diff options
24 files changed, 1061 insertions, 471 deletions
diff --git a/compass-cobbler/Dockerfile-arm64 b/compass-cobbler/Dockerfile-arm64 new file mode 100644 index 0000000..10055f8 --- /dev/null +++ b/compass-cobbler/Dockerfile-arm64 @@ -0,0 +1,48 @@ +FROM centos:7 +ENV container docker +VOLUME [ "/sys/fs/cgroup" ] +ARG BRANCH=master + +# pkgs and services... +RUN yum -y update && \ + yum -y install epel-release && \ + yum -y install which wget dhcp bind pykickstart file initscripts net-tools tcpdump xinetd vim avahi avahi-tools ntp && \ + wget http://artifacts.opnfv.org/compass4nfv/package/cobbler/cobbler-2.6.10-1.fc22.noarch.rpm && \ + wget http://artifacts.opnfv.org/compass4nfv/package/cobbler/cobbler-web-2.6.10-1.fc22.noarch.rpm && \ + wget http://linux.enea.com/mos-repos/centos/mos8.0-centos7-fuel/armband/x86_64/Packages/cobbler-grub-aarch64-2.02~beta2-1.el7.36~mos1.noarch.rpm && \ + yum -y localinstall cobbler-2.6.10-1.fc22.noarch.rpm cobbler-web-2.6.10-1.fc22.noarch.rpm cobbler-grub-aarch64-2.02~beta2-1.el7.36~mos1.noarch.rpm && \ + rm -f cobbler-2.6.10-1.fc22.noarch.rpm cobbler-web-2.6.10-1.fc22.noarch.rpm cobbler-grub-aarch64-2.02~beta2-1.el7.36~mos1.noarch.rpm && \ + systemctl enable cobblerd && \ + systemctl enable httpd && \ + systemctl enable dhcpd && \ + systemctl enable xinetd && \ + systemctl enable ntpd + +# some tweaks on services +RUN sed -i -e 's/\(^.*disable.*=\) yes/\1 no/' /etc/xinetd.d/tftp && \ + touch /etc/xinetd.d/rsync + +RUN mkdir -p /var/www/cblr_ks + +COPY distro_signatures.json /var/lib/cobbler/distro_signatures.json +COPY start.sh /usr/local/bin/start.sh +RUN mv /etc/httpd/conf.d/cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf.bk +COPY cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf +RUN mv /etc/httpd/conf.d/cobbler.conf /etc/httpd/conf.d/cobbler.conf.bk +COPY cobbler.conf /etc/httpd/conf.d/cobbler.conf +RUN mkdir -p /var/www/pip-openstack + +COPY pxeprofile_arm.template /etc/cobbler/pxe/pxeprofile_arm.template +COPY pxeprofile_arm.template /etc/cobbler/pxe/pxesystem_arm.template +COPY pxeprofile_arm.template /etc/cobbler/pxe/grubsystem.template +COPY pxeprofile_arm.template /etc/cobbler/pxe/grubprofile.template +RUN touch /var/lib/cobbler/loaders/{pxelinux.0,menu.c32} && \ + sed -i 's/"\/pxelinux\.0"/"grub\/grub-aarch64\.efi"/' /usr/lib/python2.7/site-packages/cobbler/modules/manage_isc.py + +VOLUME ["/var/lib/cobbler", "/var/www/cobbler", "/etc/cobbler", "/mnt", "/var/www/cobbler/repo_mirror", "/var/www/pip"] +EXPOSE 67 +EXPOSE 69 +EXPOSE 80 +EXPOSE 443 +EXPOSE 25151 +CMD ["/sbin/init", "/usr/local/bin/start.sh"] diff --git a/compass-cobbler/distro_signatures.json b/compass-cobbler/distro_signatures.json index 71977b7..eaaea1a 100644 --- a/compass-cobbler/distro_signatures.json +++ b/compass-cobbler/distro_signatures.json @@ -89,7 +89,7 @@ "version_file_regex":null, "kernel_arch":"kernel-(.*).rpm", "kernel_arch_regex":null, - "supported_arches":["i386","x86_64","ppc","ppc64"], + "supported_arches":["i386","x86_64","ppc","ppc64","arm"], "supported_repo_breeds":["rsync", "rhn", "yum"], "kernel_file":"vmlinuz(.*)", "initrd_file":"initrd(.*)\\.img", @@ -283,7 +283,7 @@ "version_file_regex":"Codename: jessie", "kernel_arch":"linux-headers-(.*)\\.deb", "kernel_arch_regex":null, - "supported_arches":["i386","amd64"], + "supported_arches":["i386","amd64","arm"], "supported_repo_breeds":["apt"], "kernel_file":"vmlinuz(.*)", "initrd_file":"initrd(.*)\\.gz", @@ -299,7 +299,7 @@ "version_file_regex":"Codename: stretch", "kernel_arch":"linux-headers-(.*)\\.deb", "kernel_arch_regex":null, - "supported_arches":["i386","amd64"], + "supported_arches":["i386","amd64","arm"], "supported_repo_breeds":["apt"], "kernel_file":"vmlinuz(.*)", "initrd_file":"initrd(.*)\\.gz", @@ -461,7 +461,7 @@ "version_file_regex":"Codename: xenial|Ubuntu 16.04.3", "kernel_arch":"linux-headers-(.*)\\.deb", "kernel_arch_regex":null, - "supported_arches":["i386","amd64"], + "supported_arches":["i386","amd64","arm"], "supported_repo_breeds":["apt"], "kernel_file":"linux(.*)", "initrd_file":"initrd(.*)\\.gz", diff --git a/compass-cobbler/pxeprofile_arm.template b/compass-cobbler/pxeprofile_arm.template new file mode 100644 index 0000000..50d1cf9 --- /dev/null +++ b/compass-cobbler/pxeprofile_arm.template @@ -0,0 +1,6 @@ +set timeout=5 + +menuentry $profile_name { + linux (tftp)$kernel_path $append_line + initrd (tftp)$initrd_path +} diff --git a/compass-db/Dockerfile b/compass-db/Dockerfile index 82871b9..997c0ab 100644 --- a/compass-db/Dockerfile +++ b/compass-db/Dockerfile @@ -10,4 +10,6 @@ RUN apt-get update && \ COPY entrypoint.sh /sbin/entrypoint.sh RUN chmod 755 /sbin/entrypoint.sh +VOLUME ["/var/lib/mysql"] + CMD ["/sbin/entrypoint.sh"] diff --git a/compass-deck/Dockerfile-arm64 b/compass-deck/Dockerfile-arm64 new file mode 100644 index 0000000..3bde0ae --- /dev/null +++ b/compass-deck/Dockerfile-arm64 @@ -0,0 +1,25 @@ +FROM centos:7 + +ENV container docker +ARG BRANCH=master + +RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd + +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*;\ +rm -f /etc/systemd/system/*.wants/*;\ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*;\ +rm -f /lib/systemd/system/anaconda.target.wants/*;\ +yum clean all + +ADD . /root/compass-deck + +RUN /root/compass-deck/build.sh + +EXPOSE 80 + +CMD ["/sbin/init", "/usr/local/bin/start.sh"] diff --git a/compass-deck/build.sh b/compass-deck/build.sh index 23cf48c..6049eb9 100755 --- a/compass-deck/build.sh +++ b/compass-deck/build.sh @@ -48,7 +48,8 @@ cp -f $COMPASS_DIR/misc/apache/{ods-server.conf,http_pip.conf,images.conf,packag cp -rf $COMPASS_DIR/bin/* /opt/compass/bin/ mkdir -p /var/www/compass ln -s -f /opt/compass/bin/compass_wsgi.py /var/www/compass/compass.wsgi -cp -rf /usr/lib64/libcrypto.so.6 /usr/lib64/libcrypto.so +# libcrypto.so.6 doesn't exist on arm64 +cp -rf /usr/lib64/libcrypto.so.6 /usr/lib64/libcrypto.so || true mkdir -p /var/log/compass chmod -R 777 /var/log/compass diff --git a/compass-tasks-k8s/Dockerfile b/compass-tasks-k8s/Dockerfile new file mode 100644 index 0000000..70da42e --- /dev/null +++ b/compass-tasks-k8s/Dockerfile @@ -0,0 +1,6 @@ +FROM opnfv/compass-tasks-base +ARG BRANCH=master + +ADD ./run.sh /root/ +RUN chmod +x /root/run.sh +RUN /root/run.sh diff --git a/compass-tasks-k8s/run.sh b/compass-tasks-k8s/run.sh new file mode 100644 index 0000000..3a7c0c8 --- /dev/null +++ b/compass-tasks-k8s/run.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +yum install git ntp wget ntpdate openssh-server python-devel sudo '@Development Tools' -y +#yum install -y python-yaml +systemctl stop firewalld +systemctl mask firewalld + +# get kubespray code and install requirement +rm -rf /opt/kargo_k8s +git clone https://github.com/kubernetes-incubator/kubespray.git /opt/kargo_k8s +cd /opt/kargo_k8s +git checkout f4180503c891bea4b4b77a2f7cc93923411a7449 -b k8s1.9.1 +pip install ansible==2.4.2.0 diff --git a/compass-tasks-osa/Dockerfile b/compass-tasks-osa/Dockerfile new file mode 100644 index 0000000..91abdc8 --- /dev/null +++ b/compass-tasks-osa/Dockerfile @@ -0,0 +1,8 @@ +FROM opnfv/compass-tasks-base +ARG BRANCH=master + +ADD ./run.sh /root/ +ADD ./tacker_conf /opt/tacker_conf +ADD ./setup-complete.yml /opt/ +RUN chmod +x /root/run.sh +RUN /root/run.sh diff --git a/compass-tasks-osa/run.sh b/compass-tasks-osa/run.sh new file mode 100644 index 0000000..63e5cb0 --- /dev/null +++ b/compass-tasks-osa/run.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# add ansible-playbook for normal use +ln -s /root/.virtualenvs/compass-core/bin/ansible-playbook /usr/bin/ansible-playbook + +yum install https://rdoproject.org/repos/openstack-pike/rdo-release-pike.rpm -y +yum install git ntp wget ntpdate openssh-server python-devel sudo '@Development Tools' -y + +systemctl stop firewalld +systemctl mask firewalld + +mkdir -p /opt/git/ +cd /opt/git/ +wget artifacts.opnfv.org/compass4nfv/package/openstack_pike.tar.gz +tar -zxvf openstack_pike.tar.gz +rm -rf openstack_pike.tar.gz + +git clone https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible + +cd /opt/openstack-ansible + +git checkout 16c69046bfd90d1b984de43bc6267fece6b75f1c +#git checkout 4cde8f86aaea1fde7c43016f661119879068a133 + +git checkout -b stable/pike + +/bin/cp -rf /opt/tacker_conf/ansible-role-requirements.yml /opt/openstack-ansible/ +/bin/cp -rf /opt/tacker_conf/openstack_services.yml /opt/openstack-ansible/playbooks/defaults/repo_packages/ +/bin/cp -rf /opt/tacker_conf/os-tacker-install.yml /opt/openstack-ansible/playbooks/ +/bin/cp -rf /opt/tacker_conf/tacker.yml /opt/openstack-ansible/playbooks/inventory/env.d/ +/bin/cp -rf /opt/tacker_conf/tacker_all.yml /opt/openstack-ansible/group_vars/ +/bin/cp -rf /opt/tacker_conf/user_secrets.yml /opt/openstack-ansible/etc/openstack_deploy/ + +/bin/cp -rf /opt/openstack-ansible/etc/openstack_deploy /etc/openstack_deploy + +cd /opt/openstack-ansible + +scripts/bootstrap-ansible.sh + +rm -f /usr/local/bin/ansible-playbook + +cd /opt/openstack-ansible/scripts/ +python pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml + +cd /opt/openstack-ansible/group_vars +sed -i 's/#repo_build_git_cache/repo_build_git_cache/g' repo_all.yml + +cp /opt/setup-complete.yml /opt/openstack-ansible/playbooks/ +echo "- include: setup-complete.yml" >> /opt/openstack-ansible/playbooks/setup-infrastructure.yml diff --git a/compass-tasks-osa/setup-complete.yml b/compass-tasks-osa/setup-complete.yml new file mode 100644 index 0000000..f8a7b54 --- /dev/null +++ b/compass-tasks-osa/setup-complete.yml @@ -0,0 +1,7 @@ +--- + +- hosts: localhost + user: root + tasks: + - name: Mark setup-infrastructure completed + shell: echo "Setup infrastructure completed!" diff --git a/compass-tasks-osa/tacker_conf/ansible-role-requirements.yml b/compass-tasks-osa/tacker_conf/ansible-role-requirements.yml new file mode 100644 index 0000000..201ebd6 --- /dev/null +++ b/compass-tasks-osa/tacker_conf/ansible-role-requirements.yml @@ -0,0 +1,208 @@ +- name: ansible-hardening + scm: git + src: https://git.openstack.org/openstack/ansible-hardening + version: c05e36f48de66feb47046a0126d986fa03313f29 +- name: apt_package_pinning + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + version: 9403a36513aee54c15890ac96c1f8c455f9c083d +- name: pip_install + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + version: df107891bf9fdfa7287bdfe43f3fa0120a80e5ad +- name: galera_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + version: 52b374547648056b58c544532296599801d501d7 +- name: galera_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + version: b124e06872ebeca7d81cb22fb80ae97a995b07a8 +- name: ceph_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-ceph_client + version: 5fcbc68fdbd3105d233fd3c03c887f13227b1c3d +- name: haproxy_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server + version: a905aaed8627f59d9dc10b9bc031589a7c65828f +- name: keepalived + scm: git + src: https://github.com/evrardjp/ansible-keepalived + version: 3.0.3 +- name: lxc_container_create + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + version: c41d3b20da6be07d9bf5db7f7e6a1384c7cfb5eb +- name: lxc_hosts + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + version: fb722e17cd8c1bab640f34ab0b111a44dee2279a +- name: memcached_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + version: 08c483f3c5d49c236194090534a015b67c8cded6 +- name: openstack_hosts + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + version: a0d3b9c9756b6e95b0e034f3d0576fbb33607820 +- name: os_keystone + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + version: 6d131caff7f60d1dfd0c5d3223fe6ece6416a34c +- name: openstack_openrc + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc + version: b27229ef168aed7f2febf6991b2d7459ec8883ee +- name: os_aodh + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_aodh + version: bcd77b1e10a7054e9365da6a20848b393153d025 +- name: os_barbican + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_barbican + version: 0797e8bdadd2fcf4696b22f0e18340c8d9539b09 +- name: os_ceilometer + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer + version: 4b3e0589a0188de885659614ef4e076018af54f7 +- name: os_cinder + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_cinder + version: 6f5ab34e5a0694f3fc84e63c912e00e86e3de280 +- name: os_designate + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_designate + version: a4952759e91853adbc2ba0e0088eacd12a0d1bd1 +- name: os_glance + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_glance + version: 6590581bbcc73f12113edbd0195c33c90fef74b9 +- name: os_gnocchi + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi + version: 5f8950f61ed6b61d1cc06ab73b3b02466bee0db1 +- name: os_heat + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_heat + version: 4d1efae631026631fb2af4f43a9fe8ca210d643e +- name: os_horizon + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_horizon + version: 71aa69b1425f5b5b2bdc274357b62a9b4b57ae8f +- name: os_ironic + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_ironic + version: 34205b6b99fc3cfe54eddbcde0380e626976e425 +- name: os_magnum + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_magnum + version: 0fdeea886ef4227e02d793f6dbfd54ccd9e6e088 +- name: os_molteniron + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_molteniron + version: 58cff32e954ab817d07b8e0a136663c34d7f7b60 +- name: os_neutron + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_neutron + version: 728484ad440461b784114bf93cd912b3d1aecd2f +- name: os_nova + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_nova + version: b1066d20502a29c4ec33fb9e5a8307201f7530cb +- name: os_octavia + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_octavia + version: 5fd1fbae703c17f928cfc00f60aeeed0500c6f2b +- name: os_rally + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_rally + version: b2658fb704fd3a1e8bce794b8bf87ac83931aa46 +- name: os_sahara + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_sahara + version: e3e4f1bc8d72dd6fb7e26b8d0d364f9a60e16b0f +- name: os_swift + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_swift + version: 65a330b0bc96fb88b7b34082f40f47e432948f34 +- name: os_tacker + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_tacker + version: cad6a9033e519f03d97a91911ea981b17f1a7eed +- name: os_tempest + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_tempest + version: 0fb52fcd130bee25f40cd515da69948821d5b504 +- name: os_trove + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_trove + version: 6596f6b28c88a88c89e293ea8f5f8551eb491fd1 +- name: plugins + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-plugins + version: 91ec1736393ff40ac8062180daed0c0027c2549a +- name: rabbitmq_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + version: fa80dfc0f8129e02f3f3b34bb7205889d3e5696c +- name: repo_build + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-repo_build + version: d0079ff721b0f9c4682d57eccfadb36f365eea2b +- name: repo_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-repo_server + version: 8302adcb11cad4e6245fd6bd1bbb4db08d3b60e9 +- name: rsyslog_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client + version: f41638370114412b97c6523b4c626ca70f0337f4 +- name: rsyslog_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server + version: 61a3ab251f63c6156f2a6604ee1a822070e19c90 +- name: sshd + scm: git + src: https://github.com/willshersystems/ansible-sshd + version: 0.5.1 +- name: bird + scm: git + src: https://github.com/logan2211/ansible-bird + version: '1.4' +- name: etcd + scm: git + src: https://github.com/logan2211/ansible-etcd + version: '1.3' +- name: unbound + scm: git + src: https://github.com/logan2211/ansible-unbound + version: '1.5' +- name: resolvconf + scm: git + src: https://github.com/logan2211/ansible-resolvconf + version: '1.3' +- name: ceph-defaults + scm: git + src: https://github.com/ceph/ansible-ceph-defaults + version: v3.0.8 +- name: ceph-common + scm: git + src: https://github.com/ceph/ansible-ceph-common + version: v3.0.8 +- name: ceph-config + scm: git + src: https://github.com/ceph/ansible-ceph-config + version: v3.0.8 +- name: ceph-mon + scm: git + src: https://github.com/ceph/ansible-ceph-mon + version: v3.0.8 +- name: ceph-mgr + scm: git + src: https://github.com/ceph/ansible-ceph-mgr + version: v3.0.8 +- name: ceph-osd + scm: git + src: https://github.com/ceph/ansible-ceph-osd + version: v3.0.8 diff --git a/compass-tasks-osa/tacker_conf/openstack_services.yml b/compass-tasks-osa/tacker_conf/openstack_services.yml new file mode 100644 index 0000000..a451f9e --- /dev/null +++ b/compass-tasks-osa/tacker_conf/openstack_services.yml @@ -0,0 +1,225 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## NOTICE on items in this file: +## * If you use anything in the *._git_install_branch field that is not a TAG +## make sure to leave an in-line comment as to "why". + +## For the sake of anyone else editing this file: +## * If you add services to this file please do so in alphabetical order. +## * Every entry should be name spaced with the name of the client followed by an "_" +## * All items with this file should be separated by `name_` note that the name of the +## package should be one long name with no additional `_` separating it. + + +### Before this is shipped all of these services should have a tag set as the branch, +### or have a comment / reason attached to them as to why a tag can not work. + + +## Global Requirements +requirements_git_repo: https://git.openstack.org/openstack/requirements +requirements_git_install_branch: e7e310f1f355f2ad06528e469c0bd94d7fbc6955 # HEAD of "stable/pike" as of 30.11.2017 + + +## Aodh service +aodh_git_repo: https://git.openstack.org/openstack/aodh +aodh_git_install_branch: ed3ce41fa0ae0173601b683748265e502b84553b # HEAD of "stable/pike" as of 30.11.2017 +aodh_git_project_group: aodh_all + + +## Barbican service +barbican_git_repo: https://git.openstack.org/openstack/barbican +barbican_git_install_branch: 4aefe87d91715adf4a0bc3871956404ebe312fe3 # HEAD of "stable/pike" as of 30.11.2017 +barbican_git_project_group: barbican_all + + +## Ceilometer service +ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer +ceilometer_git_install_branch: d9340c88f0618d40b2959ab09a53c518f3a91de5 # HEAD of "stable/pike" as of 30.11.2017 +ceilometer_git_project_group: ceilometer_all + + +## Cinder service +cinder_git_repo: https://git.openstack.org/openstack/cinder +cinder_git_install_branch: 7bcb2ff94cf38eaa9def1115569981760e36510c # HEAD of "stable/pike" as of 30.11.2017 +cinder_git_project_group: cinder_all + + +## Designate service +designate_git_repo: https://git.openstack.org/openstack/designate +designate_git_install_branch: 6beba54a71510525d5bbc4956d20d27bffa982e5 # HEAD of "stable/pike" as of 30.11.2017 +designate_git_project_group: designate_all + + +## Horizon Designate dashboard plugin +designate_dashboard_git_repo: https://git.openstack.org/openstack/designate-dashboard +designate_dashboard_git_install_branch: bc128a7c29a427933fc4ca94a7510ef8c97e5206 # HEAD of "stable/pike" as of 30.11.2017 +designate_dashboard_git_project_group: horizon_all + + +## Dragonflow service +dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow +dragonflow_git_install_branch: 84f1a26ff8e976b753593dc445e09a4c1a675a21 # Frozen HEAD of "master" as of 14.10.2017 (no stable/pike branch) +dragonflow_git_project_group: neutron_all + + +## Glance service +glance_git_repo: https://git.openstack.org/openstack/glance +glance_git_install_branch: 06af2eb5abe0332f7035a7d7c2fbfd19fbc4dae7 # HEAD of "stable/pike" as of 30.11.2017 +glance_git_project_group: glance_all + + +## Heat service +heat_git_repo: https://git.openstack.org/openstack/heat +heat_git_install_branch: ed3eb9fe823e193e850e170405eecbc1411667f6 # HEAD of "stable/pike" as of 30.11.2017 +heat_git_project_group: heat_all + + +## Horizon service +horizon_git_repo: https://git.openstack.org/openstack/horizon +horizon_git_install_branch: 8b98b9bec432e40d121cc4a3ed6abea5da701a84 # HEAD of "stable/pike" as of 30.11.2017 +horizon_git_project_group: horizon_all + +## Horizon Ironic dashboard plugin +ironic_dashboard_git_repo: https://git.openstack.org/openstack/ironic-ui +ironic_dashboard_git_install_branch: e2cba8ed8745b8ffcaa60d26ab69fd93f61582ad # HEAD of "stable/pike" as of 30.11.2017 +ironic_dashboard_git_project_group: horizon_all + +## Horizon Magnum dashboard plugin +magnum_dashboard_git_repo: https://git.openstack.org/openstack/magnum-ui +magnum_dashboard_git_install_branch: 0b9fc50aada1a3e214acaad1204b48c96a549e5f # HEAD of "stable/pike" as of 30.11.2017 +magnum_dashboard_git_project_group: horizon_all + +## Horizon LBaaS dashboard plugin +neutron_lbaas_dashboard_git_repo: https://git.openstack.org/openstack/neutron-lbaas-dashboard +neutron_lbaas_dashboard_git_install_branch: a5a05a27e7cab99dc379774f1d01c0076818e539 # HEAD of "stable/pike" as of 30.11.2017 +neutron_lbaas_dashboard_git_project_group: horizon_all + +## Horizon Sahara dashboard plugin +sahara_dashboard_git_repo: https://git.openstack.org/openstack/sahara-dashboard +sahara_dashboard_git_install_branch: 804206bb9c8af5c1d4f540664a6f9b36d45696e6 # HEAD of "stable/pike" as of 30.11.2017 +sahara_dashboard_git_project_group: horizon_all + + +## Keystone service +keystone_git_repo: https://git.openstack.org/openstack/keystone +keystone_git_install_branch: d0721d7cf4dc808946a7016b0ca2830c8850d5d9 # HEAD of "stable/pike" as of 30.11.2017 +keystone_git_project_group: keystone_all + + +## Neutron service +neutron_git_repo: https://git.openstack.org/openstack/neutron +neutron_git_install_branch: b1f71de42ead2c1278343307307984ad1ff00c71 # HEAD of "stable/pike" as of 30.11.2017 +neutron_git_project_group: neutron_all + +neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas +neutron_lbaas_git_install_branch: dbdbbee9e7325f27a671cdc0813446d85329ca1b # HEAD of "stable/pike" as of 30.11.2017 +neutron_lbaas_git_project_group: neutron_all + +neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas +neutron_vpnaas_git_install_branch: 60e4e7113b5fbbf28e97ebce2f40b7f1675200e6 # HEAD of "stable/pike" as of 30.11.2017 +neutron_vpnaas_git_project_group: neutron_all + +neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas +neutron_fwaas_git_install_branch: c2bafa999f7ea45687d5a3d42739e465564e99d1 # HEAD of "stable/pike" as of 30.11.2017 +neutron_fwaas_git_project_group: neutron_all + +neutron_dynamic_routing_git_repo: https://git.openstack.org/openstack/neutron-dynamic-routing +neutron_dynamic_routing_git_install_branch: 9098d4447581117e857d2f86fb4a0508b5ffbb6a # HEAD of "stable/pike" as of 30.11.2017 +neutron_dynamic_routing_git_project_group: neutron_all + +networking_calico_git_repo: https://git.openstack.org/openstack/networking-calico +networking_calico_git_install_branch: 9688df1a3d1d8b3fd9ba367e82fe6b0559416728 # HEAD of "master" as of 30.11.2017 +networking_calico_git_project_group: neutron_all + +networking_odl_git_repo: https://git.openstack.org/openstack/networking-odl +networking_odl_git_install_branch: 319c51183fde4c189d310ff252248f3632c8c9df # HEAD of "master" as of 29.10.2017 +networking_odl_git_project_group: neutron_all + +## Nova service +nova_git_repo: https://git.openstack.org/openstack/nova +nova_git_install_branch: ec20e1aca856cf1f31d0212bda3e494bb8622aad # HEAD of "stable/pike" as of 30.11.2017 +nova_git_project_group: nova_all + + +## PowerVM Virt Driver +nova_powervm_git_repo: https://git.openstack.org/openstack/nova-powervm +nova_powervm_git_install_branch: e0b516ca36fa5dfd38ae6f7ea97afd9a52f313ed # HEAD of "stable/pike" as of 30.11.2017 +nova_powervm_git_project_group: nova_all + + +## LXD Virt Driver +nova_lxd_git_repo: https://git.openstack.org/openstack/nova-lxd +nova_lxd_git_install_branch: 9747c274138d9ef40512d5015e9e581f6bbec5d9 # HEAD of "stable/pike" as of 30.11.2017 +nova_lxd_git_project_group: nova_all + + +## Sahara service +sahara_git_repo: https://git.openstack.org/openstack/sahara +sahara_git_install_branch: 3ee0da5ea09904125c44e1f9d1a9b83554b1a1cd # HEAD of "stable/pike" as of 30.11.2017 +sahara_git_project_group: sahara_all + + +## Swift service +swift_git_repo: https://git.openstack.org/openstack/swift +swift_git_install_branch: 0344d6eb5afc723adc7bacf4b4e2aaf04da47548 # HEAD of "stable/pike" as of 30.11.2017 +swift_git_project_group: swift_all + + +## Swift3 middleware +swift_swift3_git_repo: https://git.openstack.org/openstack/swift3 +swift_swift3_git_install_branch: 1fb6a30ee59a16cd4b6c49bab963ff9e3f974580 # HEAD of "master" as of 30.11.2017 +swift_swift3_git_project_group: swift_all + + +## Ironic service +ironic_git_repo: https://git.openstack.org/openstack/ironic +ironic_git_install_branch: 47179d9fca337f32324f8e8a68541358fdac8649 # HEAD of "stable/pike" as of 30.11.2017 +ironic_git_project_group: ironic_all + +## Magnum service +magnum_git_repo: https://git.openstack.org/openstack/magnum +magnum_git_install_branch: c58b727bec3561d8d283497d784a3437185924dd # HEAD of "stable/pike" as of 30.11.2017 +magnum_git_project_group: magnum_all + +## Trove service +trove_git_repo: https://git.openstack.org/openstack/trove +trove_git_install_branch: e6d4b4b3fe1768348c9df815940b97cecb5e7ee2 # HEAD of "stable/pike" as of 30.11.2017 +trove_git_project_group: trove_all + +## Horizon Trove dashboard plugin +trove_dashboard_git_repo: https://git.openstack.org/openstack/trove-dashboard +trove_dashboard_git_install_branch: bffd0776d139f38f96ce8ded07ccde4b5a41bc7a # HEAD of "stable/pike" as of 30.11.2017 +trove_dashboard_git_project_group: horizon_all + +## Octavia service +octavia_git_repo: https://git.openstack.org/openstack/octavia +octavia_git_install_branch: d2fad0b6544a4893f72e2e993292b0379a452515 # HEAD of "stable/pike" as of 30.11.2017 +octavia_git_project_group: octavia_all + +## Molteniron service +molteniron_git_repo: https://git.openstack.org/openstack/molteniron +molteniron_git_install_branch: 094276cda77d814d07ad885e7d63de8d1243750a # HEAD of "master" as of 30.11.2017 +molteniron_git_project_group: molteniron_all + +## Tacker service +tacker_git_repo: https://git.openstack.org/openstack/tacker +tacker_git_install_branch: 90f5374f73ea8dd5f41c9ca8f2ed447d5a37285a # HEAD of "pike" as of 07.09.2017 +tacker_git_project_group: tacker_all + +networking_sfc_git_repo: https://git.openstack.org/openstack/networking-sfc +networking_sfc_git_install_branch: 4f98a7bb28bee3d4044b2c8af942e2df42c6752b # HEAD of "master" as of 16.10.2017 +networking_sfc_git_project_group: tacker_all diff --git a/compass-tasks-osa/tacker_conf/os-tacker-install.yml b/compass-tasks-osa/tacker_conf/os-tacker-install.yml new file mode 100644 index 0000000..dd96595 --- /dev/null +++ b/compass-tasks-osa/tacker_conf/os-tacker-install.yml @@ -0,0 +1,63 @@ +--- +# Copyright 2017, SUSE LINUX GmbH. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install the tacker components + hosts: tacker_all + gather_facts: "{{ gather_facts | default(True) }}" + max_fail_percentage: 20 + user: root + pre_tasks: + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/rabbitmq-vhost-user.yml + static: no + vars: + user: "{{ tacker_rabbitmq_userid }}" + password: "{{ tacker_rabbitmq_password }}" + vhost: "{{ tacker_rabbitmq_vhost }}" + _rabbitmq_host_group: "{{ tacker_rabbitmq_host_group }}" + when: + - inventory_hostname == groups['tacker_all'][0] + - groups[tacker_rabbitmq_host_group] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-tacker" + dest: "/var/log/tacker" + - include: common-tasks/mysql-db-user.yml + static: no + vars: + user_name: "{{ tacker_galera_user }}" + password: "{{ tacker_container_mysql_password }}" + login_host: "{{ tacker_galera_address }}" + db_name: "{{ tacker_galera_database }}" + when: inventory_hostname == groups['tacker_all'][0] + - include: common-tasks/package-cache-proxy.yml + roles: + - role: "os_tacker" + - role: "openstack_openrc" + tags: + - openrc + - role: "rsyslog_client" + rsyslog_client_log_rotate_file: tacker_log_rotate + rsyslog_client_log_dir: "/var/log/tacker" + rsyslog_client_config_name: "99-tacker-rsyslog-client.conf" + tags: + - rsyslog + vars: + is_metal: "{{ properties.is_metal|default(false) }}" + tacker_galera_address: "{{ internal_lb_vip_address }}" + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - tacker diff --git a/compass-tasks-osa/tacker_conf/tacker.yml b/compass-tasks-osa/tacker_conf/tacker.yml new file mode 100644 index 0000000..9ceabbc --- /dev/null +++ b/compass-tasks-osa/tacker_conf/tacker.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2017, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +component_skel: + tacker_server: + belongs_to: + - tacker_all + + +container_skel: + tacker_container: + belongs_to: + - mano_containers + contains: + - tacker_server + + +physical_skel: + mano_containers: + belongs_to: + - all_containers + mano_hosts: + belongs_to: + - hosts diff --git a/compass-tasks-osa/tacker_conf/tacker_all.yml b/compass-tasks-osa/tacker_conf/tacker_all.yml new file mode 100644 index 0000000..95d5b83 --- /dev/null +++ b/compass-tasks-osa/tacker_conf/tacker_all.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2017, SUSE LINUX GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +tacker_service_user_name: tacker +tacker_service_tenant_name: service + +tacker_rabbitmq_userid: tacker +tacker_rabbitmq_vhost: /tacker +tacker_rabbitmq_port: "{{ rabbitmq_port }}" +tacker_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +tacker_rabbitmq_servers: "{{ rabbitmq_servers }}" +tacker_rabbitmq_host_group: "{{ rabbitmq_host_group }}" + +tacker_service_publicuri: "{{ openstack_service_publicuri_proto|default(tacker_service_proto) }}://{{ external_lb_vip_address }}:{{ tacker_service_port }}" +tacker_service_adminurl: "{{ tacker_service_adminuri }}/" +tacker_service_region: "{{ service_region }}" +tacker_service_in_ldap: "{{ service_ldap_backend_enabled }}" + +tacker_aodh_enabled: "{{ groups['aodh_all'] is defined and groups['aodh_all'] | length > 0 }}" +tacker_gnocchi_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}" + +# NOTE: these and their swift_all.yml counterpart should be moved back to all.yml once swift with tacker gets proper SSL support +# swift_rabbitmq_telemetry_port: "{{ rabbitmq_port }}" +# swift_rabbitmq_telemetry_use_ssl: "{{ rabbitmq_use_ssl }}" + +# Ensure that the package state matches the global setting +tacker_package_state: "{{ package_state }}" + +# venv fetch configuration +tacker_venv_tag: "{{ venv_tag }}" +tacker_venv_download_url: "{{ venv_base_download_url }}/tacker-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz" + +# locations for fetching the default files from the git source +tacker_git_config_lookup_location: "{{ openstack_repo_url }}/openstackgit/tacker" diff --git a/compass-tasks-osa/tacker_conf/user_secrets.yml b/compass-tasks-osa/tacker_conf/user_secrets.yml new file mode 100644 index 0000000..05832ec --- /dev/null +++ b/compass-tasks-osa/tacker_conf/user_secrets.yml @@ -0,0 +1,163 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +############################# WARNING ######################################## +# The playbooks do not currently manage changing passwords in an existing +# environment. Changing passwords and re-running the playbooks will fail +# and may break your OpenStack environment. +############################# WARNING ######################################## + + +## Rabbitmq Options +rabbitmq_cookie_token: +rabbitmq_monitoring_password: + +## Tokens +memcached_encryption_key: + +## Galera Options +galera_root_password: + +## Keystone Options +keystone_container_mysql_password: +keystone_auth_admin_password: +keystone_service_password: +keystone_rabbitmq_password: + +## Ceilometer Options: +ceilometer_container_db_password: +ceilometer_service_password: +ceilometer_telemetry_secret: +ceilometer_rabbitmq_password: + +## Aodh Options: +aodh_container_db_password: +aodh_service_password: +aodh_rabbitmq_password: + +## Cinder Options +cinder_container_mysql_password: +cinder_service_password: +cinder_profiler_hmac_key: +cinder_rabbitmq_password: + +## Ceph/rbd: a UUID to be used by libvirt to refer to the client.cinder user +cinder_ceph_client_uuid: + +## Glance Options +glance_container_mysql_password: +glance_service_password: +glance_profiler_hmac_key: +glance_rabbitmq_password: + +## Gnocchi Options: +gnocchi_container_mysql_password: +gnocchi_service_password: + +## Heat Options +heat_stack_domain_admin_password: +heat_container_mysql_password: +### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## +heat_auth_encryption_key: +### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## +heat_service_password: +heat_rabbitmq_password: + +## Ironic options +ironic_rabbitmq_password: +ironic_container_mysql_password: +ironic_service_password: +ironic_swift_temp_url_secret_key: + +## Horizon Options +horizon_container_mysql_password: +horizon_secret_key: + +## Neutron Options +neutron_container_mysql_password: +neutron_service_password: +neutron_rabbitmq_password: +neutron_ha_vrrp_auth_password: + +## Nova Options +nova_container_mysql_password: +nova_api_container_mysql_password: +nova_metadata_proxy_secret: +nova_service_password: +nova_rabbitmq_password: +nova_placement_service_password: +nova_placement_container_mysql_password: + +# LXD Options for nova compute +lxd_trust_password: + +## Octavia Options +octavia_container_mysql_password: +octavia_service_password: +octavia_health_hmac_key: +octavia_rabbitmq_password: + +## Sahara Options +sahara_container_mysql_password: +sahara_rabbitmq_password: +sahara_service_password: + +## Swift Options: +swift_service_password: +swift_dispersion_password: +### Once the swift cluster has been setup DO NOT change these hash values! +swift_hash_path_suffix: +swift_hash_path_prefix: +# Swift needs a telemetry password when using ceilometer +swift_rabbitmq_telemetry_password: + +## haproxy stats password +haproxy_stats_password: +haproxy_keepalived_authentication_password: + +## Magnum Options +magnum_service_password: +magnum_galera_password: +magnum_rabbitmq_password: +magnum_trustee_password: + +## Rally Options: +rally_galera_password: + +## Trove Options +trove_galera_password: +trove_rabbitmq_password: +trove_service_password: +trove_admin_user_password: +trove_taskmanager_rpc_encr_key: +trove_inst_rpc_key_encr_key: + +## Barbican Options +barbican_galera_password: +barbican_rabbitmq_password: +barbican_service_password: + +## Designate Options +designate_galera_password: +designate_rabbitmq_password: +designate_service_password: + +## Molteniron Options: +molteniron_container_mysql_password: + +# Tacker options +tacker_rabbitmq_password: +tacker_service_password: +tacker_container_mysql_password: diff --git a/compass-tasks/Dockerfile b/compass-tasks/Dockerfile index bc2a0c2..91abdc8 100644 --- a/compass-tasks/Dockerfile +++ b/compass-tasks/Dockerfile @@ -2,7 +2,7 @@ FROM opnfv/compass-tasks-base ARG BRANCH=master ADD ./run.sh /root/ -#ADD ./tacker_conf /opt/tacker_conf +ADD ./tacker_conf /opt/tacker_conf ADD ./setup-complete.yml /opt/ RUN chmod +x /root/run.sh RUN /root/run.sh diff --git a/compass-tasks/run.sh b/compass-tasks/run.sh index 2ab0b6f..a8f20e1 100644 --- a/compass-tasks/run.sh +++ b/compass-tasks/run.sh @@ -17,32 +17,23 @@ cd /opt/git/ wget artifacts.opnfv.org/compass4nfv/package/openstack_pike.tar.gz tar -zxvf openstack_pike.tar.gz rm -rf openstack_pike.tar.gz -#cd openstack -#git clone https://github.com/openstack/tacker.git -b stable/pike -#cd tacker -#git checkout a0f1e680d81c7db66ae7a2a08c3d069901d0765a git clone https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible cd /opt/openstack-ansible -#git checkout b962eed003580ee4c3bd69da911f20b3905a9176 -#git checkout