diff options
66 files changed, 1851 insertions, 673 deletions
diff --git a/compass-cobbler/Dockerfile b/compass-cobbler/Dockerfile index d963e49..9ee1e64 100644 --- a/compass-cobbler/Dockerfile +++ b/compass-cobbler/Dockerfile @@ -6,7 +6,8 @@ ARG BRANCH=master # pkgs and services... RUN yum -y update && \ yum -y install epel-release && \ - yum -y install wget dhcp bind syslinux pykickstart file initscripts net-tools tcpdump xinetd vim avahi avahi-tools ntp && \ + yum -y install wget dhcp bind syslinux pykickstart file initscripts net-tools tcpdump xinetd vim \ + avahi avahi-tools ntp fence-agents libvirt-devel python-devel gcc python-pip && \ wget http://artifacts.opnfv.org/compass4nfv/package/cobbler/cobbler-2.6.10-1.fc22.noarch.rpm && \ wget http://artifacts.opnfv.org/compass4nfv/package/cobbler/cobbler-web-2.6.10-1.fc22.noarch.rpm && \ yum -y localinstall cobbler-2.6.10-1.fc22.noarch.rpm cobbler-web-2.6.10-1.fc22.noarch.rpm && \ @@ -15,7 +16,11 @@ RUN yum -y update && \ systemctl enable httpd && \ systemctl enable dhcpd && \ systemctl enable xinetd && \ - systemctl enable ntpd + systemctl enable ntpd && \ + pip install libvirt-python click + +COPY fence_libvirt /usr/sbin/fence_libvirt +COPY fence_libvirt.template /etc/cobbler/power/fence_libvirt.template # some tweaks on services RUN sed -i -e 's/\(^.*disable.*=\) yes/\1 no/' /etc/xinetd.d/tftp && \ diff --git a/compass-cobbler/Dockerfile-arm64 b/compass-cobbler/Dockerfile-arm64 new file mode 100644 index 0000000..10055f8 --- /dev/null +++ b/compass-cobbler/Dockerfile-arm64 @@ -0,0 +1,48 @@ +FROM centos:7 +ENV container docker +VOLUME [ "/sys/fs/cgroup" ] +ARG BRANCH=master + +# pkgs and services... +RUN yum -y update && \ + yum -y install epel-release && \ + yum -y install which wget dhcp bind pykickstart file initscripts net-tools tcpdump xinetd vim avahi avahi-tools ntp && \ + wget http://artifacts.opnfv.org/compass4nfv/package/cobbler/cobbler-2.6.10-1.fc22.noarch.rpm && \ + wget http://artifacts.opnfv.org/compass4nfv/package/cobbler/cobbler-web-2.6.10-1.fc22.noarch.rpm && \ + wget http://linux.enea.com/mos-repos/centos/mos8.0-centos7-fuel/armband/x86_64/Packages/cobbler-grub-aarch64-2.02~beta2-1.el7.36~mos1.noarch.rpm && \ + yum -y localinstall cobbler-2.6.10-1.fc22.noarch.rpm cobbler-web-2.6.10-1.fc22.noarch.rpm cobbler-grub-aarch64-2.02~beta2-1.el7.36~mos1.noarch.rpm && \ + rm -f cobbler-2.6.10-1.fc22.noarch.rpm cobbler-web-2.6.10-1.fc22.noarch.rpm cobbler-grub-aarch64-2.02~beta2-1.el7.36~mos1.noarch.rpm && \ + systemctl enable cobblerd && \ + systemctl enable httpd && \ + systemctl enable dhcpd && \ + systemctl enable xinetd && \ + systemctl enable ntpd + +# some tweaks on services +RUN sed -i -e 's/\(^.*disable.*=\) yes/\1 no/' /etc/xinetd.d/tftp && \ + touch /etc/xinetd.d/rsync + +RUN mkdir -p /var/www/cblr_ks + +COPY distro_signatures.json /var/lib/cobbler/distro_signatures.json +COPY start.sh /usr/local/bin/start.sh +RUN mv /etc/httpd/conf.d/cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf.bk +COPY cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf +RUN mv /etc/httpd/conf.d/cobbler.conf /etc/httpd/conf.d/cobbler.conf.bk +COPY cobbler.conf /etc/httpd/conf.d/cobbler.conf +RUN mkdir -p /var/www/pip-openstack + +COPY pxeprofile_arm.template /etc/cobbler/pxe/pxeprofile_arm.template +COPY pxeprofile_arm.template /etc/cobbler/pxe/pxesystem_arm.template +COPY pxeprofile_arm.template /etc/cobbler/pxe/grubsystem.template +COPY pxeprofile_arm.template /etc/cobbler/pxe/grubprofile.template +RUN touch /var/lib/cobbler/loaders/{pxelinux.0,menu.c32} && \ + sed -i 's/"\/pxelinux\.0"/"grub\/grub-aarch64\.efi"/' /usr/lib/python2.7/site-packages/cobbler/modules/manage_isc.py + +VOLUME ["/var/lib/cobbler", "/var/www/cobbler", "/etc/cobbler", "/mnt", "/var/www/cobbler/repo_mirror", "/var/www/pip"] +EXPOSE 67 +EXPOSE 69 +EXPOSE 80 +EXPOSE 443 +EXPOSE 25151 +CMD ["/sbin/init", "/usr/local/bin/start.sh"] diff --git a/compass-cobbler/distro_signatures.json b/compass-cobbler/distro_signatures.json index 71977b7..eaaea1a 100644 --- a/compass-cobbler/distro_signatures.json +++ b/compass-cobbler/distro_signatures.json @@ -89,7 +89,7 @@ "version_file_regex":null, "kernel_arch":"kernel-(.*).rpm", "kernel_arch_regex":null, - "supported_arches":["i386","x86_64","ppc","ppc64"], + "supported_arches":["i386","x86_64","ppc","ppc64","arm"], "supported_repo_breeds":["rsync", "rhn", "yum"], "kernel_file":"vmlinuz(.*)", "initrd_file":"initrd(.*)\\.img", @@ -283,7 +283,7 @@ "version_file_regex":"Codename: jessie", "kernel_arch":"linux-headers-(.*)\\.deb", "kernel_arch_regex":null, - "supported_arches":["i386","amd64"], + "supported_arches":["i386","amd64","arm"], "supported_repo_breeds":["apt"], "kernel_file":"vmlinuz(.*)", "initrd_file":"initrd(.*)\\.gz", @@ -299,7 +299,7 @@ "version_file_regex":"Codename: stretch", "kernel_arch":"linux-headers-(.*)\\.deb", "kernel_arch_regex":null, - "supported_arches":["i386","amd64"], + "supported_arches":["i386","amd64","arm"], "supported_repo_breeds":["apt"], "kernel_file":"vmlinuz(.*)", "initrd_file":"initrd(.*)\\.gz", @@ -461,7 +461,7 @@ "version_file_regex":"Codename: xenial|Ubuntu 16.04.3", "kernel_arch":"linux-headers-(.*)\\.deb", "kernel_arch_regex":null, - "supported_arches":["i386","amd64"], + "supported_arches":["i386","amd64","arm"], "supported_repo_breeds":["apt"], "kernel_file":"linux(.*)", "initrd_file":"initrd(.*)\\.gz", diff --git a/compass-cobbler/fence_libvirt b/compass-cobbler/fence_libvirt new file mode 100755 index 0000000..53e235c --- /dev/null +++ b/compass-cobbler/fence_libvirt @@ -0,0 +1,106 @@ +#!/usr/bin/env python +import libvirt +import yaml +import multiprocessing +import click +import sys + + +SETTING = "/root/cobbler/settings" +power_action_map = { + "on": "create", + "off": "destroy", + "status": "state" + } + +def get_virt_host(setting_file): + with open(setting_file) as fd: + try: + settings = yaml.load(fd) + return settings['server'] + except Exception: + raise RuntimeError("Can't get server ip from %s" % SETTING) + + +def get_libvit_connection(user, passwd): + # def request_cred(credentials, user_data): + # for credential in credentials: + # if credential[0] == libvirt.VIR_CRED_AUTHNAME: + # credential[4] = user + # elif credential[0] == libvirt.VIR_CRED_PASSPHRASE: + # credential[4] = passwd + # return 0 + # auth = [[libvirt.VIR_CRED_AUTHNAME, libvirt.VIR_CRED_PASSPHRASE], + # request_cred, None] + server = get_virt_host(SETTING) + conn = libvirt.open('qemu+tcp://%s/system' % server) + return conn + + +def libvirt_function(domain, action, rc): + function = getattr(domain, power_action_map.get(action)) + state, reason = domain.state() + if function.__name__ == "create": + if state == libvirt.VIR_DOMAIN_RUNNING: + rc.value = 1 + else: + rc.value = function() + elif function.__name__ == "destroy": + if state == libvirt.VIR_DOMAIN_SHUTOFF: + rc.value = 1 + else: + rc.value = function() + elif function.__name__ == "state": + rc.value = state + + +def power_action(action, hostname, user, passwd): + conn = get_libvit_connection(user, passwd) + domain = conn.lookupByName(hostname) + rc = multiprocessing.Value('i') + p = multiprocessing.Process(target=libvirt_function, + args=(domain, action, rc,)) + p.start() + p.join() + print rc.value + return rc.value + + +@click.command() +@click.option("--action") +@click.option("--hostname") +@click.option("--user") +@click.option("--passwd") +def cli(action, hostname, user, passwd): + power_action(action, hostname, user, passwd) + + +def no_cli(): + opt = {} + for line in sys.stdin.readlines(): + try: + line = line.strip() + name, value = line.split("=") + opt.update({name: value}) + except Exception: + continue + + if opt["action"] and opt["hostname"]: + power_action(opt["action"], opt["hostname"], + opt["user"], opt["passwd"]) + else: + raise RuntimeError("Invalid argument, \ + action: {0}, hostname: {1}, user: {2}, passwd: {3}".format( + opt.get("action", None), opt.get("hostname", None), + opt.get("user", None), opt.get("action", None))) + + +def main(): + if len(sys.argv) > 1: + cli() + else: + no_cli() + + +if __name__ == '__main__': + main() diff --git a/compass-cobbler/fence_libvirt.template b/compass-cobbler/fence_libvirt.template new file mode 100644 index 0000000..2e38628 --- /dev/null +++ b/compass-cobbler/fence_libvirt.template @@ -0,0 +1,4 @@ +action=$power_mode +hostname=$hostname +user=$power_user +passwd=$power_pass diff --git a/compass-cobbler/pxeprofile_arm.template b/compass-cobbler/pxeprofile_arm.template new file mode 100644 index 0000000..50d1cf9 --- /dev/null +++ b/compass-cobbler/pxeprofile_arm.template @@ -0,0 +1,6 @@ +set timeout=5 + +menuentry $profile_name { + linux (tftp)$kernel_path $append_line + initrd (tftp)$initrd_path +} diff --git a/compass-db/Dockerfile b/compass-db/Dockerfile index 82871b9..997c0ab 100644 --- a/compass-db/Dockerfile +++ b/compass-db/Dockerfile @@ -10,4 +10,6 @@ RUN apt-get update && \ COPY entrypoint.sh /sbin/entrypoint.sh RUN chmod 755 /sbin/entrypoint.sh +VOLUME ["/var/lib/mysql"] + CMD ["/sbin/entrypoint.sh"] diff --git a/compass-db/Dockerfile-arm64 b/compass-db/Dockerfile-arm64 new file mode 100644 index 0000000..7b5755c --- /dev/null +++ b/compass-db/Dockerfile-arm64 @@ -0,0 +1,15 @@ +FROM ubuntu:trusty + +EXPOSE 3306 +ARG BRANCH=master + +RUN (apt-get update || true) && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-server && \ + rm -rf /var/lib/apt/lists/* + +COPY entrypoint-arm64.sh /sbin/entrypoint.sh +RUN chmod 755 /sbin/entrypoint.sh + +VOLUME ["/var/lib/mysql"] + +CMD ["/sbin/entrypoint.sh"] diff --git a/compass-db/entrypoint-arm64.sh b/compass-db/entrypoint-arm64.sh new file mode 100644 index 0000000..37b3437 --- /dev/null +++ b/compass-db/entrypoint-arm64.sh @@ -0,0 +1,43 @@ +#!/bin/bash +set -x + +create_users_and_dbs() { + /usr/bin/mysqld_safe > /dev/null 2>&1 & + + timeout=30 + # wait up to 30 secs... + while ! /usr/bin/mysqladmin -u root status > /dev/null 2>&1 + do + timeout=$(($timeout - 1)) + if [ $timeout -eq 0 ]; then + echo -e "\nCould not connect to database server. Aborting..." + exit 1 + fi + echo -n "." + sleep 1 + done + + echo "Creating user..." + mysqladmin -h127.0.0.1 --port=3306 -u root password root + mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass" + mysql -h127.0.0.1 --port=3306 -uroot -proot -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root'" + mysqladmin -uroot -proot shutdown +} + +listen_on_all_interfaces() { + cat >> /etc/mysql/conf.d/mysql-listen-compass.cnf <<EOF +[mysqld] +bind-address=0.0.0.0 +[mysqld_safe] +bind-address=0.0.0.0 +EOF +} + + +if [[ -z ${1} ]]; then + if [ ! -f /etc/mysql/conf.d/mysql-listen-compass.cnf ]; then + create_users_and_dbs + listen_on_all_interfaces + fi + /usr/bin/mysqld_safe +fi diff --git a/compass-deck/Dockerfile-arm64 b/compass-deck/Dockerfile-arm64 new file mode 100644 index 0000000..3bde0ae --- /dev/null +++ b/compass-deck/Dockerfile-arm64 @@ -0,0 +1,25 @@ +FROM centos:7 + +ENV container docker +ARG BRANCH=master + +RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd + +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*;\ +rm -f /etc/systemd/system/*.wants/*;\ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*;\ +rm -f /lib/systemd/system/anaconda.target.wants/*;\ +yum clean all + +ADD . /root/compass-deck + +RUN /root/compass-deck/build.sh + +EXPOSE 80 + +CMD ["/sbin/init", "/usr/local/bin/start.sh"] diff --git a/compass-deck/api/__init__.py b/compass-deck/api/__init__.py index 784fe23..e2d2544 100644 --- a/compass-deck/api/__init__.py +++ b/compass-deck/api/__init__.py @@ -14,7 +14,7 @@ import datetime from flask import Blueprint -from flask.ext.login import LoginManager +from flask_login import LoginManager from flask import Flask # from compass.api.v1.api import v1_app diff --git a/compass-deck/api/api.py b/compass-deck/api/api.py index e1cdd39..1fa10f2 100644 --- a/compass-deck/api/api.py +++ b/compass-deck/api/api.py @@ -22,10 +22,10 @@ import netaddr import requests import simplejson as json -from flask.ext.login import current_user -from flask.ext.login import login_required -from flask.ext.login import login_user -from flask.ext.login import logout_user +from flask_login import current_user +from flask_login import login_required +from flask_login import login_user +from flask_login import logout_user from flask import request from compass.api import app diff --git a/compass-deck/api/v1/api.py b/compass-deck/api/v1/api.py index 9dbc548..345746a 100644 --- a/compass-deck/api/v1/api.py +++ b/compass-deck/api/v1/api.py @@ -19,7 +19,7 @@ import simplejson as json from flask import Blueprint from flask import request -from flask.ext.restful import Resource +from flask_restful import Resource from compass.api.exception import BadRequest from compass.api.exception import Forbidden diff --git a/compass-deck/apiclient/restful.py b/compass-deck/apiclient/restful.py index bb82922..f5d4855 100644 --- a/compass-deck/apiclient/restful.py +++ b/compass-deck/apiclient/restful.py @@ -231,7 +231,7 @@ class Client(object): return self._get('/switches/%s/machines-hosts' % switch_id, data=data) def add_switch_machine(self, switch_id, mac=None, port=None, - vlans=None, ipmi_credentials=None, + vlans=None, power_manage=None, tag=None, location=None, raw_data=None): data = {} if raw_data: @@ -246,8 +246,8 @@ class Client(object): if vlans: data['vlans'] = vlans - if ipmi_credentials: - data['ipmi_credentials'] = ipmi_credentials + if power_manage: + data['power_manage'] = power_manage if tag: data['tag'] = tag @@ -258,7 +258,7 @@ class Client(object): return self._post('/switches/%s/machines' % switch_id, data=data) def update_switch_machine(self, switch_id, machine_id, port=None, - vlans=None, ipmi_credentials=None, tag=None, + vlans=None, power_manage=None, tag=None, location=None, raw_data=None): data = {} if raw_data: @@ -270,8 +270,8 @@ class Client(object): if vlans: data['vlans'] = vlans - if ipmi_credentials: - data['ipmi_credentials'] = ipmi_credentials + if power_manage: + data['power_manage'] = power_manage if tag: data['tag'] = tag @@ -412,14 +412,14 @@ class Client(object): return self._get('/machines/%s' % machine_id, data=data) - def update_machine(self, machine_id, ipmi_credentials=None, tag=None, + def update_machine(self, machine_id, power_manage=None, tag=None, location=None, raw_data=None): data = {} if raw_data: data = raw_data else: - if ipmi_credentials: - data['ipmi_credentials'] = ipmi_credentials + if power_manage: + data['power_manage'] = power_manage if tag: data['tag'] = tag @@ -429,15 +429,15 @@ class Client(object): return self._put('/machines/%s' % machine_id, data=data) - def patch_machine(self, machine_id, ipmi_credentials=None, + def patch_machine(self, machine_id, power_manage=None, tag=None, location=None, raw_data=None): data = {} if raw_data: data = raw_data else: - if ipmi_credentials: - data['ipmi_credentials'] = ipmi_credentials + if power_manage: + data['power_manage'] = power_manage if tag: data['tag'] = tag diff --git a/compass-deck/bin/manage_db.py b/compass-deck/bin/manage_db.py index 3e56433..2b1f035 100755 --- a/compass-deck/bin/manage_db.py +++ b/compass-deck/bin/manage_db.py @@ -23,14 +23,17 @@ import sys current_dir = os.path.dirname(os.path.realpath(__file__)) sys.path.append(current_dir) - import switch_virtualenv -from flask.ext.script import Manager +import yaml + +from flask_script import Manager from compass.api import app from compass.db.api import database from compass.db.api import switch as switch_api +from compass.db.api import machine as machine_api +from compass.db.api import network as network_api from compass.db.api import user as user_api from compass.utils import flags from compass.utils import logsetting @@ -57,6 +60,13 @@ flags.add('switch_machines_file', 'or switch,<switch_ip>,<switch_vendor>,' '<switch_version>,<switch_community>,<switch_state>'), default='') +flags.add('machine_file', + help=( + 'file for add machine ' + 'contains one or more mac address of a host ' + 'if it is a baremetal machine, ipmi credential is also ' + 'required.'), + default='') flags.add('search_cluster_properties', help='comma separated properties to search in cluster config', default='') @@ -159,6 +169,48 @@ def set_switch_machines(): ) +@app_manager.command +def set_machine(): + if not flags.OPTIONS.machine_file: + print 'flag --machine_file is missing' + return + database.init() + machine_file = flags.OPTIONS.machine_file + user = user_api.get_user_object( + setting.COMPASS_ADMIN_EMAIL + ) + with open(machine_file) as f: + machine_data = yaml.load(f) + for machine in machine_data: + power_manage = {} + power_manage.update( + {"ip": machine.get("power_ip", "")}) + power_manage.update( + {"username": machine.get("power_user", "")}) + power_manage.update( + {"password": machine.get("power_pass", "")}) + machine_api.add_machine(user=user, mac=machine["mac"], + power_type=machine["power_type"], + power_manage=power_manage) + + +@app_manager.command +def add_subnet(): + if not flags.OPTIONS.subnet: + print 'flag --subnet is missing' + return + database.init() + subnet_tuple = flags.OPTIONS.subnet + subnet_name = subnet_tuple[0] + subnet_cidr = subnet_tuple[1] + user = user_api.get_user_object( + setting.COMPASS_ADMIN_EMAIL + ) + network_api.add_subnet( + user=user, name=subnet_name, subnet=subnet_cidr + ) + + if __name__ == "__main__": flags.init() logsetting.init() diff --git a/compass-deck/build.sh b/compass-deck/build.sh index 23cf48c..c9d3922 100755 --- a/compass-deck/build.sh +++ b/compass-deck/build.sh @@ -21,7 +21,7 @@ rm -rf $COMPASS_DIR/../compass-web/.git easy_install --upgrade pip easy_install --upgrade six -pip install --upgrade pip +pip install --upgrade pip==9.0.1 pip install --upgrade setuptools pip install --upgrade virtualenv pip install --upgrade redis @@ -48,7 +48,8 @@ cp -f $COMPASS_DIR/misc/apache/{ods-server.conf,http_pip.conf,images.conf,packag cp -rf $COMPASS_DIR/bin/* /opt/compass/bin/ mkdir -p /var/www/compass ln -s -f /opt/compass/bin/compass_wsgi.py /var/www/compass/compass.wsgi -cp -rf /usr/lib64/libcrypto.so.6 /usr/lib64/libcrypto.so +# libcrypto.so.6 doesn't exist on arm64 +cp -rf /usr/lib64/libcrypto.so.6 /usr/lib64/libcrypto.so || true mkdir -p /var/log/compass chmod -R 777 /var/log/compass diff --git a/compass-deck/db/api/cluster.py b/compass-deck/db/api/cluster.py index 7a7022c..82bcaab 100644 --- a/compass-deck/db/api/cluster.py +++ b/compass-deck/db/api/cluster.py @@ -48,9 +48,9 @@ RESP_CLUSTERHOST_FIELDS = [ 'cluster_id', 'clustername', 'location', 'tag', 'networks', 'mac', 'switch_ip', 'port', 'switches', 'os_installed', 'distributed_system_installed', - 'os_name', 'os_id', 'ip', - 'reinstall_os', 'reinstall_distributed_system', - 'owner', 'cluster_id', + 'os_name', 'os_id', 'ip', 'reinstall_os', + 'reinstall_distributed_system', 'owner', 'cluster_id', + 'power_type', 'power_manage', 'created_at', 'updated_at', 'patched_roles' ] diff --git a/compass-deck/db/api/host.py b/compass-deck/db/api/host.py index 15e0bb6..61e3ab2 100644 --- a/compass-deck/db/api/host.py +++ b/compass-deck/db/api/host.py @@ -16,6 +16,7 @@ import functools import logging import netaddr +import ipaddress import re from compass.db.api import database @@ -23,6 +24,7 @@ from compass.db.api import metadata_holder as metadata_api from compass.db.api import permission from compass.db.api import user as user_api from compass.db.api import utils +from compass.db.api import network from compass.db import exception from compass.db import models from compass.utils import util @@ -642,6 +644,35 @@ def get_hostnetwork(host_network_id, user=None, session=None, **kwargs): return _get_hostnetwork(host_network_id, session=session) +def check_ip_available(subnet, ip): + if not subnet.reserved_range: + return + ip_int = int(ipaddress.IPv4Address(ip.decode())) + reserved_ranges = [] + reserved_ips = [] + for item in subnet.reserved_range.split(','): + ip_ends = item.split('-') + if len(ip_ends) == 2: + reserved_ranges.append(item) + elif len(ip_ends) == 1: + reserved_ips.append(item) + for item in reserved_ranges: + ends = item.split('-') + check_1 = int(ipaddress.IPv4Address(ends[0].decode())) - ip_int + check_2 = int(ipaddress.IPv4Address(ends[1].decode())) - ip_int + if (check_1 > 0) ^ (check_2 > 0): + raise exception.Forbidden( + 'IP %s is reserved, reserved range: %s' + % (ip, subnet.reserved_range) + ) + for item in reserved_ips: + if ip_int == int(ipaddress.IPv4Address(item.decode())): + raise exception.Forbidden( + 'IP %s is reserved, reserved range: %s' + % (ip, subnet.reserved_range) + ) + + @utils.supported_filters( ADDED_NETWORK_FIELDS, optional_support_keys=OPTIONAL_ADDED_NETWORK_FIELDS, @@ -652,17 +683,20 @@ def get_hostnetwork(host_network_id, user=None, session=None, **kwargs): ) @utils.wrap_to_dict(RESP_NETWORK_FIELDS) def _add_host_network( - host_id, exception_when_existing=True, - session=None, user=None, interface=None, ip=None, **kwargs + host_id, exception_when_existing=True, session=None, + user=None, interface=None, ip=None, subnet_id=None, **kwargs ): """Add hostnetwork to a host.""" host = _get_host(host_id, session=session) check_host_editable(host, user=user) + subnet = network.get_subnet_internal(subnet_id, session=session) + check_ip_available(subnet, ip) user_id = user.id return utils.add_db_object( session, models.HostNetwork, exception_when_existing, - host.id, interface, user_id, ip=ip, **kwargs + host.id, interface, user_id, + ip=ip, subnet_id=subnet_id, **kwargs ) @@ -671,14 +705,13 @@ def _add_host_network( permission.PERMISSION_ADD_HOST_NETWORK ) def add_host_network( - host_id, exception_when_existing=True, - interface=None, user=None, session=None, **kwargs + host_id, exception_when_existing=True, interface=None, + user=None, session=None, subnet_id=None, **kwargs ): """Create a hostnetwork to a host.""" return _add_host_network( - host_id, - exception_when_existing, - interface=interface, session=session, user=user, **kwargs + host_id, exception_when_existing, interface=interface, + user=user, session=session, subnet_id=subnet_id, **kwargs ) @@ -747,6 +780,8 @@ def _update_host_network( ): """Update host network.""" check_host_editable(host_network.host, user=user) + subnet = network.get_subnet_internal(host_network.subnet_id, session=session) + check_ip_available(subnet, ip) return utils.update_db_object(session, host_network, **kwargs) diff --git a/compass-deck/db/api/machine.py b/compass-deck/db/api/machine.py index b7b16b2..5b3cea0 100644 --- a/compass-deck/db/api/machine.py +++ b/compass-deck/db/api/machine.py @@ -29,20 +29,20 @@ from compass.utils import util MACHINE_PRIMARY_FILEDS = ['mac', 'owner_id'] SUPPORTED_FIELDS = [ - 'mac', 'tag', 'location', - 'machine_attributes', 'owner_id'] + 'mac', 'tag', 'location', 'power_manage', + 'machine_attributes', 'owner_id', 'power_type'] IGNORE_FIELDS = ['id', 'created_at', 'updated_at'] UPDATED_FIELDS = [ - 'ipmi_credentials', 'machine_attributes', - 'tag', 'location'] + 'mac', 'tag', 'location', 'power_manage', + 'machine_attributes', 'power_type'] PATCHED_FIELDS = [ - 'patched_ipmi_credentials', 'patched_tag', + 'patched_power_manage', 'patched_tag', 'patched_location' ] RESP_FIELDS = [ - 'id', 'mac', 'ipmi_credentials', 'switches', 'switch_ip', + 'id', 'mac', 'power_manage', 'switches', 'switch_ip', 'port', 'vlans', 'machine_attributes', 'owner_id', - 'tag', 'location', 'created_at', 'updated_at' + 'tag', 'location', 'power_type', 'created_at', 'updated_at' ] RESP_DEPLOY_FIELDS = [ 'status', 'machine' @@ -68,7 +68,7 @@ def _get_machine(machine_id, session=None, **kwargs): @utils.input_validates(mac=utils.check_mac) def _add_machine(mac, owner_id=None, session=None, **kwargs): """Add a machine.""" - if isinstance(owner_id, (int, long)): + if not owner_id or isinstance(owner_id, (int, long)): return utils.add_db_object( session, models.Machine, True, @@ -149,7 +149,7 @@ def _update_machine(machine_id, session=None, **kwargs): optional_support_keys=UPDATED_FIELDS, ignore_support_keys=IGNORE_FIELDS ) -@utils.input_validates(ipmi_credentials=utils.check_ipmi_credentials) +@utils.input_validates(power_manage=utils.check_power_manage) @database.run_in_session() @user_api.check_user_permission( permission.PERMISSION_ADD_MACHINE @@ -161,11 +161,11 @@ def update_machine(machine_id, user=None, session=None, **kwargs): ) -# replace [ipmi_credentials, tag, location] to -# [patched_ipmi_credentials, patched_tag, patched_location] +# replace [power_manage, tag, location] to +# [patched_power_manage, patched_tag, patched_location] # in kwargs. It tells db these fields will be patched. @utils.replace_filters( - ipmi_credentials='patched_ipmi_credentials', + power_manage='patched_power_manage', tag='patched_tag', location='patched_location' ) @@ -174,7 +174,7 @@ def update_machine(machine_id, user=None, session=None, **kwargs): ignore_support_keys=IGNORE_FIELDS ) @database.run_in_session() -@utils.output_validates(ipmi_credentials=utils.check_ipmi_credentials) +@utils.output_validates(power_manage=utils.check_power_manage) @user_api.check_user_permission( permission.PERMISSION_ADD_MACHINE ) diff --git a/compass-deck/db/api/network.py b/compass-deck/db/api/network.py index e2bf7d3..763b0b3 100644 --- a/compass-deck/db/api/network.py +++ b/compass-deck/db/api/network.py @@ -15,6 +15,7 @@ """Network related database operations.""" import logging import netaddr +import ipaddress import re from compass.db.api import database @@ -25,16 +26,17 @@ from compass.db import exception from compass.db import models -SUPPORTED_FIELDS = ['subnet', 'name'] +SUPPORTED_FIELDS = ['subnet', 'name', 'gateway'] RESP_FIELDS = [ - 'id', 'name', 'subnet', 'created_at', 'updated_at' + 'id', 'name', 'subnet', 'gateway', 'created_at', + 'updated_at', 'reserved_range' ] ADDED_FIELDS = ['subnet'] -OPTIONAL_ADDED_FIELDS = ['name'] +OPTIONAL_ADDED_FIELDS = ['name', 'gateway', 'reserved_range'] IGNORE_FIELDS = [ 'id', 'created_at', 'updated_at' ] -UPDATED_FIELDS = ['subnet', 'name'] +UPDATED_FIELDS = ['subnet', 'name', 'gateway', 'reserved_range'] def _check_subnet(subnet): @@ -47,6 +49,29 @@ def _check_subnet(subnet): 'subnet %s format unrecognized' % subnet) +def _check_ip_range(ip_ranges): + """Check if the ip range is valid. + The valid range can be a range or individual ips. + Range should be two ips jointed with "-", different ip + ranges and ips should be separated by "," + e.g. "10.1.0.0-10.1.0.50, 10.1.0.60" + """ + for ip_range in ip_ranges.split(','): + ip_ends = ip_range.split('-') + try: + ipaddress.IPv4Address(ip_ends[0].decode()) + if len(ip_ends) == 2: + ipaddress.IPv4Address(ip_ends[1].decode()) + except Exception as error: + logging.exception(error) + raise exception.InvalidParameter( + 'ip range %s format unrecognized' % ip_ranges) + finally: + if len(ip_ends) > 2: + raise exception.InvalidParameter( + 'ip range %s format unrecognized' % ip_ranges) + + @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS) @database.run_in_session() @user_api.check_user_permission( @@ -72,6 +97,11 @@ def _get_subnet(subnet_id, session=None, **kwargs): ) +def get_subnet_internal(subnet_id, session=None, **kwargs): + """"Helper function to get subnet.""" + return _get_subnet(subnet_id=subnet_id, session=session, **kwargs) + + @utils.supported_filters([]) @database.run_in_session() @user_api.check_user_permission( @@ -93,7 +123,7 @@ def get_subnet( ADDED_FIELDS, optional_support_keys=OPTIONAL_ADDED_FIELDS, ignore_support_keys=IGNORE_FIELDS ) -@utils.input_validates(subnet=_check_subnet) +@utils.input_validates(subnet=_check_subnet, reserved_range=_check_ip_range) @database.run_in_session() @user_api.check_user_permission( permission.PERMISSION_ADD_SUBNET @@ -114,7 +144,7 @@ def add_subnet( optional_support_keys=UPDATED_FIELDS, ignore_support_keys=IGNORE_FIELDS ) -@utils.input_validates(subnet=_check_subnet) +@utils.input_validates(subnet=_check_subnet, reserved_range=_check_ip_range) @database.run_in_session() @user_api.check_user_permission( permission.PERMISSION_ADD_SUBNET diff --git a/compass-deck/db/api/switch.py b/compass-deck/db/api/switch.py index 647eec0..92d7a7f 100644 --- a/compass-deck/db/api/switch.py +++ b/compass-deck/db/api/switch.py @@ -58,17 +58,17 @@ UPDATED_FILTERS_FIELDS = ['put_machine_filters'] PATCHED_FILTERS_FIELDS = ['patched_machine_filters'] ADDED_MACHINES_FIELDS = ['mac'] OPTIONAL_ADDED_MACHINES_FIELDS = [ - 'ipmi_credentials', 'tag', 'location', 'owner_id' + 'power_manage', 'tag', 'location', 'owner_id' ] ADDED_SWITCH_MACHINES_FIELDS = ['port'] OPTIONAL_ADDED_SWITCH_MACHINES_FIELDS = ['vlans'] UPDATED_MACHINES_FIELDS = [ - 'ipmi_credentials', + 'power_manage', 'tag', 'location' ] UPDATED_SWITCH_MACHINES_FIELDS = ['port', 'vlans', 'owner_id'] PATCHED_MACHINES_FIELDS = [ - 'patched_ipmi_credentials', + 'patched_power_manage', 'patched_tag', 'patched_location' ] PATCHED_SWITCH_MACHINES_FIELDS = ['patched_vlans'] @@ -85,13 +85,13 @@ RESP_ACTION_FIELDS = [ RESP_MACHINES_FIELDS = [ 'id', 'switch_id', 'switch_ip', 'machine_id', 'switch_machine_id', 'port', 'vlans', 'mac', 'owner_id', - 'ipmi_credentials', 'tag', 'location', + 'power_manage', 'tag', 'location', 'created_at', 'updated_at' ] RESP_MACHINES_HOSTS_FIELDS = [ 'id', 'switch_id', 'switch_ip', 'machine_id', 'switch_machine_id', 'port', 'vlans', 'mac', - 'ipmi_credentials', 'tag', 'location', 'ip', + 'power_manage', 'tag', 'location', 'ip', 'name', 'hostname', 'os_name', 'owner', 'os_installer', 'reinstall_os', 'os_installed', 'clusters', 'created_at', 'updated_at' @@ -988,13 +988,13 @@ def update_switchmachine(switch_machine_id, user=None, session=None, **kwargs): ) -# replace [vlans, ipmi_credentials, tag, location] to -# [patched_vlans, patched_ipmi_credentials, patched_tag, +# replace [vlans, power_manage, tag, location] to +# [patched_vlans, patched_power_manage, patched_tag, # patched_location] in kwargs. It tells db these fields will # be patched. @utils.replace_filters( vlans='patched_vlans', - ipmi_credentials='patched_ipmi_credentials', + power_manage='patched_power_manage', tag='patched_tag', location='patched_location' ) @@ -1024,13 +1024,13 @@ def patch_switch_machine( ) -# replace [vlans, ipmi_credentials, tag, location] to -# [patched_vlans, patched_ipmi_credentials, patched_tag, +# replace [vlans, power_manage, tag, location] to +# [patched_vlans, patched_power_manage, patched_tag, # patched_location] in kwargs. It tells db these fields will # be patched. @utils.replace_filters( vlans='patched_vlans', - ipmi_credentials='patched_ipmi_credentials', + power_manage='patched_power_manage', tag='patched_tag', location='patched_location' ) diff --git a/compass-deck/db/api/user.py b/compass-deck/db/api/user.py index db039eb..0105797 100644 --- a/compass-deck/db/api/user.py +++ b/compass-deck/db/api/user.py @@ -18,7 +18,7 @@ import functools import logging import re -from flask.ext.login import UserMixin +from flask_login import UserMixin from compass.db.api import database from compass.db.api import utils diff --git a/compass-deck/db/api/utils.py b/compass-deck/db/api/utils.py index a44f26e..8921b4a 100644 --- a/compass-deck/db/api/utils.py +++ b/compass-deck/db/api/utils.py @@ -1208,42 +1208,42 @@ def check_name(name): ) -def _check_ipmi_credentials_ip(ip): +def _check_power_manage_ip(ip): check_ip(ip) -def check_ipmi_credentials(ipmi_credentials): - """Check ipmi credentials format is correct.""" - if not ipmi_credentials: +def check_power_manage(power_manage): + """Check power manage format is correct.""" + if not power_manage: return - if not isinstance(ipmi_credentials, dict): + if not isinstance(power_manage, dict): raise exception.InvalidParameter( - 'invalid ipmi credentials %s' % ipmi_credentials + 'invalid power manage %s' % power_manage ) - for key in ipmi_credentials: + for key in power_manage: if key not in ['ip', 'username', 'password']: raise exception.InvalidParameter( - 'unrecognized field %s in ipmi credentials %s' % ( - key, ipmi_credentials + 'unrecognized field %s in power manage %s' % ( + key, power_manage ) ) for key in ['ip', 'username', 'password']: - if key not in ipmi_credentials: + if key not in power_manage: raise exception.InvalidParameter( - 'no field %s in ipmi credentials %s' % ( - key, ipmi_credentials + 'no field %s in power manage %s' % ( + key, power_manage ) ) - check_ipmi_credential_field = '_check_ipmi_credentials_%s' % key + check_power_manage_field = '_check_power_manage_%s' % key this_module = globals() - if check_ipmi_credential_field in this_module: - this_module[check_ipmi_credential_field]( - ipmi_credentials[key] + if check_power_manage_field in this_module: + this_module[check_power_manage_field]( + power_manage[key] ) else: logging.debug( - 'function %s is not defined', check_ipmi_credential_field + 'function %s is not defined', check_power_manage_field ) diff --git a/compass-deck/db/models.py b/compass-deck/db/models.py index d4b0324..124e35a 100644 --- a/compass-deck/db/models.py +++ b/compass-deck/db/models.py @@ -1532,11 +1532,12 @@ class Machine(BASE, HelperMixin, TimestampMixin): """Machine table.""" __tablename__ = 'machine' id = Column(Integer, primary_key=True) - mac = Column(String(24), unique=True, nullable=False) - ipmi_credentials = Column(JSONEncoded, default={}) + mac = Column(JSONEncoded, nullable=False) tag = Column(JSONEncoded, default={}) location = Column(JSONEncoded, default={}) - owner_id = Column(Integer, ForeignKey('user.id')) + owner_id = Column(Integer, nullable=True) + power_type = Column(String(10), default="ipmilan") + power_manage = Column(JSONEncoded, default={}) machine_attributes = Column(JSONEncoded, default={}) switch_machines = relationship( @@ -1564,22 +1565,23 @@ class Machine(BASE, HelperMixin, TimestampMixin): # TODO(xicheng): some validation can be moved to column. super(Machine, self).validate() try: - netaddr.EUI(self.mac) + for key, value in self.mac.items(): + netaddr.EUI(value) except Exception: raise exception.InvalidParameter( 'mac address %s format uncorrect' % self.mac ) @property - def patched_ipmi_credentials(self): - return self.ipmi_credentials + def patched_power_manage(self): + return self.power_manage - @patched_ipmi_credentials.setter - def patched_ipmi_credentials(self, value): + @patched_power_manage.setter + def patched_power_manage(self, value): if not value: return - ipmi_credentials = copy.deepcopy(self.ipmi_credentials) - self.ipmi_credentials = util.merge_dict(ipmi_credentials, value) + power_manage = copy.deepcopy(self.power_manage) + self.power_manage = util.merge_dict(power_manage, value) @property def patched_tag(self): @@ -1863,6 +1865,8 @@ class Subnet(BASE, TimestampMixin, HelperMixin): id = Column(Integer, primary_key=True) name = Column(String(80), unique=True, nullable=True) subnet = Column(String(80), unique=True, nullable=False) + gateway = Column(String(80), unique=True, nullable=True) + reserved_range = Column(String(80), unique=False, nullable=True) host_networks = relationship( HostNetwork, diff --git a/compass-deck/db/v1/model.py b/compass-deck/db/v1/model.py index d74e355..f84557c 100644 --- a/compass-deck/db/v1/model.py +++ b/compass-deck/db/v1/model.py @@ -28,7 +28,7 @@ from sqlalchemy.ext.hybrid import hybrid_property from compass.utils import util -from flask.ext.login import UserMixin +from flask_login import UserMixin from itsdangerous import URLSafeTimedSerializer BASE = declarative_base() diff --git a/compass-deck/requirements.txt b/compass-deck/requirements.txt index 6a3b3c7..caf96ea 100644 --- a/compass-deck/requirements.txt +++ b/compass-deck/requirements.txt @@ -1,6 +1,6 @@ amqplib argparse -celery +celery<=4.1.0 Markdown<2.5 Cheetah<=2.4.1 daemon @@ -22,3 +22,4 @@ python-daemon==2.1.1 SQLAlchemy>=0.9.0 simplejson requests +pyyaml diff --git a/compass-tasks-base/Dockerfile-arm64 b/compass-tasks-base/Dockerfile-arm64 new file mode 100644 index 0000000..3beaf57 --- /dev/null +++ b/compass-tasks-base/Dockerfile-arm64 @@ -0,0 +1,12 @@ +FROM centos:7 + +ADD . /root/compass-tasks + +RUN /root/compass-tasks/build.sh + +EXPOSE 6379 + +VOLUME ["/var/ansible", "/etc/compass/machine_list", "/etc/compass/switch_list"] + +ENTRYPOINT ["/bin/bash", "-c"] +CMD ["/usr/local/bin/start.sh"] diff --git a/compass-tasks-base/apiclient/restful.py b/compass-tasks-base/apiclient/restful.py index bb82922..f5d4855 100644 --- a/compass-tasks-base/apiclient/restful.py +++ b/compass-tasks-base/apiclient/restful.py @@ -231,7 +231,7 @@ class Client(object): return self._get('/switches/%s/machines-hosts' % switch_id, data=data) def add_switch_machine(self, switch_id, mac=None, port=None, - vlans=None, ipmi_credentials=None, + vlans=None, power_manage=None, tag=None, location=None, raw_data=None): data = {} if raw_data: @@ -246,8 +246,8 @@ class Client(object): if vlans: data['vlans'] = vlans - if ipmi_credentials: - data['ipmi_credentials'] = ipmi_credentials + if power_manage: + data['power_manage'] = power_manage if tag: data['tag'] = tag @@ -258,7 +258,7 @@ class Client(object): return self._post('/switches/%s/machines' % switch_id, data=data) def update_switch_machine(self, switch_id, machine_id, port=None, - vlans=None, ipmi_credentials=None, tag=None, + vlans=None, power_manage=None, tag=None, location=None, raw_data=None): data = {} if raw_data: @@ -270,8 +270,8 @@ class Client(object): if vlans: data['vlans'] = vlans - if ipmi_credentials: - data['ipmi_credentials'] = ipmi_credentials + if power_manage: + data['power_manage'] = power_manage if tag: data['tag'] = tag @@ -412,14 +412,14 @@ class Client(object): return self._get('/machines/%s' % machine_id, data=data) - def update_machine(self, machine_id, ipmi_credentials=None, tag=None, + def update_machine(self, machine_id, power_manage=None, tag=None, location=None, raw_data=None): data = {} if raw_data: data = raw_data else: - if ipmi_credentials: - data['ipmi_credentials'] = ipmi_credentials + if power_manage: + data['power_manage'] = power_manage if tag: data['tag'] = tag @@ -429,15 +429,15 @@ class Client(object): return self._put('/machines/%s' % machine_id, data=data) - def patch_machine(self, machine_id, ipmi_credentials=None, + def patch_machine(self, machine_id, power_manage=None, tag=None, location=None, raw_data=None): data = {} if raw_data: data = raw_data else: - if ipmi_credentials: - data['ipmi_credentials'] = ipmi_credentials + if power_manage: + data['power_manage'] = power_manage if tag: data['tag'] = tag diff --git a/compass-tasks-base/build.sh b/compass-tasks-base/build.sh index 20fa79e..6071734 100755 --- a/compass-tasks-base/build.sh +++ b/compass-tasks-base/build.sh @@ -36,12 +36,13 @@ echo "UserKnownHostsFile /dev/null" >> /root/.ssh/config; echo "StrictHostKeyChecking no" >> /root/.ssh/config easy_install --upgrade pip -pip install --upgrade pip +pip install --upgrade pip==9.0.1 pip install --upgrade setuptools pip install --upgrade Flask pip install --upgrade virtualenvwrapper source `which virtualenvwrapper.sh` +echo "source /usr/bin/virtualenvwrapper.sh" >> ~/.bashrc mkvirtualenv --system-site-packages compass-core workon compass-core cd $COMPASS_DIR diff --git a/compass-tasks-base/db/api/cluster.py b/compass-tasks-base/db/api/cluster.py index 7a7022c..82bcaab 100644 --- a/compass-tasks-base/db/api/cluster.py +++ b/compass-tasks-base/db/api/cluster.py @@ -48,9 +48,9 @@ RESP_CLUSTERHOST_FIELDS = [ 'cluster_id', 'clustername', 'location', 'tag', 'networks', 'mac', 'switch_ip', 'port', 'switches', 'os_installed', 'distributed_system_installed', - 'os_name', 'os_id', 'ip', - 'reinstall_os', 'reinstall_distributed_system', - 'owner', 'cluster_id', + 'os_name', 'os_id', 'ip', 'reinstall_os', + 'reinstall_distributed_system', 'owner', 'cluster_id', + 'power_type', 'power_manage', 'created_at', 'updated_at', 'patched_roles' ] diff --git a/compass-tasks-base/db/api/host.py b/compass-tasks-base/db/api/host.py index 15e0bb6..61e3ab2 100644 --- a/compass-tasks-base/db/api/host.py +++ b/compass-tasks-base/db/api/host.py @@ -16,6 +16,7 @@ import functools import logging import netaddr +import ipaddress import re from compass.db.api import database @@ -23,6 +24,7 @@ from compass.db.api import metadata_holder as metadata_api from compass.db.api import permission from compass.db.api import user as user_api from compass.db.api import utils +from compass.db.api import network from compass.db import exception from compass.db import models from compass.utils import util @@ -642,6 +644,35 @@ def get_hostnetwork(host_network_id, user=None, session=None, **kwargs): return _get_hostnetwork(host_network_id, session=session) +def check_ip_available(subnet, ip): + if not subnet.reserved_range: + return + ip_int = int(ipaddress.IPv4Address(ip.decode())) + reserved_ranges = [] + reserved_ips = [] + for item in subnet.reserved_range.split(','): + ip_ends = item.split('-') + if len(ip_ends) == 2: + reserved_ranges.append(item) + elif len(ip_ends) == 1: + reserved_ips.append(item) + for item in reserved_ranges: + ends = item.split('-') + check_1 = int(ipaddress.IPv4Address(ends[0].decode())) - ip_int + check_2 = int(ipaddress.IPv4Address(ends[1].decode())) - ip_int + if (check_1 > 0) ^ (check_2 > 0): + raise exception.Forbidden( + 'IP %s is reserved, reserved range: %s' + % (ip, subnet.reserved_range) + ) + for item in reserved_ips: + if ip_int == int(ipaddress.IPv4Address(item.decode())): + raise exception.Forbidden( + 'IP %s is reserved, reserved range: %s' + % (ip, subnet.reserved_range) + ) + + @utils.supported_filters( ADDED_NETWORK_FIELDS, optional_support_keys=OPTIONAL_ADDED_NETWORK_FIELDS, @@ -652,17 +683,20 @@ def get_hostnetwork(host_network_id, user=None, session=None, **kwargs): ) @utils.wrap_to_dict(RESP_NETWORK_FIELDS) def _add_host_network( - host_id, exception_when_existing=True, - session=None, user=None, interface=None, ip=None, **kwargs + host_id, exception_when_existing=True, session=None, + user=None, interface=None, ip=None, subnet_id=None, **kwargs ): """Add hostnetwork to a host.""" host = _get_host(host_id, session=session) check_host_editable(host, user=user) + subnet = network.get_subnet_internal(subnet_id, session=session) + check_ip_available(subnet, ip) user_id = user.id return utils.add_db_object( session, models.HostNetwork, exception_when_existing, - host.id, interface, user_id, ip=ip, **kwargs + host.id, interface, user_id, + ip=ip, subnet_id=subnet_id, **kwargs ) @@ -671,14 +705,13 @@ def _add_host_network( permission.PERMISSION_ADD_HOST_NETWORK ) def add_host_network( - host_id, exception_when_existing=True, - interface=None, user=None, session=None, **kwargs + host_id, exception_when_existing=True, interface=None, + user=None, session=None, subnet_id=None, **kwargs ): """Create a hostnetwork to a host.""" return _add_host_network( - host_id, - exception_when_existing, - interface=interface, session=session, user=user, **kwargs + host_id, exception_when_existing, interface=interface, + user=user, session=session, subnet_id=subnet_id, **kwargs ) @@ -747,6 +780,8 @@ def _update_host_network( ): """Update host network.""" check_host_editable(host_network.host, user=user) + subnet = network.get_subnet_internal(host_network.subnet_id, session=session) + check_ip_available(subnet, ip) return utils.update_db_object(session, host_network, **kwargs) diff --git a/compass-tasks-base/db/api/machine.py b/compass-tasks-base/db/api/machine.py index b7b16b2..5b3cea0 100644 --- a/compass-tasks-base/db/api/machine.py +++ b/compass-tasks-base/db/api/machine.py @@ -29,20 +29,20 @@ from compass.utils import util MACHINE_PRIMARY_FILEDS = ['mac', 'owner_id'] SUPPORTED_FIELDS = [ - 'mac', 'tag', 'location', - 'machine_attributes', 'owner_id'] + 'mac', 'tag', 'location', 'power_manage', + 'machine_attributes', 'owner_id', 'power_type'] IGNORE_FIELDS = ['id', 'created_at', 'updated_at'] UPDATED_FIELDS = [ - 'ipmi_credentials', 'machine_attributes', - 'tag', 'location'] + 'mac', 'tag', 'location', 'power_manage', + 'machine_attributes', 'power_type'] PATCHED_FIELDS = [ - 'patched_ipmi_credentials', 'patched_tag', + 'patched_power_manage', 'patched_tag', 'patched_location' ] RESP_FIELDS = [ - 'id', 'mac', 'ipmi_credentials', 'switches', 'switch_ip', + 'id', 'mac', 'power_manage', 'switches', 'switch_ip', 'port', 'vlans', 'machine_attributes', 'owner_id', - 'tag', 'location', 'created_at', 'updated_at' + 'tag', 'location', 'power_type', 'created_at', 'updated_at' ] RESP_DEPLOY_FIELDS = [ 'status', 'machine' @@ -68,7 +68,7 @@ def _get_machine(machine_id, session=None, **kwargs): @utils.input_validates(mac=utils.check_mac) def _add_machine(mac, owner_id=None, session=None, **kwargs): """Add a machine.""" - if isinstance(owner_id, (int, long)): + if not owner_id or isinstance(owner_id, (int, long)): return utils.add_db_object( session, models.Machine, True, @@ -149,7 +149,7 @@ def _update_machine(machine_id, session=None, **kwargs): optional_support_keys=UPDATED_FIELDS, ignore_support_keys=IGNORE_FIELDS ) -@utils.input_validates(ipmi_credentials=utils.check_ipmi_credentials) +@utils.input_validates(power_manage=utils.check_power_manage) @database.run_in_session() @user_api.check_user_permission( permission.PERMISSION_ADD_MACHINE @@ -161,11 +161,11 @@ def update_machine(machine_id, user=None, session=None, **kwargs): ) -# replace [ipmi_credentials, tag, location] to -# [patched_ipmi_credentials, patched_tag, patched_location] +# replace [power_manage, tag, location] to +# [patched_power_manage, patched_tag, patched_location] # in kwargs. It tells db these fields will be patched. @utils.replace_filters( - ipmi_credentials='patched_ipmi_credentials', + power_manage='patched_power_manage', tag='patched_tag', location='patched_location' ) @@ -174,7 +174,7 @@ def update_machine(machine_id, user=None, session=None, **kwargs): ignore_support_keys=IGNORE_FIELDS ) @database.run_in_session() -@utils.output_validates(ipmi_credentials=utils.check_ipmi_credentials) +@utils.output_validates(power_manage=utils.check_power_manage) @user_api.check_user_permission( permission.PERMISSION_ADD_MACHINE ) diff --git a/compass-tasks-base/db/api/network.py b/compass-tasks-base/db/api/network.py index e2bf7d3..763b0b3 100644 --- a/compass-tasks-base/db/api/network.py +++ b/compass-tasks-base/db/api/network.py @@ -15,6 +15,7 @@ """Network related database operations.""" import logging import netaddr +import ipaddress import re from compass.db.api import database @@ -25,16 +26,17 @@ from compass.db import exception from compass.db import models -SUPPORTED_FIELDS = ['subnet', 'name'] +SUPPORTED_FIELDS = ['subnet', 'name', 'gateway'] RESP_FIELDS = [ - 'id', 'name', 'subnet', 'created_at', 'updated_at' + 'id', 'name', 'subnet', 'gateway', 'created_at', + 'updated_at', 'reserved_range' ] ADDED_FIELDS = ['subnet'] -OPTIONAL_ADDED_FIELDS = ['name'] +OPTIONAL_ADDED_FIELDS = ['name', 'gateway', 'reserved_range'] IGNORE_FIELDS = [ 'id', 'created_at', 'updated_at' ] -UPDATED_FIELDS = ['subnet', 'name'] +UPDATED_FIELDS = ['subnet', 'name', 'gateway', 'reserved_range'] def _check_subnet(subnet): @@ -47,6 +49,29 @@ def _check_subnet(subnet): 'subnet %s format unrecognized' % subnet) +def _check_ip_range(ip_ranges): + """Check if the ip range is valid. + The valid range can be a range or individual ips. + Range should be two ips jointed with "-", different ip + ranges and ips should be separated by "," + e.g. "10.1.0.0-10.1.0.50, 10.1.0.60" + """ + for ip_range in ip_ranges.split(','): + ip_ends = ip_range.split('-') + try: + ipaddress.IPv4Address(ip_ends[0].decode()) + if len(ip_ends) == 2: + ipaddress.IPv4Address(ip_ends[1].decode()) + except Exception as error: + logging.exception(error) + raise exception.InvalidParameter( + 'ip range %s format unrecognized' % ip_ranges) + finally: + if len(ip_ends) > 2: + raise exception.InvalidParameter( + 'ip range %s format unrecognized' % ip_ranges) + + @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS) @database.run_in_session() @user_api.check_user_permission( @@ -72,6 +97,11 @@ def _get_subnet(subnet_id, session=None, **kwargs): ) +def get_subnet_internal(subnet_id, session=None, **kwargs): + """"Helper function to get subnet.""" + return _get_subnet(subnet_id=subnet_id, session=session, **kwargs) + + @utils.supported_filters([]) @database.run_in_session() @user_api.check_user_permission( @@ -93,7 +123,7 @@ def get_subnet( ADDED_FIELDS, optional_support_keys=OPTIONAL_ADDED_FIELDS, ignore_support_keys=IGNORE_FIELDS ) -@utils.input_validates(subnet=_check_subnet) +@utils.input_validates(subnet=_check_subnet, reserved_range=_check_ip_range) @database.run_in_session() @user_api.check_user_permission( permission.PERMISSION_ADD_SUBNET @@ -114,7 +144,7 @@ def add_subnet( optional_support_keys=UPDATED_FIELDS, ignore_support_keys=IGNORE_FIELDS ) -@utils.input_validates(subnet=_check_subnet) +@utils.input_validates(subnet=_check_subnet, reserved_range=_check_ip_range) @database.run_in_session() @user_api.check_user_permission( permission.PERMISSION_ADD_SUBNET diff --git a/compass-tasks-base/db/api/switch.py b/compass-tasks-base/db/api/switch.py index 647eec0..92d7a7f 100644 --- a/compass-tasks-base/db/api/switch.py +++ b/compass-tasks-base/db/api/switch.py @@ -58,17 +58,17 @@ UPDATED_FILTERS_FIELDS = ['put_machine_filters'] PATCHED_FILTERS_FIELDS = ['patched_machine_filters'] ADDED_MACHINES_FIELDS = ['mac'] OPTIONAL_ADDED_MACHINES_FIELDS = [ - 'ipmi_credentials', 'tag', 'location', 'owner_id' + 'power_manage', 'tag', 'location', 'owner_id' ] ADDED_SWITCH_MACHINES_FIELDS = ['port'] OPTIONAL_ADDED_SWITCH_MACHINES_FIELDS = ['vlans'] UPDATED_MACHINES_FIELDS = [ - 'ipmi_credentials', + 'power_manage', 'tag', 'location' ] UPDATED_SWITCH_MACHINES_FIELDS = ['port', 'vlans', 'owner_id'] PATCHED_MACHINES_FIELDS = [ - 'patched_ipmi_credentials', + 'patched_power_manage', 'patched_tag', 'patched_location' ] PATCHED_SWITCH_MACHINES_FIELDS = ['patched_vlans'] @@ -85,13 +85,13 @@ RESP_ACTION_FIELDS = [ RESP_MACHINES_FIELDS = [ 'id', 'switch_id', 'switch_ip', 'machine_id', 'switch_machine_id', 'port', 'vlans', 'mac', 'owner_id', - 'ipmi_credentials', 'tag', 'location', + 'power_manage', 'tag', 'location', 'created_at', 'updated_at' ] RESP_MACHINES_HOSTS_FIELDS = [ 'id', 'switch_id', 'switch_ip', 'machine_id', 'switch_machine_id', 'port', 'vlans', 'mac', - 'ipmi_credentials', 'tag', 'location', 'ip', + 'power_manage', 'tag', 'location', 'ip', 'name', 'hostname', 'os_name', 'owner', 'os_installer', 'reinstall_os', 'os_installed', 'clusters', 'created_at', 'updated_at' @@ -988,13 +988,13 @@ def update_switchmachine(switch_machine_id, user=None, session=None, **kwargs): ) -# replace [vlans, ipmi_credentials, tag, location] to -# [patched_vlans, patched_ipmi_credentials, patched_tag, +# replace [vlans, power_manage, tag, location] to +# [patched_vlans, patched_power_manage, patched_tag, # patched_location] in kwargs. It tells db these fields will # be patched. @utils.replace_filters( vlans='patched_vlans', - ipmi_credentials='patched_ipmi_credentials', + power_manage='patched_power_manage', tag='patched_tag', location='patched_location' ) @@ -1024,13 +1024,13 @@ def patch_switch_machine( ) -# replace [vlans, ipmi_credentials, tag, location] to -# [patched_vlans, patched_ipmi_credentials, patched_tag, +# replace [vlans, power_manage, tag, location] to +# [patched_vlans, patched_power_manage, patched_tag, # patched_location] in kwargs. It tells db these fields will # be patched. @utils.replace_filters( vlans='patched_vlans', - ipmi_credentials='patched_ipmi_credentials', + power_manage='patched_power_manage', tag='patched_tag', location='patched_location' ) diff --git a/compass-tasks-base/db/api/user.py b/compass-tasks-base/db/api/user.py index db039eb..0105797 100644 --- a/compass-tasks-base/db/api/user.py +++ b/compass-tasks-base/db/api/user.py @@ -18,7 +18,7 @@ import functools import logging import re -from flask.ext.login import UserMixin +from flask_login import UserMixin from compass.db.api import database from compass.db.api import utils diff --git a/compass-tasks-base/db/api/utils.py b/compass-tasks-base/db/api/utils.py index a44f26e..8921b4a 100644 --- a/compass-tasks-base/db/api/utils.py +++ b/compass-tasks-base/db/api/utils.py @@ -1208,42 +1208,42 @@ def check_name(name): ) -def _check_ipmi_credentials_ip(ip): +def _check_power_manage_ip(ip): check_ip(ip) -def check_ipmi_credentials(ipmi_credentials): - """Check ipmi credentials format is correct.""" - if not ipmi_credentials: +def check_power_manage(power_manage): + """Check power manage format is correct.""" + if not power_manage: return - if not isinstance(ipmi_credentials, dict): + if not isinstance(power_manage, dict): raise exception.InvalidParameter( - 'invalid ipmi credentials %s' % ipmi_credentials + 'invalid power manage %s' % power_manage ) - for key in ipmi_credentials: + for key in power_manage: if key not in ['ip', 'username', 'password']: raise exception.InvalidParameter( - 'unrecognized field %s in ipmi credentials %s' % ( - key, ipmi_credentials + 'unrecognized field %s in power manage %s' % ( + key, power_manage ) ) for key in ['ip', 'username', 'password']: - if key not in ipmi_credentials: + if key not in power_manage: raise exception.InvalidParameter( - 'no field %s in ipmi credentials %s' % ( - key, ipmi_credentials + 'no field %s in power manage %s' % ( + key, power_manage ) ) - check_ipmi_credential_field = '_check_ipmi_credentials_%s' % key + check_power_manage_field = '_check_power_manage_%s' % key this_module = globals() - if check_ipmi_credential_field in this_module: - this_module[check_ipmi_credential_field]( - ipmi_credentials[key] + if check_power_manage_field in this_module: + this_module[check_power_manage_field]( + power_manage[key] ) else: logging.debug( - 'function %s is not defined', check_ipmi_credential_field + 'function %s is not defined', check_power_manage_field ) diff --git a/compass-tasks-base/db/models.py b/compass-tasks-base/db/models.py index d4b0324..124e35a 100644 --- a/compass-tasks-base/db/models.py +++ b/compass-tasks-base/db/models.py @@ -1532,11 +1532,12 @@ class Machine(BASE, HelperMixin, TimestampMixin): """Machine table.""" __tablename__ = 'machine' id = Column(Integer, primary_key=True) - mac = Column(String(24), unique=True, nullable=False) - ipmi_credentials = Column(JSONEncoded, default={}) + mac = Column(JSONEncoded, nullable=False) tag = Column(JSONEncoded, default={}) location = Column(JSONEncoded, default={}) - owner_id = Column(Integer, ForeignKey('user.id')) + owner_id = Column(Integer, nullable=True) + power_type = Column(String(10), default="ipmilan") + power_manage = Column(JSONEncoded, default={}) machine_attributes = Column(JSONEncoded, default={}) switch_machines = relationship( @@ -1564,22 +1565,23 @@ class Machine(BASE, HelperMixin, TimestampMixin): # TODO(xicheng): some validation can be moved to column. super(Machine, self).validate() try: - netaddr.EUI(self.mac) + for key, value in self.mac.items(): + netaddr.EUI(value) except Exception: raise exception.InvalidParameter( 'mac address %s format uncorrect' % self.mac ) @property - def patched_ipmi_credentials(self): - return self.ipmi_credentials + def patched_power_manage(self): + return self.power_manage - @patched_ipmi_credentials.setter - def patched_ipmi_credentials(self, value): + @patched_power_manage.setter + def patched_power_manage(self, value): if not value: return - ipmi_credentials = copy.deepcopy(self.ipmi_credentials) - self.ipmi_credentials = util.merge_dict(ipmi_credentials, value) + power_manage = copy.deepcopy(self.power_manage) + self.power_manage = util.merge_dict(power_manage, value) @property def patched_tag(self): @@ -1863,6 +1865,8 @@ class Subnet(BASE, TimestampMixin, HelperMixin): id = Column(Integer, primary_key=True) name = Column(String(80), unique=True, nullable=True) subnet = Column(String(80), unique=True, nullable=False) + gateway = Column(String(80), unique=True, nullable=True) + reserved_range = Column(String(80), unique=False, nullable=True) host_networks = relationship( HostNetwork, diff --git a/compass-tasks-base/db/v1/model.py b/compass-tasks-base/db/v1/model.py index d74e355..f84557c 100644 --- a/compass-tasks-base/db/v1/model.py +++ b/compass-tasks-base/db/v1/model.py @@ -28,7 +28,7 @@ from sqlalchemy.ext.hybrid import hybrid_property from compass.utils import util -from flask.ext.login import UserMixin +from flask_login import UserMixin from itsdangerous import URLSafeTimedSerializer BASE = declarative_base() diff --git a/compass-tasks-base/deployment/deploy_manager.py b/compass-tasks-base/deployment/deploy_manager.py index baf7cd6..225c31e 100644 --- a/compass-tasks-base/deployment/deploy_manager.py +++ b/compass-tasks-base/deployment/deploy_manager.py @@ -111,7 +111,34 @@ class DeployManager(object): self.os_installer.set_package_installer_config(pk_installer_config) # start to deploy OS - return self.os_installer.deploy() + result = self.os_installer.deploy() + self.reset_server() + + return result + + def poweron_server(self): + if not self.os_installer: + return + + host_id_list = self.os_installer.config_manager.get_host_id_list() + for host_id in host_id_list: + self.os_installer.poweron(host_id) + + def poweroff_server(self): + if not self.os_installer: + return + + host_id_list = self.os_installer.config_manager.get_host_id_list() + for host_id in host_id_list: + self.os_installer.poweroff(host_id) + + def reset_server(self): + if not self.os_installer: + return + + host_id_list = self.os_installer.config_manager.get_host_id_list() + for host_id in host_id_list: + self.os_installer.reset(host_id) def deploy_target_system(self): """Deploy target system to all hosts in the cluster. diff --git a/compass-tasks-base/deployment/installers/config_manager.py b/compass-tasks-base/deployment/installers/config_manager.py index 597c3a6..ebee727 100644 --- a/compass-tasks-base/deployment/installers/config_manager.py +++ b/compass-tasks-base/deployment/installers/config_manager.py @@ -169,7 +169,8 @@ class HostInfo(object): self.package_config = self.host_info.setdefault(const.PK_CONFIG, {}) self.roles = self.host_info.setdefault(const.ROLES, []) self.patched_roles = self.host_info.setdefault(const.PATCHED_ROLES, []) - self.ipmi = deepcopy(self.host_info.setdefault(const.IPMI, {})) + self.power_type = deepcopy(self.host_info.setdefault(const.POWER_TYPE, {})) + self.power_manage = deepcopy(self.host_info.setdefault(const.POWER_MANAGE, {})) self.reinstall_os_flag = self.host_info.get(const.REINSTALL_OS_FLAG) self.deployed_os_config = self.host_info.setdefault( const.DEPLOYED_OS_CONFIG, {} @@ -275,6 +276,8 @@ class HostInfo(object): def baseinfo(self): return { const.REINSTALL_OS_FLAG: self.reinstall_os_flag, + const.POWER_TYPE: self.power_type, + const.POWER_MANAGE: self.power_manage, const.MAC_ADDR: self.mac, const.NAME: self.name, const.HOSTNAME: self.hostname, @@ -514,14 +517,15 @@ class BaseConfigManager(object): self.validate_host(host_id) return self.hosts_info[host_id].roles_mapping - def get_host_ipmi_info(self, host_id): + def get_host_power_info(self, host_id): self.validate_host(host_id) - if self.hosts_info[host_id].ipmi: + if self.hosts_info[host_id].power_manage: return ( - self.hosts_info[host_id].ipmi[const.IP_ADDR], - self.hosts_info[host_id].ipmi - [const.IPMI_CREDS][const.USERNAME], - self.hosts_info[host_id].ipmi - [const.IPMI_CREDS][const.USERNAME]) + self.hosts_info[host_id].power_manage + [const.IP_ADDR], + self.hosts_info[host_id].power_manage + [const.USERNAME], + self.hosts_info[host_id].power_manage + [const.PASSWORD]) else: return (None, None, None) diff --git a/compass-tasks-base/deployment/installers/os_installers/cobbler/cobbler.py b/compass-tasks-base/deployment/installers/os_installers/cobbler/cobbler.py index 9c2a935..aa74f68 100644 --- a/compass-tasks-base/deployment/installers/os_installers/cobbler/cobbler.py +++ b/compass-tasks-base/deployment/installers/os_installers/cobbler/cobbler.py @@ -397,25 +397,25 @@ class CobblerInstaller(OSInstaller): return cluster_vas_dict - def _check_and_set_system_impi(self, host_id, sys_id): + def _check_and_set_system_power(self, host_id, sys_id): if not sys_id: logging.info("System is None!") return False system = self.dump_system_info(host_id) - if system[self.POWER_TYPE] != 'ipmilan' or not system[self.POWER_USER]: + if not system.get(self.POWER_TYPE): # Set sytem power type to ipmilan if needs and set IPMI info - ipmi_info = self.config_manager.get_host_ipmi_info(host_id) - if not ipmi_info: + power_info = self.config_manager.get_host_power_info(host_id) + if not power_info: logging.info('No IPMI information found! Failed power on.') return False - ipmi_ip, ipmi_user, ipmi_pass = ipmi_info + ip, username, password = power_info power_opts = {} power_opts[self.POWER_TYPE] = 'ipmilan' - power_opts[self.POWER_ADDR] = ipmi_ip - power_opts[self.POWER_USER] = ipmi_user - power_opts[self.POWER_PASS] = ipmi_pass + power_opts[self.POWER_ADDR] = ip + power_opts[self.POWER_USER] = username + power_opts[self.POWER_PASS] = password self._update_system_config(sys_id, power_opts) @@ -424,26 +424,26 @@ class CobblerInstaller(OSInstaller): def poweron(self, host_id): hostname = self.config_manager.get_hostname(host_id) sys_id = self._get_create_system(hostname) - if not self._check_and_set_system_impi(sys_id): + if not self._check_and_set_system_power(host_id, sys_id): return - self.remote.power_system(sys_id, self.token, power='on') + self.remote.power_system(sys_id, 'on', self.token) logging.info("Host with ID=%d starts to power on!" % host_id) def poweroff(self, host_id): hostname = self.config_manager.get_hostname(host_id) sys_id = self._get_create_system(hostname) - if not self._check_and_set_system_impi(sys_id): + if not self._check_and_set_system_power(host_id, sys_id): return - self.remote.power_system(sys_id, self.token, power='off') + self.remote.power_system(sys_id, 'off', self.token) logging.info("Host with ID=%d starts to power off!" % host_id) def reset(self, host_id): hostname = self.config_manager.get_hostname(host_id) sys_id = self._get_create_system(hostname) - if not self._check_and_set_system_impi(sys_id): + if not self._check_and_set_system_power(host_id, sys_id): return - self.remote.power_system(sys_id, self.token, power='reboot') + self.remote.power_system(sys_id, 'reboot', self.token) logging.info("Host with ID=%d starts to reboot!" % host_id) diff --git a/compass-tasks-base/deployment/utils/constants.py b/compass-tasks-base/deployment/utils/constants.py index e90b1b2..18ee56a 100644 --- a/compass-tasks-base/deployment/utils/constants.py +++ b/compass-tasks-base/deployment/utils/constants.py @@ -54,8 +54,8 @@ DOMAIN = 'domain' HOST_ID = 'host_id' HOSTNAME = 'hostname' IP_ADDR = 'ip' -IPMI = 'ipmi' -IPMI_CREDS = 'ipmi_credentials' +POWER_TYPE = 'power_type' +POWER_MANAGE = 'power_manage' MAC_ADDR = 'mac' MGMT_NIC_FLAG = 'is_mgmt' NETMASK = 'netmask' diff --git a/compass-tasks-k8s/Dockerfile b/compass-tasks-k8s/Dockerfile new file mode 100644 index 0000000..70da42e --- /dev/null +++ b/compass-tasks-k8s/Dockerfile @@ -0,0 +1,6 @@ +FROM opnfv/compass-tasks-base +ARG BRANCH=master + +ADD ./run.sh /root/ +RUN chmod +x /root/run.sh +RUN /root/run.sh diff --git a/compass-tasks-k8s/Dockerfile-arm64 b/compass-tasks-k8s/Dockerfile-arm64 new file mode 100644 index 0000000..bf165c4 --- /dev/null +++ b/compass-tasks-k8s/Dockerfile-arm64 @@ -0,0 +1,5 @@ +FROM opnfv/compass-tasks-base + +COPY arm64/* /root/ +RUN chmod +x /root/run.sh +RUN /root/run.sh diff --git a/compass-tasks-k8s/arm64/docker-pkg.patch b/compass-tasks-k8s/arm64/docker-pkg.patch new file mode 100644 index 0000000..11e3ffc --- /dev/null +++ b/compass-tasks-k8s/arm64/docker-pkg.patch @@ -0,0 +1,115 @@ +From cf5025dcea741a8491fc7bf219cc2ca29fcac29d Mon Sep 17 00:00:00 2001 +From: Yibo Cai <yibo.cai@linaro.org> +Date: Thu, 19 Apr 2018 15:45:20 +0800 +Subject: [PATCH] fixup docker package + +--- + roles/docker/tasks/systemd.yml | 8 ++++++++ + roles/docker/templates/docker-options-centos.conf.j2 | 8 ++++++++ + roles/docker/vars/debian.yml | 8 +++++++- + roles/docker/vars/redhat.yml | 7 ++++++- + roles/docker/vars/ubuntu.yml | 8 +++++++- + 5 files changed, 36 insertions(+), 3 deletions(-) + create mode 100644 roles/docker/templates/docker-options-centos.conf.j2 + +diff --git a/roles/docker/tasks/systemd.yml b/roles/docker/tasks/systemd.yml +index 90425fe..0953777 100644 +--- a/roles/docker/tasks/systemd.yml ++++ b/roles/docker/tasks/systemd.yml +@@ -30,6 +30,14 @@ + src: docker-options.conf.j2 + dest: "/etc/systemd/system/docker.service.d/docker-options.conf" + notify: restart docker ++ when: ansible_distribution != 'CentOS' ++ ++- name: Write docker options systemd drop-in for CentOS7 ++ template: ++ src: docker-options-centos.conf.j2 ++ dest: "/etc/systemd/system/docker.service.d/docker-options.conf" ++ notify: restart docker ++ when: ansible_distribution == 'CentOS' + + - name: Write docker dns systemd drop-in + template: +diff --git a/roles/docker/templates/docker-options-centos.conf.j2 b/roles/docker/templates/docker-options-centos.conf.j2 +new file mode 100644 +index 0000000..829134e +--- /dev/null ++++ b/roles/docker/templates/docker-options-centos.conf.j2 +@@ -0,0 +1,8 @@ ++[Service] ++Environment="DOCKER_OPTS={{ docker_options | default('') }} \ ++--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \ ++--default-runtime=docker-runc \ ++--exec-opt native.cgroupdriver=systemd \ ++--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ ++--signature-verification=false \ ++--iptables=false" +diff --git a/roles/docker/vars/debian.yml b/roles/docker/vars/debian.yml +index 587e910..05d69fe 100644 +--- a/roles/docker/vars/debian.yml ++++ b/roles/docker/vars/debian.yml +@@ -11,10 +11,16 @@ docker_versioned_pkg: + 'stable': docker-engine=17.03.1~ce-0~debian-{{ ansible_distribution_release|lower }} + 'edge': docker-engine=17.05.0~ce-0~debian-{{ ansible_distribution_release|lower }} + ++#docker_package_info: ++# pkg_mgr: apt ++# pkgs: ++# - name: "{{ docker_versioned_pkg[docker_version | string] }}" ++# force: yes ++ + docker_package_info: + pkg_mgr: apt + pkgs: +- - name: "{{ docker_versioned_pkg[docker_version | string] }}" ++ - name: docker.io + force: yes + + docker_repo_key_info: +diff --git a/roles/docker/vars/redhat.yml b/roles/docker/vars/redhat.yml +index 23c5419..42ab2a4 100644 +--- a/roles/docker/vars/redhat.yml ++++ b/roles/docker/vars/redhat.yml +@@ -15,10 +15,15 @@ docker_versioned_pkg: + # https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package + # https://download.docker.com/linux/centos/7/x86_64/stable/Packages/ + ++#docker_package_info: ++# pkg_mgr: yum ++# pkgs: ++# - name: "{{ docker_versioned_pkg[docker_version | string] }}" ++ + docker_package_info: + pkg_mgr: yum + pkgs: +- - name: "{{ docker_versioned_pkg[docker_version | string] }}" ++ - name: docker + + docker_repo_key_info: + pkg_key: '' +diff --git a/roles/docker/vars/ubuntu.yml b/roles/docker/vars/ubuntu.yml +index f11f5bb..5992f8a 100644 +--- a/roles/docker/vars/ubuntu.yml ++++ b/roles/docker/vars/ubuntu.yml +@@ -11,10 +11,16 @@ docker_versioned_pkg: + 'stable': docker-engine=17.03.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }} + 'edge': docker-engine=17.05.0~ce-0~ubuntu-{{ ansible_distribution_release|lower }} + ++#docker_package_info: ++# pkg_mgr: apt ++# pkgs: ++# - name: "{{ docker_versioned_pkg[docker_version | string] }}" ++# force: yes ++ + docker_package_info: + pkg_mgr: apt + pkgs: +- - name: "{{ docker_versioned_pkg[docker_version | string] }}" ++ - name: docker.io + force: yes + + docker_repo_key_info: +-- +2.7.4 + diff --git a/compass-tasks-k8s/arm64/etcd-arm64.patch b/compass-tasks-k8s/arm64/etcd-arm64.patch new file mode 100644 index 0000000..8f914ef --- /dev/null +++ b/compass-tasks-k8s/arm64/etcd-arm64.patch @@ -0,0 +1,24 @@ +From 2ec3201a94ccc46406f7ff569545fb94d5a53aa5 Mon Sep 17 00:00:00 2001 +From: Yibo Cai <yibo.cai@linaro.org> +Date: Fri, 19 Jan 2018 11:00:38 +0800 +Subject: [PATCH] arm64 + +--- + roles/etcd/templates/etcd.j2 | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/roles/etcd/templates/etcd.j2 b/roles/etcd/templates/etcd.j2 +index 11f8f74..3a0e8f3 100644 +--- a/roles/etcd/templates/etcd.j2 ++++ b/roles/etcd/templates/etcd.j2 +@@ -3,6 +3,7 @@ + --restart=on-failure:5 \ + --env-file=/etc/etcd.env \ + --net=host \ ++ -e ETCD_UNSUPPORTED_ARCH=arm64 \ + -v /etc/ssl/certs:/etc/ssl/certs:ro \ + -v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \ + -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:rw \ +-- +2.7.4 + diff --git a/compass-tasks-k8s/arm64/run.sh b/compass-tasks-k8s/arm64/run.sh new file mode 100644 index 0000000..a9e9cee --- /dev/null +++ b/compass-tasks-k8s/arm64/run.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +yum install git ntp wget ntpdate openssh-server python-devel sudo '@Development Tools' -y +#yum install -y python-yaml +systemctl stop firewalld +systemctl mask firewalld + +# get kubespray code and install requirement +rm -rf /opt/kargo_k8s +git clone https://github.com/kubernetes-incubator/kubespray.git /opt/kargo_k8s +cd /opt/kargo_k8s + +git checkout f4180503c891bea4b4b77a2f7cc93923411a7449 -b k8s1.9.1 + +# support etcd on arm64 +git apply /root/etcd-arm64.patch +# fix docker package +git apply /root/docker-pkg.patch + +pip install ansible==2.4.2.0 diff --git a/compass-tasks-k8s/run.sh b/compass-tasks-k8s/run.sh new file mode 100644 index 0000000..f40d853 --- /dev/null +++ b/compass-tasks-k8s/run.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +yum install git ntp wget ntpdate openssh-server python-devel sudo '@Development Tools' -y +#yum install -y python-yaml +systemctl stop firewalld +systemctl mask firewalld + +# get kubespray code and install requirement +rm -rf /opt/kargo_k8s +git clone https://github.com/kubernetes-incubator/kubespray.git /opt/kargo_k8s +cd /opt/kargo_k8s +git checkout 05dabb7e7b5eb7cd9a075064868bafe4dc1cf51f -b k8s1.11.3 +source /root/.virtualenvs/compass-core/bin/activate +pip install ansible==2.4.2.0 +ln -s /root/.virtualenvs/compass-core/bin/ansible /usr/bin/ansible +ln -s /root/.virtualenvs/compass-core/bin/ansible-playbook /usr/bin/ansible-playbook diff --git a/compass-tasks-osa/Dockerfile b/compass-tasks-osa/Dockerfile new file mode 100644 index 0000000..bc2a0c2 --- /dev/null +++ b/compass-tasks-osa/Dockerfile @@ -0,0 +1,8 @@ +FROM opnfv/compass-tasks-base +ARG BRANCH=master + +ADD ./run.sh /root/ +#ADD ./tacker_conf /opt/tacker_conf +ADD ./setup-complete.yml /opt/ +RUN chmod +x /root/run.sh +RUN /root/run.sh diff --git a/compass-tasks-osa/Dockerfile-arm64 b/compass-tasks-osa/Dockerfile-arm64 new file mode 100644 index 0000000..cb560b3 --- /dev/null +++ b/compass-tasks-osa/Dockerfile-arm64 @@ -0,0 +1,5 @@ +FROM opnfv/compass-tasks-base +ARG BRANCH=master + +ADD ./run.sh /root/ +# TODO diff --git a/compass-tasks-osa/run.sh b/compass-tasks-osa/run.sh new file mode 100644 index 0000000..aa924b8 --- /dev/null +++ b/compass-tasks-osa/run.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +pip install pyyaml + +# add ansible-playbook for normal use +ln -s /root/.virtualenvs/compass-core/bin/ansible-playbook /usr/bin/ansible-playbook + +yum install https://rdoproject.org/repos/openstack-queens/rdo-release-queens.rpm -y +yum install git ntp wget ntpdate openssh-server python-devel sudo '@Development Tools' -y + +systemctl stop firewalld +systemctl mask firewalld + +#mkdir -p /opt/git/ +#cd /opt/git/ +#wget artifacts.opnfv.org/compass4nfv/package/openstack_queens.tar.gz +#tar -zxvf openstack_queens.tar.gz +#rm -rf openstack_queens.tar.gz + +git clone https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible + +cd /opt/openstack-ansible + +git checkout 2f52fec3cdefcfb0bcc41a807380ecd88fae072e +#git checkout 16c69046bfd90d1b984de43bc6267fece6b75f1c +#git checkout 4cde8f86aaea1fde7c43016f661119879068a133 + +git checkout -b stable/queens + +#/bin/cp -rf /opt/tacker_conf/ansible-role-requirements.yml /opt/openstack-ansible/ +#/bin/cp -rf /opt/tacker_conf/openstack_services.yml /opt/openstack-ansible/playbooks/defaults/repo_packages/ +#/bin/cp -rf /opt/tacker_conf/os-tacker-install.yml /opt/openstack-ansible/playbooks/ +#/bin/cp -rf /opt/tacker_conf/tacker.yml /opt/openstack-ansible/playbooks/inventory/env.d/ +#/bin/cp -rf /opt/tacker_conf/tacker_all.yml /opt/openstack-ansible/group_vars/ +#/bin/cp -rf /opt/tacker_conf/user_secrets.yml /opt/openstack-ansible/etc/openstack_deploy/ + +/bin/cp -rf /opt/openstack-ansible/etc/openstack_deploy /etc/openstack_deploy + +cd /opt/openstack-ansible + +scripts/bootstrap-ansible.sh + +rm -f /usr/local/bin/ansible-playbook + +cd /opt/openstack-ansible/scripts/ +python pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml + +cd /opt/openstack-ansible/inventory/group_vars +sed -i 's/#repo_build_git_cache/repo_build_git_cache/g' repo_all.yml + +cp /opt/setup-complete.yml /opt/openstack-ansible/playbooks/ +echo "- include: setup-complete.yml" >> /opt/openstack-ansible/playbooks/setup-infrastructure.yml diff --git a/compass-tasks-osa/setup-complete.yml b/compass-tasks-osa/setup-complete.yml new file mode 100644 index 0000000..f8a7b54 --- /dev/null +++ b/compass-tasks-osa/setup-complete.yml @@ -0,0 +1,7 @@ +--- + +- hosts: localhost + user: root + tasks: + - name: Mark setup-infrastructure completed + shell: echo "Setup infrastructure completed!" diff --git a/compass-tasks-osa/tacker_conf/ansible-role-requirements.yml b/compass-tasks-osa/tacker_conf/ansible-role-requirements.yml new file mode 100644 index 0000000..201ebd6 --- /dev/null +++ b/compass-tasks-osa/tacker_conf/ansible-role-requirements.yml @@ -0,0 +1,208 @@ +- name: ansible-hardening + scm: git + src: https://git.openstack.org/openstack/ansible-hardening + version: c05e36f48de66feb47046a0126d986fa03313f29 +- name: apt_package_pinning + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + version: 9403a36513aee54c15890ac96c1f8c455f9c083d +- name: pip_install + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + version: df107891bf9fdfa7287bdfe43f3fa0120a80e5ad +- name: galera_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + version: 52b374547648056b58c544532296599801d501d7 +- name: galera_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + version: b124e06872ebeca7d81cb22fb80ae97a995b07a8 +- name: ceph_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-ceph_client + version: 5fcbc68fdbd3105d233fd3c03c887f13227b1c3d +- name: haproxy_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server + version: a905aaed8627f59d9dc10b9bc031589a7c65828f +- name: keepalived + scm: git + src: https://github.com/evrardjp/ansible-keepalived + version: 3.0.3 +- name: lxc_container_create + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + version: c41d3b20da6be07d9bf5db7f7e6a1384c7cfb5eb +- name: lxc_hosts + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + version: fb722e17cd8c1bab640f34ab0b111a44dee2279a +- name: memcached_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + version: 08c483f3c5d49c236194090534a015b67c8cded6 +- name: openstack_hosts + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + version: a0d3b9c9756b6e95b0e034f3d0576fbb33607820 +- name: os_keystone + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + version: 6d131caff7f60d1dfd0c5d3223fe6ece6416a34c +- name: openstack_openrc + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc + version: b27229ef168aed7f2febf6991b2d7459ec8883ee +- name: os_aodh + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_aodh + version: bcd77b1e10a7054e9365da6a20848b393153d025 +- name: os_barbican + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_barbican + version: 0797e8bdadd2fcf4696b22f0e18340c8d9539b09 +- name: os_ceilometer + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer + version: 4b3e0589a0188de885659614ef4e076018af54f7 +- name: os_cinder + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_cinder + version: 6f5ab34e5a0694f3fc84e63c912e00e86e3de280 +- name: os_designate + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_designate + version: a4952759e91853adbc2ba0e0088eacd12a0d1bd1 +- name: os_glance + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_glance + version: 6590581bbcc73f12113edbd0195c33c90fef74b9 +- name: os_gnocchi + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi + version: 5f8950f61ed6b61d1cc06ab73b3b02466bee0db1 +- name: os_heat + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_heat + version: 4d1efae631026631fb2af4f43a9fe8ca210d643e +- name: os_horizon + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_horizon + version: 71aa69b1425f5b5b2bdc274357b62a9b4b57ae8f +- name: os_ironic + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_ironic + version: 34205b6b99fc3cfe54eddbcde0380e626976e425 +- name: os_magnum + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_magnum + version: 0fdeea886ef4227e02d793f6dbfd54ccd9e6e088 +- name: os_molteniron + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_molteniron + version: 58cff32e954ab817d07b8e0a136663c34d7f7b60 +- name: os_neutron + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_neutron + version: 728484ad440461b784114bf93cd912b3d1aecd2f +- name: os_nova + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_nova + version: b1066d20502a29c4ec33fb9e5a8307201f7530cb +- name: os_octavia + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_octavia + version: 5fd1fbae703c17f928cfc00f60aeeed0500c6f2b +- name: os_rally + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_rally + version: b2658fb704fd3a1e8bce794b8bf87ac83931aa46 +- name: os_sahara + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_sahara + version: e3e4f1bc8d72dd6fb7e26b8d0d364f9a60e16b0f +- name: os_swift + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_swift + version: 65a330b0bc96fb88b7b34082f40f47e432948f34 +- name: os_tacker + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_tacker + version: cad6a9033e519f03d97a91911ea981b17f1a7eed +- name: os_tempest + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_tempest + version: 0fb52fcd130bee25f40cd515da69948821d5b504 +- name: os_trove + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_trove + version: 6596f6b28c88a88c89e293ea8f5f8551eb491fd1 +- name: plugins + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-plugins + version: 91ec1736393ff40ac8062180daed0c0027c2549a +- name: rabbitmq_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + version: fa80dfc0f8129e02f3f3b34bb7205889d3e5696c +- name: repo_build + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-repo_build + version: d0079ff721b0f9c4682d57eccfadb36f365eea2b +- name: repo_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-repo_server + version: 8302adcb11cad4e6245fd6bd1bbb4db08d3b60e9 +- name: rsyslog_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client + version: f41638370114412b97c6523b4c626ca70f0337f4 +- name: rsyslog_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server + version: 61a3ab251f63c6156f2a6604ee1a822070e19c90 +- name: sshd + scm: git + src: https://github.com/willshersystems/ansible-sshd + version: 0.5.1 +- name: bird + scm: git + src: https://github.com/logan2211/ansible-bird + version: '1.4' +- name: etcd + scm: git + src: https://github.com/logan2211/ansible-etcd + version: '1.3' +- name: unbound + scm: git + src: https://github.com/logan2211/ansible-unbound + version: '1.5' +- name: resolvconf + scm: git + src: https://github.com/logan2211/ansible-resolvconf + version: '1.3' +- name: ceph-defaults + scm: git + src: https://github.com/ceph/ansible-ceph-defaults + version: v3.0.8 +- name: ceph-common + scm: git + src: https://github.com/ceph/ansible-ceph-common + version: v3.0.8 +- name: ceph-config + scm: git + src: https://github.com/ceph/ansible-ceph-config + version: v3.0.8 +- name: ceph-mon + scm: git + src: https://github.com/ceph/ansible-ceph-mon + version: v3.0.8 +- name: ceph-mgr + scm: git + src: https://github.com/ceph/ansible-ceph-mgr + version: v3.0.8 +- name: ceph-osd + scm: git + src: https://github.com/ceph/ansible-ceph-osd + version: v3.0.8 diff --git a/compass-tasks-osa/tacker_conf/openstack_services.yml b/compass-tasks-osa/tacker_conf/openstack_services.yml new file mode 100644 index 0000000..a451f9e --- /dev/null +++ b/compass-tasks-osa/tacker_conf/openstack_services.yml @@ -0,0 +1,225 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## NOTICE on items in this file: +## * If you use anything in the *._git_install_branch field that is not a TAG +## make sure to leave an in-line comment as to "why". + +## For the sake of anyone else editing this file: +## * If you add services to this file please do so in alphabetical order. +## * Every entry should be name spaced with the name of the client followed by an "_" +## * All items with this file should be separated by `name_` note that the name of the +## package should be one long name with no additional `_` separating it. + + +### Before this is shipped all of these services should have a tag set as the branch, +### or have a comment / reason attached to them as to why a tag can not work. + + +## Global Requirements +requirements_git_repo: https://git.openstack.org/openstack/requirements +requirements_git_install_branch: e7e310f1f355f2ad06528e469c0bd94d7fbc6955 # HEAD of "stable/pike" as of 30.11.2017 + + +## Aodh service +aodh_git_repo: https://git.openstack.org/openstack/aodh +aodh_git_install_branch: ed3ce41fa0ae0173601b683748265e502b84553b # HEAD of "stable/pike" as of 30.11.2017 +aodh_git_project_group: aodh_all + + +## Barbican service +barbican_git_repo: https://git.openstack.org/openstack/barbican +barbican_git_install_branch: 4aefe87d91715adf4a0bc3871956404ebe312fe3 # HEAD of "stable/pike" as of 30.11.2017 +barbican_git_project_group: barbican_all + + +## Ceilometer service +ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer +ceilometer_git_install_branch: d9340c88f0618d40b2959ab09a53c518f3a91de5 # HEAD of "stable/pike" as of 30.11.2017 +ceilometer_git_project_group: ceilometer_all + + +## Cinder service +cinder_git_repo: https://git.openstack.org/openstack/cinder +cinder_git_install_branch: 7bcb2ff94cf38eaa9def1115569981760e36510c # HEAD of "stable/pike" as of 30.11.2017 +cinder_git_project_group: cinder_all + + +## Designate service +designate_git_repo: https://git.openstack.org/openstack/designate +designate_git_install_branch: 6beba54a71510525d5bbc4956d20d27bffa982e5 # HEAD of "stable/pike" as of 30.11.2017 +designate_git_project_group: designate_all + + +## Horizon Designate dashboard plugin +designate_dashboard_git_repo: https://git.openstack.org/openstack/designate-dashboard +designate_dashboard_git_install_branch: bc128a7c29a427933fc4ca94a7510ef8c97e5206 # HEAD of "stable/pike" as of 30.11.2017 +designate_dashboard_git_project_group: horizon_all + + +## Dragonflow service +dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow +dragonflow_git_install_branch: 84f1a26ff8e976b753593dc445e09a4c1a675a21 # Frozen HEAD of "master" as of 14.10.2017 (no stable/pike branch) +dragonflow_git_project_group: neutron_all + + +## Glance service +glance_git_repo: https://git.openstack.org/openstack/glance +glance_git_install_branch: 06af2eb5abe0332f7035a7d7c2fbfd19fbc4dae7 # HEAD of "stable/pike" as of 30.11.2017 +glance_git_project_group: glance_all + + +## Heat service +heat_git_repo: https://git.openstack.org/openstack/heat +heat_git_install_branch: ed3eb9fe823e193e850e170405eecbc1411667f6 # HEAD of "stable/pike" as of 30.11.2017 +heat_git_project_group: heat_all + + +## Horizon service +horizon_git_repo: https://git.openstack.org/openstack/horizon +horizon_git_install_branch: 8b98b9bec432e40d121cc4a3ed6abea5da701a84 # HEAD of "stable/pike" as of 30.11.2017 +horizon_git_project_group: horizon_all + +## Horizon Ironic dashboard plugin +ironic_dashboard_git_repo: https://git.openstack.org/openstack/ironic-ui +ironic_dashboard_git_install_branch: e2cba8ed8745b8ffcaa60d26ab69fd93f61582ad # HEAD of "stable/pike" as of 30.11.2017 +ironic_dashboard_git_project_group: horizon_all + +## Horizon Magnum dashboard plugin +magnum_dashboard_git_repo: https://git.openstack.org/openstack/magnum-ui +magnum_dashboard_git_install_branch: 0b9fc50aada1a3e214acaad1204b48c96a549e5f # HEAD of "stable/pike" as of 30.11.2017 +magnum_dashboard_git_project_group: horizon_all + +## Horizon LBaaS dashboard plugin +neutron_lbaas_dashboard_git_repo: https://git.openstack.org/openstack/neutron-lbaas-dashboard +neutron_lbaas_dashboard_git_install_branch: a5a05a27e7cab99dc379774f1d01c0076818e539 # HEAD of "stable/pike" as of 30.11.2017 +neutron_lbaas_dashboard_git_project_group: horizon_all + +## Horizon Sahara dashboard plugin +sahara_dashboard_git_repo: https://git.openstack.org/openstack/sahara-dashboard +sahara_dashboard_git_install_branch: 804206bb9c8af5c1d4f540664a6f9b36d45696e6 # HEAD of "stable/pike" as of 30.11.2017 +sahara_dashboard_git_project_group: horizon_all + + +## Keystone service +keystone_git_repo: https://git.openstack.org/openstack/keystone +keystone_git_install_branch: d0721d7cf4dc808946a7016b0ca2830c8850d5d9 # HEAD of "stable/pike" as of 30.11.2017 +keystone_git_project_group: keystone_all + + +## Neutron service +neutron_git_repo: https://git.openstack.org/openstack/neutron +neutron_git_install_branch: b1f71de42ead2c1278343307307984ad1ff00c71 # HEAD of "stable/pike" as of 30.11.2017 +neutron_git_project_group: neutron_all + +neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas +neutron_lbaas_git_install_branch: dbdbbee9e7325f27a671cdc0813446d85329ca1b # HEAD of "stable/pike" as of 30.11.2017 +neutron_lbaas_git_project_group: neutron_all + +neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas +neutron_vpnaas_git_install_branch: 60e4e7113b5fbbf28e97ebce2f40b7f1675200e6 # HEAD of "stable/pike" as of 30.11.2017 +neutron_vpnaas_git_project_group: neutron_all + +neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas +neutron_fwaas_git_install_branch: c2bafa999f7ea45687d5a3d42739e465564e99d1 # HEAD of "stable/pike" as of 30.11.2017 +neutron_fwaas_git_project_group: neutron_all + +neutron_dynamic_routing_git_repo: https://git.openstack.org/openstack/neutron-dynamic-routing +neutron_dynamic_routing_git_install_branch: 9098d4447581117e857d2f86fb4a0508b5ffbb6a # HEAD of "stable/pike" as of 30.11.2017 +neutron_dynamic_routing_git_project_group: neutron_all + +networking_calico_git_repo: https://git.openstack.org/openstack/networking-calico +networking_calico_git_install_branch: 9688df1a3d1d8b3fd9ba367e82fe6b0559416728 # HEAD of "master" as of 30.11.2017 +networking_calico_git_project_group: neutron_all + +networking_odl_git_repo: https://git.openstack.org/openstack/networking-odl +networking_odl_git_install_branch: 319c51183fde4c189d310ff252248f3632c8c9df # HEAD of "master" as of 29.10.2017 +networking_odl_git_project_group: neutron_all + +## Nova service +nova_git_repo: https://git.openstack.org/openstack/nova +nova_git_install_branch: ec20e1aca856cf1f31d0212bda3e494bb8622aad # HEAD of "stable/pike" as of 30.11.2017 +nova_git_project_group: nova_all + + +## PowerVM Virt Driver +nova_powervm_git_repo: https://git.openstack.org/openstack/nova-powervm +nova_powervm_git_install_branch: e0b516ca36fa5dfd38ae6f7ea97afd9a52f313ed # HEAD of "stable/pike" as of 30.11.2017 +nova_powervm_git_project_group: nova_all + + +## LXD Virt Driver +nova_lxd_git_repo: https://git.openstack.org/openstack/nova-lxd +nova_lxd_git_install_branch: 9747c274138d9ef40512d5015e9e581f6bbec5d9 # HEAD of "stable/pike" as of 30.11.2017 +nova_lxd_git_project_group: nova_all + + +## Sahara service +sahara_git_repo: https://git.openstack.org/openstack/sahara +sahara_git_install_branch: 3ee0da5ea09904125c44e1f9d1a9b83554b1a1cd # HEAD of "stable/pike" as of 30.11.2017 +sahara_git_project_group: sahara_all + + +## Swift service +swift_git_repo: https://git.openstack.org/openstack/swift +swift_git_install_branch: 0344d6eb5afc723adc7bacf4b4e2aaf04da47548 # HEAD of "stable/pike" as of 30.11.2017 +swift_git_project_group: swift_all + + +## Swift3 middleware +swift_swift3_git_repo: https://git.openstack.org/openstack/swift3 +swift_swift3_git_install_branch: 1fb6a30ee59a16cd4b6c49bab963ff9e3f974580 # HEAD of "master" as of 30.11.2017 +swift_swift3_git_project_group: swift_all + + +## Ironic service +ironic_git_repo: https://git.openstack.org/openstack/ironic +ironic_git_install_branch: 47179d9fca337f32324f8e8a68541358fdac8649 # HEAD of "stable/pike" as of 30.11.2017 +ironic_git_project_group: ironic_all + +## Magnum service +magnum_git_repo: https://git.openstack.org/openstack/magnum +magnum_git_install_branch: c58b727bec3561d8d283497d784a3437185924dd # HEAD of "stable/pike" as of 30.11.2017 +magnum_git_project_group: magnum_all + +## Trove service +trove_git_repo: https://git.openstack.org/openstack/trove +trove_git_install_branch: e6d4b4b3fe1768348c9df815940b97cecb5e7ee2 # HEAD of "stable/pike" as of 30.11.2017 +trove_git_project_group: trove_all + +## Horizon Trove dashboard plugin +trove_dashboard_git_repo: https://git.openstack.org/openstack/trove-dashboard +trove_dashboard_git_install_branch: bffd0776d139f38f96ce8ded07ccde4b5a41bc7a # HEAD of "stable/pike" as of 30.11.2017 +trove_dashboard_git_project_group: horizon_all + +## Octavia service +octavia_git_repo: https://git.openstack.org/openstack/octavia +octavia_git_install_branch: d2fad0b6544a4893f72e2e993292b0379a452515 # HEAD of "stable/pike" as of 30.11.2017 +octavia_git_project_group: octavia_all + +## Molteniron service +molteniron_git_repo: https://git.openstack.org/openstack/molteniron +molteniron_git_install_branch: 094276cda77d814d07ad885e7d63de8d1243750a # HEAD of "master" as of 30.11.2017 +molteniron_git_project_group: molteniron_all + +## Tacker service +tacker_git_repo: https://git.openstack.org/openstack/tacker +tacker_git_install_branch: 90f5374f73ea8dd5f41c9ca8f2ed447d5a37285a # HEAD of "pike" as of 07.09.2017 +tacker_git_project_group: tacker_all + +networking_sfc_git_repo: https://git.openstack.org/openstack/networking-sfc +networking_sfc_git_install_branch: 4f98a7bb28bee3d4044b2c8af942e2df42c6752b # HEAD of "master" as of 16.10.2017 +networking_sfc_git_project_group: tacker_all diff --git a/compass-tasks-osa/tacker_conf/os-tacker-install.yml b/compass-tasks-osa/tacker_conf/os-tacker-install.yml new file mode 100644 index 0000000..dd96595 --- /dev/null +++ b/compass-tasks-osa/tacker_conf/os-tacker-install.yml @@ -0,0 +1,63 @@ +--- +# Copyright 2017, SUSE LINUX GmbH. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install the tacker components + hosts: tacker_all + gather_facts: "{{ gather_facts | default(True) }}" + max_fail_percentage: 20 + user: root + pre_tasks: + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/rabbitmq-vhost-user.yml + static: no + vars: + user: "{{ tacker_rabbitmq_userid }}" + password: "{{ tacker_rabbitmq_password }}" + vhost: "{{ tacker_rabbitmq_vhost }}" + _rabbitmq_host_group: "{{ tacker_rabbitmq_host_group }}" + when: + - inventory_hostname == groups['tacker_all'][0] + - groups[tacker_rabbitmq_host_group] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-tacker" + dest: "/var/log/tacker" + - include: common-tasks/mysql-db-user.yml + static: no + vars: + user_name: "{{ tacker_galera_user }}" + password: "{{ tacker_container_mysql_password }}" + login_host: "{{ tacker_galera_address }}" + db_name: "{{ tacker_galera_database }}" + when: inventory_hostname == groups['tacker_all'][0] + - include: common-tasks/package-cache-proxy.yml + roles: + - role: "os_tacker" + - role: "openstack_openrc" + tags: + - openrc + - role: "rsyslog_client" + rsyslog_client_log_rotate_file: tacker_log_rotate + rsyslog_client_log_dir: "/var/log/tacker" + rsyslog_client_config_name: "99-tacker-rsyslog-client.conf" + tags: + - rsyslog + vars: + is_metal: "{{ properties.is_metal|default(false) }}" + tacker_galera_address: "{{ internal_lb_vip_address }}" + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - tacker diff --git a/compass-tasks-osa/tacker_conf/tacker.yml b/compass-tasks-osa/tacker_conf/tacker.yml new file mode 100644 index 0000000..9ceabbc --- /dev/null +++ b/compass-tasks-osa/tacker_conf/tacker.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2017, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +component_skel: + tacker_server: + belongs_to: + - tacker_all + + +container_skel: + tacker_container: + belongs_to: + - mano_containers + contains: + - tacker_server + + +physical_skel: + mano_containers: + belongs_to: + - all_containers + mano_hosts: + belongs_to: + - hosts diff --git a/compass-tasks-osa/tacker_conf/tacker_all.yml b/compass-tasks-osa/tacker_conf/tacker_all.yml new file mode 100644 index 0000000..95d5b83 --- /dev/null +++ b/compass-tasks-osa/tacker_conf/tacker_all.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2017, SUSE LINUX GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +tacker_service_user_name: tacker +tacker_service_tenant_name: service + +tacker_rabbitmq_userid: tacker +tacker_rabbitmq_vhost: /tacker +tacker_rabbitmq_port: "{{ rabbitmq_port }}" +tacker_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +tacker_rabbitmq_servers: "{{ rabbitmq_servers }}" +tacker_rabbitmq_host_group: "{{ rabbitmq_host_group }}" + +tacker_service_publicuri: "{{ openstack_service_publicuri_proto|default(tacker_service_proto) }}://{{ external_lb_vip_address }}:{{ tacker_service_port }}" +tacker_service_adminurl: "{{ tacker_service_adminuri }}/" +tacker_service_region: "{{ service_region }}" +tacker_service_in_ldap: "{{ service_ldap_backend_enabled }}" + +tacker_aodh_enabled: "{{ groups['aodh_all'] is defined and groups['aodh_all'] | length > 0 }}" +tacker_gnocchi_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}" + +# NOTE: these and their swift_all.yml counterpart should be moved back to all.yml once swift with tacker gets proper SSL support +# swift_rabbitmq_telemetry_port: "{{ rabbitmq_port }}" +# swift_rabbitmq_telemetry_use_ssl: "{{ rabbitmq_use_ssl }}" + +# Ensure that the package state matches the global setting +tacker_package_state: "{{ package_state }}" + +# venv fetch configuration +tacker_venv_tag: "{{ venv_tag }}" +tacker_venv_download_url: "{{ venv_base_download_url }}/tacker-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz" + +# locations for fetching the default files from the git source +tacker_git_config_lookup_location: "{{ openstack_repo_url }}/openstackgit/tacker" diff --git a/compass-tasks-osa/tacker_conf/user_secrets.yml b/compass-tasks-osa/tacker_conf/user_secrets.yml new file mode 100644 index 0000000..05832ec --- /dev/null +++ b/compass-tasks-osa/tacker_conf/user_secrets.yml @@ -0,0 +1,163 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +############################# WARNING ######################################## +# The playbooks do not currently manage changing passwords in an existing +# environment. Changing passwords and re-running the playbooks will fail +# and may break your OpenStack environment. +############################# WARNING ######################################## + + +## Rabbitmq Options +rabbitmq_cookie_token: +rabbitmq_monitoring_password: + +## Tokens +memcached_encryption_key: + +## Galera Options +galera_root_password: + +## Keystone Options +keystone_container_mysql_password: +keystone_auth_admin_password: +keystone_service_password: +keystone_rabbitmq_password: + +## Ceilometer Options: +ceilometer_container_db_password: +ceilometer_service_password: +ceilometer_telemetry_secret: +ceilometer_rabbitmq_password: + +## Aodh Options: +aodh_container_db_password: +aodh_service_password: +aodh_rabbitmq_password: + +## Cinder Options +cinder_container_mysql_password: +cinder_service_password: +cinder_profiler_hmac_key: +cinder_rabbitmq_password: + +## Ceph/rbd: a UUID to be used by libvirt to refer to the client.cinder user +cinder_ceph_client_uuid: + +## Glance Options +glance_container_mysql_password: +glance_service_password: +glance_profiler_hmac_key: +glance_rabbitmq_password: + +## Gnocchi Options: +gnocchi_container_mysql_password: +gnocchi_service_password: + +## Heat Options +heat_stack_domain_admin_password: +heat_container_mysql_password: +### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## +heat_auth_encryption_key: +### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## +heat_service_password: +heat_rabbitmq_password: + +## Ironic options +ironic_rabbitmq_password: +ironic_container_mysql_password: +ironic_service_password: +ironic_swift_temp_url_secret_key: + +## Horizon Options +horizon_container_mysql_password: +horizon_secret_key: + +## Neutron Options +neutron_container_mysql_password: +neutron_service_password: +neutron_rabbitmq_password: +neutron_ha_vrrp_auth_password: + +## Nova Options +nova_container_mysql_password: +nova_api_container_mysql_password: +nova_metadata_proxy_secret: +nova_service_password: +nova_rabbitmq_password: +nova_placement_service_password: +nova_placement_container_mysql_password: + +# LXD Options for nova compute +lxd_trust_password: + +## Octavia Options +octavia_container_mysql_password: +octavia_service_password: +octavia_health_hmac_key: +octavia_rabbitmq_password: + +## Sahara Options +sahara_container_mysql_password: +sahara_rabbitmq_password: +sahara_service_password: + +## Swift Options: +swift_service_password: +swift_dispersion_password: +### Once the swift cluster has been setup DO NOT change these hash values! +swift_hash_path_suffix: +swift_hash_path_prefix: +# Swift needs a telemetry password when using ceilometer +swift_rabbitmq_telemetry_password: + +## haproxy stats password +haproxy_stats_password: +haproxy_keepalived_authentication_password: + +## Magnum Options +magnum_service_password: +magnum_galera_password: +magnum_rabbitmq_password: +magnum_trustee_password: + +## Rally Options: +rally_galera_password: + +## Trove Options +trove_galera_password: +trove_rabbitmq_password: +trove_service_password: +trove_admin_user_password: +trove_taskmanager_rpc_encr_key: +trove_inst_rpc_key_encr_key: + +## Barbican Options +barbican_galera_password: +barbican_rabbitmq_password: +barbican_service_password: + +## Designate Options +designate_galera_password: +designate_rabbitmq_password: +designate_service_password: + +## Molteniron Options: +molteniron_container_mysql_password: + +# Tacker options +tacker_rabbitmq_password: +tacker_service_password: +tacker_container_mysql_password: diff --git a/compass-tasks/Dockerfile b/compass-tasks/Dockerfile index bc2a0c2..91abdc8 100644 --- a/compass-tasks/Dockerfile +++ b/compass-tasks/Dockerfile @@ -2,7 +2,7 @@ FROM opnfv/compass-tasks-base ARG BRANCH=master ADD ./run.sh /root/ -#ADD ./tacker_conf /opt/tacker_conf +ADD ./tacker_conf /opt/tacker_conf ADD ./setup-complete.yml /opt/ RUN chmod +x /root/run.sh RUN /root/run.sh diff --git a/compass-tasks/Dockerfile-arm64 b/compass-tasks/Dockerfile-arm64 new file mode 100644 index 0000000..cb560b3 --- /dev/null +++ b/compass-tasks/Dockerfile-arm64 @@ -0,0 +1,5 @@ +FROM opnfv/compass-tasks-base +ARG BRANCH=master + +ADD ./run.sh /root/ +# TODO diff --git a/compass-tasks/run.sh b/compass-tasks/run.sh index 2ab0b6f..a8f20e1 100644 --- a/compass-tasks/run.sh +++ b/compass-tasks/run.sh @@ -17,32 +17,23 @@ cd /opt/git/ wget artifacts.opnfv.org/compass4nfv/package/openstack_pike.tar.gz tar -zxvf openstack_pike.tar.gz rm -rf openstack_pike.tar.gz -#cd openstack -#git clone https://github.com/openstack/tacker.git -b stable/pike -#cd tacker -#git checkout a0f1e680d81c7db66ae7a2a08c3d069901d0765a git clone https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible cd /opt/openstack-ansible -#git checkout b962eed003580ee4c3bd69da911f20b3905a9176 -#git checkout da37351ca0a96ed38de72f3e00a7549a024cb810 -#git checkout 71110d6bc0f459b668948aca185139c1d79f0452 git checkout 16c69046bfd90d1b984de43bc6267fece6b75f1c #git checkout 4cde8f86aaea1fde7c43016f661119879068a133 git checkout -b stable/pike -#/bin/cp -rf /opt/tacker_conf/ansible-role-requirements.yml /opt/openstack-ansible/ -#/bin/cp -rf /opt/tacker_conf/openstack_services.yml /opt/openstack-ansible/playbooks/defaults/repo_packages/ -#/bin/cp -rf /opt/tacker_conf/os-tacker-install.yml /opt/openstack-ansible/playbooks/ -#/bin/cp -rf /opt/tacker_conf/setup-openstack.yml /opt/openstack-ansible/playbooks/ -#/bin/cp -rf /opt/tacker_conf/tacker.yml /opt/openstack-ansible/playbooks/inventory/env.d/ -#/bin/cp -rf /opt/tacker_conf/tacker_all.yml /opt/openstack-ansible/playbooks/inventory/group_vars/ -#/bin/cp -rf /opt/tacker_conf/user_secrets.yml /opt/openstack-ansible/etc/openstack_deploy/ -#/bin/cp -rf /opt/tacker_conf/haproxy_config.yml /opt/openstack-ansible/playbooks/vars/configs/ +/bin/cp -rf /opt/tacker_conf/ansible-role-requirements.yml /opt/openstack-ansible/ +/bin/cp -rf /opt/tacker_conf/openstack_services.yml /opt/openstack-ansible/playbooks/defaults/repo_packages/ +/bin/cp -rf /opt/tacker_conf/os-tacker-install.yml /opt/openstack-ansible/playbooks/ +/bin/cp -rf /opt/tacker_conf/tacker.yml /opt/openstack-ansible/playbooks/inventory/env.d/ +/bin/cp -rf /opt/tacker_conf/tacker_all.yml /opt/openstack-ansible/group_vars/ +/bin/cp -rf /opt/tacker_conf/user_secrets.yml /opt/openstack-ansible/etc/openstack_deploy/ /bin/cp -rf /opt/openstack-ansible/etc/openstack_deploy /etc/openstack_deploy diff --git a/compass-tasks/tacker_conf/ansible-role-requirements.yml b/compass-tasks/tacker_conf/ansible-role-requirements.yml