diff --git a/defaults/main.yml b/defaults/main.yml index 105bfcd..396e6cd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -27,7 +27,7 @@ cloudkitty_service_setup_host_python_interpreter: "{{ openstack_service_setup_ho # Set the package install state for distribution and pip packages # Options are 'present' and 'latest' -cloudkitty_package_state: "latest" +cloudkitty_package_state: "{{ package_state | default('latest') }}" cloudkitty_pip_package_state: "latest" cloudkitty_service_user_name: cloudkitty @@ -78,11 +78,12 @@ cloudkitty_git_constraints: - "--constraint {{ cloudkitty_upper_constraints_url }}" cloudkitty_notification_topics: notifications -cloudkitty_collected_services: compute cloudkitty_collector: gnocchi cloudkitty_service_project_domain_id: default cloudkitty_service_project_name: "service" cloudkitty_service_user_domain_id: default +cloudkitty_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}" +cloudkitty_service_role_name: "admin" cloudkitty_system_service_name: "cloudkitty-api" cloudkitty_keystone_auth_plugin: password @@ -95,17 +96,17 @@ cloudkitty_db_setup_python_interpreter: "{{ openstack_db_setup_python_interprete cloudkitty_galera_address: "{{ galera_address | default('127.0.0.1') }}" cloudkitty_galera_database: cloudkitty cloudkitty_galera_user: cloudkitty -cloudkitty_galera_port: 3306 +cloudkitty_galera_port: "{{ galera_port | default('3306') }}" cloudkitty_database_connection: >- mysql+pymysql://{{ cloudkitty_galera_user }}:{{ cloudkitty_container_mysql_password }}@{{ cloudkitty_galera_address }}:{{ cloudkitty_galera_port }}/{{ cloudkitty_galera_database }}?charset=utf8 cloudkitty_wsgi_threads: 1 cloudkitty_wsgi_processes_max: 16 cloudkitty_wsgi_processes: "{{ [[(ansible_facts['processor_vcpus']//ansible_facts['processor_threads_per_core'])|default(1), 1] | max * 2, cloudkitty_wsgi_processes_max] | min }}" -cloudkitty_uwsgi_bind_address: 0.0.0.0 +cloudkitty_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}" ## Service Type and Data -cloudkitty_service_region: RegionOne +cloudkitty_service_region: "{{ service_region | default('RegionOne') }}" cloudkitty_service_name: cloudkitty cloudkitty_service_port: 8089 cloudkitty_service_proto: http diff --git a/extras/env.d/cloudkitty.yml b/extras/env.d/cloudkitty.yml deleted file mode 100644 index 3b458af..0000000 --- a/extras/env.d/cloudkitty.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -component_skel: - cloudkitty_api: - belongs_to: - - cloudkitty_all - cloudkitty_engine: - belongs_to: - - cloudkitty_all - - -container_skel: - cloudkitty_container: - belongs_to: - - infra_containers - - os-infra_containers - contains: - - cloudkitty_api - - cloudkitty_engine - properties: - service_name: cloudkitty - container_release: trusty diff --git a/extras/haproxy_cloudkitty.yml b/extras/haproxy_cloudkitty.yml deleted file mode 100644 index e6db0d2..0000000 --- a/extras/haproxy_cloudkitty.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -haproxy_service_configs: - - service: - haproxy_service_name: cloudkitty_api - haproxy_backend_nodes: "{{ groups['cloudkitty_api'] | default([]) }}" - haproxy_port: 8089 - haproxy_balance_type: http - haproxy_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" diff --git a/extras/horizon/horizon_post_install.yml b/extras/horizon/horizon_post_install.yml deleted file mode 100644 index 5420766..0000000 --- a/extras/horizon/horizon_post_install.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Enable the cloudkitty-dashboard Horizon panel - file: - src: "{{ item.src }}" - path: "{{ item.dest }}" - state: "{{ (horizon_enable_cloudkitty | bool | ternary('link', 'absent')) }}" - with_items: - - { src: "{{ horizon_lib_dir }}/cloudkittydashboard/enabled/_10_admin_group.py", dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_10_admin_group.py" } - - { src: "{{ horizon_lib_dir }}/cloudkittydashboard/enabled/_10_project_group.py", dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_10_project_group.py" } - - { src: "{{ horizon_lib_dir }}/cloudkittydashboard/enabled/_11_admin_hashmap_panel.py", dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_11_admin_hashmap_panel.py" } - - { src: "{{ horizon_lib_dir }}/cloudkittydashboard/enabled/_11_admin_rating_panel.py", dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_11_admin_rating_panel.py" } - - { src: "{{ horizon_lib_dir }}/cloudkittydashboard/enabled/_11_project_rating_panel.py", dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_11_project_rating_panel.py" } - - { src: "{{ horizon_lib_dir }}/cloudkittydashboard/enabled/_12_project_reporting_panel.py", dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_12_project_reporting_panel.py" } - - { src: "{{ horizon_lib_dir }}/cloudkittydashboard/enabled/_13_admin_pyscripts_panel.py", dest: "{{ horizon_lib_dir }}/openstack_dashboard/local/enabled/_13_admin_pyscripts_panel.py" } - notify: Restart apache2 - tags: - - horizon-configs diff --git a/extras/horizon/horizon_vars.yml b/extras/horizon/horizon_vars.yml deleted file mode 100644 index 6e23bcb..0000000 --- a/extras/horizon/horizon_vars.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -## CloudKitty -horizon_enable_cloudkitty: False - -horizon_pip_packages: - - cloudkitty-dashboard - - python-cloudkittyclient diff --git a/extras/os-cloudkitty-install.yml b/extras/os-cloudkitty-install.yml deleted file mode 100644 index 825ed24..0000000 --- a/extras/os-cloudkitty-install.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Install cloudkitty server - hosts: cloudkitty_all - user: root - tags: - - cloudkitty - vars: - cloudkitty_venv_tag: "{{ openstack_release }}" - cloudkitty_venv_download_url: "{{ venv_base_download_url }}/cloudkitty-{{ openstack_release }}-{{ ansible_facts['architecture'] | lower }}.tgz" - pre_tasks: - - include: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" - static: no - when: not is_metal - - roles: - - role: "os_cloudkitty" diff --git a/extras/user_secrets_cloudkitty.yml b/extras/user_secrets_cloudkitty.yml deleted file mode 100644 index ff78525..0000000 --- a/extras/user_secrets_cloudkitty.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -## Cloudkitty passwords -cloudkitty_service_password: -cloudkitty_container_mysql_password: -cloudkitty_oslomsg_rpc_password: diff --git a/releasenotes/notes/role-cleanup-e709b66675dcda60.yaml b/releasenotes/notes/role-cleanup-e709b66675dcda60.yaml new file mode 100644 index 0000000..f3d5aea --- /dev/null +++ b/releasenotes/notes/role-cleanup-e709b66675dcda60.yaml @@ -0,0 +1,11 @@ +--- +upgrade: + - cloudkitty_package_state inherits `package_state` and defaults to "latest" + - cloudkitty_uwsgi_bind_address inherits `openstack_service_bind_address` + and defaults to 0.0.0.0 + - cloudkitty_galera_port inherits `galera_port` and defaults to "3306" + - cloudkitty_service_region inherits `service_region` and defaults to + "RegionOne" +deprecations: + - cloudkitty_collected_services is deprecated and should instead + be configured in Cloudkitty metrics config diff --git a/tasks/main.yml b/tasks/main.yml index a21c346..17bd124 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -114,6 +114,7 @@ - import_tasks: service_setup.yml vars: _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}" + _service_in_ldap: "{{ cloudkitty_service_in_ldap }}" _service_setup_host: "{{ cloudkitty_service_setup_host }}" _service_setup_host_python_interpreter: "{{ cloudkitty_service_setup_host_python_interpreter }}" _service_project_name: "{{ cloudkitty_service_project_name }}" @@ -123,7 +124,7 @@ password: "{{ cloudkitty_service_password }}" role: "rating" - name: "{{ cloudkitty_service_user_name }}" - role: admin + role: "{{ cloudkitty_service_role_name }}" _service_endpoints: - service: "{{ cloudkitty_service_name }}" interface: "public" diff --git a/templates/api-paste.ini.j2 b/templates/api-paste.ini.j2 index c92fcc0..8e2d56f 100644 --- a/templates/api-paste.ini.j2 +++ b/templates/api-paste.ini.j2 @@ -1,13 +1,16 @@ # {{ ansible_managed }} -[pipeline:main] -pipeline = cors request_id authtoken ck_api_v1 +[pipeline:cloudkitty+noauth] +pipeline = cors healthcheck http_proxy_to_wsgi request_id ck_api -[app:ck_api_v1] +[pipeline:cloudkitty+keystone] +pipeline = cors healthcheck http_proxy_to_wsgi request_id authtoken ck_api + +[app:ck_api] paste.app_factory = cloudkitty.api.app:app_factory [filter:authtoken] -acl_public_routes = /, /v1 +acl_public_routes = /, /v1, /healthcheck paste.filter_factory = cloudkitty.api.middleware:AuthTokenMiddleware.factory [filter:request_id] @@ -17,8 +20,10 @@ paste.filter_factory = oslo_middleware:RequestId.factory paste.filter_factory = oslo_middleware.cors:filter_factory oslo_config_project = cloudkitty -[pipeline:cloudkitty+keystone] -pipeline = cors http_proxy_to_wsgi request_id authtoken ck_api_v1 +[filter:healthcheck] +paste.filter_factory = oslo_middleware:Healthcheck.factory +backends = disable_by_file +disable_by_file_path = /etc/cloudkitty/healthcheck_disable [filter:http_proxy_to_wsgi] paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory diff --git a/templates/cloudkitty-metrics.yml.j2 b/templates/cloudkitty-metrics.yml.j2 index edffdb5..3404512 100644 --- a/templates/cloudkitty-metrics.yml.j2 +++ b/templates/cloudkitty-metrics.yml.j2 @@ -1,3 +1,5 @@ +# {{ ansible_managed }} + metrics: cpu: unit: instance diff --git a/templates/cloudkitty.conf.j2 b/templates/cloudkitty.conf.j2 index 0fe1d88..63c7253 100644 --- a/templates/cloudkitty.conf.j2 +++ b/templates/cloudkitty.conf.j2 @@ -14,9 +14,11 @@ transport_url = {{ cloudkitty_oslomsg_rpc_transport }}://{% for host in cloudkit port = {{ cloudkitty_service_port }} [collect] -services = {{ cloudkitty_collected_services }} collector = {{ cloudkitty_collector }} +[collector_{{ cloudkitty_collector }}] +auth_section = keystone_authtoken + [cors] [cors.subdomain] @@ -24,6 +26,12 @@ collector = {{ cloudkitty_collector }} [database] connection = {{ cloudkitty_database_connection }} +[fetcher] +backend = {{ cloudkitty_collector }} + +[fetcher_{{ cloudkitty_collector }}] +auth_section = keystone_authtoken + [keystone_authtoken] memcached_servers = {{ cloudkitty_memcached_servers }} www_authenticate_uri = {{ keystone_service_internaluri }} @@ -34,14 +42,9 @@ password = {{ cloudkitty_service_password }} username = {{ cloudkitty_service_user_name }} auth_url = {{ keystone_service_adminurl }} auth_type = {{ cloudkitty_keystone_auth_plugin }} - -[keystone_fetcher] -keystone_version = 3 -auth_section = keystone_authtoken - -[matchmaker_redis] - -[matchmaker_ring] +region_name = {{ cloudkitty_service_region }} +service_token_roles_required = True +service_token_roles = {{ cloudkitty_service_role_name }} [oslo_messaging_amqp] @@ -63,12 +66,3 @@ backend = {{ cloudkitty_output_backend }} [storage] backend = sqlalchemy version = 1 - -[tenant_fetcher] - - -[{{ cloudkitty_collector }}_collector] -auth_section = keystone_authtoken - -[orchestrator] -coordination_url = mysql://{{ cloudkitty_galera_user }}:{{ cloudkitty_container_mysql_password }}@{{ cloudkitty_galera_address }}/{{ cloudkitty_galera_database }}