From f59db83194666ad111df6576d308b1c500640741 Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Fri, 11 Mar 2016 13:04:56 +0000 Subject: [PATCH] Various configuration changes and task updates This patch implements a bunch of changes for easier debugging and to make the deployment more functional. - All passwords are removed from defaults. The role must fail to complete all tasks if no password is provided. - The Designate Pool Configuration uuid's are provided with defaults and the vars are added to the user_secrets.yml file for easy implementation in OpenStack-Ansible. - The designate.conf template has been re-organised to closely match the sample file provided in the master branch of the OpenStack Designate repository. This makes it easier to compare for changes. - The PyMySQL driver is used for all MySQL connectivity, as is now the general standard for OpenStack Services. - The designate_pool_manager database is now setup. - The test playbook has the RabbitMQ & DB setup pre_tasks removed for now. These can move out again once functional testing is working. - The test playbook's LXC dhcp range is reduced to 50 hosts in order to ensure no conflicts with the test containers and also provide room for growth. - Add human readable logging callback plugin to functional test. - Restructure testing to make it easier to work with. --- defaults/main.yml | 29 +- extras/user_secrets_designate.yml | 5 + tasks/designate_db_setup.yml | 39 ++- tasks/designate_install.yml | 2 +- tasks/designate_post_install.yml | 2 +- tasks/designate_pre_install.yml | 1 + tasks/designate_service_add.yml | 96 ----- tasks/designate_service_setup.yml | 99 ++++-- templates/api-paste.ini.j2 | 76 +++- templates/designate-upstart-init.j2 | 2 +- templates/designate.conf.j2 | 519 +++++++++++++++++++--------- tests/inventory | 33 ++ tests/test-install-designate.yml | 56 +++ tests/test-install-infra.yml | 32 ++ tests/test-install-keystone.yml | 83 +++++ tests/test-prepare-containers.yml | 33 ++ tests/test-prepare-host.yml | 56 +++ tests/test-prepare-keys.yml | 31 ++ tests/test.yml | 294 +--------------- tox.ini | 5 +- 20 files changed, 891 insertions(+), 602 deletions(-) delete mode 100644 tasks/designate_service_add.yml create mode 100644 tests/test-install-designate.yml create mode 100644 tests/test-install-infra.yml create mode 100644 tests/test-install-keystone.yml create mode 100644 tests/test-prepare-containers.yml create mode 100644 tests/test-prepare-host.yml create mode 100644 tests/test-prepare-keys.yml diff --git a/defaults/main.yml b/defaults/main.yml index 6bd1315..9e17be6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -61,14 +61,22 @@ designate_system_comment: designate system user designate_system_user_home: "/var/lib/{{ designate_system_user_name }}" ## DB info +designate_galera_address: 127.0.0.1 designate_galera_user: designate -designate_galera_password: "{{ designate_container_mysql_password }}" designate_galera_database: designate +designate_pool_manager_galera_address: 127.0.0.1 +designate_pool_manager_galera_user: designate_pool_manager +designate_pool_manager_galera_database: designate_pool_manager ## RabbitMQ info designate_rabbitmq_userid: designate designate_rabbitmq_vhost: /designate +## Pool Configuration Defaults +# These are typically set in the user_secrets.yml file. +designate_pool_uuid: 794ccc2c-d751-44fe-b57f-8894c9f5c842 +designate_pool_nameserver_uuid: f02a0c72-c701-4ec2-85d7-197b30992ce8 +designate_pool_target_uuid: f02a0c72-c701-4ec2-85d7-197b30992ce9 # Enable/Disable Ceilometer designate_ceilometer_enabled: False @@ -98,27 +106,10 @@ designate_service_project_domain_id: default designate_service_user_domain_id: default designate_service_user_name: designate designate_keystone_auth_type: password -designate_service_tenant_name: service designate_service_project_name: service designate_service_publicuri: "{{ designate_service_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}" -designate_service_publicurl: "{{ designate_service_publicuri }}/v1" designate_service_internaluri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}" -designate_service_internalurl: "{{ designate_service_internaluri }}/v1" designate_service_adminuri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}" -designate_service_adminurl: "{{ designate_service_adminuri }}/v1" - -designate_service_v2_name: designatev2 -designate_service_v2_port: 9001 -designate_service_v2_proto: http -designate_service_v2_type: dnsv2 -designate_service_v2_description: "DNS Service V2" -designate_service_v2_publicuri: "{{ cinder_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ cinder_service_port }}" -designate_service_v2_publicuri: "{{ designate_service_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}" -designate_service_v2_publicurl: "{{ designate_service_publicuri }}/v2" -designate_service_v2_internaluri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}" -designate_service_v2_internalurl: "{{ designate_service_internaluri }}/v2" -designate_service_v2_adminuri: "{{ designate_service_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}" -designate_service_v2_adminurl: "{{ designate_service_adminuri }}/v2" designate_service_in_ldap: false @@ -137,7 +128,7 @@ designate_requires_pip_packages: designate_pip_packages: - designate - python-designateclient - - MySQL-python + - PyMySQL - python-memcached - pycrypto - warlock diff --git a/extras/user_secrets_designate.yml b/extras/user_secrets_designate.yml index 5c23f29..2ce36e5 100644 --- a/extras/user_secrets_designate.yml +++ b/extras/user_secrets_designate.yml @@ -1,2 +1,7 @@ designate_container_mysql_password: +designate_pool_manager_container_mysql_password: +designate_pool_nameserver_uuid: +designate_pool_target_uuid: +designate_pool_uuid: +designate_rabbitmq_password: designate_service_password: diff --git a/tasks/designate_db_setup.yml b/tasks/designate_db_setup.yml index d0ca1f0..a65adb1 100644 --- a/tasks/designate_db_setup.yml +++ b/tasks/designate_db_setup.yml @@ -39,11 +39,44 @@ tags: - designate-db-setup +- name: Create pool_manager DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ designate_galera_address }}" + name: "{{ designate_pool_manager_galera_database }}" + state: "present" + tags: + - designate-db-setup + +- name: Grant access to the pool_manager DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ designate_galera_address }}" + name: "{{ designate_pool_manager_galera_user }}" + password: "{{ designate_pool_manager_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ designate_pool_manager_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + tags: + - designate-db-setup + - name: Perform a Designate