openstack
/
openstack-ansible-os_cloudkitty
Code Issues Proposed changes

first commit

This commit is contained in:
Michael Rice 2016-05-08 12:03:41 -05:00
commit 284c318e6e
17 changed files with 1978 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
.gitignore vendored Normal file
View File

@ -0,0 +1,63 @@
# Override Files #
rpc_deployment/playbooks/lab_plays
rpc_deployment/vars/overrides/*.yml
# Compiled source #
###################
*.com
*.class
*.dll
*.exe
*.o
*.so
*.pyc
build/
dist/
doc/build/
# Packages #
############
# it's better to unpack these files and commit the raw source
# git has its own built in compression methods
*.7z
*.dmg
*.gz
*.iso
*.jar
*.rar
*.tar
*.zip
# Logs and databases #
######################
*.log
*.sql
*.sqlite
# OS generated files #
######################
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
.idea
.tox
*.sublime*
*.egg-info
Icon?
ehthumbs.db
Thumbs.db
.eggs
# User driven backup files #
############################
*.bak
# Generated by pbr while building docs
######################################
AUTHORS
ChangeLog
# Files created by releasenotes build
releasenotes/build

202
License Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2016 Michael Rice <michael@michaelrice.org>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

1
README.rst Normal file
View File

@ -0,0 +1 @@
openstack-ansible-cloudkitty

684
defaults/main.yml Normal file
View File

@ -0,0 +1,684 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
cloudkitty_username: cloudkitty
cloudkitty_user_password: secrete
cloudkitty_git_repo: https://github.com/openstack/cloudkitty.git
cloudkitty_git_install_branch: master
cloudkitty_requirements_git_repo: https://git.openstack.org/openstack/requirements
cloudkitty_requirements_git_install_branch: master
cloudkitty_developer_mode: false
cloudkitty_developer_constraints:
- "git+{{ cloudkitty_git_repo }}@{{ cloudkitty_git_install_branch }}#egg=cloudkitty"
# Name of the virtual env to deploy into
cloudkitty_venv_tag: untagged
cloudkitty_venv_bin: "/openstack/venvs/cloudkitty-{{ cloudkitty_venv_tag }}/bin"
# Set this to enable or disable installing in a venv
cloudkitty_venv_enabled: true
# The bin path defaults to the venv path however if installation in a
# venv is disabled the bin path will be dynamically set based on the
# system path used when the installing.
cloudkitty_bin: "{{ cloudkitty_venv_bin }}"
# CloudKitty conf file settings
# Configuration file for WSGI definition of API. (string value)
cloudkitty_api_paste_config: api_paste.ini
# The strategy to use for auth. Supports noauth and keystone (string value)
# Supported values: noauth, keystone
cloudkitty_auth_strategy: keystone
# Name of this node. This can be an opaque identifier. It is not
# necessarily a hostname, FQDN, or IP address. However, the node name
# must be valid within an AMQP key, and if using ZeroMQ, a valid
# hostname, FQDN, or IP address. (string value)
cloudkitty_host: shock
# From oslo.messaging
# Size of RPC connection pool. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
cloudkitty_rpc_conn_pool_size: 30
# ZeroMQ bind address. Should be a wildcard (*), an ethernet
# interface, or IP. The "host" option should point or resolve to this
# address. (string value)
cloudkitty_rpc_zmq_bind_address: *
# MatchMaker driver. (string value)
cloudkitty_rpc_zmq_matchmaker: local
# ZeroMQ receiver listening port. (integer value)
cloudkitty_rpc_zmq_port: 9501
# Number of ZeroMQ contexts, defaults to 1. (integer value)
cloudkitty_rpc_zmq_contexts: 1
# Maximum number of ingress messages to locally buffer per topic.
# Default is unlimited. (integer value)
cloudkitty_rpc_zmq_topic_backlog: 0
# Directory for holding IPC sockets. (string value)
cloudkitty_rpc_zmq_ipc_dir: /var/run/openstack
# Name of this node. Must be a valid hostname, FQDN, or IP address.
# Must match "host" option, if running Nova. (string value)
cloudkitty_rpc_zmq_host: localhost
# Seconds to wait before a cast expires (TTL). Only supported by
# impl_zmq. (integer value)
cloudkitty_rpc_cast_timeout: 30
# Heartbeat frequency. (integer value)
cloudkitty_matchmaker_heartbeat_freq: 300
# Heartbeat time-to-live. (integer value)
cloudkitty_matchmaker_heartbeat_ttl: 600
# Size of executor thread pool. (integer value)
# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
cloudkitty_executor_thread_pool_size: 64
# The Drivers(s) to handle sending notifications. Possible values are
# messaging, messagingv2, routing, log, test, noop (multi valued)
cloudkitty_notification_driver:
- messaging
- messagingv2
- routing
- log
- test
- noop
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
cloudkitty_notification_topics: notifications
# Seconds to wait for a response from a call. (integer value)
cloudkitty_rpc_response_timeout: 60
# A URL representing the messaging driver to use and its full
# configuration. If not set, we fall back to the rpc_backend option
# and driver specific configuration. (string value)
cloudkitty_transport_url:
# The messaging driver to use, defaults to rabbit. Other drivers
# include qpid and zmq. (string value)
cloudkitty_rpc_backend: rabbit
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the transport_url
# option. (string value)
cloudkitty_control_exchange: openstack
# Host serving the API. (string value)
cloudkitty_api_host_ip: 0.0.0.0
# Host port serving the API. (integer value)
cloudkitty_api_port: 8889
# Data collector. (string value)
# FIXME: possible values are ceilometer, gnocchi, fake
cloudkitty_collector: ceilometer
# Number of samples to collect per call. (integer value)
cloudkitty_window: 1800
# Rating period in seconds. (integer value)
cloudkitty_period: 3600
# Wait for N periods before collecting new data. (integer value)
cloudkitty_wait_periods: 2
# Services to monitor. (list value)
cloudkitty_services:
- compute
- image
- volume
- network.bw.in
- network.bw.out
- network.floating
# From oslo.middleware.cors
# Indicate whether this resource may be shared with the domain
# received in the requests "origin" header. (list value)
# FIXME
cloudkitty_cors_allowed_origin:
# Indicate that the actual request can include user credentials
# (boolean value)
cloudkitty_cors_allow_credentials: true
# Indicate which headers are safe to expose to the API. Defaults to
# HTTP Simple Headers. (list value)
cloudkitty_cors_expose_headers:
- X-Auth-Token
- X-Subject-Token
- X-Service-Token
- X-OpenStack-Request-ID
- X-Server-Management-Url
# Maximum cache age of CORS preflight requests. (integer value)
cloudkitty_cors_max_age: 3600
# Indicate which methods can be used during the actual request. (list
# value)
cloudkitty_cors_allow_methods:
- GET
- PUT
- POST
- DELETE
- PATCH
# Indicate which header field names may be used during the actual
# request. (list value)
cloudkitty_cors_allow_headers:
- X-Auth-Token
- X-Identity-Status
- X-Roles
- X-Service-Catalog
- X-User-Id
- X-Tenant-Id
- X-OpenStack-Request-ID
- X-Server-Management-Url
# From oslo.middleware.cors
# Indicate whether this resource may be shared with the domain
# received in the requests "origin" header. (list value)
cloudkitty_cors_subdomain_allowed_origin:
# Indicate that the actual request can include user credentials
# (boolean value)
cloudkitty_cors_subdomain_allow_credentials: true
# Indicate which headers are safe to expose to the API. Defaults to
# HTTP Simple Headers. (list value)
cloudkitty_cors_subdomain_expose_headers:
- X-Auth-Token
- X-Subject-Token
- X-Service-Token
- X-OpenStack-Request-ID
- X-Server-Management-Url
# Maximum cache age of CORS preflight requests. (integer value)
cloudkitty_cors_subdomain_max_age: 3600
# Indicate which methods can be used during the actual request. (list value)
cloudkitty_cors_subdomain_allow_methods:
- GET
- PUT
- POST
- DELETE
- PATCH
# Indicate which header field names may be used during the actual
# request. (list value)
cloudkitty_cors_subdomain_allow_headers:
- X-Auth-Token
- X-Identity-Status
- X-Roles
- X-Service-Catalog
- X-User-Id
- X-Tenant-Id
- X-OpenStack-Request-ID
- X-Server-Management-Url
#[database]
# From oslo.db
# The file name to use with SQLite. (string value)
# Deprecated group/name - [DEFAULT]/sqlite_db
cloudkitty_sqlite_db: oslo.sqlite
# If True, SQLite uses synchronous mode. (boolean value)
# Deprecated group/name - [DEFAULT]/sqlite_synchronous
cloudkitty_sqlite_synchronous: true
# The back end to use for the database. (string value)
# Deprecated group/name - [DEFAULT]/db_backend
cloudkitty_database_backend: sqlalchemy
# The SQLAlchemy connection string to use to connect to the database.
# (string value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
cloudkitty_database_connection:
# The SQLAlchemy connection string to use to connect to the slave
# database. (string value)
cloudkitty_database_slave_connection:
# The SQL mode to be used for MySQL sessions. This option, including
# the default, overrides any server-set SQL mode. To use whatever SQL
# mode is set by the server configuration, set this to no value.
# Example: mysql_sql_mode= (string value)
cloudkitty_mysql_sql_mode: TRADITIONAL
# Timeout before idle SQL connections are reaped. (integer value)
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
# Deprecated group/name - [sql]/idle_timeout
cloudkitty_database_idle_timeout: 3600
# Minimum number of SQL connections to keep open in a pool. (integer
# value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
cloudkitty_database_min_pool_size: 1
# Maximum number of SQL connections to keep open in a pool. (integer
# value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
cloudkity_database_max_pool_size:
# Maximum number of database connection retries during startup. Set to
# -1 to specify an infinite retry count. (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
cloudkitty_database_max_retries: 10
# Interval between retries of opening a SQL connection. (integer
# value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
cloudkitty_database_retry_interval: 10
# If set, use this value for max_overflow with SQLAlchemy. (integer
# value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
cloudkitty_database_max_overflow:
# Verbosity of SQL debugging information: 0=None, 100=Everything.
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
cloudkitty_database_connection_debug: 0
# Add Python stack traces to SQL as comment strings. (boolean value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
cloudkitty_database_connection_trace: false
# If set, use this value for pool_timeout with SQLAlchemy. (integer
# value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
cloudkitty_database_pool_timeout:
# Enable the experimental use of database reconnect on connection
# lost. (boolean value)
cloudkitty_database_use_db_reconnect: false
# Seconds between retries of a database transaction. (integer value)
cloudkitty_database_db_retry_interval: 1
# If True, increases the interval between retries of a database
# operation up to db_max_retry_interval. (boolean value)
cloudkitty_database_db_inc_retry_interval: true
# If db_inc_retry_interval is set, the maximum seconds between retries
# of a database operation. (integer value)
cloudkitty_database_db_max_retry_interval: 10
# Maximum retries in case of connection error or deadlock error before
# error is raised. Set to -1 to specify an infinite retry count.
# (integer value)
cloudkitty_database_db_max_retries: 20
#[keystone_authtoken]
# From keystonemiddleware.auth_token
# Complete public Identity API endpoint. (string value)
cloudkitty_keystone_authtoken_auth_uri:
# API version of the admin Identity API endpoint. (string value)
cloudkitty_keystone_authtoken_auth_version:
# Do not handle authorization requests within the middleware, but
# delegate the authorization decision to downstream WSGI components.
# (boolean value)
cloudkitty_keystone_authtoken_delay_auth_decision: false
# Request timeout value for communicating with Identity API server.
# (integer value)
cloudkitty_keystone_authtoken_http_connect_timeout:
# How many times are we trying to reconnect when communicating with
# Identity API Server. (integer value)
cloudkitty_keystone_authtoken_http_request_max_retries: 3
# Env key for the swift cache. (string value)
cloudkitty_keystone_authtoken_cache:
# Required if identity server requires client certificate (string value)
cloudkitty_keystone_authtoken_certfile:
# Required if identity server requires client certificate (string value)
cloudkitty_keystone_authtoken_keyfile:
# A PEM encoded Certificate Authority to use when verifying HTTPs
# connections. Defaults to system CAs. (string value)
cloudkitty_keystone_authtoken_cafile:
# Verify HTTPS connections. (boolean value)
cloudkitty_keystone_authtoken_insecure: false
# Directory used to cache files related to PKI tokens. (string value)
cloudkitty_keystone_authtoken_signing_dir:
# Optionally specify a list of memcached server(s) to use for caching.
# If left undefined, tokens will instead be cached in-process. (list value)
# Deprecated group/name - [DEFAULT]/memcache_servers
cloudkitty_keystone_authtoken_memcached_servers:
# In order to prevent excessive effort spent validating tokens, the
# middleware caches previously-seen tokens for a configurable duration
# (in seconds). Set to -1 to disable caching completely. (integer value)
cloudkitty_keystone_authtoken_token_cache_time: 300
# Determines the frequency at which the list of revoked tokens is
# retrieved from the Identity service (in seconds). A high number of
# revocation events combined with a low cache duration may
# significantly reduce performance. (integer value)
cloudkitty_keystone_authtoken_revocation_cache_time: 10
# (Optional) If defined, indicate whether token data should be
# authenticated or authenticated and encrypted. Acceptable values are
# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in
# the cache. If ENCRYPT, token data is encrypted and authenticated in
# the cache. If the value is not one of these options or empty,
# auth_token will raise an exception on initialization. (string value)
cloudkitty_keystone_authtoken_memcache_security_strategy:
# (Optional, mandatory if memcache_security_strategy is defined) This
# string is used for key derivation. (string value)
cloudkitty_keystone_authtoken_memcache_secret_key:
# (Optional) Number of seconds memcached server is considered dead
# before it is tried again. (integer value)
cloudkitty_keystone_authtoken_memcache_pool_dead_retry: 300
# (Optional) Maximum total number of open connections to every
# memcached server. (integer value)
cloudkitty_keystone_authtoken_memcache_pool_maxsize: 10
# (Optional) Socket timeout in seconds for communicating with a
# memcached server. (integer value)
cloudkitty_keystone_authtoken_memcache_pool_socket_timeout: 3
# (Optional) Number of seconds a connection to memcached is held
# unused in the pool before it is closed. (integer value)
cloudkitty_keystone_authtoken_memcache_pool_unused_timeout: 60
# (Optional) Number of seconds that an operation will wait to get a
# memcached client connection from the pool. (integer value)
cloudkitty_keystone_authtoken_memcache_pool_conn_get_timeout: 10
# (Optional) Use the advanced (eventlet safe) memcached client pool.
# The advanced pool will only work under python 2.x. (boolean value)
cloudkitty_keystone_authtoken_memcache_use_advanced_pool: false
# (Optional) Indicate whether to set the X-Service-Catalog header. If
# False, middleware will not ask for service catalog on token
# validation and will not set the X-Service-Catalog header. (boolean value)
cloudkitty_keystone_authtoken_include_service_catalog: true
# Used to control the use and type of token binding. Can be set to:
# "disabled" to not check token binding. "permissive" (default) to
# validate binding information if the bind type is of a form known to
# the server and ignore it if not. "strict" like "permissive" but if
# the bind type is unknown the token will be rejected. "required" any
# form of token binding is needed to be allowed. Finally the name of a
# binding method that must be present in tokens. (string value)
cloudkitty_keystone_authtoken_enforce_token_bind: permissive
# If true, the revocation list will be checked for cached tokens. This
# requires that PKI tokens are configured on the identity server. (boolean value)
cloudkitty_keystone_authtoken_check_revocations_for_cached: false
# Hash algorithms to use for hashing PKI tokens. This may be a single
# algorithm or multiple. The algorithms are those supported by Python
# standard hashlib.new(). The hashes will be tried in the order given,
# so put the preferred one first for performance. The result of the
# first hash will be stored in the cache. This will typically be set
# to multiple values only while migrating from a less secure algorithm
# to a more secure one. Once all the old tokens are expired this
# option should be set to a single value for better performance. (list value)
cloudkitty_keystone_authtoken_hash_algorithms: md5
# Complete admin Identity API endpoint. This should specify the
# unversioned root endpoint e.g. https://localhost:35357/ (string
# value)
cloudkitty_keystone_authtoken_identity_uri:
# Service username. (string value)
cloudkitty_keystone_authtoken_admin_user:
# Service user password. (string value)
cloudkitty_keystone_authtoken_admin_password:
# Service tenant name. (string value)
cloudkitty_keystone_authtoken_admin_tenant_name: admin
#[keystone_fetcher]
# From cloudkitty.common.config
# Keystone version to use. (string value)
cloudkitty_keystone_version: 2
#[matchmaker_redis]
# From oslo.messaging
# Host to locate redis. (string value)
cloudkitty_matchmaker_redis_host: 127.0.0.1
# Use this port to connect to redis host. (integer value)
cloudkitty_matchmaker_redis_port: 6379
# Password for Redis server (optional). (string value)
cloudkitty_matchmaker_redis_password:
#[matchmaker_ring]
#
# From oslo.messaging
#
# Matchmaker ring file (JSON). (string value)
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
cloudkitty_matchmaker_ring_ringfile: /etc/oslo/matchmaker_ring.json
#[oslo_messaging_amqp]
#
# From oslo.messaging
#
# address prefix used when sending to a specific server (string value)
# Deprecated group/name - [amqp1]/server_request_prefix
cloudkitty_oslo_messaging_amqp_server_request_prefix: exclusive
# address prefix used when broadcasting to all servers (string value)
# Deprecated group/name - [amqp1]/broadcast_prefix
cloudkitty_oslo_messaging_amqp_broadcast_prefix: broadcast
# address prefix when sending to any server in group (string value)
# Deprecated group/name - [amqp1]/group_request_prefix
cloudkitty_oslo_messaging_amqp_group_request_prefix: unicast
# Name for the AMQP container (string value)
# Deprecated group/name - [amqp1]/container_name
cloudkitty_oslo_messaging_amqp_container_name:
# Timeout for inactive connections (in seconds) (integer value)
# Deprecated group/name - [amqp1]/idle_timeout
cloudkitty_oslo_messaging_amqp_idle_timeout: 0
# Debug: dump AMQP frames to stdout (boolean value)
# Deprecated group/name - [amqp1]/trace
cloudkitty_oslo_messaging_amqp_trace: {{ debug }}
# CA certificate PEM file to verify server certificate (string value)
# Deprecated group/name - [amqp1]/ssl_ca_file
cloudkitty_oslo_messaging_amqp_ssl_ca_file:
# Identifying certificate PEM file to present to clients (string
# value)
# Deprecated group/name - [amqp1]/ssl_cert_file
cloudkitty_oslo_messaging_amqp_ssl_cert_file:
# Private key PEM file used to sign cert_file certificate (string
# value)
# Deprecated group/name - [amqp1]/ssl_key_file
cloudkitty_oslo_messaging_amqp_ssl_key_file:
# Password for decrypting ssl_key_file (if encrypted) (string value)
# Deprecated group/name - [amqp1]/ssl_key_password
cloudkitty_oslo_messaging_amqp_ssl_key_password:
# Accept clients using either SSL or plain TCP (boolean value)
# Deprecated group/name - [amqp1]/allow_insecure_clients
cloudkitty_oslo_messaging_amqp_allow_insecure_clients: false
#[oslo_messaging_qpid]
#
# From oslo.messaging
#
# Use durable queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_durable_queues
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
cloudkitty_oslo_messaging_qpid_amqp_durable_queues: false
# Auto-delete queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_auto_delete
cloudkitty_oslo_messaging_qpid_amqp_auto_delete: false
# Send a single AMQP reply to call message. The current behaviour
# since oslo-incubator is to send two AMQP replies - first one with
# the payload, a second one to ensure the other have finish to send
# the payload. We are going to remove it in the N release, but we must
# keep backward compatible at the same time. This option provides such
# compatibility - it defaults to False in Liberty and can be turned on
# for early adopters with a new installations or for testing. Please
# note, that this option will be removed in the Mitaka release.
# (boolean value)
cloudkitty_oslo_messaging_qpid_send_single_reply: false
# Qpid broker hostname. (string value)
# Deprecated group/name - [DEFAULT]/qpid_hostname
cloudkitty_oslo_messaging_qpid_qpid_hostname: localhost
# Qpid broker port. (integer value)
# Deprecated group/name - [DEFAULT]/qpid_port
cloudkitty_oslo_messaging_qpid_qpid_port: 5672
# Qpid HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/qpid_hosts
cloudkitty_oslo_messaging_qpid_qpid_hosts: $qpid_hostname:$qpid_port
# Username for Qpid connection. (string value)
# Deprecated group/name - [DEFAULT]/qpid_username
cloudkitty_oslo_messaging_qpid_qpid_username:
# Password for Qpid connection. (string value)
# Deprecated group/name - [DEFAULT]/qpid_password
cloudkitty_oslo_messaging_qpid_qpid_password:
# Space separated list of SASL mechanisms to use for auth. (string
# value)
# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms
cloudkitty_oslo_messaging_qpid_qpid_sasl_mechanisms:
# Seconds between connection keepalive heartbeats. (integer value)
# Deprecated group/name - [DEFAULT]/qpid_heartbeat
cloudkitty_oslo_messaging_qpid_qpid_heartbeat: 60
# Transport to use, either 'tcp' or 'ssl'. (string value)
# Deprecated group/name - [DEFAULT]/qpid_protocol
cloudkitty_oslo_messaging_qpid_qpid_protocol: tcp
# Whether to disable the Nagle algorithm. (boolean value)
# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay
cloudkitty_oslo_messaging_qpid_qpid_tcp_nodelay: true
# The number of prefetched messages held by receiver. (integer value)
# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity
cloudkitty_oslo_messaging_qpid_qpid_receiver_capacity: 1
# The qpid topology version to use. Version 1 is what was originally
# used by impl_qpid. Version 2 includes some backwards-incompatible
# changes that allow broker federation to work. Users should update
# to version 2 when they are able to take everything down, as it
# requires a clean break. (integer value)
# Deprecated group/name - [DEFAULT]/qpid_topology_version
cloudkitty_oslo_messaging_qpid_qpid_topology_version: 1
#[oslo_messaging_rabbit]
#
# From oslo.messaging
#
# Use durable queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_durable_queues
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
cloudkitty_oslo_messaging_rabbit_amqp_durable_queues: false
# Auto-delete queues in AMQP. (boolean value)
# Deprecated group/name - [DEFAULT]/amqp_auto_delete
cloudkitty_oslo_messaging_rabbit_amqp_auto_delete: false
# Send a single AMQP reply to call message. The current behaviour
# since oslo-incubator is to send two AMQP replies - first one with
# the payload, a second one to ensure the other have finish to send
# the payload. We are going to remove it in the N release, but we must
# keep backward compatible at the same time. This option provides such
# compatibility - it defaults to False in Liberty and can be turned on
# for early adopters with a new installations or for testing. Please
# note, that this option will be removed in the Mitaka release.
# (boolean value)
cloudkitty_oslo_messaging_rabbit_send_single_reply: false
# SSL version to use (valid only if SSL enabled). Valid values are
# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
# available on some distributions. (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_version
cloudkitty_oslo_messaging_rabbit_kombu_ssl_version:
# SSL key file (valid only if SSL enabled). (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
cloudkitty_oslo_messaging_rabbit_kombu_ssl_keyfile:
# SSL cert file (valid only if SSL enabled). (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
cloudkitty_oslo_messaging_rabbit_kombu_ssl_certfile:
# SSL certification authority file (valid only if SSL enabled).
# (string value)
# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
cloudkitty_oslo_messaging_rabbit_kombu_ssl_ca_certs:
# How long to wait before reconnecting in response to an AMQP consumer
# cancel notification. (floating point value)
# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
cloudkitty_oslo_messaging_rabbit_kombu_reconnect_delay: 1.0
# How long to wait before considering a reconnect attempt to have
# failed. This value should not be longer than rpc_response_timeout.
# (integer value)
cloudkitty_oslo_messaging_rabbit_kombu_reconnect_timeout: 60
# The RabbitMQ broker address where a single node is used. (string
# value)
# Deprecated group/name - [DEFAULT]/rabbit_host
cloudkitty_oslo_messaging_rabbit_rabbit_host: localhost
# The RabbitMQ broker port where a single node is used. (integer
# value)
# Deprecated group/name - [DEFAULT]/rabbit_port
cloudkitty_oslo_messaging_rabbit_rabbit_port: 5672
# RabbitMQ HA cluster host:port pairs. (list value)
# Deprecated group/name - [DEFAULT]/rabbit_hosts
cloudkitty_oslo_messaging_rabbit_rabbit_hosts: "{{ cloudkitty_oslo_messaging_rabbit_rabbit_host }}:{{ cloudkitty_oslo_messaging_rabbit_rabbit_port }}"
# Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
cloudkitty_oslo_messaging_rabbit_rabbit_use_ssl: false
# The RabbitMQ userid. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_userid
cloudkitty_oslo_messaging_rabbit_rabbit_userid: guest
# The RabbitMQ password. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_password
cloudkitty_oslo_messaging_rabbit_rabbit_password: guest
# The RabbitMQ login method. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_login_method
cloudkitty_oslo_messaging_rabbit_rabbit_login_method: AMQPLAIN
# The RabbitMQ virtual host. (string value)
# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
cloudkitty_oslo_messaging_rabbit_rabbit_virtual_host: /
# How frequently to retry connecting with RabbitMQ. (integer value)
cloudkitty_oslo_messaging_rabbit_rabbit_retry_interval: 1
# How long to backoff for between retries when connecting to RabbitMQ.
# (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
cloudkitty_oslo_messaging_rabbit_rabbit_retry_backoff: 2
# Maximum number of RabbitMQ connection retries. Default is 0
# (infinite retry count). (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_max_retries
cloudkitty_oslo_messaging_rabbit_rabbit_max_retries: 0
# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this
# option, you must wipe the RabbitMQ database. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
cloudkitty_oslo_messaging_rabbit_rabbit_ha_queues: false
# Number of seconds after which the Rabbit broker is considered down
# if heartbeat's keep-alive fails (0 disable the heartbeat).
# EXPERIMENTAL (integer value)
cloudkitty_oslo_messaging_rabbit_heartbeat_timeout_threshold: 60
# How often times during the heartbeat_timeout_threshold we check the
# heartbeat. (integer value)
cloudkitty_oslo_messaging_rabbit_heartbeat_rate: 2
# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
# (boolean value)
# Deprecated group/name - [DEFAULT]/fake_rabbit
cloudkitty_oslo_messaging_rabbit_fake_rabbit: false
#[output]
# From cloudkitty.common.config
# Backend for the output manager. (string value)
cloudkitty_output_backend: cloudkitty.backend.file.FileBackend
# Storage directory for the file output backend. (string value)
cloudkitty_output_basepath: /var/lib/cloudkitty/states/
# Output pipeline (list value)
cloudkitty_output_pipeline: osrf
#[state]
# From cloudkitty.common.config
# Backend for the state manager. (string value)
cloudkitty_state_backend: cloudkitty.backend.file.FileBackend
# Storage directory for the file state backend. (string value)
cloudkitty_state_basepath: /var/lib/cloudkitty/states/
#[storage]
# From cloudkitty.common.config
# Name of the storage backend driver. (string value)
cloudkitty_storage_backend: sqlalchemy
#[tenant_fetcher]
# From cloudkitty.common.config
# Driver used to fetch tenant list. (string value)
cloudkitty_tenant_fetcher_backend: keystone

