summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarry Huang <huangxiangyu5@huawei.com>2017-11-03 10:40:09 +0800
committerHarry Huang <huangxiangyu5@huawei.com>2017-11-03 10:40:09 +0800
commitfda9bf56cfd4ec68d44568be6fe6f2fa918f83fc (patch)
tree8d1462bc8409adf420f9d3963870e2b0a352eea4
parent3656ab7b5e3f2f26f7c98f9dcc97b3c461fa2a76 (diff)
Add compass-tasks-osa
compass-tasks adapted for osa Change-Id: I1ed84ff5b3f2251538666f364e6ca941282aae29 Signed-off-by: Harry Huang <huangxiangyu5@huawei.com>
-rw-r--r--compass-tasks-osa/Dockerfile7
-rw-r--r--compass-tasks-osa/run.sh44
-rw-r--r--compass-tasks-osa/tacker_conf/ansible-role-requirements.yml192
-rw-r--r--compass-tasks-osa/tacker_conf/haproxy_config.yml285
-rw-r--r--compass-tasks-osa/tacker_conf/openstack_services.yml228
-rw-r--r--compass-tasks-osa/tacker_conf/os-tacker-install.yml63
-rw-r--r--compass-tasks-osa/tacker_conf/setup-openstack.yml43
-rw-r--r--compass-tasks-osa/tacker_conf/tacker.yml36
-rw-r--r--compass-tasks-osa/tacker_conf/tacker_all.yml46
-rw-r--r--compass-tasks-osa/tacker_conf/user_secrets.yml155
10 files changed, 1099 insertions, 0 deletions
diff --git a/compass-tasks-osa/Dockerfile b/compass-tasks-osa/Dockerfile
new file mode 100644
index 0000000..d156687
--- /dev/null
+++ b/compass-tasks-osa/Dockerfile
@@ -0,0 +1,7 @@
+FROM huangxiangyu/compass-tasks:v0.3
+#FROM localbuild/compass-tasks
+
+ADD ./run.sh /root/
+ADD ./tacker_conf /opt/tacker_conf
+RUN chmod +x /root/run.sh
+RUN /root/run.sh
diff --git a/compass-tasks-osa/run.sh b/compass-tasks-osa/run.sh
new file mode 100644
index 0000000..fd6a5c9
--- /dev/null
+++ b/compass-tasks-osa/run.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+yum install https://rdoproject.org/repos/openstack-ocata/rdo-release-ocata.rpm -y
+yum install git ntp wget ntpdate openssh-server python-devel sudo '@Development Tools' -y
+
+mkdir -p /opt/git/
+cd /opt/git/
+wget artifacts.opnfv.org/compass4nfv/package/openstack.tar.gz
+tar -zxvf openstack.tar.gz
+rm -rf openstack.tar.gz
+cd openstack
+git clone https://github.com/openstack/tacker.git -b stable/ocata
+cd tacker
+git checkout a0f1e680d81c7db66ae7a2a08c3d069901d0765a
+
+
+git clone https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible
+
+cd /opt/openstack-ansible
+
+git checkout 7beba50a8345616ef27c70cbbcac962b56b8adc5
+
+/bin/cp -rf /opt/tacker_conf/ansible-role-requirements.yml /opt/openstack-ansible/
+/bin/cp -rf /opt/tacker_conf/openstack_services.yml /opt/openstack-ansible/playbooks/defaults/repo_packages/
+/bin/cp -rf /opt/tacker_conf/os-tacker-install.yml /opt/openstack-ansible/playbooks/
+/bin/cp -rf /opt/tacker_conf/setup-openstack.yml /opt/openstack-ansible/playbooks/
+/bin/cp -rf /opt/tacker_conf/tacker.yml /opt/openstack-ansible/playbooks/inventory/env.d/
+/bin/cp -rf /opt/tacker_conf/tacker_all.yml /opt/openstack-ansible/playbooks/inventory/group_vars/
+/bin/cp -rf /opt/tacker_conf/user_secrets.yml /opt/openstack-ansible/etc/openstack_deploy/
+/bin/cp -rf /opt/tacker_conf/haproxy_config.yml /opt/openstack-ansible/playbooks/vars/configs/
+
+/bin/cp -rf /opt/openstack-ansible/etc/openstack_deploy /etc/openstack_deploy
+
+cd /opt/openstack-ansible
+
+scripts/bootstrap-ansible.sh
+
+rm -f /usr/local/bin/ansible-playbook
+
+cd /opt/openstack-ansible/scripts/
+python pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
+
+cd /opt/openstack-ansible/playbooks/inventory/group_vars
+sed -i 's/#repo_build_git_cache/repo_build_git_cache/g' repo_all.yml
diff --git a/compass-tasks-osa/tacker_conf/ansible-role-requirements.yml b/compass-tasks-osa/tacker_conf/ansible-role-requirements.yml
new file mode 100644
index 0000000..40e0f91
--- /dev/null
+++ b/compass-tasks-osa/tacker_conf/ansible-role-requirements.yml
@@ -0,0 +1,192 @@
+- name: apt_package_pinning
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
+ version: d5c0d7e8d21fc1539cc043097e23851296e2dd95
+- name: pip_install
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-pip_install
+ version: e142f5642646449d98cd65d8fd0690907c403801
+- name: galera_client
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-galera_client
+ version: 1d3cdcd33c75a668ac3be046ac53fe1842780058
+- name: galera_server
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-galera_server
+ version: e47877adc99bf64b900c83056716dfc09f2bcc0b
+- name: ceph_client
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-ceph_client
+ version: d1b30ae7b660acbb4f9d6e4f4ab702581c6748d9
+- name: haproxy_server
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server
+ version: ffba50ecf0c99f41d1d5a1195268a2c23c38f89f
+- name: keepalived
+ scm: git
+ src: https://github.com/evrardjp/ansible-keepalived
+ version: 2.6.0
+- name: lxc_container_create
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
+ version: 540bd82f8ded168ccab25a4a762a5a88e5a4ecbd
+- name: lxc_hosts
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
+ version: 73a62894aa26e4b63bb69336411209fc0df6abb2
+- name: memcached_server
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
+ version: ddd1dc402b7c825265a9e59483272f2dfcd65a93
+- name: openstack-ansible-security
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-security
+ version: c58c839f9cc9fcb75d32fc8de00b4f27add36661
+- name: openstack_hosts
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
+ version: 1ba80641ed5c4d55a41906e9d37df10b9fd720ee
+- name: os_keystone
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
+ version: 600e0e58102ccbdd082b5c90237cb7d27c63e5fa
+- name: openstack_openrc
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
+ version: dfdf65b3db7c6240fa173a3a62af4e5028023626
+- name: os_aodh
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
+ version: a1ec96ee54d7b8c7fd24f1148545d3556a0a8b5b
+- name: os_barbican
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_barbican
