+++ b/service/zmq-proxy.yaml
@ -0,0 +1,34 @@
+dsl_version: 0.1.0
+service:
+  kind: DaemonSet
+  name: zmq-proxy
+  ports:
+    - {{ zmq.proxy.ports.frontend }}
+    - {{ zmq.proxy.ports.backend }}
+    - {{ zmq.proxy.ports.publisher }}
+  containers:
+    - name: zmq-proxy
+      image: zmq-proxy
+      probes:
+        readiness: "true"
+        liveness:
+          command: "true"
+          type: "exec"
+      pre:
+        - name: chown-logs-dir
+          command: "sudo /bin/chown -R zmq-proxy /var/log/ccp/zmq"
+      daemon:
+        files:
+          - zmq-conf
+        command: oslo-messaging-zmq-proxy --config-file /etc/ccp/zmq/zmq-proxy.conf
+        dependencies:
+          - {{ zmq.matchmaker }}
+      volumes:
+        - name: zmq-logs
+          path: "/var/log/ccp/zmq"
+          type: host
+          readOnly: False
+files:
+  zmq-conf:
+    path: /etc/ccp/zmq/zmq-proxy.conf
+    content: zmq-proxy.conf.j2
--- a/tools/yamllint.sh
+++ b/tools/yamllint.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+set -ex
+
+workdir=$(dirname $0)
+yamllint -c $workdir/yamllint.yaml $(find . -not -path '*/\.*' -type f -name '*.yaml')
--- a/tools/yamllint.yaml
+++ b/tools/yamllint.yaml
@ -0,0 +1,21 @@
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+  comments:
+    level: error
+  comments-indentation:
+    level: warning
+  document-end:
+    present: no
+  document-start:
+    level: error
+    present: no
+  empty-lines:
+    max: 1
+    max-start: 0
+    max-end: 0
+  line-length:
+    level: warning
+    max: 120
--- a/tox.ini
+++ b/tox.ini
@ -0,0 +1,17 @@
+[tox]
+minversion = 1.6
+envlist = linters,bashate
+skipsdist = True
+
+[testenv:linters]
+deps = yamllint
+commands =
+    {toxinidir}/tools/yamllint.sh
+
+[testenv:bashate]
+deps = bashate>=0.2
+whitelist_externals = bash
+commands = bash -c "find {toxinidir} -type f -name '*.sh' -not -path '*/.tox/*' -print0 | xargs -0 bashate -v"
+
+[testenv:venv]
+commands = {posargs}
				`@ -0,0 +1 @@`
				`%microservices ALL=(root) NOPASSWD: /bin/chown -R redis\: /var/lib/redis /var/log/ccp/redis`