22
handlers/main.yml Normal file
View File

@ -0,0 +1,22 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Restart cloudkitty services
service:
name: "{{ item }}"
state: restarted
pattern: "{{ item }}"
with_items: "{{ cloudkitty_service_names }}"
failed_when: false

41
meta/main.yml Normal file
View File

@ -0,0 +1,41 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: rcbops
description: Installation and setup of cloudkitty
company: Rackspace
license: Apache2
min_ansible_version: 1.9
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- python
- cloudkitty
- development
- openstack
dependencies:
- role: pip_lock_down
when:
- not cloudkitty_developer_mode | bool
- role: pip_install
when:
- cloudkitty_developer_mode | bool
- apt_package_pinning
- galera_client
- openstack_openrc

60
tasks/cloudkitty_db_setup.yml Normal file
View File

@ -0,0 +1,60 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# (C) 2016 Michael Rice <michael.rice@rackspace.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ cloudkitty_galera_address }}"
name: "{{ cloudkitty_galera_database }}"
state: "present"
tags:
- cloudkitty-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ cloudkitty_galera_address }}"
name: "{{ cloudkitty_galera_user }}"
password: "{{ cloudkitty_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ cloudkitty_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
tags:
- cloudkitty-db-setup
- name: Perform a cloudkitty DB sync
command: "{{ cloudkitty_bin }}/cloudkitty-dbsync upgrade"
become: yes
become_user: "{{ cloudkitty_system_user_name }}"
tags:
- cloudkitty-db-sync
- cloudkitty-setup
- cloudkitty-command-bin
- name: Init cloudkitty storage backend
command: "{{ cloudkitty_bin }}/cloudkitty-storage-init"
become: yes
become_user: "{{ cloudkitty_system_user_name }}"
tags:
- cloudkitty-db-sync
- cloudkitty-setup
- cloudkitty-command-bin

103
tasks/cloudkitty_domain_setup.yml Normal file
View File

@ -0,0 +1,103 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# (C) 2016 Michael Rice <michael.rice@rackspace.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure cloudkitty rating role
keystone:
command: "ensure_role"
role_name: "rating"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
tags:
- cloudkitty-domain
- cloudkitty-domain-role
- cloudkitty-domain-setup
- cloudkitty-config
- name: Ensure cloudkitty user
keystone:
command: "ensure_user"
user_name: "{{ cloudkitty_username }}"
password: "{{ cloudkitty_user_password }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
tags:
- cloudkitty-domain
- cloudkitty-domain-setup
- cloudkitty-config
- cloudkitty-command-bin
- name: Add cloudkitty user to service admin role
keystone:
command: "ensure_user_role"
user_name: "{{ cloudkitty_username }}"
project_name: "service"
role_name: "admin"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
tags:
- cloudkitty-domain
- cloudkitty-domain-setup
- cloudkitty-config
- cloudkitty-command-bin
- name: Ensure cloudkitty service
keystone:
command: "ensure_service"
service_name: "CloudKitty"
service_type: "rating"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
tags:
- cloudkitty-domain
- cloudkitty-domain-setup
- cloudkitty-config
- cloudkitty-command-bin
- name: Ensure cloudkitty endpoints
keystone:
command: "ensure_endpoint"
service_name: "CloudKitty"
service_type: "rating"
endpoint_list:
- url: "{{ cloudkitty_service_publicurl }}"
interface: "public"
- url: "{{ cloudkitty_service_internalurl }}"
interface: "internal"
- url: "{{ cloudkitty_service_adminurl }}"
interface: "admin"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
tags:
- cloudkitty-domain
- cloudkitty-domain-setup
- cloudkitty-config
- cloudkitty-command-bin

219
tasks/cloudkitty_install.yml Normal file
View File

@ -0,0 +1,219 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# (C) 2016 Michael Rice <michael.rice@rackspace.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: install-apt.yml
when:
- ansible_pkg_mgr == 'apt'
tags:
- install-apt
- name: Create developer mode constraint file
copy:
dest: "/opt/developer-pip-constraints.txt"
content: |
{% for item in cloudkitty_developer_constraints %}
{{ item }}
{% endfor %}
when:
- cloudkitty_developer_mode | bool
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Clone requirements git repository
git:
repo: "{{ cloudkitty_requirements_git_repo }}"
dest: "/opt/requirements"
clone: yes
update: yes
version: "{{ cloudkitty_requirements_git_install_branch }}"
when:
- cloudkitty_developer_mode | bool
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Add constraints to pip_install_options fact for developer mode
set_fact:
pip_install_options_fact: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt --constraint /opt/requirements/upper-constraints.txt"
when:
- cloudkitty_developer_mode | bool
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Set pip_install_options_fact when not in developer mode
set_fact:
pip_install_options_fact: "{{ pip_install_options|default('') }}"
when:
- not cloudkitty_developer_mode | bool
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Install required pip packages
pip:
name: "{{ item }}"
state: latest
extra_args: "{{ pip_install_options_fact }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: "{{ cloudkitty_requires_pip_packages }}"
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Get local venv checksum
stat:
path: "/var/cache/{{ cloudkitty_venv_download_url | basename }}"
get_md5: False
when:
- not cloudkitty_developer_mode | bool
- cloudkitty_venv_enabled | bool
register: local_venv_stat
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Get remote venv checksum
uri:
url: "{{ cloudkitty_venv_download_url | replace('tgz', 'checksum') }}"
return_content: True
when:
- not cloudkitty_developer_mode | bool
- cloudkitty_venv_enabled | bool
register: remote_venv_checksum
tags:
- cloudkitty-install
- cloudkitty-pip-packages
# TODO: When project moves to ansible 2 we can pass this a sha256sum which will:
# a) allow us to remove force: yes
# b) allow the module to calculate the checksum of dest file which would
# result in file being downloaded only if provided and dest sha256sum
# checksums differ
- name: Attempt venv download
get_url:
url: "{{ cloudkitty_venv_download_url }}"
dest: "/var/cache/{{ cloudkitty_venv_download_url | basename }}"
force: yes
ignore_errors: true
register: get_venv
when:
- not cloudkitty_developer_mode | bool
- cloudkitty_venv_enabled | bool
- (local_venv_stat.stat.exists == False or
{{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }})
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Set cloudkitty get_venv fact
set_fact:
cloudkitty_get_venv: "{{ get_venv }}"
when: cloudkitty_venv_enabled | bool
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Remove existing venv
file:
path: "{{ cloudkitty_venv_bin | dirname }}"
state: absent
when:
- cloudkitty_venv_enabled | bool
- cloudkitty_get_venv | changed
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Create cloudkitty venv dir
file:
path: "{{ cloudkitty_venv_bin | dirname }}"
state: directory
when:
- not cloudkitty_developer_mode | bool
- cloudkitty_venv_enabled | bool
- cloudkitty_get_venv | changed
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Unarchive pre-built venv
unarchive:
src: "/var/cache/{{ cloudkitty_venv_download_url | basename }}"
dest: "{{ cloudkitty_venv_bin | dirname }}"
copy: "no"
when:
- not cloudkitty_developer_mode | bool
- cloudkitty_venv_enabled | bool
- cloudkitty_get_venv | changed
notify: Restart cloudkitty services
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Update virtualenv path
command: >
virtualenv-tools --update-path=auto {{ cloudkitty_venv_bin | dirname }}
when:
- not cloudkitty_developer_mode | bool
- cloudkitty_venv_enabled | bool
- cloudkitty_get_venv | success
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Install pip packages (venv)
pip:
name: "{{ item }}"
state: latest
virtualenv: "{{ cloudkitty_venv_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: "{{ pip_install_options_fact }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: "{{ cloudkitty_pip_packages }}"
when:
- cloudkitty_venv_enabled | bool
- cloudkitty_get_venv | failed or cloudkitty_developer_mode | bool
notify: Restart cloudkitty services
tags:
- cloudkitty-install
- cloudkitty-pip-packages
- name: Install pip packages (no venv)
pip:
name: "{{ item }}"
state: latest
extra_args: "{{ pip_install_options_fact }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: "{{ cloudkitty_pip_packages }}"
when:
- not cloudkitty_developer_mode | bool
- not cloudkitty_venv_enabled | bool
notify: Restart cloudkitty services
tags:
- cloudkitty-install
- cloudkitty-pip-packages