+ version: 2d087176610c712f51dec8722b6129e648b149e2
+- name: os_ceilometer
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer
+ version: 1d709bd6eace68bfd7fb7d1e52df8d5b6f28810b
+- name: os_cinder
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_cinder
+ version: 66542db4c7045dc559a1b3e6bd293ca28e09c34e
+- name: os_glance
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_glance
+ version: 79d6b78e894715ba3a17b50cc18917b251025069
+- name: os_gnocchi
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi
+ version: 5932746fe1717ef2798b46c374c268945f34814e
+- name: os_heat
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_heat
+ version: cbe917fefeb90c506e1c73c31b9a1d00fbf9beff
+- name: os_horizon
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_horizon
+ version: 25435372547d217116dd4ba10b5d0e8c39307b52
+- name: os_ironic
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_ironic
+ version: 4110fca2b9e1c6a1698b9be9797253db4a1cad2e
+- name: os_magnum
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_magnum
+ version: f452cc54d1b3240f81a82fd110a467cd996a3331
+- name: os_trove
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_trove
+ version: 51b38916ad99f3ffbc1723a7d97f9034b4c02dc4
+- name: os_neutron
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
+ version: 4b43221adae78627d8035cd82e791662821a461c
+- name: os_nova
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_nova
+ version: 8aacdd01ad98d82b3b817895d39af44b3a862847
+- name: os_rally
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_rally
+ version: 1410d71f60aa354259fa11d9dddfe4ed743177ab
+- name: os_sahara
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_sahara
+ version: 5e29921df9cc7d3ba2a89b0d6cdddcf02553c423
+- name: os_swift
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_swift
+ version: 70c3795215b5b3ea90090ffd99381c97bc45be80
+- name: os_tacker
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_tacker
+ version: c6a563731b4482a28b7a01982252d79f52fe586b
+- name: os_tempest
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
+ version: 5934f81385870cc836f7d1cd84b8dbc6a97cedad
+- name: plugins
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-plugins
+ version: 9ce61bdc6cb537c2377e95da1c3bfc9e837c9784
+- name: rabbitmq_server
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
+ version: 3d1de52f75c08b3265d2b35c56c9217d60c2c840
+- name: repo_build
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-repo_build
+ version: 6d00b7d6f431fc8706be81e1089ee351d2172e48
+- name: repo_server
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-repo_server
+ version: 860ff80b348f1c9e93745da55b1df69d05283afb
+- name: rsyslog_client
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client
+ version: 5f5275720d13bd22945348751131c39877b731ab
+- name: rsyslog_server
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server
+ version: a7d4b0df2e9ed3c2a1414613e96c7c9db0f2db60
+- name: sshd
+ scm: git
+ src: https://github.com/willshersystems/ansible-sshd
+ version: 0.4.5
+- name: bird
+ scm: git
+ src: https://github.com/logan2211/ansible-bird
+ version: '1.2'
+- name: etcd
+ scm: git
+ src: https://github.com/logan2211/ansible-etcd
+ version: '1.2'
+- name: unbound
+ scm: git
+ src: https://github.com/logan2211/ansible-unbound
+ version: '1.3'
+- name: resolvconf
+ scm: git
+ src: https://github.com/logan2211/ansible-resolvconf
+ version: '1.2'
+- name: os_designate
+ scm: git
+ src: https://git.openstack.org/openstack/openstack-ansible-os_designate
+ version: fc4f0fb40197954c96f486f4ebbd679162b27a6d
+- name: ceph.ceph-common
+ scm: git
+ src: https://github.com/ceph/ansible-ceph-common
+ version: v2.2.4
+- name: ceph.ceph-docker-common
+ scm: git
+ src: https://github.com/ceph/ansible-ceph-docker-common
+ version: ca86fd0ef6d24aa2c750a625acdcb8012c374aa0
+- name: ceph-mon
+ scm: git
+ src: https://github.com/ceph/ansible-ceph-mon
+ version: v2.2.4
+- name: ceph-osd
+ scm: git
+ src: https://github.com/ceph/ansible-ceph-osd
+ version: v2.2.4
diff --git a/compass-tasks-osa/tacker_conf/haproxy_config.yml b/compass-tasks-osa/tacker_conf/haproxy_config.yml
new file mode 100644
index 0000000..bbac6d7
--- /dev/null
+++ b/compass-tasks-osa/tacker_conf/haproxy_config.yml
@@ -0,0 +1,285 @@
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+haproxy_default_services:
+ - service:
+ haproxy_service_name: galera
+ haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected
+ haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}"
+ haproxy_bind: "{{ [internal_lb_vip_address] }}"
+ haproxy_port: 3306
+ haproxy_balance_type: tcp
+ haproxy_timeout_client: 5000s
+ haproxy_timeout_server: 5000s
+ haproxy_backend_options:
+ - "mysql-check user {{ galera_monitoring_user }}"
+ haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}"
+ - service:
+ haproxy_service_name: repo_git
+ haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}"
+ haproxy_bind: "{{ [internal_lb_vip_address] }}"
+ haproxy_port: 9418
+ haproxy_balance_type: tcp
+ haproxy_backend_options:
+ - tcp-check
+ haproxy_whitelist_networks: "{{ haproxy_repo_git_whitelist_networks }}"
+ - service:
+ haproxy_service_name: repo_all
+ haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}"
+ haproxy_bind: "{{ [internal_lb_vip_address] }}"
+ haproxy_port: 8181
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: repo_cache
+ haproxy_backend_nodes: "{{ [groups['repo_all'][0]] | default([]) }}" # list expected
+ haproxy_backup_nodes: "{{ groups['repo_all'][1:] | default([]) }}"
+ haproxy_bind: "{{ [internal_lb_vip_address] }}"
+ haproxy_port: "{{ repo_pkg_cache_port }}"
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /acng-report.html"
+ haproxy_whitelist_networks: "{{ haproxy_repo_cache_whitelist_networks }}"
+ - service:
+ haproxy_service_name: glance_api
+ haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 9292
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk /healthcheck"
+ - service:
+ haproxy_service_name: glance_registry
+ haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 9191
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk /healthcheck"
+ haproxy_whitelist_networks: "{{ haproxy_glance_registry_whitelist_networks }}"
+ - service:
+ haproxy_service_name: gnocchi
+ haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}"
+ haproxy_port: 8041
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk /healthcheck"
+ - service:
+ haproxy_service_name: heat_api_cfn
+ haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}"
+ haproxy_port: 8000
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: heat_api_cloudwatch
+ haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}"
+ haproxy_port: 8003
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: heat_api
+ haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}"
+ haproxy_port: 8004
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: keystone_service
+ haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
+ haproxy_port: 5000
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_type: "http"
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: keystone_admin
+ haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
+ haproxy_port: 35357
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_type: "http"
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ haproxy_whitelist_networks: "{{ haproxy_keystone_admin_whitelist_networks }}"
+ - service:
+ haproxy_service_name: neutron_server
+ haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
+ haproxy_port: 9696
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: nova_api_metadata
+ haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
+ haproxy_port: 8775
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}"
+ - service:
+ haproxy_service_name: nova_api_os_compute
+ haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 8774
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: nova_api_placement
+ haproxy_backend_nodes: "{{ groups['nova_api_placement'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 8780
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: nova_console
+ haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: "{{ nova_console_port }}"
+ haproxy_balance_type: http
+ haproxy_timeout_client: 60m
+ haproxy_timeout_server: 60m
+ haproxy_balance_alg: source
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ haproxy_backend_httpcheck_options:
+ - "expect status 404"
+ - service:
+ haproxy_service_name: cinder_api
+ haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 8776
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: horizon
+ haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_ssl_all_vips: true
+ haproxy_port: "{{ haproxy_ssl | ternary(443,80) }}"
+ haproxy_backend_port: 80
+ haproxy_redirect_http_port: 80
+ haproxy_balance_type: http
+ haproxy_balance_alg: source
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: sahara_api
+ haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_alg: source
+ haproxy_port: 8386
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk /healthcheck"
+ - service:
+ haproxy_service_name: swift_proxy
+ haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_balance_alg: source
+ haproxy_port: 8080
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk /healthcheck"
+ - service:
+ haproxy_service_name: ceilometer_api
+ haproxy_backend_nodes: "{{ groups['ceilometer_api_container'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 8777
+ haproxy_balance_type: tcp
+ haproxy_backend_options:
+ - tcp-check
+ - service:
+ haproxy_service_name: aodh_api
+ haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 8042
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ haproxy_backend_httpcheck_options:
+ - "expect status 401"
+ - service:
+ haproxy_service_name: ironic_api
+ haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 6385
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk GET /"
+ - service:
+ haproxy_service_name: rabbitmq_mgmt
+ haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 15672
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}"
+ - service:
+ haproxy_service_name: magnum
+ haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 9511
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk GET /"
+ - service:
+ haproxy_service_name: trove
+ haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 8779
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ - service:
+ haproxy_service_name: barbican
+ haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 9311
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "httpchk HEAD /"
+ haproxy_backend_httpcheck_options:
+ - "expect status 401"
+ - service:
+ haproxy_service_name: designate_api
+ haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 9001
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "forwardfor"
+ - "httpchk /versions"
+ - "httplog"
+ - service:
+ haproxy_service_name: tacker
+ haproxy_backend_nodes: "{{ groups['tacker_all'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 9890
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "forwardfor"
+ - "httpchk"
+ - "httplog"
diff --git a/compass-tasks-osa/tacker_conf/openstack_services.yml b/compass-tasks-osa/tacker_conf/openstack_services.yml
new file mode 100644
index 0000000..5a772e5
--- /dev/null
+++ b/compass-tasks-osa/tacker_conf/openstack_services.yml
@@ -0,0 +1,228 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+## NOTICE on items in this file:
+## * If you use anything in the *._git_install_branch field that is not a TAG
+## make sure to leave an in-line comment as to "why".