da37351ca0a96ed38de72f3e00a7549a024cb810 -#git checkout 71110d6bc0f459b668948aca185139c1d79f0452 git checkout 16c69046bfd90d1b984de43bc6267fece6b75f1c #git checkout 4cde8f86aaea1fde7c43016f661119879068a133 git checkout -b stable/pike -#/bin/cp -rf /opt/tacker_conf/ansible-role-requirements.yml /opt/openstack-ansible/ -#/bin/cp -rf /opt/tacker_conf/openstack_services.yml /opt/openstack-ansible/playbooks/defaults/repo_packages/ -#/bin/cp -rf /opt/tacker_conf/os-tacker-install.yml /opt/openstack-ansible/playbooks/ -#/bin/cp -rf /opt/tacker_conf/setup-openstack.yml /opt/openstack-ansible/playbooks/ -#/bin/cp -rf /opt/tacker_conf/tacker.yml /opt/openstack-ansible/playbooks/inventory/env.d/ -#/bin/cp -rf /opt/tacker_conf/tacker_all.yml /opt/openstack-ansible/playbooks/inventory/group_vars/ -#/bin/cp -rf /opt/tacker_conf/user_secrets.yml /opt/openstack-ansible/etc/openstack_deploy/ -#/bin/cp -rf /opt/tacker_conf/haproxy_config.yml /opt/openstack-ansible/playbooks/vars/configs/ +/bin/cp -rf /opt/tacker_conf/ansible-role-requirements.yml /opt/openstack-ansible/ +/bin/cp -rf /opt/tacker_conf/openstack_services.yml /opt/openstack-ansible/playbooks/defaults/repo_packages/ +/bin/cp -rf /opt/tacker_conf/os-tacker-install.yml /opt/openstack-ansible/playbooks/ +/bin/cp -rf /opt/tacker_conf/tacker.yml /opt/openstack-ansible/playbooks/inventory/env.d/ +/bin/cp -rf /opt/tacker_conf/tacker_all.yml /opt/openstack-ansible/group_vars/ +/bin/cp -rf /opt/tacker_conf/user_secrets.yml /opt/openstack-ansible/etc/openstack_deploy/ /bin/cp -rf /opt/openstack-ansible/etc/openstack_deploy /etc/openstack_deploy diff --git a/compass-tasks/tacker_conf/ansible-role-requirements.yml b/compass-tasks/tacker_conf/ansible-role-requirements.yml index 40e0f91..201ebd6 100644 --- a/compass-tasks/tacker_conf/ansible-role-requirements.yml +++ b/compass-tasks/tacker_conf/ansible-role-requirements.yml @@ -1,192 +1,208 @@ +- name: ansible-hardening + scm: git + src: https://git.openstack.org/openstack/ansible-hardening + version: c05e36f48de66feb47046a0126d986fa03313f29 - name: apt_package_pinning scm: git src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning - version: d5c0d7e8d21fc1539cc043097e23851296e2dd95 + version: 9403a36513aee54c15890ac96c1f8c455f9c083d - name: pip_install scm: git src: https://git.openstack.org/openstack/openstack-ansible-pip_install - version: e142f5642646449d98cd65d8fd0690907c403801 + version: df107891bf9fdfa7287bdfe43f3fa0120a80e5ad - name: galera_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_client - version: 1d3cdcd33c75a668ac3be046ac53fe1842780058 + version: 52b374547648056b58c544532296599801d501d7 - name: galera_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-galera_server - version: e47877adc99bf64b900c83056716dfc09f2bcc0b + version: b124e06872ebeca7d81cb22fb80ae97a995b07a8 - name: ceph_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-ceph_client - version: d1b30ae7b660acbb4f9d6e4f4ab702581c6748d9 + version: 5fcbc68fdbd3105d233fd3c03c887f13227b1c3d - name: haproxy_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server - version: ffba50ecf0c99f41d1d5a1195268a2c23c38f89f + version: a905aaed8627f59d9dc10b9bc031589a7c65828f - name: keepalived scm: git src: https://github.com/evrardjp/ansible-keepalived - version: 2.6.0 + version: 3.0.3 - name: lxc_container_create scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create - version: 540bd82f8ded168ccab25a4a762a5a88e5a4ecbd + version: c41d3b20da6be07d9bf5db7f7e6a1384c7cfb5eb - name: lxc_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts - version: 73a62894aa26e4b63bb69336411209fc0df6abb2 + version: fb722e17cd8c1bab640f34ab0b111a44dee2279a - name: memcached_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-memcached_server - version: ddd1dc402b7c825265a9e59483272f2dfcd65a93 -- name: openstack-ansible-security - scm: git - src: https://git.openstack.org/openstack/openstack-ansible-security - version: c58c839f9cc9fcb75d32fc8de00b4f27add36661 + version: 08c483f3c5d49c236194090534a015b67c8cded6 - name: openstack_hosts scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts - version: 1ba80641ed5c4d55a41906e9d37df10b9fd720ee + version: a0d3b9c9756b6e95b0e034f3d0576fbb33607820 - name: os_keystone scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_keystone - version: 600e0e58102ccbdd082b5c90237cb7d27c63e5fa + version: 6d131caff7f60d1dfd0c5d3223fe6ece6416a34c - name: openstack_openrc scm: git src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc - version: dfdf65b3db7c6240fa173a3a62af4e5028023626 + version: b27229ef168aed7f2febf6991b2d7459ec8883ee - name: os_aodh scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_aodh - version: a1ec96ee54d7b8c7fd24f1148545d3556a0a8b5b + version: bcd77b1e10a7054e9365da6a20848b393153d025 - name: os_barbican scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_barbican - version: 2d087176610c712f51dec8722b6129e648b149e2 + version: 0797e8bdadd2fcf4696b22f0e18340c8d9539b09 - name: os_ceilometer scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer - version: 1d709bd6eace68bfd7fb7d1e52df8d5b6f28810b + version: 4b3e0589a0188de885659614ef4e076018af54f7 - name: os_cinder scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_cinder - version: 66542db4c7045dc559a1b3e6bd293ca28e09c34e + version: 6f5ab34e5a0694f3fc84e63c912e00e86e3de280 +- name: os_designate + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_designate + version: a4952759e91853adbc2ba0e0088eacd12a0d1bd1 - name: os_glance scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_glance - version: 79d6b78e894715ba3a17b50cc18917b251025069 + version: 6590581bbcc73f12113edbd0195c33c90fef74b9 - name: os_gnocchi scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi - version: 5932746fe1717ef2798b46c374c268945f34814e + version: 5f8950f61ed6b61d1cc06ab73b3b02466bee0db1 - name: os_heat scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_heat - version: cbe917fefeb90c506e1c73c31b9a1d00fbf9beff + version: 4d1efae631026631fb2af4f43a9fe8ca210d643e - name: os_horizon scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_horizon - version: 25435372547d217116dd4ba10b5d0e8c39307b52 + version: 71aa69b1425f5b5b2bdc274357b62a9b4b57ae8f - name: os_ironic scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_ironic - version: 4110fca2b9e1c6a1698b9be9797253db4a1cad2e + version: 34205b6b99fc3cfe54eddbcde0380e626976e425 - name: os_magnum scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_magnum - version: f452cc54d1b3240f81a82fd110a467cd996a3331 -- name: os_trove + version: 0fdeea886ef4227e02d793f6dbfd54ccd9e6e088 +- name: os_molteniron scm: git - src: https://git.openstack.org/openstack/openstack-ansible-os_trove - version: 51b38916ad99f3ffbc1723a7d97f9034b4c02dc4 + src: https://git.openstack.org/openstack/openstack-ansible-os_molteniron + version: 58cff32e954ab817d07b8e0a136663c34d7f7b60 - name: os_neutron scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_neutron - version: 4b43221adae78627d8035cd82e791662821a461c + version: 728484ad440461b784114bf93cd912b3d1aecd2f - name: os_nova scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_nova - version: 8aacdd01ad98d82b3b817895d39af44b3a862847 + version: b1066d20502a29c4ec33fb9e5a8307201f7530cb +- name: os_octavia + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_octavia + version: 5fd1fbae703c17f928cfc00f60aeeed0500c6f2b - name: os_rally scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_rally - version: 1410d71f60aa354259fa11d9dddfe4ed743177ab + version: b2658fb704fd3a1e8bce794b8bf87ac83931aa46 - name: os_sahara scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_sahara - version: 5e29921df9cc7d3ba2a89b0d6cdddcf02553c423 + version: e3e4f1bc8d72dd6fb7e26b8d0d364f9a60e16b0f - name: os_swift scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_swift - version: 70c3795215b5b3ea90090ffd99381c97bc45be80 + version: 65a330b0bc96fb88b7b34082f40f47e432948f34 - name: os_tacker scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tacker - version: c6a563731b4482a28b7a01982252d79f52fe586b + version: cad6a9033e519f03d97a91911ea981b17f1a7eed - name: os_tempest scm: git src: https://git.openstack.org/openstack/openstack-ansible-os_tempest - version: 5934f81385870cc836f7d1cd84b8dbc6a97cedad + version: 0fb52fcd130bee25f40cd515da69948821d5b504 +- name: os_trove + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_trove + version: 6596f6b28c88a88c89e293ea8f5f8551eb491fd1 - name: plugins scm: git src: https://git.openstack.org/openstack/openstack-ansible-plugins - version: 9ce61bdc6cb537c2377e95da1c3bfc9e837c9784 + version: 91ec1736393ff40ac8062180daed0c0027c2549a - name: rabbitmq_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server - version: 3d1de52f75c08b3265d2b35c56c9217d60c2c840 + version: fa80dfc0f8129e02f3f3b34bb7205889d3e5696c - name: repo_build scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_build - version: 6d00b7d6f431fc8706be81e1089ee351d2172e48 + version: d0079ff721b0f9c4682d57eccfadb36f365eea2b - name: repo_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-repo_server - version: 860ff80b348f1c9e93745da55b1df69d05283afb + version: 8302adcb11cad4e6245fd6bd1bbb4db08d3b60e9 - name: rsyslog_client scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client - version: 5f5275720d13bd22945348751131c39877b731ab + version: f41638370114412b97c6523b4c626ca70f0337f4 - name: rsyslog_server scm: git src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server - version: a7d4b0df2e9ed3c2a1414613e96c7c9db0f2db60 + version: 61a3ab251f63c6156f2a6604ee1a822070e19c90 - name: sshd scm: git src: https://github.com/willshersystems/ansible-sshd - version: 0.4.5 + version: 0.5.1 - name: bird scm: git src: https://github.com/logan2211/ansible-bird - version: '1.2' + version: '1.4' - name: etcd scm: git src: https://github.com/logan2211/ansible-etcd - version: '1.2' + version: '1.3' - name: unbound scm: git src: https://github.com/logan2211/ansible-unbound - version: '1.3' + version: '1.5' - name: resolvconf scm: git src: https://github.com/logan2211/ansible-resolvconf - version: '1.2' -- name: os_designate + version: '1.3' +- name: ceph-defaults scm: git - src: https://git.openstack.org/openstack/openstack-ansible-os_designate - version: fc4f0fb40197954c96f486f4ebbd679162b27a6d -- name: ceph.ceph-common + src: https://github.com/ceph/ansible-ceph-defaults + version: v3.0.8 +- name: ceph-common scm: git src: https://github.com/ceph/ansible-ceph-common - version: v2.2.4 -- name: ceph.ceph-docker-common + version: v3.0.8 +- name: ceph-config scm: git - src: https://github.com/ceph/ansible-ceph-docker-common - version: ca86fd0ef6d24aa2c750a625acdcb8012c374aa0 + src: https://github.com/ceph/ansible-ceph-config + version: v3.0.8 - name: ceph-mon scm: git src: https://github.com/ceph/ansible-ceph-mon - version: v2.2.4 + version: v3.0.8 +- name: ceph-mgr + scm: git + src: https://github.com/ceph/ansible-ceph-mgr + version: v3.0.8 - name: ceph-osd scm: git src: https://github.com/ceph/ansible-ceph-osd - version: v2.2.4 + version: v3.0.8 diff --git a/compass-tasks/tacker_conf/haproxy_config.yml b/compass-tasks/tacker_conf/haproxy_config.yml deleted file mode 100644 index bbac6d7..0000000 --- a/compass-tasks/tacker_conf/haproxy_config.yml +++ /dev/null @@ -1,285 +0,0 @@ -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -haproxy_default_services: - - service: - haproxy_service_name: galera - haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected - haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 3306 - haproxy_balance_type: tcp - haproxy_timeout_client: 5000s - haproxy_timeout_server: 5000s - haproxy_backend_options: - - "mysql-check user {{ galera_monitoring_user }}" - haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}" - - service: - haproxy_service_name: repo_git - haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 9418 - haproxy_balance_type: tcp - haproxy_backend_options: - - tcp-check - haproxy_whitelist_networks: "{{ haproxy_repo_git_whitelist_networks }}" - - service: - haproxy_service_name: repo_all - haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: 8181 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: repo_cache - haproxy_backend_nodes: "{{ [groups['repo_all'][0]] | default([]) }}" # list expected - haproxy_backup_nodes: "{{ groups['repo_all'][1:] | default([]) }}" - haproxy_bind: "{{ [internal_lb_vip_address] }}" - haproxy_port: "{{ repo_pkg_cache_port }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /acng-report.html" - haproxy_whitelist_networks: "{{ haproxy_repo_cache_whitelist_networks }}" - - service: - haproxy_service_name: glance_api - haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9292 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - - service: - haproxy_service_name: glance_registry - haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9191 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - haproxy_whitelist_networks: "{{ haproxy_glance_registry_whitelist_networks }}" - - service: - haproxy_service_name: gnocchi - haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}" - haproxy_port: 8041 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - - service: - haproxy_service_name: heat_api_cfn - haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}" - haproxy_port: 8000 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: heat_api_cloudwatch - haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}" - haproxy_port: 8003 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: heat_api - haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}" - haproxy_port: 8004 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: keystone_service - haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" - haproxy_port: 5000 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: "http" - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: keystone_admin - haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" - haproxy_port: 35357 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: "http" - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_whitelist_networks: "{{ haproxy_keystone_admin_whitelist_networks }}" - - service: - haproxy_service_name: neutron_server - haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" - haproxy_port: 9696 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: nova_api_metadata - haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}" - haproxy_port: 8775 - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}" - - service: - haproxy_service_name: nova_api_os_compute - haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8774 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: nova_api_placement - haproxy_backend_nodes: "{{ groups['nova_api_placement'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8780 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: nova_console - haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: "{{ nova_console_port }}" - haproxy_balance_type: http - haproxy_timeout_client: 60m - haproxy_timeout_server: 60m - haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_backend_httpcheck_options: - - "expect status 404" - - service: - haproxy_service_name: cinder_api - haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8776 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: horizon - haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_ssl_all_vips: true - haproxy_port: "{{ haproxy_ssl | ternary(443,80) }}" - haproxy_backend_port: 80 - haproxy_redirect_http_port: 80 - haproxy_balance_type: http - haproxy_balance_alg: source - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: sahara_api - haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_alg: source - haproxy_port: 8386 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - - service: - haproxy_service_name: swift_proxy - haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_balance_alg: source - haproxy_port: 8080 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk /healthcheck" - - service: - haproxy_service_name: ceilometer_api - haproxy_backend_nodes: "{{ groups['ceilometer_api_container'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8777 - haproxy_balance_type: tcp - haproxy_backend_options: - - tcp-check - - service: - haproxy_service_name: aodh_api - haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8042 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_backend_httpcheck_options: - - "expect status 401" - - service: - haproxy_service_name: ironic_api - haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 6385 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /" - - service: - haproxy_service_name: rabbitmq_mgmt - haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 15672 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}" - - service: - haproxy_service_name: magnum - haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9511 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk GET /" - - service: - haproxy_service_name: trove - haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 8779 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - - service: - haproxy_service_name: barbican - haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9311 - haproxy_balance_type: http - haproxy_backend_options: - - "httpchk HEAD /" - haproxy_backend_httpcheck_options: - - "expect status 401" - - service: - haproxy_service_name: designate_api - haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9001 - haproxy_balance_type: http - haproxy_backend_options: - - "forwardfor" - - "httpchk /versions" - - "httplog" - - service: - haproxy_service_name: tacker - haproxy_backend_nodes: "{{ groups['tacker_all'] | default([]) }}" - haproxy_ssl: "{{ haproxy_ssl }}" - haproxy_port: 9890 - haproxy_balance_type: http - haproxy_backend_options: - - "forwardfor" - - "httpchk" - - "httplog" diff --git a/compass-tasks/tacker_conf/openstack_services.yml b/compass-tasks/tacker_conf/openstack_services.yml index 5a772e5..a451f9e 100644 --- a/compass-tasks/tacker_conf/openstack_services.yml +++ b/compass-tasks/tacker_conf/openstack_services.yml @@ -31,198 +31,195 @@ ## Global Requirements requirements_git_repo: https://git.openstack.org/openstack/requirements -requirements_git_install_branch: 90094c5d578ecfc4ab1e9f38a86bca5b615a3527 # HEAD of "stable/ocata" as of 15.05.2017 -requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}" +requirements_git_install_branch: e7e310f1f355f2ad06528e469c0bd94d7fbc6955 # HEAD of "stable/pike" as of 30.11.2017 ## Aodh service aodh_git_repo: https://git.openstack.org/openstack/aodh -aodh_git_install_branch: 5c6b46ecc85743798c04b2d5fd094a0e9ef661a7 # HEAD of "stable/ocata" as of 15.05.2017 -aodh_git_dest: "/opt/aodh_{{ aodh_git_install_branch | replace('/', '_') }}" +aodh_git_install_branch: ed3ce41fa0ae0173601b683748265e502b84553b # HEAD of "stable/pike" as of 30.11.2017 aodh_git_project_group: aodh_all ## Barbican service barbican_git_repo: https://git.openstack.org/openstack/barbican -barbican_git_install_branch: b04aa152843d9cda3b11e8736e740c71fd798d0f # HEAD of "stable/ocata" as of 15.05.2017 -barbican_git_dest: "/opt/barbican_{{ barbican_git_install_branch | replace('/', '_') }}" +barbican_git_install_branch: 4aefe87d91715adf4a0bc3871956404ebe312fe3 # HEAD of "stable/pike" as of 30.11.2017 barbican_git_project_group: barbican_all ## Ceilometer service ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer -ceilometer_git_install_branch: c25e934b8c48b00889f8fa6bb3e5bcb9591df618 # HEAD of "stable/ocata" as of 15.05.2017 -ceilometer_git_dest: "/opt/ceilometer_{{ceilometer_git_install_branch | replace('/', '_') }}" +ceilometer_git_install_branch: d9340c88f0618d40b2959ab09a53c518f3a91de5 # HEAD of "stable/pike" as of 30.11.2017 ceilometer_git_project_group: ceilometer_all ## Cinder service cinder_git_repo: https://git.openstack.org/openstack/cinder -cinder_git_install_branch: 501485b25087ff398986aedbbdb893741f8aabae # HEAD of "stable/ocata" as of 15.05.2017 -cinder_git_dest: "/opt/cinder_{{ cinder_git_install_branch | replace('/', '_') }}" +cinder_git_install_branch: 7bcb2ff94cf38eaa9def1115569981760e36510c # HEAD of "stable/pike" as of 30.11.2017 cinder_git_project_group: cinder_all ## Designate service designate_git_repo: https://git.openstack.org/openstack/designate -designate_git_install_branch: 021aa52325c2b58be6317a014cb3fd44be02f29f # HEAD of "stable/ocata" as of 15.05.2017 -designate_git_dest: "/opt/designate_{{ designate_git_install_branch | replace('/', '_') }}" +designate_git_install_branch: 6beba54a71510525d5bbc4956d20d27bffa982e5 # HEAD of "stable/pike" as of 30.11.2017 designate_git_project_group: designate_all ## Horizon Designate dashboard plugin designate_dashboard_git_repo: https://git.openstack.org/openstack/designate-dashboard -designate_dashboard_git_install_branch: fb8108354937ef6d3a1bb389481af79681f7c5b3 # HEAD of "stable/ocata" as of 15.05.2017 -designate_dashboard_git_dest: "/opt/designate_dashboard_{{ designate_dashboard_git_install_branch | replace('/', '_') }}" +designate_dashboard_git_install_branch: bc128a7c29a427933fc4ca94a7510ef8c97e5206 # HEAD of "stable/pike" as of 30.11.2017 designate_dashboard_git_project_group: horizon_all ## Dragonflow service dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow -dragonflow_git_install_branch: b72ffa06721faf95f42c9702f60a9acc3a7d8b61 # HEAD of "stable/ocata" as of 15.05.2017 -dragonflow_git_dest: "/opt/dragonflow_{{ dragonflow_git_install_branch | replace('/', '_') }}" +dragonflow_git_install_branch: 84f1a26ff8e976b753593dc445e09a4c1a675a21 # Frozen HEAD of "master" as of 14.10.2017 (no stable/pike branch) dragonflow_git_project_group: neutron_all ## Glance service glance_git_repo: https://git.openstack.org/openstack/glance -glance_git_install_branch: 57c4d7d78f37e840660719b944ebabe91cbf231b # HEAD of "stable/ocata" as of 15.05.2017 -glance_git_dest: "/opt/glance_{{ glance_git_install_branch | replace('/', '_') }}" +glance_git_install_branch: 06af2eb5abe0332f7035a7d7c2fbfd19fbc4dae7 # HEAD of "stable/pike" as of 30.11.2017 glance_git_project_group: glance_all ## Heat service heat_git_repo: https://git.openstack.org/openstack/heat -heat_git_install_branch: fe6ae385bc7bba77864b32061600ac40b24f2a10 # HEAD of "stable/ocata" as of 15.05.2017 -heat_git_dest: "/opt/heat_{{ heat_git_install_branch | replace('/', '_') }}" +heat_git_install_branch: ed3eb9fe823e193e850e170405eecbc1411667f6 # HEAD of "stable/pike" as of 30.11.2017 heat_git_project_group: heat_all ## Horizon service horizon_git_repo: https://git.openstack.org/openstack/horizon -horizon_git_install_branch: 2684552f09ee5d597a507833cf232f0f9d48d9b1 # HEAD of "stable/ocata" as of 15.05.2017 -horizon_git_dest: "/opt/horizon_{{ horizon_git_install_branch | replace('/', '_') }}" +horizon_git_install_branch: 8b98b9bec432e40d121cc4a3ed6abea5da701a84 # HEAD of "stable/pike" as of 30.11.2017 horizon_git_project_group: horizon_all ## Horizon Ironic dashboard plugin ironic_dashboard_git_repo: https://git.openstack.org/openstack/ironic-ui -ironic_dashboard_git_install_branch: 6a0cdbff587df20ae913ca7f0d434ad8381b761c # HEAD of "stable/ocata" as of 15.05.2017 -ironic_dashboard_git_dest: "/opt/ironic_dashboard_{{ ironic_dashboard_git_install_branch | replace('/', '_') }}" +ironic_dashboard_git_install_branch: e2cba8ed8745b8ffcaa60d26ab69fd93f61582ad # HEAD of "stable/pike" as of 30.11.2017 ironic_dashboard_git_project_group: horizon_all ## Horizon Magnum dashboard plugin magnum_dashboard_git_repo: https://git.openstack.org/openstack/magnum-ui -magnum_dashboard_git_install_branch: db3bfff643ceb9353c7c0cafdd4e15e0fcf01fb1 # HEAD of "stable/ocata" as of 15.05.2017 -magnum_dashboard_git_dest: "/opt/magnum_dashboard_{{ magnum_dashboard_git_install_branch | replace('/', '_') }}" +magnum_dashboard_git_install_branch: 0b9fc50aada1a3e214acaad1204b48c96a549e5f # HEAD of "stable/pike" as of 30.11.2017 magnum_dashboard_git_project_group: horizon_all ## Horizon LBaaS dashboard plugin neutron_lbaas_dashboard_git_repo: https://git.openstack.org/openstack/neutron-lbaas-dashboard -neutron_lbaas_dashboard_git_install_branch: 3653432bb8287fa0ec1248d866e4717b90ab824b # HEAD of "stable/ocata" as of 15.05.2017 -neutron_lbaas_dashboard_git_dest: "/opt/neutron_lbaas_dashboard_{{ neutron_lbaas_dashboard_git_install_branch | replace('/', '_') }}" +neutron_lbaas_dashboard_git_install_branch: a5a05a27e7cab99dc379774f1d01c0076818e539 # HEAD of "stable/pike" as of 30.11.2017 neutron_lbaas_dashboard_git_project_group: horizon_all ## Horizon Sahara dashboard plugin sahara_dashboard_git_repo: https://git.openstack.org/openstack/sahara-dashboard -sahara_dashboard_git_install_branch: 5270e94b168b3c20e5c787a3f43d44b7e101c448 # HEAD of "stable/ocata" as of 15.05.2017 -sahara_dashboard_git_dest: "/opt/sahara_dashboard_{{ sahara_dashboard_git_install_branch | replace('/', '_') }}" +sahara_dashboard_git_install_branch: 804206bb9c8af5c1d4f540664a6f9b36d45696e6 # HEAD of "stable/pike" as of 30.11.2017 sahara_dashboard_git_project_group: horizon_all ## Keystone service keystone_git_repo: https://git.openstack.org/openstack/keystone -keystone_git_install_branch: 955fd6ca3758e217d9d98480852e0014dc11e988 # HEAD of "stable/ocata" as of 15.05.2017 -keystone_git_dest: "/opt/keystone_{{ keystone_git_install_branch | replace('/', '_') }}" +keystone_git_install_branch: d0721d7cf4dc808946a7016b0ca2830c8850d5d9 # HEAD of "stable/pike" as of 30.11.2017 keystone_git_project_group: keystone_all ## Neutron service neutron_git_repo: https://git.openstack.org/openstack/neutron -neutron_git_install_branch: 515a2ff4ce3239f6a077d8b07ff80544023f0631 # HEAD of "stable/ocata" as of 15.05.2017 -neutron_git_dest: "/opt/neutron_{{ neutron_git_install_branch | replace('/', '_') }}" +neutron_git_install_branch: b1f71de42ead2c1278343307307984ad1ff00c71 # HEAD of "stable/pike" as of 30.11.2017 neutron_git_project_group: neutron_all neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas -neutron_lbaas_git_install_branch: 674e3604a6285655f2dc7f2949629cc4de06bbf4 # HEAD of "stable/ocata" as of 15.05.2017 -neutron_lbaas_git_dest: "/opt/neutron_lbaas_{{ neutron_lbaas_git_install_branch | replace('/', '_') }}" +neutron_lbaas_git_install_branch: dbdbbee9e7325f27a671cdc0813446d85329ca1b # HEAD of "stable/pike" as of 30.11.2017 neutron_lbaas_git_project_group: neutron_all neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas -neutron_vpnaas_git_install_branch: 4a639ac09ccfc7573452d0ac9d189d934c169d34 # HEAD of "stable/ocata" as of 15.05.2017 -neutron_vpnaas_git_dest: "/opt/neutron_vpnaas_{{ neutron_vpnaas_git_install_branch | replace('/', '_') }}" +neutron_vpnaas_git_install_branch: 60e4e7113b5fbbf28e97ebce2f40b7f1675200e6 # HEAD of "stable/pike" as of 30.11.2017 neutron_vpnaas_git_project_group: neutron_all neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas -neutron_fwaas_git_install_branch: 3301972f46d877d0f68d9cf7f9246e0df897a91e # HEAD of "stable/ocata" as of 15.05.2017 -neutron_fwaas_git_dest: "/opt/neutron_fwaas_{{ neutron_fwaas_git_install_branch | replace('/', '_') }}" +neutron_fwaas_git_install_branch: c2bafa999f7ea45687d5a3d42739e465564e99d1 # HEAD of "stable/pike" as of 30.11.2017 neutron_fwaas_git_project_group: neutron_all neutron_dynamic_routing_git_repo: https://git.openstack.org/openstack/neutron-dynamic-routing -neutron_dynamic_routing_git_install_branch: da877412200e460fca34edaf56f84286557bd486 # HEAD of "stable/ocata" as of 15.05.2017 -neutron_dynamic_routing_git_dest: "/opt/neutron_dynamic_routing_{{ neutron_dynamic_routing_git_install_branch | replace('/', '_') }}" +neutron_dynamic_routing_git_install_branch: 9098d4447581117e857d2f86fb4a0508b5ffbb6a # HEAD of "stable/pike" as of 30.11.2017 neutron_dynamic_routing_git_project_group: neutron_all +networking_calico_git_repo: https://git.openstack.org/openstack/networking-calico +networking_calico_git_install_branch: 9688df1a3d1d8b3fd9ba367e82fe6b0559416728 # HEAD of "master" as of 30.11.2017 +networking_calico_git_project_group: neutron_all + +networking_odl_git_repo: https://git.openstack.org/openstack/networking-odl +networking_odl_git_install_branch: 319c51183fde4c189d310ff252248f3632c8c9df # HEAD of "master" as of 29.10.2017 +networking_odl_git_project_group: neutron_all ## Nova service nova_git_repo: https://git.openstack.org/openstack/nova -nova_git_install_branch: 506465a027dd1ba1c90949dc58297edae32da7e4 # HEAD of "stable/ocata" as of 15.05.2017 -nova_git_dest: "/opt/nova_{{ nova_git_install_branch | replace('/', '_') }}" +nova_git_install_branch: ec20e1aca856cf1f31d0212bda3e494bb8622aad # HEAD of "stable/pike" as of 30.11.2017 nova_git_project_group: nova_all ## PowerVM Virt Driver nova_powervm_git_repo: https://git.openstack.org/openstack/nova-powervm -nova_powervm_git_install_branch: 53a5c75a0db38b606f51a53fd159b7ffab7c3a33 # HEAD of "stable/ocata" as of 15.05.2017 -nova_powervm_git_dest: "/opt/nova_powervm_{{ nova_powervm_git_install_branch | replace('/', '_') }}" -nova_powervm_git_project_group: nova_compute +nova_powervm_git_install_branch: e0b516ca36fa5dfd38ae6f7ea97afd9a52f313ed # HEAD of "stable/pike" as of 30.11.2017 +nova_powervm_git_project_group: nova_all ## LXD Virt Driver nova_lxd_git_repo: https://git.openstack.org/openstack/nova-lxd -nova_lxd_git_install_branch: ed05fa417c4a78970dd5bdcdd3e1922f3c07f0ac # HEAD of "stable/ocata" as of 15.05.2017 -nova_lxd_git_dest: "/opt/nova_lxd_{{ nova_lxd_git_install_branch | replace('/', '_') }}" -nova_lxd_git_project_group: nova_compute +nova_lxd_git_install_branch: 9747c274138d9ef40512d5015e9e581f6bbec5d9 # HEAD of "stable/pike" as of 30.11.2017 +nova_lxd_git_project_group: nova_all ## Sahara service sahara_git_repo: https://git.openstack.org/openstack/sahara -sahara_git_install_branch: 5241340d3e668bcb3b0e9f09c38afdc21e6c136d # HEAD of "stable/ocata" as of 15.05.2017 -sahara_git_dest: "/opt/sahara_{{ sahara_git_install_branch | replace('/', '_') }}" +sahara_git_install_branch: 3ee0da5ea09904125c44e1f9d1a9b83554b1a1cd # HEAD of "stable/pike" as of 30.11.2017 sahara_git_project_group: sahara_all ## Swift service swift_git_repo: https://git.openstack.org/openstack/swift -swift_git_install_branch: 177fca2b3a6a7a6e17e20d161c23ac8a10500939 # HEAD of "stable/ocata" as of 15.05.2017 -swift_git_dest: "/opt/swift_{{ swift_git_install_branch | replace('/', '_') }}" +swift_git_install_branch: 0344d6eb5afc723adc7bacf4b4e2aaf04da47548 # HEAD of "stable/pike" as of 30.11.2017 swift_git_project_group: swift_all +## Swift3 middleware +swift_swift3_git_repo: https://git.openstack.org/openstack/swift3 +swift_swift3_git_install_branch: 1fb6a30ee59a16cd4b6c49bab963ff9e3f974580 # HEAD of "master" as of 30.11.2017 +swift_swift3_git_project_group: swift_all + + ## Ironic service ironic_git_repo: https://git.openstack.org/openstack/ironic -ironic_git_install_branch: ed2f6cea892ccb2a1343dd935ad279de8fd3a471 # HEAD of "stable/ocata" as of 15.05.2017 -ironic_git_dest: "/opt/ironic_{{ ironic_git_install_branch | replace('/', '_') }}" +ironic_git_install_branch: 47179d9fca337f32324f8e8a68541358fdac8649 # HEAD of "stable/pike" as of 30.11.2017 ironic_git_project_group: ironic_all ## Magnum service magnum_git_repo: https://git.openstack.org/openstack/magnum -magnum_git_install_branch: 1a685113d8df479c56ad85aa001930f6b8f1e2dd # HEAD of "stable/ocata" as of 15.05.2017 -magnum_git_dest: "/opt/magnum_{{ magnum_git_install_branch | replace('/', '_') }}" +magnum_git_install_branch: c58b727bec3561d8d283497d784a3437185924dd # HEAD of "stable/pike" as of 30.11.2017 magnum_git_project_group: magnum_all ## Trove service trove_git_repo: https://git.openstack.org/openstack/trove -trove_git_install_branch: ca0a1128f91aa5f54b9f57fedf2f5db4b6f82e20 # HEAD of "stable/ocata" as of 15.05.2017 -trove_git_dest: "/opt/trove_{{ trove_git_install_branch | replace('/', '_') }}" +trove_git_install_branch: e6d4b4b3fe1768348c9df815940b97cecb5e7ee2 # HEAD of "stable/pike" as of 30.11.2017 trove_git_project_group: trove_all ## Horizon Trove dashboard plugin trove_dashboard_git_repo: https://git.openstack.org/openstack/trove-dashboard -trove_dashboard_git_install_branch: 5fd256e58219074b55cc9474a74516105787ac03 # HEAD of "stable/ocata" as of 15.05.2017 -trove_dashboard_git_dest: "/opt/trove_dashboard_{{ trove_dashboard_git_install_branch | replace('/', '_') }}" +trove_dashboard_git_install_branch: bffd0776d139f38f96ce8ded07ccde4b5a41bc7a # HEAD of "stable/pike" as of 30.11.2017 trove_dashboard_git_project_group: horizon_all +## Octavia service +octavia_git_repo: https://git.openstack.org/openstack/octavia +octavia_git_install_branch: d2fad0b6544a4893f72e2e993292b0379a452515 # HEAD of "stable/pike" as of 30.11.2017 +octavia_git_project_group: octavia_all + +## Molteniron service +molteniron_git_repo: https://git.openstack.org/openstack/molteniron +molteniron_git_install_branch: 094276cda77d814d07ad885e7d63de8d1243750a # HEAD of "master" as of 30.11.2017 +molteniron_git_project_group: molteniron_all + ## Tacker service tacker_git_repo: https://git.openstack.org/openstack/tacker -tacker_git_install_branch: a0f1e680d81c7db66ae7a2a08c3d069901d0765a # HEAD of "ocata" as of 04.09.2017 +tacker_git_install_branch: 90f5374f73ea8dd5f41c9ca8f2ed447d5a37285a # HEAD of "pike" as of 07.09.2017 tacker_git_project_group: tacker_all + +networking_sfc_git_repo: https://git.openstack.org/openstack/networking-sfc +networking_sfc_git_install_branch: 4f98a7bb28bee3d4044b2c8af942e2df42c6752b # HEAD of "master" as of 16.10.2017 +networking_sfc_git_project_group: tacker_all diff --git a/compass-tasks/tacker_conf/setup-openstack.yml b/compass-tasks/tacker_conf/setup-openstack.yml deleted file mode 100644 index d32eb15..0000000 --- a/compass-tasks/tacker_conf/setup-openstack.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: os-keystone-install.yml -- include: os-barbican-install.yml -- include: os-glance-install.yml -- include: os-cinder-install.yml -- include: os-nova-install.yml -- include: os-neutron-install.yml -- include: os-heat-install.yml -- include: os-horizon-install.yml -- include: os-ceilometer-install.yml -- include: os-aodh-install.yml -- include: os-designate-install.yml -#NOTE(stevelle) Ensure Gnocchi identities exist before Swift -- include: os-gnocchi-install.yml - when: - - gnocchi_storage_driver is defined - - gnocchi_storage_driver == 'swift' - vars: - gnocchi_identity_only: True -- include: os-swift-install.yml -- include: os-gnocchi-install.yml -- include: os-ironic-install.yml -- include: os-magnum-install.yml -- include: os-trove-install.yml -- include: os-sahara-install.yml -- include: os-tacker-install.yml -- include: os-tempest-install.yml - when: (tempest_install | default(False)) | bool or (tempest_run | default(False)) | bool - diff --git a/compass-tasks/tacker_conf/user_secrets.yml b/compass-tasks/tacker_conf/user_secrets.yml index b5a5796..05832ec 100644 --- a/compass-tasks/tacker_conf/user_secrets.yml +++ b/compass-tasks/tacker_conf/user_secrets.yml @@ -103,6 +103,12 @@ nova_placement_container_mysql_password: # LXD Options for nova compute lxd_trust_password: +## Octavia Options +octavia_container_mysql_password: +octavia_service_password: +octavia_health_hmac_key: +octavia_rabbitmq_password: + ## Sahara Options sahara_container_mysql_password: sahara_rabbitmq_password: @@ -135,7 +141,6 @@ trove_galera_password: trove_rabbitmq_password: trove_service_password: trove_admin_user_password: -trove_regular_user_password: trove_taskmanager_rpc_encr_key: trove_inst_rpc_key_encr_key: @@ -149,6 +154,9 @@ designate_galera_password: designate_rabbitmq_password: designate_service_password: +## Molteniron Options: +molteniron_container_mysql_password: + # Tacker options tacker_rabbitmq_password: tacker_service_password: |