59
tasks/cloudkitty_post_install.yml Normal file
View File

@ -0,0 +1,59 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# (C) 2016 Michael Rice <michael.rice@rackspace.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Drop cloudkitty Config(s)
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ cloudkitty_system_user_name }}"
group: "{{ cloudkitty_system_group_name }}"
mode: "0644"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
with_items:
- src: "cloudkitty.conf.j2"
dest: "/etc/cloudkitty/cloudkitty.conf"
config_overrides: "{{ cloudkitty_cloudkitty_conf_overrides }}"
config_type: "ini"
- src: "api-paste.ini.j2"
dest: "/etc/cloudkitty/api-paste.ini"
config_overrides: "{{ cloudkitty_api_paste_ini_overrides }}"
config_type: "ini"
- src: "policy.json.j2"
dest: "/etc/cloudkitty/policy.json"
config_overrides: "{{ cloudkitty_policy_overrides }}"
config_type: "json"
notify:
- Restart cloudkitty services
tags:
- cloudkitty-config
- name: Get cloudkitty command path
command: which cloudkitty
register: cloudkitty_command_path
when:
- not cloudkitty_venv_enabled | bool
tags:
- cloudkitty-command-bin
- name: Set cloudkitty command path
set_fact:
cloudkitty_bin: "{{ cloudkitty_command_path.stdout | dirname }}"
when:
- not cloudkitty_venv_enabled | bool
tags:
- cloudkitty-command-bin

89
tasks/cloudkitty_pre_install.yml Normal file
View File

@ -0,0 +1,89 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# (C) 2016 Michael Rice <michael.rice@rackspace.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: create the system group
group:
name: "{{ cloudkitty_system_group_name }}"
state: "present"
system: "yes"
tags:
- cloudkitty-group
- name: Create the cloudkitty system user
user:
name: "{{ cloudkitty_system_user_name }}"
group: "{{ cloudkitty_system_group_name }}"
comment: "{{ cloudkitty_system_comment }}"
shell: "{{ cloudkitty_system_shell }}"
system: "yes"
createhome: "yes"
home: "/var/lib/{{ cloudkitty_system_user_name }}"
tags:
- cloudkitty-user
- name: Create cloudkitty dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(cloudkitty_system_user_name) }}"
group: "{{ item.group|default(cloudkitty_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/openstack", mode: "0755", owner: "root", group: "root" }
- { path: "/etc/cloudkitty" }
tags:
- cloudkitty-dirs
- name: Create cloudkitty venv dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/venvs" }
- { path: "{{ cloudkitty_venv_bin }}" }
when: cloudkitty_venv_enabled | bool
tags:
- cloudkitty-dirs
- name: Test for log directory or link
shell: |
if [ -h "/var/log/cloudkitty" ]; then
chown -h {{ cloudkitty_system_user_name }}:{{ cloudkitty_system_group_name }} "/var/log/cloudkitty"
chown -R {{ cloudkitty_system_user_name }}:{{ cloudkitty_system_group_name }} "$(readlink /var/log/cloudkitty)"
else
exit 1
fi
register: log_dir
failed_when: false
changed_when: log_dir.rc != 0
tags:
- cloudkitty-dirs
- cloudkitty-logs
- name: Create cloudkitty log dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(cloudkitty_system_user_name) }}"
group: "{{ item.group|default(cloudkitty_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/var/log/cloudkitty" }
when: log_dir.rc != 0
tags:
- cloudkitty-dirs
- cloudkitty-logs

108
tasks/cloudkitty_service_add.yml Normal file
View File

@ -0,0 +1,108 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# (C) 2016 Michael Rice <michael.rice@rackspace.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure cloudkitty service
keystone:
command: "ensure_service"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
service_name: "{{ service_name }}"
service_type: "{{ service_type }}"
description: "{{ service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- cloudkitty-api-setup
- cloudkitty-service-add
- cloudkitty-setup
# Create an admin user
- name: Ensure cloudkitty user
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ service_user_name }}"
tenant_name: "{{ service_tenant_name }}"
password: "{{ service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not cloudkitty_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- cloudkitty-api-setup
- cloudkitty-service-add
- cloudkitty-setup
# Add a role to the user
- name: Ensure cloudkitty user to admin role
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ service_user_name }}"
tenant_name: "{{ service_tenant_name }}"
role_name: "{{ cloudkitty_service_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not cloudkitty_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- cloudkitty-api-setup
- cloudkitty-service-add
- cloudkitty-setup
# Create an endpoint
- name: Ensure cloudkitty endpoint
keystone:
command: "ensure_endpoint"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
region_name: "{{ service_region }}"
service_name: "{{ service_name }}"
service_type: "{{ service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ service_publicurl }}"
interface: "public"
- url: "{{ service_internalurl }}"
interface: "internal"
- url: "{{ service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- cloudkitty-api-setup
- cloudkitty-service-add
- cloudkitty-setup

44
tasks/install_apt.yml Normal file
View File

@ -0,0 +1,44 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#TODO: Replace the next 2 tasks by a standard apt with cache
#when https://github.com/ansible/ansible-modules-core/pull/1517 is merged
#in 1.9.x or we move to 2.0 (if tested working)
- name: Check apt last update file
stat:
path: /var/cache/apt
register: apt_cache_stat
tags:
- cloudkitty-apt-packages
- name: Update apt if needed
apt:
update_cache: yes
when: "ansible_date_time.epoch|float - apt_cache_stat.stat.mtime > {{cache_timeout}}"
tags:
- cloudkitty-apt-packages
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: "{{ cloudkitty_apt_packages }}"
tags:
- cloudkitty-install
- cloudkitty-apt-packages

43
tasks/main.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# (C) 2016 Michael Rice <michael.rice@rackspace.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- include: cloudkitty_pre_install.yml
- include: cloudkitty_install.yml
- include: cloudkitty_post_install.yml
- include: cloudkitty_domain_setup.yml
when: >
inventory_hostname == groups['cloudkitty_all'][0]
- include: cloudkitty_db_setup.yml
when: >
inventory_hostname == groups['cloudkitty_all'][0]
- include: cloudkitty_service_setup.yml
when: >
inventory_hostname == groups['cloudkitty_all'][0]
- include: cloudkitty_upstart_init.yml
- name: Flush handlers
meta: flush_handlers

18
templates/api-paste.ini.j2 Normal file
View File

@ -0,0 +1,18 @@
# {{ ansible_managed }}
[pipeline:main]
pipeline = cors request_id authtoken ck_api_v1
[app:ck_api_v1]
paste.app_factory = cloudkitty.api.app:app_factory
[filter:authtoken]
acl_public_routes = /, /v1
paste.filter_factory = cloudkitty.api.middleware:AuthTokenMiddleware.factory
[filter:request_id]
paste.filter_factory = oslo_middleware:RequestId.factory
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = cloudkitty

199
templates/cloudkitty.conf.j2 Normal file
View File

@ -0,0 +1,199 @@
# {{ ansible_managed }}
[DEFAULT]
api_paste_config = {{ cloudkitty_api_paste_config }}
auth_strategy = {{ cloudkitty_auth_strategy }}
host = {{ cloudkitty_host }}
rpc_conn_pool_size = {{ cloudkitty_rpc_conn_pool_size }}
rpc_zmq_bind_address = {{ cloudkitty_rpc_zmq_bind_address }}
rpc_zmq_matchmaker = {{ cloudkitty_rpc_zmq_matchmaker }}
rpc_zmq_port = {{ cloudkitty_rpc_zmq_port }}
rpc_zmq_contexts = {{ cloudkitty_rpc_zmq_contexts }}
rpc_zmq_topic_backlog = {{ cloudkitty_rpc_zmq_topic_backlog }}
rpc_zmq_ipc_dir = {{ cloudkitty_rpc_zmq_ipc_dir }}
rpc_zmq_host = {{ cloudkitty_rpc_zmq_host }}
rpc_cast_timeout = {{ cloudkitty_rpc_cast_timeout }}
matchmaker_heartbeat_freq = {{ cloudkitty_matchmaker_heartbeat_freq }}
matchmaker_heartbeat_ttl = {{ cloudkitty_matchmaker_heartbeat_ttl }}
executor_thread_pool_size = {{ cloudkitty_executor_thread_pool_size }}
notification_driver = {{ cloudkitty_notification_driver }}
notification_topics = {{ cloudkitty_notification_topics }}
rpc_response_timeout = {{ cloudkitty_rpc_response_timeout }}
transport_url = {{ cloudkitty_transport_url }}
rpc_backend = {{ cloudkitty_rpc_backend }}
control_exchange = {{ cloudkitty_control_exchange }}
[api]
host_ip = {{ cloudkitty_api_host_ip }}
port = {{ cloudkitty_api_port }}
[collect]
collector = {{ cloudkitty_collector }}
window = {{ cloudkitty_window }}
period = {{ cloudkitty_period }}
wait_periods = {{ cloudkitty_wait_periods }}
services = {{ cloudkitty_services }}
[cors]
allowed_origin = {{ cloudkitty_cors_allowed_origin }}
allow_credentials = {{ cloudkitty_cors_allow_credentials }}
expose_headers = {{ cloudkitty_cors_expose_headers }}
max_age = {{ cloudkitty_cors_max_age }}
allow_methods = {{ cloudkitty_cors_allow_methods }}
allow_headers = {{ cloudkitty_cors_allow_headers }}
[cors.subdomain]
allowed_origin = {{ cloudkitty_cors_subdomain_allowed_origin }}
allow_credentials = {{ cloudkitty_cors_subdomain_allow_credentials }}
expose_headers = {{ cloudkitty_cors_subdomain_expose_headers }}
max_age = {{ cloudkitty_cors_subdomain_max_age }}
allow_methods = {{ cloudkitty_cors_subdomain_allow_methods }}
allow_headers = {{ cloudkitty_cors_subdomain_allow_headers }}
[database]
sqlite_db = {{ cloudkitty_sqlite_db }}
sqlite_synchronous = {{ cloudkitty_sqlite_synchronous }}
backend = {{ cloudkitty_database_backend }}
connection = {{ cloudkitty_database_connection }}
slave_connection = {{ cloudkitty_database_slave_connection }}
mysql_sql_mode = {{ cloudkitty_mysql_sql_mode }}
idle_timeout = {{ cloudkitty_database_idle_timeout }}
min_pool_size = {{ cloudkitty_database_min_pool_size }}
max_pool_size = {{ cloudkitty_database_max_pool_size }}
max_retries = {{ cloudkitty_database_max_retries }}
retry_interval = {{ cloudkitty_database_retry_interval }}
max_overflow = {{ cloudkitty_database_max_overflow }}
connection_debug = {{ cloudkitty_database_connection_debug }}
connection_trace = {{ cloudkitty_database_connection_trace }}
pool_timeout = {{ cloudkitty_database_pool_timeout }}
use_db_reconnect = {{ cloudkitty_database_use_db_reconnect }}
db_retry_interval = {{ cloudkitty_database_db_retry_interval }}
db_inc_retry_interval = {{ cloudkitty_database_db_inc_retry_interval }}
db_max_retry_interval = {{ cloudkitty_database_db_max_retry_interval }}
db_max_retries = {{ cloudkitty_database_db_max_retries }}
[keystone_authtoken]
auth_uri = {{ cloudkitty_keystone_authtoken_auth_uri }}
auth_version = {{ cloudkitty_keystone_authtoken_auth_version }}
delay_auth_decision = {{ cloudkitty_keystone_authtoken_delay_auth_decision }}
http_connect_timeout = {{ cloudkitty_keystone_authtoken_http_connect_timeout }}
http_request_max_retries = {{ cloudkitty_keystone_authtoken_http_request_max_retries }}
cache = {{ cloudkitty_keystone_authtoken_cache }}
certfile = {{ cloudkitty_keystone_authtoken_certfile }}
keyfile = {{ cloudkitty_keystone_authtoken_keyfile }}
cafile = {{ cloudkitty_keystone_authtoken_cafile }}
insecure = {{ cloudkitty_keystone_authtoken_insecure }}
signing_dir = {{ cloudkitty_keystone_authtoken_signing_dir }}
memcached_servers = {{ cloudkitty_keystone_authtoken_memcached_servers }}
token_cache_time = {{ cloudkitty_keystone_authtoken_token_cache_time }}
revocation_cache_time = {{ cloudkitty_keystone_authtoken_revocation_cache_time }}
memcache_security_strategy = {{ cloudkitty_keystone_authtoken_memcache_security_strategy }}
memcache_secret_key = {{ cloudkitty_keystone_authtoken_memcache_secret_key }}
memcache_pool_dead_retry = {{ cloudkitty_keystone_authtoken_memcache_pool_dead_retry }}
memcache_pool_maxsize = {{ cloudkitty_keystone_authtoken_memcache_pool_maxsize }}
memcache_pool_socket_timeout = {{ cloudkitty_keystone_authtoken_memcache_pool_unused_timeout }}
memcache_pool_unused_timeout = {{ cloudkitty_keystone_authtoken_memcache_pool_unused_timeout }}
memcache_pool_conn_get_timeout = {{ cloudkitty_keystone_authtoken_memcache_pool_conn_get_timeout }}
memcache_use_advanced_pool = {{ cloudkitty_keystone_authtoken_memcache_use_advanced_pool }}
include_service_catalog = {{ cloudkitty_keystone_authtoken_include_service_catalog }}
enforce_token_bind = {{ cloudkitty_keystone_authtoken_enforce_token_bind }}
check_revocations_for_cached = {{ cloudkitty_keystone_authtoken_check_revocations_for_cached }}
hash_algorithms = {{ cloudkitty_keystone_authtoken_hash_algorithms }}
identity_uri = {{ cloudkitty_keystone_authtoken_identity_uri }}
admin_user = {{ cloudkitty_keystone_authtoken_admin_user }}
admin_password = {{ cloudkitty_keystone_authtoken_admin_password }}
admin_tenant_name = {{ cloudkitty_keystone_authtoken_admin_tenant_name }}
[keystone_fetcher]
keystone_version = {{ cloudkitty_keystone_version }}
[matchmaker_redis]
host = {{ cloudkitty_matchmaker_redis_host }}
port = {{ cloudkitty_matchmaker_redis_port }}
password = {{ cloudkitty_matchmaker_redis_password }}
[matchmaker_ring]
ringfile = {{ cloudkitty_matchmaker_ring_ringfile }}
[oslo_messaging_amqp]
server_request_prefix = {{ cloudkitty_oslo_messaging_amqp_server_request_prefix }}
broadcast_prefix = {{ cloudkitty_oslo_messaging_amqp_broadcast_prefix }}
group_request_prefix = {{ cloudkitty_oslo_messaging_amqp_group_request_prefix }}
container_name = {{ cloudkitty_oslo_messaging_amqp_container_name }}
idle_timeout = {{ cloudkitty_oslo_messaging_amqp_idle_timeout }}
trace = {{ cloudkitty_oslo_messaging_amqp_trace }}
ssl_ca_file = {{ cloudkitty_oslo_messaging_amqp_ssl_ca_file }}
ssl_cert_file = {{ cloudkitty_oslo_messaging_amqp_ssl_cert_file }}
ssl_key_file = {{ cloudkitty_oslo_messaging_amqp_ssl_key_file }}
ssl_key_password = {{ cloudkitty_oslo_messaging_amqp_ssl_key_password }}
allow_insecure_clients = {{ cloudkitty_oslo_messaging_amqp_allow_insecure_clients }}
[oslo_messaging_qpid]
amqp_durable_queues = {{ cloudkitty_oslo_messaging_qpid_amqp_durable_queues }}
amqp_auto_delete = {{ cloudkitty_oslo_messaging_qpid_amqp_auto_delete }}
send_single_reply = {{ cloudkitty_oslo_messaging_qpid_send_single_reply }}
qpid_hostname = {{ cloudkitty_oslo_messaging_qpid_qpid_hostname }}
qpid_port = {{ cloudkitty_oslo_messaging_qpid_qpid_port }}
qpid_hosts = {{ cloudkitty_oslo_messaging_qpid_qpid_hosts }}
qpid_username = {{ cloudkitty_oslo_messaging_qpid_qpid_username }}
qpid_password = {{ cloudkitty_oslo_messaging_qpid_qpid_password }}
qpid_sasl_mechanisms = {{ cloudkitty_oslo_messaging_qpid_qpid_sasl_mechanisms }}
qpid_heartbeat = {{ cloudkitty_oslo_messaging_qpid_qpid_heartbeat }}
qpid_protocol = {{ cloudkitty_oslo_messaging_qpid_qpid_protocol }}
qpid_tcp_nodelay = {{ cloudkitty_oslo_messaging_qpid_qpid_tcp_nodelay }}
qpid_receiver_capacity = {{ cloudkitty_oslo_messaging_qpid_qpid_receiver_capacity }}
qpid_topology_version = {{ cloudkitty_oslo_messaging_qpid_qpid_topology_version }}
[oslo_messaging_rabbit]
amqp_durable_queues = {{ cloudkitty_oslo_messaging_rabbit_amqp_durable_queues }}
amqp_auto_delete = {{ cloudkitty_oslo_messaging_rabbit_amqp_auto_delete }}
send_single_reply = {{ cloudkitty_oslo_messaging_rabbit_send_single_reply }}
kombu_ssl_version = {{ cloudkitty_oslo_messaging_rabbit_kombu_ssl_version }}
kombu_ssl_keyfile = {{ cloudkitty_oslo_messaging_rabbit_kombu_ssl_keyfile }}
kombu_ssl_certfile = {{ cloudkitty_oslo_messaging_rabbit_kombu_ssl_certfile }}
kombu_ssl_ca_certs = {{ cloudkitty_oslo_messaging_rabbit_kombu_ssl_ca_certs }}
kombu_reconnect_delay = {{ cloudkitty_oslo_messaging_rabbit_kombu_reconnect_delay }}
kombu_reconnect_timeout = {{ cloudkitty_oslo_messaging_rabbit_kombu_reconnect_timeout }}
rabbit_host = {{ cloudkitty_oslo_messaging_rabbit_rabbit_host }}
rabbit_port = {{ cloudkitty_oslo_messaging_rabbit_rabbit_port }}
rabbit_hosts = {{ cloudkitty_oslo_messaging_rabbit_rabbit_hosts }}
rabbit_use_ssl = {{ cloudkitty_oslo_messaging_rabbit_rabbit_use_ssl }}
rabbit_userid = {{ cloudkitty_oslo_messaging_rabbit_rabbit_userid }}
rabbit_password = {{ cloudkitty_oslo_messaging_rabbit_rabbit_password }}
rabbit_login_method = {{ cloudkitty_oslo_messaging_rabbit_rabbit_login_method }}
rabbit_virtual_host = {{ cloudkitty_oslo_messaging_rabbit_rabbit_virtual_host }}
rabbit_retry_interval = {{ cloudkitty_oslo_messaging_rabbit_rabbit_retry_interval }}
rabbit_retry_backoff = {{ cloudkitty_oslo_messaging_rabbit_rabbit_retry_backoff }}
rabbit_max_retries = {{ cloudkitty_oslo_messaging_rabbit_rabbit_max_retries }}
rabbit_ha_queues = {{ cloudkitty_oslo_messaging_rabbit_rabbit_ha_queues }}
heartbeat_timeout_threshold = {{ cloudkitty_oslo_messaging_rabbit_heartbeat_timeout_threshold }}
heartbeat_rate = {{ cloudkitty_oslo_messaging_rabbit_heartbeat_rate }}
fake_rabbit = {{ cloudkitty_oslo_messaging_rabbit_fake_rabbit }}
[output]
backend = {{ cloudkitty_output_backend }}
basepath = {{ cloudkitty_output_basepath }}
pipeline = {{ cloudkitty_output_pipeline }}
[state]
backend = {{ cloudkitty_state_backend }}
basepath = {{ cloudkitty_state_basepath }}
[storage]
backend = {{ cloudkitty_storage_backend }}
[tenant_fetcher]
backend = {{ cloudkitty_tenant_fetcher_backend }}

23
templates/policy.json.j2 Normal file
View File

@ -0,0 +1,23 @@
# {{ ansible_managed }}
{
"context_is_admin": "role:admin",
"default": "",
"rating:list_modules": "role:admin",
"rating:get_module": "role:admin",
"rating:update_module": "role:admin",
"rating:quote": "",
"report:list_tenants": "role:admin",
"report:get_total": "",
"collector:list_mappings": "role:admin",
"collector:get_mapping": "role:admin",
"collector:manage_mappings": "role:admin",
"collector:get_state": "role:admin",
"collector:update_state": "role:admin",
"storage:list_data_frames": "",
"rating:module_config": "role:admin"
}