+
+## For the sake of anyone else editing this file:
+## * If you add services to this file please do so in alphabetical order.
+## * Every entry should be name spaced with the name of the client followed by an "_"
+## * All items with this file should be separated by `name_` note that the name of the
+## package should be one long name with no additional `_` separating it.
+
+
+### Before this is shipped all of these services should have a tag set as the branch,
+### or have a comment / reason attached to them as to why a tag can not work.
+
+
+## Global Requirements
+requirements_git_repo: https://git.openstack.org/openstack/requirements
+requirements_git_install_branch: 90094c5d578ecfc4ab1e9f38a86bca5b615a3527 # HEAD of "stable/ocata" as of 15.05.2017
+requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}"
+
+
+## Aodh service
+aodh_git_repo: https://git.openstack.org/openstack/aodh
+aodh_git_install_branch: 5c6b46ecc85743798c04b2d5fd094a0e9ef661a7 # HEAD of "stable/ocata" as of 15.05.2017
+aodh_git_dest: "/opt/aodh_{{ aodh_git_install_branch | replace('/', '_') }}"
+aodh_git_project_group: aodh_all
+
+
+## Barbican service
+barbican_git_repo: https://git.openstack.org/openstack/barbican
+barbican_git_install_branch: b04aa152843d9cda3b11e8736e740c71fd798d0f # HEAD of "stable/ocata" as of 15.05.2017
+barbican_git_dest: "/opt/barbican_{{ barbican_git_install_branch | replace('/', '_') }}"
+barbican_git_project_group: barbican_all
+
+
+## Ceilometer service
+ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer
+ceilometer_git_install_branch: c25e934b8c48b00889f8fa6bb3e5bcb9591df618 # HEAD of "stable/ocata" as of 15.05.2017
+ceilometer_git_dest: "/opt/ceilometer_{{ceilometer_git_install_branch | replace('/', '_') }}"
+ceilometer_git_project_group: ceilometer_all
+
+
+## Cinder service
+cinder_git_repo: https://git.openstack.org/openstack/cinder
+cinder_git_install_branch: 501485b25087ff398986aedbbdb893741f8aabae # HEAD of "stable/ocata" as of 15.05.2017
+cinder_git_dest: "/opt/cinder_{{ cinder_git_install_branch | replace('/', '_') }}"
+cinder_git_project_group: cinder_all
+
+
+## Designate service
+designate_git_repo: https://git.openstack.org/openstack/designate
+designate_git_install_branch: 021aa52325c2b58be6317a014cb3fd44be02f29f # HEAD of "stable/ocata" as of 15.05.2017
+designate_git_dest: "/opt/designate_{{ designate_git_install_branch | replace('/', '_') }}"
+designate_git_project_group: designate_all
+
+
+## Horizon Designate dashboard plugin
+designate_dashboard_git_repo: https://git.openstack.org/openstack/designate-dashboard
+designate_dashboard_git_install_branch: fb8108354937ef6d3a1bb389481af79681f7c5b3 # HEAD of "stable/ocata" as of 15.05.2017
+designate_dashboard_git_dest: "/opt/designate_dashboard_{{ designate_dashboard_git_install_branch | replace('/', '_') }}"
+designate_dashboard_git_project_group: horizon_all
+
+
+## Dragonflow service
+dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow
+dragonflow_git_install_branch: b72ffa06721faf95f42c9702f60a9acc3a7d8b61 # HEAD of "stable/ocata" as of 15.05.2017
+dragonflow_git_dest: "/opt/dragonflow_{{ dragonflow_git_install_branch | replace('/', '_') }}"
+dragonflow_git_project_group: neutron_all
+
+
+## Glance service
+glance_git_repo: https://git.openstack.org/openstack/glance
+glance_git_install_branch: 57c4d7d78f37e840660719b944ebabe91cbf231b # HEAD of "stable/ocata" as of 15.05.2017
+glance_git_dest: "/opt/glance_{{ glance_git_install_branch | replace('/', '_') }}"
+glance_git_project_group: glance_all
+
+
+## Heat service
+heat_git_repo: https://git.openstack.org/openstack/heat
+heat_git_install_branch: fe6ae385bc7bba77864b32061600ac40b24f2a10 # HEAD of "stable/ocata" as of 15.05.2017
+heat_git_dest: "/opt/heat_{{ heat_git_install_branch | replace('/', '_') }}"
+heat_git_project_group: heat_all
+
+
+## Horizon service
+horizon_git_repo: https://git.openstack.org/openstack/horizon
+horizon_git_install_branch: 2684552f09ee5d597a507833cf232f0f9d48d9b1 # HEAD of "stable/ocata" as of 15.05.2017
+horizon_git_dest: "/opt/horizon_{{ horizon_git_install_branch | replace('/', '_') }}"