index 40e0f91..201ebd6 100644 --- a/compass-tasks/tacker_conf/ansible-role-requirements.yml +++ b/compass-tasks/tacker_conf/ansible-role-requirements.yml @@ -1,192 +1,208 @@ +- name: ansible-hardening + scm: git + src: https://git.openstack.org/openstack/ansible-hardening + version: c05e36f48de66feb47046a0126d986fa03313f29 - name: apt_package_pinning scm: git src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning - version: d5c0d7e8d21fc1539cc043097e23851296e2dd95 + version: 9403a36513aee54c15890ac96c1f8c455f9c083d - name: pip_install scm: git src: https://git.openstack.org/openstack/openstack-ansible-pip_install - version: e142f5642646449d98cd65d8fd0690907c403801 + version: df107891bf9fdfa7287bdfe43f3fa0120a80e5ad - name: galera_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_client - version: 1d3cdcd33c75a668ac3be046ac53fe1842780058 + version: 52b374547648056b58c544532296599801d501d7 - name: galera_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_server - version: e47877adc99bf64b900c83056716dfc09f2bcc0b + version: b124e06872ebeca7d81cb22fb80ae97a995b07a8 - name: ceph_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-ceph_client - version: d1b30ae7b660acbb4f9d6e4f4ab702581c6748d9 + version: 5fcbc68fdbd3105d233fd3c03c887f13227b1c3d - name: haproxy_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server - version: ffba50ecf0c99f41d1d5a1195268a2c23c38f89f + version: a905aaed8627f59d9dc10b9bc031589a7c65828f - name: keepalived scm: git src: https://github.com/evrardjp/ansible-keepalived - version: 2.6.0 + version: 3.0.3 - name: lxc_container_create scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create - version: 540bd82f8ded168ccab25a4a762a5a88e5a4ecbd + version: c41d3b20da6be07d9bf5db7f7e6a1384c7cfb5eb - name: lxc_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts - version: 73a62894aa26e4b63bb69336411209fc0df6abb2 + version: fb722e17cd8c1bab640f34ab0b111a44dee2279a - name: memcached_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-memcached_server - version: ddd1dc402b7c825265a9e59483272f2dfcd65a93 -- name: openstack-ansible-security - scm: git - src: https://git.openstack.org/openstack/openstack-ansible-security - version: c58c839f9cc9fcb75d32fc8de00b4f27add36661 + version: 08c483f3c5d49c236194090534a015b67c8cded6 - name: openstack_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts - version: 1ba80641ed5c4d55a41906e9d37df10b9fd720ee + version: a0d3b9c9756b6e95b0e034f3d0576fbb33607820 - name: os_keystone scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_keystone - version: 600e0e58102ccbdd082b5c90237cb7d27c63e5fa + version: 6d131caff7f60d1dfd0c5d3223fe6ece6416a34c - name: openstack_openrc scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc - version: dfdf65b3db7c6240fa173a3a62af4e5028023626 + version: b27229ef168aed7f2febf6991b2d7459ec8883ee - name: os_aodh scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_aodh - version: a1ec96ee54d7b8c7fd24f1148545d3556a0a8b5b + version: bcd77b1e10a7054e9365da6a20848b393153d025 - name: os_barbican scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_barbican - version: 2d087176610c712f51dec8722b6129e648b149e2 + version: 0797e8bdadd2fcf4696b22f0e18340c8d9539b09 - name: os_ceilometer scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer - version: 1d709bd6eace68bfd7fb7d1e52df8d5b6f28810b + version: 4b3e0589a0188de885659614ef4e076018af54f7 - name: os_cinder scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_cinder - version: 66542db4c7045dc559a1b3e6bd293ca28e09c34e + version: 6f5ab34e5a0694f3fc84e63c912e00e86e3de280 +- name: os_designate + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_designate + version: a4952759e91853adbc2ba0e0088eacd12a0d1bd1 - name: os_glance scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_glance - version: 79d6b78e894715ba3a17b50cc18917b251025069 + version: 6590581bbcc73f12113edbd0195c33c90fef74b9 - name: os_gnocchi scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi - version: 5932746fe1717ef2798b46c374c268945f34814e + version: 5f8950f61ed6b61d1cc06ab73b3b02466bee0db1 - name: os_heat scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_heat - version: cbe917fefeb90c506e1c73c31b9a1d00fbf9beff + version: 4d1efae631026631fb2af4f43a9fe8ca210d643e - name: os_horizon scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_horizon - version: 25435372547d217116dd4ba10b5d0e8c39307b52 + version: 71aa69b1425f5b5b2bdc274357b62a9b4b57ae8f - name: os_ironic scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ironic - version: 4110fca2b9e1c6a1698b9be9797253db4a1cad2e + version: 34205b6b99fc3cfe54eddbcde0380e626976e425 - name: os_magnum scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_magnum - version: f452cc54d1b3240f81a82fd110a467cd996a3331 -- name: os_trove + version: 0fdeea886ef4227e02d793f6dbfd54ccd9e6e088 +- name: os_molteniron scm: git - src: https://git.openstack.org/openstack/openstack-ansible-os_trove - version: 51b38916ad99f3ffbc1723a7d97f9034b4c02dc4 + src: https://git.openstack.org/openstack/openstack-ansible-os_molteniron + version: 58cff32e954ab817d07b8e0a136663c34d7f7b60 - name: os_neutron scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_neutron - version: 4b43221adae78627d8035cd82e791662821a461c + version: 728484ad440461b784114bf93cd912b3d1aecd2f - name: os_nova scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_nova - version: 8aacdd01ad98d82b3b817895d39af44b3a862847 + version: b1066d20502a29c4ec33fb9e5a8307201f7530cb +- name: os_octavia + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_octavia + version: 5fd1fbae703c17f928cfc00f60aeeed0500c6f2b - name: os_rally scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_rally - version: 1410d71f60aa354259fa11d9dddfe4ed743177ab + version: b2658fb704fd3a1e8bce794b8bf87ac83931aa46 - name: os_sahara scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_sahara - version: 5e29921df9cc7d3ba2a89b0d6cdddcf02553c423 + version: e3e4f1bc8d72dd6fb7e26b8d0d364f9a60e16b0f - name: os_swift scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_swift - version: 70c3795215b5b3ea90090ffd99381c97bc45be80 + version: 65a330b0bc96fb88b7b34082f40f47e432948f34 - name: os_tacker scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tacker - version: c6a563731b4482a28b7a01982252d79f52fe586b + version: cad6a9033e519f03d97a91911ea981b17f1a7eed - name: os_tempest scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tempest - version: 5934f81385870cc836f7d1cd84b8dbc6a97cedad + version: 0fb52fcd130bee25f40cd515da69948821d5b504 +- name: os_trove + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_trove + version: 6596f6b28c88a88c89e293ea8f5f8551eb491fd1 - name: plugins scm: git src: https://git.openstack.org/openstack/openstack-ansible-plugins - version: 9ce61bdc6cb537c2377e95da1c3bfc9e837c9784 + version: 91ec1736393ff40ac8062180daed0c0027c2549a - name: rabbitmq_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server - version: 3d1de52f75c08b3265d2b35c56c9217d60c2c840 + version: fa80dfc0f8129e02f3f3b34bb7205889d3e5696c - name: repo_build scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_build - version: 6d00b7d6f431fc8706be81e1089ee351d2172e48 + version: d0079ff721b0f9c4682d57eccfadb36f365eea2b - name: repo_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_server - version: 860ff80b348f1c9e93745da55b1df69d05283afb + version: 8302adcb11cad4e6245fd6bd1bbb4db08d3b60e9 - name: rsyslog_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client - version: 5f5275720d13bd22945348751131c39877b731ab + version: f41638370114412b97c6523b4c626ca70f0337f4 - name: rsyslog_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server - version: a7d4b0df2e9ed3c2a1414613e96c7c9db0f2db60 + version: 61a3ab251f63c6156f2a6604ee1a822070e19c90 - name: sshd scm: git src: https://github.com/willshersystems/ansible-sshd - version: 0.4.5 + version: 0.5.1 - name: bird scm: git src: https://github.com/logan2211/ansible-bird - version: '1.2' + version: '1.4' - name: etcd scm: git src: https://github.com/logan2211/ansible-etcd - version: '1.2' + version: '1.3' - name: unbound scm: git src: https://github.com/logan2211/ansible-unbound - version: '1.3' + version: '1.5' - name: resolvconf scm: git src: https://github.com/logan2211/ansible-resolvconf - version: '1.2' -- name: os_designate + version: '1.3' +- name: ceph-defaults scm: git - src: https://git.openstack.org/openstack/openstack-ansible-os_designate - version: fc4f0fb40197954c96f486f4ebbd679162b27a6d -- name: ceph.ceph-common + src: https://github.com/ceph/ansible-ceph-defaults + version: v3.0.8 +- name: ceph-common scm: git src: https://github.com/ceph/ansible-ceph-common - version: v2.2.4 -- name: ceph.ceph-docker-common + version: v3.0.8 +- name: ceph-config scm: git - src: https://github.com/ceph/ansible-ceph-docker-common - version: ca86fd0ef6d24aa2c750a625acdcb8012c374aa0 + src: https://github.com/ceph/ansible-ceph-config + version: v3.0.8 - name: ceph-mon scm: git src: https://github.com/ceph/ansible-ceph-mon - version: v2.2.4 + version: v3.0.8 +- name: ceph-mgr + scm: git + src: https://github.com/ceph/ansible-ceph-mgr + version: v3.0.8 - name: ceph-osd scm: git src: https://github.com/ceph/ansible-ceph-osd - version: v2.2.4 + version: v3.0.8 diff --git a/compass-tasks/tacker_conf/haproxy_config.yml b/compass-tasks/tacker_conf/haproxy_config.yml deleted file mode 100644 index bbac6d7..0000000 --- a/compass-tasks/tacker_conf/haproxy_config.yml +++ /dev/null @@ -1,285 +0,0 @@ -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -haproxy_default_services: - - service: - haproxy_service_name: galera - haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected - haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 3306 - haproxy_balance_type: tcp - haproxy_timeout_client: 5000s - haproxy_timeout_server: 5000s - haproxy_backend_options: - - "mysql-check user {{ galera_monitoring_user }}" - haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}" - - service: - haproxy_service_name: repo_git - haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 9418 - haproxy_balance_type: tcp - haproxy_backend_options: - - tcp-check - haproxy_whitelist_networks: "{{ haproxy_repo_git_whitelist_networks }}" - - service: - haproxy_service_name: repo_all - haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 8181 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: repo_cache - haproxy_backend_nodes: "{{ [groups['repo_all'][0]] | default([]) }}" # list expected - haproxy_backup_nodes: "{{ groups['repo_all'][1:] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: "{{ repo_pkg_cache_port }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /acng-report.html" - haproxy_whitelist_networks: "{{ haproxy_repo_cache_whitelist_networks }}" - - service: - haproxy_service_name: glance_api - haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9292 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - - service: - haproxy_service_name: glance_registry - haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9191 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - haproxy_whitelist_networks: "{{ haproxy_glance_registry_whitelist_networks }}" - - service: - haproxy_service_name: gnocchi - haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}" - haproxy_port: 8041 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - - service: - haproxy_service_name: heat_api_cfn - haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}" - haproxy_port: 8000 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: heat_api_cloudwatch - haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}" - haproxy_port: 8003 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: heat_api - haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}" - haproxy_port: 8004 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: keystone_service - haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" - haproxy_port: 5000 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: "http" - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: keystone_admin - haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" - haproxy_port: 35357 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: "http" - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_whitelist_networks: "{{ haproxy_keystone_admin_whitelist_networks }}" - - service: - haproxy_service_name: neutron_server - haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" - haproxy_port: 9696 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: nova_api_metadata - haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}" - haproxy_port: 8775 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}" - - service: - haproxy_service_name: nova_api_os_compute - haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8774 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: nova_api_placement - haproxy_backend_nodes: "{{ groups['nova_api_placement'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8780 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: nova_console - haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: "{{ nova_console_port }}" - haproxy_balance_type: http - haproxy_timeout_client: 60m - haproxy_timeout_server: 60m - haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_backend_httpcheck_options: - - "expect status 404" - - service: - haproxy_service_name: cinder_api - haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8776 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: horizon - haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: true - haproxy_port: "{{ haproxy_ssl | ternary(443,80) }}" - haproxy_backend_port: 80 - haproxy_redirect_http_port: 80 - haproxy_balance_type: http - haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: sahara_api - haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_alg: source - haproxy_port: 8386 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - - service: - haproxy_service_name: swift_proxy - haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_alg: source - haproxy_port: 8080 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - - service: - haproxy_service_name: ceilometer_api - haproxy_backend_nodes: "{{ groups['ceilometer_api_container'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8777 - haproxy_balance_type: tcp - haproxy_backend_options: - - tcp-check - - service: - haproxy_service_name: aodh_api - haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8042 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_backend_httpcheck_options: - - "expect status 401" - - service: - haproxy_service_name: ironic_api - haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 6385 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /" - - service: - haproxy_service_name: rabbitmq_mgmt - haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 15672 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}" - - service: - haproxy_service_name: magnum - haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9511 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /" - - service: - haproxy_service_name: trove - haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8779 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: barbican - haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9311 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_backend_httpcheck_options: - - "expect status 401" - - service: - haproxy_service_name: designate_api - haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9001 - haproxy_balance_type: http - haproxy_backend_options: - - "forwardfor" - - "httpchk /versions" - - "httplog" - - service: - haproxy_service_name: tacker - haproxy_backend_nodes: "{{ groups['tacker_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9890 - haproxy_balance_type: http - haproxy_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" diff --git a/compass-tasks/tacker_conf/openstack_services.yml b/compass-tasks/tacker_conf/openstack_services.yml index 5a772e5..a451f9e 100644 --- a/compass-tasks/tacker_conf/openstack_services.yml +++ b/compass-tasks/tacker_conf/openstack_services.yml @@ -31,198 +31,195 @@ ## Global Requirements requirements_git_repo: https://git.openstack.org/openstack/requirements -requirements_git_install_branch: 90094c5d578ecfc4ab1e9f38a86bca5b615a3527 # HEAD of "stable/ocata" as of 15.05.2017 -requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}" +requirements_git_install_branch: e7e310f1f355f2ad06528e469c0bd94d7fbc6955 # HEAD of "stable/pike" as of 30.11.2017 ## Aodh service aodh_git_repo: https://git.openstack.org/openstack/aodh -aodh_git_install_branch: 5c6b46ecc85743798c04b2d5fd094a0e9ef661a7 # HEAD of "stable/ocata" as of 15.05.2017 -aodh_git_dest: "/opt/aodh_{{ aodh_git_install_branch | replace('/', '_') }}" +aodh_git_install_branch: ed3ce41fa0ae0173601b683748265e502b84553b # HEAD of "stable/pike" as of 30.11.2017 aodh_git_project_group: aodh_all ## Barbican service barbican_git_repo: https://git.openstack.org/openstack/barbican -barbican_git_install_branch: b04aa152843d9cda3b11e8736e740c71fd798d0f # HEAD of "stable/ocata" as of 15.05.2017 -barbican_git_dest: "/opt/barbican_{{ barbican_git_install_branch | replace('/', '_') }}" +barbican_git_install_branch: 4aefe87d91715adf4a0bc3871956404ebe312fe3 # HEAD of "stable/pike" as of 30.11.2017 barbican_git_project_group: barbican_all ## Ceilometer service ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer -ceilometer_git_install_branch: c25e934b8c48b00889f8fa6bb3e5bcb9591df618 # HEAD of "stable/ocata" as of 15.05.2017 -ceilometer_git_dest: "/opt/ceilometer_{{ceilometer_git_install_branch | replace('/', '_') }}" +ceilometer_git_install_branch: d9340c88f0618d40b2959ab09a53c518f3a91de5 # HEAD of "stable/pike" as of 30.11.2017 ceilometer_git_project_group: ceilometer_all ## Cinder service cinder_git_repo: https://git.openstack.org/openstack/cinder -cinder_git_install_branch: 501485b25087ff398986aedbbdb893741f8aabae # HEAD of "stable/ocata" as of 15.05.2017 -cinder_git_dest: "/opt/cinder_{{ cinder_git_install_branch | replace('/', '_') }}" +cinder_git_install_branch: 7bcb2ff94cf38eaa9def1115569981760e36510c # HEAD of "stable/pike" as of 30.11.2017 cinder_git_project_group: cinder_all ## Designate service designate_git_repo: https://git.openstack.org/openstack/designate -designate_git_install_branch: 021aa52325c2b58be6317a014cb3fd44be02f29f # HEAD of "stable/ocata" as of 15.05.2017 -designate_git_dest: "/opt/designate_{{ designate_git_install_branch | replace('/', '_') }}" +designate_git_install_branch: 6beba54a71510525d5bbc4956d20d27bffa982e5 # HEAD of "stable/pike" as of 30.11.2017 designate_git_project_group: designate_all ## Horizon Designate dashboard plugin designate_dashboard_git_repo: https://git.openstack.org/openstack/designate-dashboard -designate_dashboard_git_install_branch: fb8108354937ef6d3a1bb389481af79681f7c5b3 # HEAD of "stable/ocata" as of 15.05.2017 -designate_dashboard_git_dest: "/opt/designate_dashboard_{{ designate_dashboard_git_install_branch | replace('/', '_') }}" +designate_dashboard_git_install_branch: bc128a7c29a427933fc4ca94a7510ef8c97e5206 # HEAD of "stable/pike" as of 30.11.2017 designate_dashboard_git_project_group: horizon_all ## Dragonflow service dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow -dragonflow_git_install_branch: b72ffa06721faf95f42c9702f60a9acc3a7d8b61 # HEAD of "stable/ocata" as of 15.05.2017 -dragonflow_git_dest: "/opt/dragonflow_{{ dragonflow_git_install_branch | replace('/', '_') }}" +dragonflow_git_install_branch: 84f1a26ff8e976b753593dc445e09a4c1a675a21 # Frozen HEAD of "master" as of 14.10.2017 (no stable/pike branch) dragonflow_git_project_group: neutron_all ## Glance service glance_git_repo: https://git.openstack.org/openstack/glance -glance_git_install_branch: 57c4d7d78f37e840660719b944ebabe91cbf231b # HEAD of "stable/ocata" as of 15.05.2017 -glance_git_dest: "/opt/glance_{{ glance_git_install_branch | replace('/', '_') }}" +glance_git_install_branch: 06af2eb5abe0332f7035a7d7c2fbfd19fbc4dae7 # HEAD of "stable/pike" as of 30.11.2017 glance_git_project_group: glance_all ## Heat service heat_git_repo: https://git.openstack.org/openstack/heat -heat_git_install_branch: fe6ae385bc7bba77864b32061600ac40b24f2a10 # HEAD of "stable/ocata" as of 15.05.2017 -heat_git_dest: "/opt/heat_{{ heat_git_install_branch | replace('/', '_') }}" +heat_git_install_branch: ed3eb9fe823e193e850e170405eecbc1411667f6 # HEAD of "stable/pike" as of 30.11.2017 heat_git_project_group: heat_all ## Horizon service horizon_git_repo: https://git.openstack.org/openstack/horizon -horizon_git_install_branch: 2684552f09ee5d597a507833cf232f0f9d48d9b1 # HEAD of "stable/ocata" as of 15.05.2017 -horizon_git_dest: "/opt/horizon_{{ horizon_git_install_branch | replace('/', '_') }}" +horizon_git_install_branch: 8b98b9bec432e40d121cc4a3ed6abea5da701a84 # HEAD of "stable/pike" as of 30.11.2017 horizon_git_project_group: horizon_all ## Horizon Ironic dashboard plugin ironic_dashboard_git_repo: https://git.openstack.org/openstack/ironic-ui -ironic_dashboard_git_install_branch: 6a0cdbff587df20ae913ca7f0d434ad8381b761c # HEAD of "stable/ocata" as of 15.05.2017 -ironic_dashboard_git_dest: "/opt/ironic_dashboard_{{ ironic_dashboard_git_install_branch | replace('/', '_') }}" +ironic_dashboard_git_install_branch: e2cba8ed8745b8ffcaa60d26ab69fd93f61582ad # HEAD of "stable/pike" as of 30.11.2017 ironic_dashboard_git_project_group: horizon_all ## Horizon Magnum dashboard plugin magnum_dashboard_git_repo: https://git.openstack.org/openstack/magnum-ui -magnum_dashboard_git_install_branch: db3bfff643ceb9353c7c0cafdd4e15e0fcf01fb1 # HEAD of "stable/ocata" as of 15.05.2017 -magnum_dashboard_git_dest: "/opt/magnum_dashboard_{{ magnum_dashboard_git_install_branch | replace('/', '_') }}" +magnum_dashboard_git_install_branch: 0b9fc50aada1a3e214acaad1204b48c96a549e5f # HEAD of "stable/pike" as of 30.11.2017 magnum_dashboard_git_project_group: horizon_all ## Horizon LBaaS dashboard plugin neutron_lbaas_dashboard_git_repo: https://git.openstack.org/openstack/neutron-lbaas-dashboard -neutron_lbaas_dashboard_git_install_branch: 3653432bb8287fa0ec1248d866e4717b90ab824b # HEAD of "stable/ocata" as of 15.05.2017 -neutron_lbaas_dashboard_git_dest: "/opt/neutron_lbaas_dashboard_{{ neutron_lbaas_dashboard_git_install_branch | replace('/', '_') }}" +neutron_lbaas_dashboard_git_install_branch: a5a05a27e7cab99dc379774f1d01c0076818e539 # HEAD of "stable/pike" as of 30.11.2017 neutron_lbaas_dashboard_git_project_group: horizon_all ## Horizon Sahara dashboard plugin sahara_dashboard_git_repo: https://git.openstack.org/openstack/sahara-dashboard -sahara_dashboard_git_install_branch: 5270e94b168b3c20e5c787a3f43d44b7e101c448 # HEAD of "stable/ocata" as of 15.05.2017 -sahara_dashboard_git_dest: "/opt/sahara_dashboard_{{ sahara_dashboard_git_install_branch | replace('/', '_') }}" +sahara_dashboard_git_install_branch: 804206bb9c8af5c1d4f540664a6f9b36d45696e6 # HEAD of "stable/pike" as of 30.11.2017 sahara_dashboard_git_project_group: horizon_all ## Keystone service keystone_git_repo: https://git.openstack.org/openstack/keystone -keystone_git_install_branch: 955fd6ca3758e217d9d98480852e0014dc11e988 # HEAD of "stable/ocata" as of 15.05.2017 -keystone_git_dest: "/opt/keystone_{{ keystone_git_install_branch | replace('/', '_') }}" +keystone_git_install_branch: d0721d7cf4dc808946a7016b0ca2830c8850d5d9 # HEAD of "stable/pike" as of 30.11.2017 keystone_git_project_group: keystone_all ## Neutron service neutron_git_repo: https://git.openstack.org/openstack/neutron -neutron_git_install_branch: 515a2ff4ce3239f6a077d8b07ff80544023f0631 # HEAD of "stable/ocata" as of 15.05.2017 -neutron_git_dest: "/opt/neutron_{{ neutron_git_install_branch | replace('/', '_') }}" +neutron_git_install_branch: b1f71de42ead2c1278343307307984ad1ff00c71 # HEAD of "stable/pike" as of 30.11.2017 neutron_git_project_group: neutron_all neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas -neutron_lbaas_git_install_branch: 674e3604a6285655f2dc7f2949629cc4de06bbf4 # HEAD of "stable/ocata" as of 15.05.2017 -neutron_lbaas_git_dest: "/opt/neutron_lbaas_{{ neutron_lbaas_git_install_branch | replace('/', '_') }}" +neutron_lbaas_git_install_branch: dbdbbee9e7325f27a671cdc0813446d85329ca1b # HEAD of "stable/pike" as of 30.11.2017 neutron_lbaas_git_project_group: neutron_all neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas -neutron_vpnaas_git_install_branch: 4a639ac09ccfc7573452d0ac9d189d934c169d34 # HEAD of "stable/ocata" as of 15.05.2017 -neutron_vpnaas_git_dest: "/opt/neutron_vpnaas_{{ neutron_vpnaas_git_install_branch | replace('/', '_') }}" +neutron_vpnaas_git_install_branch: 60e4e7113b5fbbf28e97ebce2f40b7f1675200e6 # HEAD of "stable/pike" as of 30.11.2017 neutron_vpnaas_git_project_group: neutron_all neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas -neutron_fwaas_git_install_branch: 3301972f46d877d0f68d9cf7f9246e0df897a91e # HEAD of "stable/ocata" as of 15.05.2017 -neutron_fwaas_git_dest: "/opt/neutron_fwaas_{{ neutron_fwaas_git_install_branch | replace('/', '_') }}" +neutron_fwaas_git_install_branch: c2bafa999f7ea45687d5a3d42739e465564e99d1 # HEAD of "stable/pike" as of 30.11.2017 neutron_fwaas_git_project_group: neutron_all neutron_dynamic_routing_git_repo: https://git.openstack.org/openstack/neutron-dynamic-routing -neutron_dynamic_routing_git_install_branch: da877412200e460fca34edaf56f84286557bd486 # HEAD of "stable/ocata" as of 15.05.2017 -neutron_dynamic_routing_git_dest: "/opt/neutron_dynamic_routing_{{ neutron_dynamic_routing_git_install_branch | replace('/', '_') }}" +neutron_dynamic_routing_git_install_branch: 9098d4447581117e857d2f86fb4a0508b5ffbb6a # HEAD of "stable/pike" as of 30.11.2017 neutron_dynamic_routing_git_project_group: neutron_all +networking_calico_git_repo: https://git.openstack.org/openstack/networking-calico +networking_calico_git_install_branch: 9688df1a3d1d8b3fd9ba367e82fe6b0559416728 # HEAD of "master" as of 30.11.2017 +networking_calico_git_project_group: neutron_all + +networking_odl_git_repo: https://git.openstack.org/openstack/networking-odl +networking_odl_git_install_branch: 319c51183fde4c189d310ff252248f3632c8c9df # HEAD of "master" as of 29.10.2017 +networking_odl_git_project_group: neutron_all ## Nova service nova_git_repo: https://git.openstack.org/openstack/nova -nova_git_install_branch: 506465a027dd1ba1c90949dc58297edae32da7e4 # HEAD of "stable/ocata" as of 15.05.2017 -nova_git_dest: "/opt/nova_{{ nova_git_install_branch | replace('/', '_') }}" +nova_git_install_branch: ec20e1aca856cf1f31d0212bda3e494bb8622aad # HEAD of "stable/pike" as of 30.11.2017 nova_git_project_group: nova_all ## PowerVM Virt Driver nova_powervm_git_repo: https://git.openstack.org/openstack/nova-powervm -nova_powervm_git_install_branch: 53a5c75a0db38b606f51a53fd159b7ffab7c3a33 # HEAD of "stable/ocata" as of 15.05.2017 -nova_powervm_git_dest: "/opt/nova_powervm_{{ nova_powervm_git_install_branch | replace('/', '_') }}" -nova_powervm_git_project_group: nova_compute +nova_powervm_git_install_branch: e0b516ca36fa5dfd38ae6f7ea97afd9a52f313ed # HEAD of "stable/pike" as of 30.11.2017 +nova_powervm_git_project_group: nova_all ## LXD Virt Driver nova_lxd_git_repo: https://git.openstack.org/openstack/nova-lxd -nova_lxd_git_install_branch: ed05fa417c4a78970dd5bdcdd3e1922f3c07f0ac # HEAD of "stable/ocata" as of 15.05.2017 -nova_lxd_git_dest: "/opt/nova_lxd_{{ nova_lxd_git_install_branch | replace('/', '_') }}" -nova_lxd_git_project_group: nova_compute +nova_lxd_git_install_branch: 9747c274138d9ef40512d5015e9e581f6bbec5d9 # HEAD of "stable/pike" as of 30.11.2017 +nova_lxd_git_project_group: nova_all ## Sahara service sahara_git_repo: https://git.openstack.org/openstack/sahara -sahara_git_install_branch: 5241340d3e668bcb3b0e9f09c38afdc21e6c136d # HEAD of "stable/ocata" as of 15.05.2017 -sahara_git_dest: "/opt/sahara_{{ sahara_git_install_branch | replace('/', '_') }}" +sahara_git_install_branch: 3ee0da5ea09904125c44e1f9d1a9b83554b1a1cd # HEAD of "stable/pike" as of 30.11.2017 sahara_git_project_group: sahara_all ## Swift service swift_git_repo: https://git.openstack.org/openstack/swift -swift_git_install_branch: 177fca2b3a6a7a6e17e20d161c23ac8a10500939 # HEAD of "stable/ocata" as of 15.05.2017 -swift_git_dest: "/opt/swift_{{ swift_git_install_branch | replace('/', '_') }}" +swift_git_install_branch: 0344d6eb5afc723adc7bacf4b4e2aaf04da47548 # HEAD of "stable/pike" as of 30.11.2017 swift_git_project_group: swift_all +## Swift3 middleware +swift_swift3_git_repo: https://git.openstack.org/openstack/swift3 +swift_swift3_git_install_branch: 1fb6a30ee59a16cd4b6c49bab963ff9e3f974580 # HEAD of "master" as of 30.11.2017 +swift_swift3_git_project_group: swift_all + + ## Ironic service ironic_git_repo: https://git.openstack.org/openstack/ironic -ironic_git_install_branch: ed2f6cea892ccb2a1343dd935ad279de8fd3a471 # HEAD of "stable/ocata" as of 15.05.2017 -ironic_git_dest: "/opt/ironic_{{ ironic_git_install_branch | replace('/', '_') }}" +ironic_git_install_branch: 47179d9fca337f32324f8e8a68541358fdac8649 # HEAD of "stable/pike" as of 30.11.2017 ironic_git_project_group: ironic_all ## Magnum service magnum_git_repo: https://git.openstack.org/openstack/magnum -magnum_git_install_branch: 1a685113d8df479c56ad85aa001930f6b8f1e2dd # HEAD of "stable/ocata" as of 15.05.2017 -magnum_git_dest: "/opt/magnum_{{ magnum_git_install_branch | replace('/', '_') }}" +magnum_git_install_branch: c58b727bec3561d8d283497d784a3437185924dd # HEAD of "stable/pike" as of 30.11.2017 magnum_git_project_group: magnum_all ## Trove service trove_git_repo: https://git.openstack.org/openstack/trove -trove_git_install_branch: ca0a1128f91aa5f54b9f57fedf2f5db4b6f82e20 # HEAD of "stable/ocata" as of 15.05.2017 -trove_git_dest: "/opt/trove_{{ trove_git_install_branch | replace('/', '_') }}" +trove_git_install_branch: e6d4b4b3fe1768348c9df815940b97cecb5e7ee2 # HEAD of "stable/pike" as of 30.11.2017 trove_git_project_group: trove_all ## Horizon Trove dashboard plugin trove_dashboard_git_repo: https://git.openstack.org/openstack/trove-dashboard -trove_dashboard_git_install_branch: 5fd256e58219074b55cc9474a74516105787ac03 # HEAD of "stable/ocata" as of 15.05.2017 -trove_dashboard_git_dest: "/opt/trove_dashboard_{{ trove_dashboard_git_install_branch | replace('/', '_') }}" +trove_dashboard_git_install_branch: bffd0776d139f38f96ce8ded07ccde4b5a41bc7a # HEAD of "stable/pike" as of 30.11.2017 trove_dashboard_git_project_group: horizon_all +## Octavia service +octavia_git_repo: https://git.openstack.org/openstack/octavia +octavia_git_install_branch: d2fad0b6544a4893f72e2e993292b0379a452515 # HEAD of "stable/pike" as of 30.11.2017 +octavia_git_project_group: octavia_all + +## Molteniron service +molteniron_git_repo: https://git.openstack.org/openstack/molteniron +molteniron_git_install_branch: 094276cda77d814d07ad885e7d63de8d1243750a # HEAD of "master" as of 30.11.2017 +molteniron_git_project_group: molteniron_all + ## Tacker service tacker_git_repo: https://git.openstack.org/openstack/tacker -tacker_git_install_branch: a0f1e680d81c7db66ae7a2a08c3d069901d0765a # HEAD of "ocata" as of 04.09.2017 +tacker_git_install_branch: 90f5374f73ea8dd5f41c9ca8f2ed447d5a37285a # HEAD of "pike" as of 07.09.2017 tacker_git_project_group: tacker_all + +networking_sfc_git_repo: https://git.openstack.org/openstack/networking-sfc +networking_sfc_git_install_branch: 4f98a7bb28bee3d4044b2c8af942e2df42c6752b # HEAD of "master" as of 16.10.2017 +networking_sfc_git_project_group: tacker_all diff --git a/compass-tasks/tacker_conf/setup-openstack.yml b/compass-tasks/tacker_conf/setup-openstack.yml deleted file mode 100644 index d32eb15..0000000 --- a/compass-tasks/tacker_conf/setup-openstack.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: os-keystone-install.yml -- include: os-barbican-install.yml -- include: os-glance-install.yml -- include: os-cinder-install.yml -- include: os-nova-install.yml -- include: os-neutron-install.yml -- include: os-heat-install.yml -- include: os-horizon-install.yml -- include: os-ceilometer-install.yml -- include: os-aodh-install.yml -- include: os-designate-install.yml -#NOTE(stevelle) Ensure Gnocchi identities exist before Swift -- include: os-gnocchi-install.yml - when: - - gnocchi_storage_driver is defined - - gnocchi_storage_driver == 'swift' - vars: - gnocchi_identity_only: True -- include: os-swift-install.yml -- include: os-gnocchi-install.yml -- include: os-ironic-install.yml -- include: os-magnum-install.yml -- include: os-trove-install.yml -- include: os-sahara-install.yml -- include: os-tacker-install.yml -- include: os-tempest-install.yml - when: (tempest_install | default(False)) | bool or (tempest_run | default(False)) | bool - diff --git a/compass-tasks/tacker_conf/user_secrets.yml b/compass-tasks/tacker_conf/user_secrets.yml index b5a5796..05832ec 100644 --- a/compass-tasks/tacker_conf/user_secrets.yml +++ b/compass-tasks/tacker_conf/user_secrets.yml @@ -103,6 +103,12 @@ nova_placement_container_mysql_password: # LXD Options for nova compute lxd_trust_password: +## Octavia Options +octavia_container_mysql_password: +octavia_service_password: +octavia_health_hmac_key: +octavia_rabbitmq_password: + ## Sahara Options sahara_container_mysql_password: sahara_rabbitmq_password: @@ -135,7 +141,6 @@ trove_galera_password: trove_rabbitmq_password: trove_service_password: trove_admin_user_password: -trove_regular_user_password: trove_taskmanager_rpc_encr_key: trove_inst_rpc_key_encr_key: @@ -149,6 +154,9 @@ designate_galera_password: designate_rabbitmq_password: designate_service_password: +## Molteniron Options: +molteniron_container_mysql_password: + # Tacker options tacker_rabbitmq_password: tacker_service_password: |