DB sync - command: designate-manage database sync - sudo: yes - sudo_user: "{{ designate_system_user_name }}" + command: "{{ designate_bin }}/designate-manage database sync" + become: yes + become_user: "{{ designate_system_user_name }}" tags: - designate-db-sync - designate-setup +- name: Perform a Designate Pool Manager Cache sync + command: "{{ designate_bin }}/designate-manage pool-manager-cache sync" + become: yes + become_user: "{{ designate_system_user_name }}" + tags: + - designate-db-sync + - designate-setup diff --git a/tasks/designate_install.yml b/tasks/designate_install.yml index 434e400..93edfb2 100644 --- a/tasks/designate_install.yml +++ b/tasks/designate_install.yml @@ -47,7 +47,7 @@ copy: dest: "/opt/developer-pip-constraints.txt" content: | - {% for item in glance_developer_constraints %} + {% for item in designate_developer_constraints %} {{ item }} {% endfor %} when: diff --git a/tasks/designate_post_install.yml b/tasks/designate_post_install.yml index 942ae7a..2258b45 100644 --- a/tasks/designate_post_install.yml +++ b/tasks/designate_post_install.yml @@ -28,7 +28,7 @@ config_overrides: "{{ designate_designate_conf_overrides }}" config_type: "ini" - src: "api-paste.ini.j2" - dest: "/etc/designate/api_paste.ini" + dest: "/etc/designate/api-paste.ini" config_overrides: "{{ designate_api_paste_ini_overrides }}" config_type: "ini" - src: "policy.json.j2" diff --git a/tasks/designate_pre_install.yml b/tasks/designate_pre_install.yml index fabbe95..b06c2b4 100644 --- a/tasks/designate_pre_install.yml +++ b/tasks/designate_pre_install.yml @@ -42,6 +42,7 @@ mode: "{{ item.mode|default('0755') }}" with_items: - { path: "/etc/designate" } + - { path: "/etc/designate/rootwrap.d" } - { path: "{{ designate_system_user_home }}" } - { path: "{{ designate_system_user_home }}/.ssh", mode: "0700" } - { path: "/var/cache/designate", mode: "0700" } diff --git a/tasks/designate_service_add.yml b/tasks/designate_service_add.yml deleted file mode 100644 index 591fa5e..0000000 --- a/tasks/designate_service_add.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# Copyright 2016, Tata Consultancy Services -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure designate service - keystone: - command: "ensure_service" - token: "{{ keystone_auth_admin_token }}" - endpoint: "{{ keystone_service_adminurl }}" - service_name: "{{ designate_service_name }}" - service_type: "{{ designate_service_type }}" - description: "{{ designate_service_description }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_service - until: add_service|success - retries: 5 - delay: 2 - tags: - - designate-setup - - designate-service-add - -- name: Ensure designate user - keystone: - command: "ensure_user" - token: "{{ keystone_auth_admin_token }}" - endpoint: "{{ keystone_service_adminurl }}" - user_name: "{{ designate_service_user_name }}" - tenant_name: "{{ designate_service_project_name }}" - password: "{{ designate_service_password }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_service - when: not designate_service_in_ldap | bool - until: add_service|success - retries: 5 - delay: 10 - tags: - - designate-setup - - designate-service-add - -- name: Ensure designate user to admin role - keystone: - command: "ensure_user_role" - token: "{{ keystone_auth_admin_token }}" - endpoint: "{{ keystone_service_adminurl }}" - user_name: "{{ designate_service_user_name }}" - tenant_name: "{{ designate_service_project_name }}" - role_name: "{{ designate_role_name }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_service - when: not designate_service_in_ldap | bool - until: add_service|success - retries: 5 - delay: 10 - tags: - - designate-api-setup - - designate-service-add - - designate-setup - - -# Create an endpoint -- name: Ensure designate endpoint - keystone: - command: "ensure_endpoint" - token: "{{ keystone_auth_admin_token }}" - endpoint: "{{ keystone_service_adminurl }}" - region_name: "{{ designate_service_region }}" - service_name: "{{ designate_service_name }}" - service_type: "{{ designate_service_type }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - endpoint_list: - - url: "{{ designate_service_publicurl }}" - interface: "public" - - url: "{{ designate_service_adminurl }}" - interface: "admin" - - url: "{{ designate_service_internalurl }}" - interface: "internal" - register: add_service - until: add_service|success - retries: 5 - delay: 10 - tags: - - designate-setup - - designate-service-add - - diff --git a/tasks/designate_service_setup.yml b/tasks/designate_service_setup.yml index 016521d..d3534d3 100644 --- a/tasks/designate_service_setup.yml +++ b/tasks/designate_service_setup.yml @@ -13,35 +13,82 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: designate_service_add.yml - vars: - service_user_name: "{{ designate_service_user_name }}" - service_tenant_name: "{{ designate_service_tenant_name }}" +- name: Ensure designate service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" service_name: "{{ designate_service_name }}" service_type: "{{ designate_service_type }}" - service_region: "{{designate_service_region }}" - service_description: "{{ designate_service_description }}" - service_password: "{{ designate_service_password }}" - service_internalurl: "{{ designate_service_internalurl }}" - service_publicurl: "{{ designate_service_publicurl }}" - service_adminurl: "{{ designate_service_adminurl }}" - role_name: "{{ designate_role_name }}" + description: "{{ designate_service_description }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 tags: - - designate-add-service + - designate-setup + - designate-service-add -- include: designate_service_add.yml - vars: - service_user_name: "{{ designate_service_user_name }}" - service_tenant_name: "{{ designate_service_project_name }}" - service_name: "{{ designate_service_v2_name }}" - service_type: "{{ designate_service_v2_type }}" - service_region: "{{ designate_service_region }}" - service_description: "{{ designate_service_v2_description }}" - service_password: "{{ designate_service_password }}" - service_publicurl: "{{ designate_service_v2_publicurl }}" - service_internalurl: "{{ designate_service_v2_internalurl }}" - service_adminurl: "{{ designate_service_v2_adminurl }}" - role_name: "{{ designate_role_name }}" +- name: Ensure designate user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ designate_service_user_name }}" + tenant_name: "{{ designate_service_project_name }}" + password: "{{ designate_service_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not designate_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 tags: - - designate-add-service + - designate-setup + - designate-service-add +- name: Ensure designate user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ designate_service_user_name }}" + tenant_name: "{{ designate_service_project_name }}" + role_name: "{{ designate_role_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not designate_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + tags: + - designate-api-setup + - designate-service-add + - designate-setup + + +# Create an endpoint +- name: Ensure designate endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ designate_service_region }}" + service_name: "{{ designate_service_name }}" + service_type: "{{ designate_service_type }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_list: + - url: "{{ designate_service_publicuri }}" + interface: "public" + - url: "{{ designate_service_adminuri }}" + interface: "admin" + - url: "{{ designate_service_internaluri }}" + interface: "internal" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - designate-setup + - designate-service-add diff --git a/templates/api-paste.ini.j2 b/templates/api-paste.ini.j2 index a445a61..89d1ed4 100644 --- a/templates/api-paste.ini.j2 +++ b/templates/api-paste.ini.j2 @@ -1,19 +1,73 @@ -# designate API WSGI Pipeline -# Define the filters that make up the pipeline for processing WSGI requests -# Note: This pipeline is PasteDeploy's term rather than designate's pipeline -# used for processing samples +[composite:osapi_dns] +use = egg:Paste#urlmap +/: osapi_dns_versions +/v1: osapi_dns_v1 +/v2: osapi_dns_v2 +/admin: osapi_dns_admin -# Remove authtoken from the pipeline if you don't want to use keystone authentication -[pipeline:main] -pipeline = request_id authtoken api-server +[composite:osapi_dns_versions] +use = call:designate.api.middleware:auth_pipeline_factory +noauth = http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions +keystone = http_proxy_to_wsgi cors maintenance faultwrapper osapi_dns_app_versions -[app:api-server] -paste.app_factory = designate.api.app:app_factory +[app:osapi_dns_app_versions] +paste.app_factory = designate.api.versions:factory -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory +[composite:osapi_dns_v1] +use = call:designate.api.middleware:auth_pipeline_factory +noauth = http_proxy_to_wsgi cors request_id noauthcontext maintenance validation_API_v1 faultwrapper normalizeuri osapi_dns_app_v1 +keystone = http_proxy_to_wsgi cors request_id authtoken keystonecontext maintenance validation_API_v1 faultwrapper normalizeuri osapi_dns_app_v1 + + +[app:osapi_dns_app_v1] +paste.app_factory = designate.api.v1:factory + +[composite:osapi_dns_v2] +use = call:designate.api.middleware:auth_pipeline_factory +noauth = http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 noauthcontext maintenance normalizeuri osapi_dns_app_v2 +keystone = http_proxy_to_wsgi cors request_id faultwrapper validation_API_v2 authtoken keystonecontext maintenance normalizeuri osapi_dns_app_v2 + +[app:osapi_dns_app_v2] +paste.app_factory = designate.api.v2:factory + +[composite:osapi_dns_admin] +use = call:designate.api.middleware:auth_pipeline_factory +noauth = http_proxy_to_wsgi cors request_id faultwrapper noauthcontext maintenance normalizeuri osapi_dns_app_admin +keystone = http_proxy_to_wsgi cors request_id faultwrapper authtoken keystonecontext maintenance normalizeuri osapi_dns_app_admin + +[app:osapi_dns_app_admin] +paste.app_factory = designate.api.admin:factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory oslo_config_project = designate [filter:request_id] paste.filter_factory = oslo_middleware:RequestId.factory +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory + +[filter:noauthcontext] +paste.filter_factory = designate.api.middleware:NoAuthContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:keystonecontext] +paste.filter_factory = designate.api.middleware:KeystoneContextMiddleware.factory + +[filter:maintenance] +paste.filter_factory = designate.api.middleware:MaintenanceMiddleware.factory + +[filter:normalizeuri] +paste.filter_factory = designate.api.middleware:NormalizeURIMiddleware.factory + +[filter:faultwrapper] +paste.filter_factory = designate.api.middleware:FaultWrapperMiddleware.factory + +[filter:validation_API_v1] +paste.filter_factory = designate.api.middleware:APIv1ValidationErrorMiddleware.factory + +[filter:validation_API_v2] +paste.filter_factory = designate.api.middleware:APIv2ValidationErrorMiddleware.factory diff --git a/templates/designate-upstart-init.j2 b/templates/designate-upstart-init.j2 index 2fa9971..ac72180 100644 --- a/templates/designate-upstart-init.j2 +++ b/templates/designate-upstart-init.j2 @@ -12,7 +12,7 @@ respawn respawn limit 10 5 # Set the RUNBIN environment variable -env RUNBIN="/usr/local/bin/{{ program_name }}" +env RUNBIN="{{ designate_bin }}/{{ program_name }}" # Change directory to service users home chdir "{{ service_home }}" diff --git a/templates/designate.conf.j2 b/templates/designate.conf.j2 index 9983b14..8021251 100644 --- a/templates/designate.conf.j2 +++ b/templates/designate.conf.j2 @@ -1,11 +1,35 @@ [DEFAULT] -auth_strategy = keystone + +######################## +## General Configuration +######################## +# Show more verbose log output (sets INFO log level output) verbose = {{ verbose }} + +# Show debugging output in logs (sets DEBUG log level output) debug = {{ debug }} +# Top-level directory for maintaining designate's state +#state_path = /var/lib/designate + +# Log Configuration +#log_config = None + +# Log directory +#logdir = /var/log/designate + +{% if designate_ceilometer_enabled | bool %} +# Driver used for issuing notifications +notification_driver = messagingv2 +{% endif %} + # Root helper root_helper = sudo designate-rootwrap /etc/designate/rootwrap.conf +# Which networking API to use, Defaults to neutron +#network_api = neutron + +# RabbitMQ Config [oslo_messaging_rabbit] rpc_backend = rabbit rabbit_port = {{ rabbitmq_port }} @@ -17,10 +41,109 @@ rabbit_use_ssl = {{ rabbitmq_use_ssl }} rabbit_notification_exchange = designate rabbit_notification_topic = notifications -{% if designate_ceilometer_enabled | bool %} -[oslo_messaging_notifications] -driver = messagingv2 -{% endif %} +######################## +## Service Configuration +######################## +#----------------------- +# Central Service +#----------------------- +[service:central] +# Number of central worker processes to spawn +#workers = None + +# Number of central greenthreads to spawn +#threads = 1000 + +# Maximum domain name length +#max_domain_name_len = 255 + +# Maximum recordset name length +#max_recordset_name_len = 255 + +# Minimum TTL +#min_ttl = None + +# The name of the default pool +#default_pool_id = '794ccc2c-d751-44fe-b57f-8894c9f5c842' + +## Managed resources settings + +# Email to use for managed resources like domains created by the FloatingIP API +#managed_resource_email = hostmaster@example.com. + +# Tenant ID to own all managed resources - like auto-created records etc. +# TODO(odyssey4me) - Check on whether this should be set to something +#managed_resource_tenant_id = 123456 + +#----------------------- +# API Service +#----------------------- +[service:api] +# Number of api worker processes to spawn +#workers = None + +# Number of api greenthreads to spawn +#threads = 1000 + +# Enable host request headers +#enable_host_header = False + +# The base uri used in responses +#api_base_uri = 'http://127.0.0.1:9001/' + +# Address to bind the API server +#api_host = 0.0.0.0 + +# Port to bind the API server +#api_port = 9001 + +# Maximum line size of message headers to be accepted. max_header_line may +# need to be increased when using large tokens (typically those generated by +# the Keystone v3 API with big service catalogs). +#max_header_line = 16384 + +# Authentication strategy to use - can be either "noauth" or "keystone" +auth_strategy = keystone + +# Enable API Version 1 (deprecated) +enable_api_v1 = True + +# Enabled API Version 1 extensions +# Can be one or more of : diagnostics, quotas, reports, sync, touch +enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch + +# Enable API Version 2 +enable_api_v2 = True + +# Enabled API Version 2 extensions +enabled_extensions_v2 = quotas, reports + +# Default per-page limit for the V2 API, a value of None means show all results +# by default +#default_limit_v2 = 20 + +# Max page size in the V2 API +#max_limit_v2 = 1000 + +# Enable Admin API (experimental) +enable_api_admin = False + +# Enabled Admin API extensions +# Can be one or more of : reports, quotas, counts, tenants, zones +# zone export is in zones extension +#enabled_extensions_admin = + +# Default per-page limit for the Admin API, a value of None means show all results +# by default +#default_limit_admin = 20 + +# Max page size in the Admin API +#max_limit_admin = 1000 + +# Show the pecan HTML based debug interface (v2 only) +# This is only useful for development, and WILL break python-designateclient +# if an error occurs +#pecan_debug = False #----------------------- # Keystone Middleware @@ -40,187 +163,164 @@ password = {{ designate_service_password }} memcached_servers = {{ memcached_servers }} -######################## #----------------------- -# Central Service +# Sink Service #----------------------- -[service:central] -# Number of central worker processes to spawn -#workers = 10 - -# Number of central greenthreads to spawn -threads = 1000 - -# Maximum domain name length -max_domain_name_len = 255 - -# Maximum recordset name length -max_recordset_name_len = 255 - -# Minimum TTL -#min_ttl = None - -# The name of the default pool -default_pool_id = '794ccc2c-d751-44fe-b57f-8894c9f5c842' - -## Managed resources settings - -# Email to use for managed resources like domains created by the FloatingIP API -#managed_resource_email = hostmaster@example.com. - -# Tenant ID to own all managed resources - like auto-created records etc. -managed_resource_tenant_id = None - -#----------------------- -# API Service -#----------------------- -[service:api] - -threads=1000 - -# The base uri used in responses -api_base_uri = 'http://10.16.34.6:9001/v1' - -# Address to bind the API server -api_host = 0.0.0.0 - -# Port to bind the API server -api_port = 9001 - -# Authentication strategy to use - can be either "noauth" or "keystone" -auth_strategy = keystone - -# Enable API Version 1 -enable_api_v1 = True - -# Enable API Version 2 -enable_api_v2 = True - -# Enabled API Version 1 extensions -enabled_extensions_v1 = diagnostics, quotas, reports, sync, touch - -# Enabled API Version 2 extensions -enabled_extensions_v2 = quotas, reports - -# Enable Admin API (experimental) -enable_api_admin = False - -# Enabled Admin API extensions -# Can be one or more of : reports, quotas, counts, tenants, zones -# zone export is in zones extension -enabled_extensions_admin = reports, quotas, counts, tenants, zones - -# Default per-page limit for the Admin API, a value of None means show all results -# by default -default_limit_admin = 20 - -# Max page size in the Admin API -max_limit_admin = 1000 - +[service:sink] +# List of notification handlers to enable, configuration of these needs to +# correspond to a [handler:my_driver] section below or else in the config +# Can be one or more of : nova_fixed, neutron_floatingip +#enabled_notification_handlers = #----------------------- # mDNS Service #----------------------- [service:mdns] # Number of mdns worker processes to spawn -#workers = 10 +#workers = None # Number of mdns greenthreads to spawn -threads = 1000 +#threads = 1000 # mDNS Bind Host -host = 0.0.0.0 +#host = 0.0.0.0 # mDNS Port Number -port = 5354 +#port = 5354 # mDNS TCP Backlog -tcp_backlog = 100 +#tcp_backlog = 100 # mDNS TCP Receive Timeout -tcp_recv_timeout = 0.5 +#tcp_recv_timeout = 0.5 # Enforce all incoming queries (including AXFR) are TSIG signed -query_enforce_tsig = False +#query_enforce_tsig = False # Send all traffic over TCP -all_tcp = False +#all_tcp = False # Maximum message size to emit -max_message_size = 65535 +#max_message_size = 65535 + +#----------------------- +# Agent Service +#----------------------- +[service:agent] +#workers = None +#host = 0.0.0.0 +#port = 5358 +#tcp_backlog = 100 +#allow_notify = 127.0.0.1 +#masters = 127.0.0.1:5354 +#backend_driver = fake +#transfer_source = None +#notify_delay = 0 + +#----------------------- +# Zone Manager Service +#----------------------- +[service:zone_manager] +# Number of Zone Manager worker processes to spawn +#workers = None + +# Number of Zone Manager greenthreads to spawn +#threads = 1000 + +# List of Zone Manager tasks to enable, a value of None will enable all tasks. +# Can be one or more of: periodic_exists +#enabled_tasks = None + +# Whether to allow synchronous zone exports +#export_synchronous = True + +#------------------------ +# Deleted domains purging +#------------------------ +[zone_manager_task:domain_purge] +# How frequently to purge deleted domains, in seconds +#interval = 3600 # 1h + +# How many records to be deleted on each run +#batch_size = 100 + +# How old deleted records should be (deleted_at) to be purged, in seconds +#time_threshold = 604800 # 7 days #----------------------- # Pool Manager Service #----------------------- [service:pool_manager] -backends = bind9 -threads = 1000 -pool_id = 794ccc2c-d751-44fe-b57f-8894c9f5c842 -threshold_percentage = 100 -poll_timeout = 30 -poll_retry_interval = 15 -poll_max_retries = 3 -poll_delay = 5 -periodic_recovery_interval = 120 -enable_sync_timer = True -periodic_sync_interval = 300 -cache_driver = memcache +# Number of Pool Manager worker processes to spawn +#workers = None -######################## -## Storage Configuration -######################## +# Number of Pool Manager greenthreads to spawn +#threads = 1000 + +# The ID of the pool managed by this instance of the Pool Manager +pool_id = {{ designate_pool_uuid }} + +# The percentage of servers requiring a successful update for a domain change +# to be considered active +#threshold_percentage = 100 + +# The time to wait for a response from a server +#poll_timeout = 30 + +# The time between retrying to send a request and waiting for a response from a +# server +#poll_retry_interval = 15 + +# The maximum number of times to retry sending a request and wait for a +# response from a server +#poll_max_retries = 10 + +# The time to wait before sending the first request to a server +#poll_delay = 5 + +# Enable the recovery thread +#enable_recovery_timer = True + +# The time between recovering from failures +#periodic_recovery_interval = 120 + +# Enable the sync thread +#enable_sync_timer = True + +# The time between synchronizing the servers with storage +#periodic_sync_interval = 1800 + +# Zones Updated within last N seconds will be syncd. Use None to sync all zones +#periodic_sync_seconds = None + +# Perform multiple update attempts during periodic_sync +#periodic_sync_max_attempts = 3 +#periodic_sync_retry_interval = 30 + +# The cache driver to use +#cache_driver = memcache + +################################### +## Pool Manager Cache Configuration +################################### #----------------------- -# SQLAlchemy Storage +# SQLAlchemy Pool Manager Cache #----------------------- - -[storage:sqlalchemy] -# Database connection string - to configure options for a given implementation -# like sqlalchemy or other see below -connection = mysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate?charset=utf8 -connection_debug = 100 -connection_trace = True -sqlite_synchronous = True -idle_timeout = 3600 -max_retries = 10 -retry_interval = 10 - - [pool_manager_cache:sqlalchemy] -connection = mysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate_pool_manager?charset=utf8 -connection_debug = 100 -connection_trace = False -sqlite_synchronous = True -idle_timeout = 3600 -max_retries = 10 -retry_interval = 10 +connection = mysql+pymysql://{{ designate_pool_manager_galera_user }}:{{ designate_pool_manager_container_mysql_password }}@{{ designate_pool_manager_galera_address }}/designate_pool_manager?charset=utf8 +#connection_debug = 100 +#connection_trace = False +#sqlite_synchronous = True +#idle_timeout = 3600 +#max_retries = 10 +#retry_interval = 10 #----------------------- # Memcache Pool Manager Cache #----------------------- [pool_manager_cache:memcache] -memcached_servers = None -expiration = 3600 - -############################# -## Pool Backend Configuration -############################# -#----------------------- -# Global Bind9 Pool Backend -#----------------------- -#[backend:bind9] -#server_ids = 6a5032b6-2d96-43ee-b25b-7d784e2bf3b2 -#masters = 10.16.34.6:5354 -#rndc_host = 10.16.34.6 -#rndc_port = 953 -#rndc_config_file = /etc/rndc.conf -#rndc_key_file = /etc/rndc.key - -#----------------------- -# Server Specific Bind9 Pool Backend -#----------------------- -#[backend:bind9:6a5032b6-2d96-43ee-b25b-7d784e2bf3b2] -#host = 10.16.34.6 -#port = 53 +#memcached_servers = None +#expiration = 3600 ##################### ## Pool Configuration @@ -229,28 +329,123 @@ expiration = 3600 # This section does not have the defaults filled in but demonstrates an # example pool / server set up. Different backends will have different options. -[pool:794ccc2c-d751-44fe-b57f-8894c9f5c842] -nameservers = 0f66b842-96c2-4189-93fc-1dc95a08b012 -targets = f26e0b32-736f-4f0a-831b-039a415c481e +[pool:{{ designate_pool_uuid }}] +nameservers = {{ designate_pool_nameserver_uuid }} +targets = {{ designate_pool_target_uuid }} #also_notifies = 192.0.2.1:53, 192.0.2.2:53 -[pool_nameserver:0f66b842-96c2-4189-93fc-1dc95a08b012] +[pool_nameserver:{{ designate_pool_nameserver_uuid }}] port = 53 -host = 10.16.34.6 +host = 127.0.0.1 -[pool_target:f26e0b32-736f-4f0a-831b-039a415c481e] -options = rndc_host: 10.16.34.6, rndc_port: 953, rndc_config_file: /etc/bind/rndc.conf, rndc_key_file: /etc/bind/rndc.key, port: 53, host: 10.16.34.6, clean_zonefile: false -masters = 10.16.34.6:5354 +[pool_target:{{ designate_pool_target_uuid }}] +options = port: 53, host: 127.0.0.1 +masters = 127.0.0.1:5354 type = bind9 -[service:sink] +############## +## Network API +############## +[network_api:neutron] +# Comma separated list of values, formatted "|" +#endpoints = RegionOne|http://localhost:9696 +#endpoint_type = publicURL +#timeout = 30 +#admin_username = designate +#admin_password = designate +#admin_tenant_name = designate +#auth_url = http://localhost:35357/v2.0 +#insecure = False +#auth_strategy = keystone +#ca_certificates_file = -enabled_notification_handlers = nova_fixed +######################## +## Storage Configuration +######################## +#----------------------- +# SQLAlchemy Storage +#----------------------- +[storage:sqlalchemy] +connection = mysql+pymysql://{{ designate_galera_user }}:{{ designate_container_mysql_password }}@{{ designate_galera_address }}/designate?charset=utf8 +#connection_debug = 0 +#connection_trace = False +#sqlite_synchronous = True +#idle_timeout = 3600 +#max_retries = 10 +#retry_interval = 10 +######################## +## Handler Configuration +######################## +#----------------------- +# Nova Fixed Handler +#----------------------- [handler:nova_fixed] # Domain ID of domain to create records in. Should be pre-created -notification_topics = notifications -control_exchange = 'nova' -zone_id = e7192aa3-294b-491c-a2e7-3624e87f0af1 -format = '%(instance_id)s.%(zone)s' +#domain_id = +#notification_topics = notifications +#control_exchange = 'nova' +#format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s' +#format = '%(hostname)s.%(domain)s' + +#------------------------ +# Neutron Floating Handler +#------------------------ +[handler:neutron_floatingip] +# Domain ID of domain to create records in. Should be pre-created +#domain_id = +#notification_topics = notifications +#control_exchange = 'neutron' +#format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s' +#format = '%(hostname)s.