+horizon_git_project_group: horizon_all
+
+## Horizon Ironic dashboard plugin
+ironic_dashboard_git_repo: https://git.openstack.org/openstack/ironic-ui
+ironic_dashboard_git_install_branch: 6a0cdbff587df20ae913ca7f0d434ad8381b761c # HEAD of "stable/ocata" as of 15.05.2017
+ironic_dashboard_git_dest: "/opt/ironic_dashboard_{{ ironic_dashboard_git_install_branch | replace('/', '_') }}"
+ironic_dashboard_git_project_group: horizon_all
+
+## Horizon Magnum dashboard plugin
+magnum_dashboard_git_repo: https://git.openstack.org/openstack/magnum-ui
+magnum_dashboard_git_install_branch: db3bfff643ceb9353c7c0cafdd4e15e0fcf01fb1 # HEAD of "stable/ocata" as of 15.05.2017
+magnum_dashboard_git_dest: "/opt/magnum_dashboard_{{ magnum_dashboard_git_install_branch | replace('/', '_') }}"
+magnum_dashboard_git_project_group: horizon_all
+
+## Horizon LBaaS dashboard plugin
+neutron_lbaas_dashboard_git_repo: https://git.openstack.org/openstack/neutron-lbaas-dashboard
+neutron_lbaas_dashboard_git_install_branch: 3653432bb8287fa0ec1248d866e4717b90ab824b # HEAD of "stable/ocata" as of 15.05.2017
+neutron_lbaas_dashboard_git_dest: "/opt/neutron_lbaas_dashboard_{{ neutron_lbaas_dashboard_git_install_branch | replace('/', '_') }}"
+neutron_lbaas_dashboard_git_project_group: horizon_all
+
+## Horizon Sahara dashboard plugin
+sahara_dashboard_git_repo: https://git.openstack.org/openstack/sahara-dashboard
+sahara_dashboard_git_install_branch: 5270e94b168b3c20e5c787a3f43d44b7e101c448 # HEAD of "stable/ocata" as of 15.05.2017
+sahara_dashboard_git_dest: "/opt/sahara_dashboard_{{ sahara_dashboard_git_install_branch | replace('/', '_') }}"
+sahara_dashboard_git_project_group: horizon_all
+
+
+## Keystone service
+keystone_git_repo: https://git.openstack.org/openstack/keystone
+keystone_git_install_branch: 955fd6ca3758e217d9d98480852e0014dc11e988 # HEAD of "stable/ocata" as of 15.05.2017
+keystone_git_dest: "/opt/keystone_{{ keystone_git_install_branch | replace('/', '_') }}"
+keystone_git_project_group: keystone_all
+
+
+## Neutron service
+neutron_git_repo: https://git.openstack.org/openstack/neutron
+neutron_git_install_branch: 515a2ff4ce3239f6a077d8b07ff80544023f0631 # HEAD of "stable/ocata" as of 15.05.2017
+neutron_git_dest: "/opt/neutron_{{ neutron_git_install_branch | replace('/', '_') }}"
+neutron_git_project_group: neutron_all
+
+neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas
+neutron_lbaas_git_install_branch: 674e3604a6285655f2dc7f2949629cc4de06bbf4 # HEAD of "stable/ocata" as of 15.05.2017
+neutron_lbaas_git_dest: "/opt/neutron_lbaas_{{ neutron_lbaas_git_install_branch | replace('/', '_') }}"
+neutron_lbaas_git_project_group: neutron_all
+
+neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas
+neutron_vpnaas_git_install_branch: 4a639ac09ccfc7573452d0ac9d189d934c169d34 # HEAD of "stable/ocata" as of 15.05.2017
+neutron_vpnaas_git_dest: "/opt/neutron_vpnaas_{{ neutron_vpnaas_git_install_branch | replace('/', '_') }}"
+neutron_vpnaas_git_project_group: neutron_all
+
+neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas
+neutron_fwaas_git_install_branch: 3301972f46d877d0f68d9cf7f9246e0df897a91e # HEAD of "stable/ocata" as of 15.05.2017
+neutron_fwaas_git_dest: "/opt/neutron_fwaas_{{ neutron_fwaas_git_install_branch | replace('/', '_') }}"
+neutron_fwaas_git_project_group: neutron_all
+
+neutron_dynamic_routing_git_repo: https://git.openstack.org/openstack/neutron-dynamic-routing
+neutron_dynamic_routing_git_install_branch: da877412200e460fca34edaf56f84286557bd486 # HEAD of "stable/ocata" as of 15.05.2017
+neutron_dynamic_routing_git_dest: "/opt/neutron_dynamic_routing_{{ neutron_dynamic_routing_git_install_branch | replace('/', '_') }}"
+neutron_dynamic_routing_git_project_group: neutron_all
+
+
+## Nova service
+nova_git_repo: https://git.openstack.org/openstack/nova
+nova_git_install_branch: 506465a027dd1ba1c90949dc58297edae32da7e4 # HEAD of "stable/ocata" as of 15.05.2017
+nova_git_dest: "/opt/nova_{{ nova_git_install_branch | replace('/', '_') }}"
+nova_git_project_group: nova_all
+
+
+## PowerVM Virt Driver
+nova_powervm_git_repo: https://git.openstack.org/openstack/nova-powervm
+nova_powervm_git_install_branch: 53a5c75a0db38b606f51a53fd159b7ffab7c3a33 # HEAD of "stable/ocata" as of 15.05.2017
+nova_powervm_git_dest: "/opt/nova_powervm_{{ nova_powervm_git_install_branch | replace('/', '_') }}"
+nova_powervm_git_project_group: nova_compute
+
+
+## LXD Virt Driver
+nova_lxd_git_repo: https://git.openstack.org/openstack/nova-lxd
+nova_lxd_git_install_branch: ed05fa417c4a78970dd5bdcdd3e1922f3c07f0ac # HEAD of "stable/ocata" as of 15.05.2017
+nova_lxd_git_dest: "/opt/nova_lxd_{{ nova_lxd_git_install_branch | replace('/', '_') }}"
+nova_lxd_git_project_group: nova_compute
+
+
+## Sahara service
+sahara_git_repo: https://git.openstack.org/openstack/sahara
+sahara_git_install_branch: 5241340d3e668bcb3b0e9f09c38afdc21e6c136d # HEAD of "stable/ocata" as of 15.05.2017
+sahara_git_dest: "/opt/sahara_{{ sahara_git_install_branch | replace('/', '_') }}"
+sahara_git_project_group: sahara_all
+
+
+## Swift service
+swift_git_repo: https://git.openstack.org/openstack/swift
+swift_git_install_branch: 177fca2b3a6a7a6e17e20d161c23ac8a10500939 # HEAD of "stable/ocata" as of 15.05.2017
+swift_git_dest: "/opt/swift_{{ swift_git_install_branch | replace('/', '_') }}"
+swift_git_project_group: swift_all
+
+
+## Ironic service
+ironic_git_repo: https://git.openstack.org/openstack/ironic
+ironic_git_install_branch: ed2f6cea892ccb2a1343dd935ad279de8fd3a471 # HEAD of "stable/ocata" as of 15.05.2017
+ironic_git_dest: "/opt/ironic_{{ ironic_git_install_branch | replace('/', '_') }}"
+ironic_git_project_group: ironic_all
+
+## Magnum service
+magnum_git_repo: https://git.openstack.org/openstack/magnum
+magnum_git_install_branch: 1a685113d8df479c56ad85aa001930f6b8f1e2dd # HEAD of "stable/ocata" as of 15.05.2017
+magnum_git_dest: "/opt/magnum_{{ magnum_git_install_branch | replace('/', '_') }}"
+magnum_git_project_group: magnum_all
+
+## Trove service
+trove_git_repo: https://git.openstack.org/openstack/trove
+trove_git_install_branch: ca0a1128f91aa5f54b9f57fedf2f5db4b6f82e20 # HEAD of "stable/ocata" as of 15.05.2017
+trove_git_dest: "/opt/trove_{{ trove_git_install_branch | replace('/', '_') }}"
+trove_git_project_group: trove_all
+
+## Horizon Trove dashboard plugin
+trove_dashboard_git_repo: https://git.openstack.org/openstack/trove-dashboard
+trove_dashboard_git_install_branch: 5fd256e58219074b55cc9474a74516105787ac03 # HEAD of "stable/ocata" as of 15.05.2017
+trove_dashboard_git_dest: "/opt/trove_dashboard_{{ trove_dashboard_git_install_branch | replace('/', '_') }}"
+trove_dashboard_git_project_group: horizon_all
+
+## Tacker service
+tacker_git_repo: https://git.openstack.org/openstack/tacker
+tacker_git_install_branch: a0f1e680d81c7db66ae7a2a08c3d069901d0765a # HEAD of "ocata" as of 04.09.2017
+tacker_git_project_group: tacker_all
diff --git a/compass-tasks-osa/tacker_conf/os-tacker-install.yml b/compass-tasks-osa/tacker_conf/os-tacker-install.yml
new file mode 100644
index 0000000..dd96595
--- /dev/null
+++ b/compass-tasks-osa/tacker_conf/os-tacker-install.yml
@@ -0,0 +1,63 @@
+---
+# Copyright 2017, SUSE LINUX GmbH.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install the tacker components
+ hosts: tacker_all
+ gather_facts: "{{ gather_facts | default(True) }}"
+ max_fail_percentage: 20
+ user: root
+ pre_tasks:
+ - include: common-tasks/os-lxc-container-setup.yml
+ - include: common-tasks/rabbitmq-vhost-user.yml
+ static: no
+ vars:
+ user: "{{ tacker_rabbitmq_userid }}"
+ password: "{{ tacker_rabbitmq_password }}"
+ vhost: "{{ tacker_rabbitmq_vhost }}"
+ _rabbitmq_host_group: "{{ tacker_rabbitmq_host_group }}"
+ when:
+ - inventory_hostname == groups['tacker_all'][0]
+ - groups[tacker_rabbitmq_host_group] | length > 0
+ - include: common-tasks/os-log-dir-setup.yml
+ vars:
+ log_dirs:
+ - src: "/openstack/log/{{ inventory_hostname }}-tacker"
+ dest: "/var/log/tacker"
+ - include: common-tasks/mysql-db-user.yml
+ static: no
+ vars:
+ user_name: "{{ tacker_galera_user }}"
+ password: "{{ tacker_container_mysql_password }}"