%(domain)s' + +############################# +## Agent Backend Configuration +############################# +[backend:agent:bind9] +#rndc_host = 127.0.0.1 +#rndc_port = 953 +#rndc_config_file = /etc/rndc.conf +#rndc_key_file = /etc/rndc.key +#zone_file_path = $state_path/zones +#query_destination = 127.0.0.1 +# +[backend:agent:denominator] +#name = dynect +#config_file = /etc/denominator.conf + +######################## +## Library Configuration +######################## +[oslo_concurrency] +# Path for Oslo Concurrency to store lock files, defaults to the value +# of the state_path setting. +#lock_path = $state_path + +######################## +## Coordination +######################## +[coordination] +# URL for the coordination backend to use. +#backend_url = kazoo://127.0.0.1/ + +######################## +## Hook Points +######################## +# Hook Points are enabled when added to the config and there has been +# a package that provides the corresponding named designate.hook_point +# entry point. + +# [hook_point:name_of_hook_point] +# some_param_for_hook = 42 +# Hooks can be disabled in the config +# enabled = False + +# Hook can also be applied to the import path when the hook has not +# been given an explicit name. The name is created from the hook +# target function / method: +# +# name = '%s.%s' % (func.__module__, func.__name__) + +# [hook_point:designate.api.v2.controllers.zones.get_one] diff --git a/tests/inventory b/tests/inventory index 6c0833a..c117b78 100644 --- a/tests/inventory +++ b/tests/inventory @@ -1,2 +1,35 @@ [all] localhost ansible_connection=local ansible_become=True + +[rabbitmq_all:children] +infra1 + +[galera_all:children] +infra1 + +[designate_all:children] +designate_api + +[designate_api:children] +openstack1 + +[designate_central:children] +openstack1 + +[designate_mdns:children] +openstack1 + +[designate_pool_manager:children] +openstack1 + +[designate_sink:children] +openstack1 + +[keystone_all:children] +openstack1 + +[infra1] +10.100.100.101 + +[openstack1] +10.100.100.102 diff --git a/tests/test-install-designate.yml b/tests/test-install-designate.yml new file mode 100644 index 0000000..74341d5 --- /dev/null +++ b/tests/test-install-designate.yml @@ -0,0 +1,56 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for deploying designate + hosts: designate_all + user: root + gather_facts: true + roles: + - role: "{{ rolename | basename }}" + vars: + debug: True + external_lb_vip_address: 10.100.100.102 + internal_lb_vip_address: 10.100.100.102 + designate_galera_address: 10.100.100.101 + designate_container_mysql_password: "SuperSecrete" + designate_pool_manager_galera_address: 10.100.100.101 + designate_pool_manager_container_mysql_password: "SuperSecrete" + galera_client_drop_config_file: false + galera_root_password: "secrete" + designate_rabbitmq_password: "secrete" + designate_rabbitmq_userid: designate + designate_rabbitmq_vhost: /designate + rabbitmq_servers: 10.100.100.101 + rabbitmq_use_ssl: False + rabbitmq_port: 5672 + keystone_auth_admin_token: "SuperSecreteTestToken" + keystone_auth_admin_password: "SuperSecretePassword" + keystone_service_adminuri_insecure: false + keystone_service_internaluri_insecure: false + keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000" + keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" + keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357" + keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" + designate_venv_tag: "testing" + designate_developer_mode: true + designate_git_install_branch: 4df88d7b28a05cb3556573ce4f1c7c66abf944bb # HEAD of "master" as of 17.01.2016 + designate_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 # HEAD of "master" as of 17.01.2016 + designate_service_password: "secrete" + designate_profiler_hmac_key: "secrete" + openrc_os_auth_url: "{{ keystone_service_internalurl }}" + openrc_os_password: "{{ keystone_auth_admin_password }}" + openrc_os_domain_name: "Default" + memcached_servers: 127.0.0.1 + memcached_encryption_key: "secrete" diff --git a/tests/test-install-infra.yml b/tests/test-install-infra.yml new file mode 100644 index 0000000..d8e0235 --- /dev/null +++ b/tests/test-install-infra.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for deploying infra services + hosts: service_all + user: root + gather_facts: true + roles: + - role: "rabbitmq_server" + rabbitmq_cookie_token: secrete + - role: "galera_server" + galera_root_password: secrete + galera_root_user: root + galera_innodb_buffer_pool_size: 512M + galera_innodb_log_buffer_size: 32M + galera_server_id: "{{ inventory_hostname | string_2_int }}" + galera_wsrep_node_name: "{{ inventory_hostname }}" + galera_wsrep_provider_options: + - { option: "gcache.size", value: "32M" } + galera_server_id: "{{ inventory_hostname | string_2_int }}" diff --git a/tests/test-install-keystone.yml b/tests/test-install-keystone.yml new file mode 100644 index 0000000..af718e4 --- /dev/null +++ b/tests/test-install-keystone.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for deploying keystone + hosts: keystone_all + user: root + gather_facts: true + pre_tasks: + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ keystone_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.100.101" + when: inventory_hostname == groups['keystone_all'][0] + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ keystone_rabbitmq_userid }}" + password: "{{ keystone_rabbitmq_password }}" + vhost: "{{ keystone_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.100.101" + when: inventory_hostname == groups['keystone_all'][0] + - name: Create DB for service + mysql_db: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + state: "present" + delegate_to: "10.100.100.101" + when: inventory_hostname == groups['keystone_all'][0] + - name: Grant access to the DB for the service + mysql_user: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + password: "{{ keystone_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ keystone_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.100.101" + when: inventory_hostname == groups['keystone_all'][0] + roles: + - role: os_keystone + vars: + external_lb_vip_address: 10.100.100.102 + internal_lb_vip_address: 10.100.100.102 + keystone_galera_address: 10.100.100.101 + keystone_galera_database: keystone + keystone_venv_tag: "testing" + keystone_developer_mode: true + keystone_git_install_branch: a55128044f763f5cfe2fdc57c738eaca97636448 # HEAD of "master" as of 17.01.2016 + keystone_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 # HEAD of "master" as of 17.01.2016 + keystone_auth_admin_token: "SuperSecreteTestToken" + keystone_auth_admin_password: "SuperSecretePassword" + keystone_service_password: "secrete" + keystone_rabbitmq_password: "secrete" + keystone_container_mysql_password: "SuperSecrete" + keystone_rabbitmq_port: 5671 + keystone_rabbitmq_userid: keystone + keystone_rabbitmq_vhost: /keystone + keystone_rabbitmq_servers: 10.100.100.101 + keystone_rabbitmq_use_ssl: true + galera_client_drop_config_file: false diff --git a/tests/test-prepare-containers.yml b/tests/test-prepare-containers.yml new file mode 100644 index 0000000..932d681 --- /dev/null +++ b/tests/test-prepare-containers.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for creating containers + hosts: all_containers + connection: local + gather_facts: false + roles: + - role: "lxc_container_create" + lxc_container_release: trusty + lxc_container_backing_store: dir + global_environment_variables: + PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + post_tasks: + - name: Wait for ssh to be available + local_action: + module: wait_for + port: "{{ ansible_ssh_port | default('22') }}" + host: "{{ ansible_ssh_host | default(inventory_hostname) }}" + search_regex: OpenSSH + delay: 1 diff --git a/tests/test-prepare-host.yml b/tests/test-prepare-host.yml new file mode 100644 index 0000000..e55fe16 --- /dev/null +++ b/tests/test-prepare-host.yml @@ -0,0 +1,56 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for configuring the LXC host + hosts: localhost + connection: local + become: yes + pre_tasks: + # Make sure OS does not have a stale package cache. + - name: Update apt cache + apt: + update_cache: yes + when: ansible_os_family == 'Debian' + - name: Ensure root's new public ssh key is in authorized_keys + authorized_key: + user: root + key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + manage_dir: no + - set_fact: + lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + roles: + - role: "lxc_hosts" + lxc_net_address: 10.100.100.1 + lxc_net_dhcp_range: 10.100.100.200,10.100.100.250 + lxc_net_bridge: lxcbr0 + lxc_kernel_options: + - { key: 'fs.inotify.max_user_instances', value: 1024 } + lxc_container_caches: + - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" + name: "trusty.tgz" + sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" + chroot_path: trusty/rootfs-amd64 + post_tasks: + - name: Install pip packages + pip: + name: "{{ item }}" + state: present + extra_args: "{{ pip_install_options|default('') }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - python-openstackclient diff --git a/tests/test-prepare-keys.yml b/tests/test-prepare-keys.yml new file mode 100644 index 0000000..5a1c9ec --- /dev/null +++ b/tests/test-prepare-keys.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for establishing ssh keys + hosts: 127.0.0.1 + connection: local + become: false + pre_tasks: + - name: Create ssh key pair for root + user: + name: "{{ ansible_ssh_user }}" + generate_ssh_key: "yes" + ssh_key_bits: 2048 + ssh_key_file: ".ssh/id_rsa" + - name: Get the calling user's key + command: cat ~/.ssh/id_rsa.pub + register: key_get + - set_fact: + lxc_container_ssh_key: "{{ key_get.stdout }}" diff --git a/tests/test.yml b/tests/test.yml index 6943fe1..4ef3be6 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -13,289 +13,21 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Playbook for establishing ssh keys - hosts: 127.0.0.1 - connection: local - become: false - pre_tasks: - - name: Create ssh key pair for root - user: - name: "{{ ansible_ssh_user }}" - generate_ssh_key: "yes" - ssh_key_bits: 2048 - ssh_key_file: ".ssh/id_rsa" - - name: Get the calling user's key - command: cat ~/.ssh/id_rsa.pub - register: key_get - - set_fact: - lxc_container_ssh_key: "{{ key_get.stdout }}" +# Prepare the user ssh keys +- include: test-prepare-keys.yml -- name: Playbook for configuring the LXC host - hosts: localhost - connection: local - become: yes - pre_tasks: - # Make sure OS does not have a stale package cache. - - name: Update apt cache - apt: - update_cache: yes - when: ansible_os_family == 'Debian' - - name: Ensure root's new public ssh key is in authorized_keys - authorized_key: - user: root - key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" - manage_dir: no - - set_fact: - lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" - roles: - - role: "lxc_hosts" - lxc_net_address: 10.100.100.1 - lxc_net_dhcp_range: 10.100.100.2,10.100.100.253 - lxc_net_bridge: lxcbr0 - lxc_kernel_options: - - { key: 'fs.inotify.max_user_instances', value: 1024 } - lxc_container_caches: - - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" - name: "trusty.tgz" - sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" - chroot_path: trusty/rootfs-amd64 - - role: "py_from_git" - git_repo: "https://github.com/lxc/python2-lxc" - git_dest: "/opt/lxc_python2" - git_install_branch: "master" - post_tasks: - # THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A - # HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV. - - name: Ensure the lxc lib is on the host - command: /usr/local/bin/pip install /opt/lxc_python2 - # Inventory is being pre-loaded using a post tasks instead of through a dynamic - # inventory system. While this is not a usual method for deployment it's being - # done for functional testing. - - name: Create container hosts - add_host: - groups: "{{ item.groups }}" - hostname: "{{ item.name }}" - inventory_hostname: "{{ item.name }}" - ansible_ssh_host: "{{ item.address }}" - ansible_become: true - properties: - service_name: "{{ item.service }}" - container_networks: - management_address: - address: "{{ item.address }}" - bridge: "lxcbr0" - interface: "eth1" - netmask: "255.255.252.0" - type: "veth" - physical_host: localhost - container_name: "{{ item.name }}" - with_items: - - { name: "infra1", service: "infra1", address: "10.100.100.101", groups: "all,all_containers,rabbitmq_all,galera_all,service_all" } - - { name: "openstack1", service: "openstack1", address: "10.100.100.102", groups: "all,all_containers,keystone_all,designate_all" } +# Prepare the host +- include: test-prepare-host.yml -- name: Playbook for creating containers - hosts: all_containers - connection: local - gather_facts: false - roles: - - role: "lxc_container_create" - lxc_container_release: trusty - lxc_container_backing_store: dir - global_environment_variables: - PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - post_tasks: - - name: Wait for ssh to be available - local_action: - module: wait_for - port: "{{ ansible_ssh_port | default('22') }}" - host: "{{ ansible_ssh_host | default(inventory_hostname) }}" - search_regex: OpenSSH - delay: 1 +# Prepare the containers +- include: test-prepare-containers.yml -- name: Playbook for deploying infra services - hosts: service_all - user: root - gather_facts: true - roles: - - role: "rabbitmq_server" - rabbitmq_cookie_token: secrete - - role: "galera_server" - galera_root_password: secrete - galera_root_user: root - galera_innodb_buffer_pool_size: 512M - galera_innodb_log_buffer_size: 32M - galera_server_id: "{{ inventory_hostname | string_2_int }}" - galera_wsrep_node_name: "{{ inventory_hostname }}" - galera_wsrep_provider_options: - - { option: "gcache.size", value: "32M" } - galera_server_id: "{{ inventory_hostname | string_2_int }}" +# Install RabbitMQ/MariaDB +- include: test-install-infra.yml -- name: Playbook for deploying keystone - hosts: keystone_all - user: root - gather_facts: true - pre_tasks: - - name: Ensure rabbitmq vhost - rabbitmq_vhost: - name: "{{ keystone_rabbitmq_vhost }}" - state: "present" - delegate_to: "10.100.100.101" - when: inventory_hostname == groups['keystone_all'][0] - tags: - - designate-rabbitmq - - designate-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: - user: "{{ keystone_rabbitmq_userid }}" - password: "{{ keystone_rabbitmq_password }}" - vhost: "{{ keystone_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "10.100.100.101" - when: inventory_hostname == groups['keystone_all'][0] - tags: - - designate-rabbitmq - - designate-rabbitmq-user - - name: Create DB for service - mysql_db: - login_user: "root" - login_password: "secrete" - login_host: "localhost" - name: "{{ keystone_galera_database }}" - state: "present" - delegate_to: "10.100.100.101" - when: inventory_hostname == groups['keystone_all'][0] - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "root" - login_password: "secrete" - login_host: "localhost" - name: "{{ keystone_galera_database }}" - password: "{{ keystone_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ keystone_galera_database }}.*:ALL" - with_items: - - "localhost" - - "%" - delegate_to: "10.100.100.101" - when: inventory_hostname == groups['keystone_all'][0] - tags: - - mysql-db-setup - roles: - - role: os_keystone - vars: - external_lb_vip_address: 10.100.100.102 - internal_lb_vip_address: 10.100.100.102 - keystone_galera_address: 10.100.100.101 - keystone_galera_database: keystone - keystone_venv_tag: "testing" - keystone_developer_mode: true - keystone_git_install_branch: a55128044f763f5cfe2fdc57c738eaca97636448 # HEAD of "master" as of 17.01.2016 - keystone_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 # HEAD of "master" as of 17.01.2016 - keystone_auth_admin_token: "SuperSecreteTestToken" - keystone_auth_admin_password: "SuperSecretePassword" - keystone_service_password: "secrete" - keystone_rabbitmq_password: "secrete" - keystone_container_mysql_password: "SuperSecrete" - keystone_rabbitmq_port: 5671 - keystone_rabbitmq_userid: keystone - keystone_rabbitmq_vhost: /keystone - keystone_rabbitmq_servers: 10.100.100.101 - keystone_rabbitmq_use_ssl: true - galera_client_drop_config_file: false +# Install Keystone +- include: test-install-keystone.yml + +# Install Designate +- include: test-install-designate.yml -- name: Playbook for deploying designate - hosts: designate_all - user: root - gather_facts: true - pre_tasks: - - name: Ensure rabbitmq vhost - rabbitmq_vhost: - name: "{{ designate_rabbitmq_vhost }}" - state: "present" - delegate_to: "10.100.100.101" - when: inventory_hostname == groups['designate_all'][0] - tags: - - designate-rabbitmq - - designate-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: - user: "{{ designate_rabbitmq_userid }}" - password: "{{ designate_rabbitmq_password }}" - vhost: "{{ designate_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "10.100.100.101" - when: inventory_hostname == groups['designate_all'][0] - tags: - - designate-rabbitmq - - designate-rabbitmq-user - - name: Create DB for service - mysql_db: - login_user: "root" - login_password: "secrete" - login_host: "localhost" - name: "{{ designate_galera_database }}" - state: "present" - delegate_to: "10.100.100.101" - when: inventory_hostname == groups['designate_all'][0] - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "root" - login_password: "secrete" - login_host: "localhost" - name: "{{ designate_galera_database }}" - password: "{{ designate_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ designate_galera_database }}.*:ALL" - with_items: - - "localhost" - - "%" - delegate_to: "10.100.100.101" - when: inventory_hostname == groups['designate_all'][0] - tags: - - mysql-db-setup - roles: - - role: "{{ rolename | basename }}" - vars: - external_lb_vip_address: 10.100.100.102 - internal_lb_vip_address: 10.100.100.102 - designate_galera_address: 10.100.100.101 - designate_galera_database: designate - designate_container_mysql_password: "SuperSecrete" - galera_client_drop_config_file: false - galera_root_password: "secrete" - designate_rabbitmq_password: "secrete" - designate_rabbitmq_userid: designate - designate_rabbitmq_vhost: /designate - rabbitmq_servers: 10.100.100.101 - rabbitmq_use_ssl: true - rabbitmq_port: 5671 - keystone_auth_admin_token: "SuperSecreteTestToken" - keystone_auth_admin_password: "SuperSecretePassword" - keystone_service_adminuri_insecure: false - keystone_service_internaluri_insecure: false - keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000" - keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" - keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357" - keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" - designate_venv_tag: "testing" - designate_developer_mode: true - designate_git_install_branch: 4df88d7b28a05cb3556573ce4f1c7c66abf944bb # HEAD of "master" as of 17.01.2016 - designate_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 # HEAD of "master" as of 17.01.2016 - designate_service_password: "secrete" - designate_profiler_hmac_key: "secrete" - openrc_os_password: "{{ keystone_auth_admin_password }}" - openrc_os_domain_name: "Default" - memcached_servers: 127.0.0.1 - memcached_encryption_key: "secrete" diff --git a/tox.ini b/tox.ini index d7458fb..aae112b 100644 --- a/tox.ini +++ b/tox.ini @@ -15,6 +15,7 @@ whitelist_externals = bash git rm + wget setenv = VIRTUAL_ENV={envdir} ANSIBLE_HOST_KEY_CHECKING = False @@ -108,13 +109,15 @@ commands = rm -rf {homedir}/.ansible git clone https://git.openstack.org/openstack/openstack-ansible-plugins \ {homedir}/.ansible/plugins + # This plugin makes the ansible-playbook output easier to read + wget -O {homedir}/.ansible/plugins/callback/human_log.py \ + https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py ansible-galaxy install \ --role-file={toxinidir}/tests/ansible-role-requirements.yml \ --ignore-errors \ --force ansible-playbook -i {toxinidir}/tests/inventory \ -e "rolename={toxinidir}" \ - -vv \ {toxinidir}/tests/test.yml