+ login_host: "{{ tacker_galera_address }}"
+ db_name: "{{ tacker_galera_database }}"
+ when: inventory_hostname == groups['tacker_all'][0]
+ - include: common-tasks/package-cache-proxy.yml
+ roles:
+ - role: "os_tacker"
+ - role: "openstack_openrc"
+ tags:
+ - openrc
+ - role: "rsyslog_client"
+ rsyslog_client_log_rotate_file: tacker_log_rotate
+ rsyslog_client_log_dir: "/var/log/tacker"
+ rsyslog_client_config_name: "99-tacker-rsyslog-client.conf"
+ tags:
+ - rsyslog
+ vars:
+ is_metal: "{{ properties.is_metal|default(false) }}"
+ tacker_galera_address: "{{ internal_lb_vip_address }}"
+ environment: "{{ deployment_environment_variables | default({}) }}"
+ tags:
+ - tacker
diff --git a/compass-tasks-osa/tacker_conf/setup-openstack.yml b/compass-tasks-osa/tacker_conf/setup-openstack.yml
new file mode 100644
index 0000000..d32eb15
--- /dev/null
+++ b/compass-tasks-osa/tacker_conf/setup-openstack.yml
@@ -0,0 +1,43 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- include: os-keystone-install.yml
+- include: os-barbican-install.yml
+- include: os-glance-install.yml
+- include: os-cinder-install.yml
+- include: os-nova-install.yml
+- include: os-neutron-install.yml
+- include: os-heat-install.yml
+- include: os-horizon-install.yml
+- include: os-ceilometer-install.yml
+- include: os-aodh-install.yml
+- include: os-designate-install.yml
+#NOTE(stevelle) Ensure Gnocchi identities exist before Swift
+- include: os-gnocchi-install.yml
+ when:
+ - gnocchi_storage_driver is defined
+ - gnocchi_storage_driver == 'swift'
+ vars:
+ gnocchi_identity_only: True
+- include: os-swift-install.yml
+- include: os-gnocchi-install.yml
+- include: os-ironic-install.yml
+- include: os-magnum-install.yml
+- include: os-trove-install.yml
+- include: os-sahara-install.yml
+- include: os-tacker-install.yml
+- include: os-tempest-install.yml
+ when: (tempest_install | default(False)) | bool or (tempest_run | default(False)) | bool
+
diff --git a/compass-tasks-osa/tacker_conf/tacker.yml b/compass-tasks-osa/tacker_conf/tacker.yml
new file mode 100644
index 0000000..9ceabbc
--- /dev/null
+++ b/compass-tasks-osa/tacker_conf/tacker.yml
@@ -0,0 +1,36 @@
+---
+# Copyright 2017, SUSE Linux GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+component_skel:
+ tacker_server:
+ belongs_to:
+ - tacker_all
+
+
+container_skel:
+ tacker_container:
+ belongs_to:
+ - mano_containers
+ contains:
+ - tacker_server
+
+
+physical_skel:
+ mano_containers:
+ belongs_to:
+ - all_containers
+ mano_hosts:
+ belongs_to:
+ - hosts
diff --git a/compass-tasks-osa/tacker_conf/tacker_all.yml b/compass-tasks-osa/tacker_conf/tacker_all.yml
new file mode 100644
index 0000000..95d5b83
--- /dev/null
+++ b/compass-tasks-osa/tacker_conf/tacker_all.yml
@@ -0,0 +1,46 @@
+---
+# Copyright 2017, SUSE LINUX GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+tacker_service_user_name: tacker
+tacker_service_tenant_name: service
+
+tacker_rabbitmq_userid: tacker
+tacker_rabbitmq_vhost: /tacker
+tacker_rabbitmq_port: "{{ rabbitmq_port }}"
+tacker_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
+tacker_rabbitmq_servers: "{{ rabbitmq_servers }}"
+tacker_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
+
+tacker_service_publicuri: "{{ openstack_service_publicuri_proto|default(tacker_service_proto) }}://{{ external_lb_vip_address }}:{{ tacker_service_port }}"
+tacker_service_adminurl: "{{ tacker_service_adminuri }}/"
+tacker_service_region: "{{ service_region }}"
+tacker_service_in_ldap: "{{ service_ldap_backend_enabled }}"
+
+tacker_aodh_enabled: "{{ groups['aodh_all'] is defined and groups['aodh_all'] | length > 0 }}"
+tacker_gnocchi_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}"
+
+# NOTE: these and their swift_all.yml counterpart should be moved back to all.yml once swift with tacker gets proper SSL support
+# swift_rabbitmq_telemetry_port: "{{ rabbitmq_port }}"
+# swift_rabbitmq_telemetry_use_ssl: "{{ rabbitmq_use_ssl }}"
+
+# Ensure that the package state matches the global setting
+tacker_package_state: "{{ package_state }}"
+
+# venv fetch configuration
+tacker_venv_tag: "{{ venv_tag }}"
+tacker_venv_download_url: "{{ venv_base_download_url }}/tacker-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
+
+# locations for fetching the default files from the git source
+tacker_git_config_lookup_location: "{{ openstack_repo_url }}/openstackgit/tacker"
diff --git a/compass-tasks-osa/tacker_conf/user_secrets.yml b/compass-tasks-osa/tacker_conf/user_secrets.yml
new file mode 100644
index 0000000..b5a5796
--- /dev/null
+++ b/compass-tasks-osa/tacker_conf/user_secrets.yml
@@ -0,0 +1,155 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+############################# WARNING ########################################
+# The playbooks do not currently manage changing passwords in an existing
+# environment. Changing passwords and re-running the playbooks will fail
+# and may break your OpenStack environment.
+############################# WARNING ########################################
+
+
+## Rabbitmq Options
+rabbitmq_cookie_token:
+rabbitmq_monitoring_password:
+
+## Tokens
+memcached_encryption_key:
+
+## Galera Options
+galera_root_password:
+
+## Keystone Options
+keystone_container_mysql_password:
+keystone_auth_admin_password:
+keystone_service_password:
+keystone_rabbitmq_password:
+
+## Ceilometer Options:
+ceilometer_container_db_password:
+ceilometer_service_password:
+ceilometer_telemetry_secret:
+ceilometer_rabbitmq_password:
+
+## Aodh Options:
+aodh_container_db_password:
+aodh_service_password:
+aodh_rabbitmq_password:
+
+## Cinder Options
+cinder_container_mysql_password:
+cinder_service_password:
+cinder_profiler_hmac_key:
+cinder_rabbitmq_password:
+
+## Ceph/rbd: a UUID to be used by libvirt to refer to the client.cinder user
+cinder_ceph_client_uuid:
+
+## Glance Options
+glance_container_mysql_password:
+glance_service_password:
+glance_profiler_hmac_key:
+glance_rabbitmq_password:
+
+## Gnocchi Options:
+gnocchi_container_mysql_password:
+gnocchi_service_password:
+
+## Heat Options
+heat_stack_domain_admin_password:
+heat_container_mysql_password:
+### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ##
+heat_auth_encryption_key:
+### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ##
+heat_service_password:
+heat_rabbitmq_password:
+
+## Ironic options
+ironic_rabbitmq_password:
+ironic_container_mysql_password:
+ironic_service_password:
+ironic_swift_temp_url_secret_key:
+
+## Horizon Options
+horizon_container_mysql_password:
+horizon_secret_key:
+
+## Neutron Options
+neutron_container_mysql_password:
+neutron_service_password:
+neutron_rabbitmq_password:
+neutron_ha_vrrp_auth_password:
+
+## Nova Options
+nova_container_mysql_password:
+nova_api_container_mysql_password:
+nova_metadata_proxy_secret:
+nova_service_password:
+nova_rabbitmq_password:
+nova_placement_service_password:
+nova_placement_container_mysql_password:
+
+# LXD Options for nova compute
+lxd_trust_password:
+
+## Sahara Options
+sahara_container_mysql_password:
+sahara_rabbitmq_password:
+sahara_service_password:
+
+## Swift Options:
+swift_service_password:
+swift_dispersion_password:
+### Once the swift cluster has been setup DO NOT change these hash values!
+swift_hash_path_suffix:
+swift_hash_path_prefix:
+# Swift needs a telemetry password when using ceilometer
+swift_rabbitmq_telemetry_password:
+
+## haproxy stats password
+haproxy_stats_password:
+haproxy_keepalived_authentication_password:
+
+## Magnum Options
+magnum_service_password:
+magnum_galera_password:
+magnum_rabbitmq_password:
+magnum_trustee_password:
+
+## Rally Options:
+rally_galera_password:
+
+## Trove Options
+trove_galera_password:
+trove_rabbitmq_password:
+trove_service_password:
+trove_admin_user_password:
+trove_regular_user_password:
+trove_taskmanager_rpc_encr_key:
+trove_inst_rpc_key_encr_key:
+
+## Barbican Options
+barbican_galera_password:
+barbican_rabbitmq_password:
+barbican_service_password:
+
+## Designate Options
+designate_galera_password:
+designate_rabbitmq_password:
+designate_service_password:
+
+# Tacker options
+tacker_rabbitmq_password:
+tacker_service_password:
+tacker_container_mysql_password: