diff options
Diffstat (limited to 'compass-tasks/tacker_conf')
-rw-r--r-- | compass-tasks/tacker_conf/ansible-role-requirements.yml | 192 | ||||
-rw-r--r-- | compass-tasks/tacker_conf/haproxy_config.yml | 285 | ||||
-rw-r--r-- | compass-tasks/tacker_conf/openstack_services.yml | 228 | ||||
-rw-r--r-- | compass-tasks/tacker_conf/os-tacker-install.yml | 63 | ||||
-rw-r--r-- | compass-tasks/tacker_conf/setup-openstack.yml | 43 | ||||
-rw-r--r-- | compass-tasks/tacker_conf/tacker.yml | 36 | ||||
-rw-r--r-- | compass-tasks/tacker_conf/tacker_all.yml | 46 | ||||
-rw-r--r-- | compass-tasks/tacker_conf/user_secrets.yml | 155 |
8 files changed, 1048 insertions, 0 deletions
diff --git a/compass-tasks/tacker_conf/ansible-role-requirements.yml b/compass-tasks/tacker_conf/ansible-role-requirements.yml new file mode 100644 index 0000000..40e0f91 --- /dev/null +++ b/compass-tasks/tacker_conf/ansible-role-requirements.yml @@ -0,0 +1,192 @@ +- name: apt_package_pinning + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + version: d5c0d7e8d21fc1539cc043097e23851296e2dd95 +- name: pip_install + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + version: e142f5642646449d98cd65d8fd0690907c403801 +- name: galera_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + version: 1d3cdcd33c75a668ac3be046ac53fe1842780058 +- name: galera_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + version: e47877adc99bf64b900c83056716dfc09f2bcc0b +- name: ceph_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-ceph_client + version: d1b30ae7b660acbb4f9d6e4f4ab702581c6748d9 +- name: haproxy_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-haproxy_server + version: ffba50ecf0c99f41d1d5a1195268a2c23c38f89f +- name: keepalived + scm: git + src: https://github.com/evrardjp/ansible-keepalived + version: 2.6.0 +- name: lxc_container_create + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + version: 540bd82f8ded168ccab25a4a762a5a88e5a4ecbd +- name: lxc_hosts + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + version: 73a62894aa26e4b63bb69336411209fc0df6abb2 +- name: memcached_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + version: ddd1dc402b7c825265a9e59483272f2dfcd65a93 +- name: openstack-ansible-security + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-security + version: c58c839f9cc9fcb75d32fc8de00b4f27add36661 +- name: openstack_hosts + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + version: 1ba80641ed5c4d55a41906e9d37df10b9fd720ee +- name: os_keystone + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + version: 600e0e58102ccbdd082b5c90237cb7d27c63e5fa +- name: openstack_openrc + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc + version: dfdf65b3db7c6240fa173a3a62af4e5028023626 +- name: os_aodh + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_aodh + version: a1ec96ee54d7b8c7fd24f1148545d3556a0a8b5b +- name: os_barbican + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_barbican + version: 2d087176610c712f51dec8722b6129e648b149e2 +- name: os_ceilometer + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer + version: 1d709bd6eace68bfd7fb7d1e52df8d5b6f28810b +- name: os_cinder + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_cinder + version: 66542db4c7045dc559a1b3e6bd293ca28e09c34e +- name: os_glance + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_glance + version: 79d6b78e894715ba3a17b50cc18917b251025069 +- name: os_gnocchi + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_gnocchi + version: 5932746fe1717ef2798b46c374c268945f34814e +- name: os_heat + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_heat + version: cbe917fefeb90c506e1c73c31b9a1d00fbf9beff +- name: os_horizon + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_horizon + version: 25435372547d217116dd4ba10b5d0e8c39307b52 +- name: os_ironic + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_ironic + version: 4110fca2b9e1c6a1698b9be9797253db4a1cad2e +- name: os_magnum + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_magnum + version: f452cc54d1b3240f81a82fd110a467cd996a3331 +- name: os_trove + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_trove + version: 51b38916ad99f3ffbc1723a7d97f9034b4c02dc4 +- name: os_neutron + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_neutron + version: 4b43221adae78627d8035cd82e791662821a461c +- name: os_nova + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_nova + version: 8aacdd01ad98d82b3b817895d39af44b3a862847 +- name: os_rally + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_rally + version: 1410d71f60aa354259fa11d9dddfe4ed743177ab +- name: os_sahara + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_sahara + version: 5e29921df9cc7d3ba2a89b0d6cdddcf02553c423 +- name: os_swift + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_swift + version: 70c3795215b5b3ea90090ffd99381c97bc45be80 +- name: os_tacker + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_tacker + version: c6a563731b4482a28b7a01982252d79f52fe586b +- name: os_tempest + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_tempest + version: 5934f81385870cc836f7d1cd84b8dbc6a97cedad +- name: plugins + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-plugins + version: 9ce61bdc6cb537c2377e95da1c3bfc9e837c9784 +- name: rabbitmq_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + version: 3d1de52f75c08b3265d2b35c56c9217d60c2c840 +- name: repo_build + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-repo_build + version: 6d00b7d6f431fc8706be81e1089ee351d2172e48 +- name: repo_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-repo_server + version: 860ff80b348f1c9e93745da55b1df69d05283afb +- name: rsyslog_client + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client + version: 5f5275720d13bd22945348751131c39877b731ab +- name: rsyslog_server + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server + version: a7d4b0df2e9ed3c2a1414613e96c7c9db0f2db60 +- name: sshd + scm: git + src: https://github.com/willshersystems/ansible-sshd + version: 0.4.5 +- name: bird + scm: git + src: https://github.com/logan2211/ansible-bird + version: '1.2' +- name: etcd + scm: git + src: https://github.com/logan2211/ansible-etcd + version: '1.2' +- name: unbound + scm: git + src: https://github.com/logan2211/ansible-unbound + version: '1.3' +- name: resolvconf + scm: git + src: https://github.com/logan2211/ansible-resolvconf + version: '1.2' +- name: os_designate + scm: git + src: https://git.openstack.org/openstack/openstack-ansible-os_designate + version: fc4f0fb40197954c96f486f4ebbd679162b27a6d +- name: ceph.ceph-common + scm: git + src: https://github.com/ceph/ansible-ceph-common + version: v2.2.4 +- name: ceph.ceph-docker-common + scm: git + src: https://github.com/ceph/ansible-ceph-docker-common + version: ca86fd0ef6d24aa2c750a625acdcb8012c374aa0 +- name: ceph-mon + scm: git + src: https://github.com/ceph/ansible-ceph-mon + version: v2.2.4 +- name: ceph-osd + scm: git + src: https://github.com/ceph/ansible-ceph-osd + version: v2.2.4 diff --git a/compass-tasks/tacker_conf/haproxy_config.yml b/compass-tasks/tacker_conf/haproxy_config.yml new file mode 100644 index 0000000..bbac6d7 --- /dev/null +++ b/compass-tasks/tacker_conf/haproxy_config.yml @@ -0,0 +1,285 @@ +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +haproxy_default_services: + - service: + haproxy_service_name: galera + haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected + haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 3306 + haproxy_balance_type: tcp + haproxy_timeout_client: 5000s + haproxy_timeout_server: 5000s + haproxy_backend_options: + - "mysql-check user {{ galera_monitoring_user }}" + haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}" + - service: + haproxy_service_name: repo_git + haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 9418 + haproxy_balance_type: tcp + haproxy_backend_options: + - tcp-check + haproxy_whitelist_networks: "{{ haproxy_repo_git_whitelist_networks }}" + - service: + haproxy_service_name: repo_all + haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 8181 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: repo_cache + haproxy_backend_nodes: "{{ [groups['repo_all'][0]] | default([]) }}" # list expected + haproxy_backup_nodes: "{{ groups['repo_all'][1:] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: "{{ repo_pkg_cache_port }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /acng-report.html" + haproxy_whitelist_networks: "{{ haproxy_repo_cache_whitelist_networks }}" + - service: + haproxy_service_name: glance_api + haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9292 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + - service: + haproxy_service_name: glance_registry + haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9191 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + haproxy_whitelist_networks: "{{ haproxy_glance_registry_whitelist_networks }}" + - service: + haproxy_service_name: gnocchi + haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}" + haproxy_port: 8041 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + - service: + haproxy_service_name: heat_api_cfn + haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}" + haproxy_port: 8000 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: heat_api_cloudwatch + haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}" + haproxy_port: 8003 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: heat_api + haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}" + haproxy_port: 8004 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: keystone_service + haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" + haproxy_port: 5000 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: "http" + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: keystone_admin + haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" + haproxy_port: 35357 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: "http" + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_whitelist_networks: "{{ haproxy_keystone_admin_whitelist_networks }}" + - service: + haproxy_service_name: neutron_server + haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" + haproxy_port: 9696 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: nova_api_metadata + haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}" + haproxy_port: 8775 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}" + - service: + haproxy_service_name: nova_api_os_compute + haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8774 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: nova_api_placement + haproxy_backend_nodes: "{{ groups['nova_api_placement'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8780 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: nova_console + haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: "{{ nova_console_port }}" + haproxy_balance_type: http + haproxy_timeout_client: 60m + haproxy_timeout_server: 60m + haproxy_balance_alg: source + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_backend_httpcheck_options: + - "expect status 404" + - service: + haproxy_service_name: cinder_api + haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8776 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: horizon + haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: true + haproxy_port: "{{ haproxy_ssl | ternary(443,80) }}" + haproxy_backend_port: 80 + haproxy_redirect_http_port: 80 + haproxy_balance_type: http + haproxy_balance_alg: source + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: sahara_api + haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_alg: source + haproxy_port: 8386 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + - service: + haproxy_service_name: swift_proxy + haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_alg: source + haproxy_port: 8080 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + - service: + haproxy_service_name: ceilometer_api + haproxy_backend_nodes: "{{ groups['ceilometer_api_container'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8777 + haproxy_balance_type: tcp + haproxy_backend_options: + - tcp-check + - service: + haproxy_service_name: aodh_api + haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8042 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_backend_httpcheck_options: + - "expect status 401" + - service: + haproxy_service_name: ironic_api + haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 6385 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /" + - service: + haproxy_service_name: rabbitmq_mgmt + haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 15672 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}" + - service: + haproxy_service_name: magnum + haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9511 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /" + - service: + haproxy_service_name: trove + haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8779 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: barbican + haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9311 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_backend_httpcheck_options: + - "expect status 401" + - service: + haproxy_service_name: designate_api + haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9001 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk /versions" + - "httplog" + - service: + haproxy_service_name: tacker + haproxy_backend_nodes: "{{ groups['tacker_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9890 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk" + - "httplog" diff --git a/compass-tasks/tacker_conf/openstack_services.yml b/compass-tasks/tacker_conf/openstack_services.yml new file mode 100644 index 0000000..5a772e5 --- /dev/null +++ b/compass-tasks/tacker_conf/openstack_services.yml @@ -0,0 +1,228 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +## NOTICE on items in this file: +## * If you use anything in the *._git_install_branch field that is not a TAG +## make sure to leave an in-line comment as to "why". + +## For the sake of anyone else editing this file: +## * If you add services to this file please do so in alphabetical order. +## * Every entry should be name spaced with the name of the client followed by an "_" +## * All items with this file should be separated by `name_` note that the name of the +## package should be one long name with no additional `_` separating it. + + +### Before this is shipped all of these services should have a tag set as the branch, +### or have a comment / reason attached to them as to why a tag can not work. + + +## Global Requirements +requirements_git_repo: https://git.openstack.org/openstack/requirements +requirements_git_install_branch: 90094c5d578ecfc4ab1e9f38a86bca5b615a3527 # HEAD of "stable/ocata" as of 15.05.2017 +requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}" + + +## Aodh service +aodh_git_repo: https://git.openstack.org/openstack/aodh +aodh_git_install_branch: 5c6b46ecc85743798c04b2d5fd094a0e9ef661a7 # HEAD of "stable/ocata" as of 15.05.2017 +aodh_git_dest: "/opt/aodh_{{ aodh_git_install_branch | replace('/', '_') }}" +aodh_git_project_group: aodh_all + + +## Barbican service +barbican_git_repo: https://git.openstack.org/openstack/barbican +barbican_git_install_branch: b04aa152843d9cda3b11e8736e740c71fd798d0f # HEAD of "stable/ocata" as of 15.05.2017 +barbican_git_dest: "/opt/barbican_{{ barbican_git_install_branch | replace('/', '_') }}" +barbican_git_project_group: barbican_all + + +## Ceilometer service +ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer +ceilometer_git_install_branch: c25e934b8c48b00889f8fa6bb3e5bcb9591df618 # HEAD of "stable/ocata" as of 15.05.2017 +ceilometer_git_dest: "/opt/ceilometer_{{ceilometer_git_install_branch | replace('/', '_') }}" +ceilometer_git_project_group: ceilometer_all + + +## Cinder service +cinder_git_repo: https://git.openstack.org/openstack/cinder +cinder_git_install_branch: 501485b25087ff398986aedbbdb893741f8aabae # HEAD of "stable/ocata" as of 15.05.2017 +cinder_git_dest: "/opt/cinder_{{ cinder_git_install_branch | replace('/', '_') }}" +cinder_git_project_group: cinder_all + + +## Designate service +designate_git_repo: https://git.openstack.org/openstack/designate +designate_git_install_branch: 021aa52325c2b58be6317a014cb3fd44be02f29f # HEAD of "stable/ocata" as of 15.05.2017 +designate_git_dest: "/opt/designate_{{ designate_git_install_branch | replace('/', '_') }}" +designate_git_project_group: designate_all + + +## Horizon Designate dashboard plugin +designate_dashboard_git_repo: https://git.openstack.org/openstack/designate-dashboard +designate_dashboard_git_install_branch: fb8108354937ef6d3a1bb389481af79681f7c5b3 # HEAD of "stable/ocata" as of 15.05.2017 +designate_dashboard_git_dest: "/opt/designate_dashboard_{{ designate_dashboard_git_install_branch | replace('/', '_') }}" +designate_dashboard_git_project_group: horizon_all + + +## Dragonflow service +dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow +dragonflow_git_install_branch: b72ffa06721faf95f42c9702f60a9acc3a7d8b61 # HEAD of "stable/ocata" as of 15.05.2017 +dragonflow_git_dest: "/opt/dragonflow_{{ dragonflow_git_install_branch | replace('/', '_') }}" +dragonflow_git_project_group: neutron_all + + +## Glance service +glance_git_repo: https://git.openstack.org/openstack/glance +glance_git_install_branch: 57c4d7d78f37e840660719b944ebabe91cbf231b # HEAD of "stable/ocata" as of 15.05.2017 +glance_git_dest: "/opt/glance_{{ glance_git_install_branch | replace('/', '_') }}" +glance_git_project_group: glance_all + + +## Heat service +heat_git_repo: https://git.openstack.org/openstack/heat +heat_git_install_branch: fe6ae385bc7bba77864b32061600ac40b24f2a10 # HEAD of "stable/ocata" as of 15.05.2017 +heat_git_dest: "/opt/heat_{{ heat_git_install_branch | replace('/', '_') }}" +heat_git_project_group: heat_all + + +## Horizon service +horizon_git_repo: https://git.openstack.org/openstack/horizon +horizon_git_install_branch: 2684552f09ee5d597a507833cf232f0f9d48d9b1 # HEAD of "stable/ocata" as of 15.05.2017 +horizon_git_dest: "/opt/horizon_{{ horizon_git_install_branch | replace('/', '_') }}" +horizon_git_project_group: horizon_all + +## Horizon Ironic dashboard plugin +ironic_dashboard_git_repo: https://git.openstack.org/openstack/ironic-ui +ironic_dashboard_git_install_branch: 6a0cdbff587df20ae913ca7f0d434ad8381b761c # HEAD of "stable/ocata" as of 15.05.2017 +ironic_dashboard_git_dest: "/opt/ironic_dashboard_{{ ironic_dashboard_git_install_branch | replace('/', '_') }}" +ironic_dashboard_git_project_group: horizon_all + +## Horizon Magnum dashboard plugin +magnum_dashboard_git_repo: https://git.openstack.org/openstack/magnum-ui +magnum_dashboard_git_install_branch: db3bfff643ceb9353c7c0cafdd4e15e0fcf01fb1 # HEAD of "stable/ocata" as of 15.05.2017 +magnum_dashboard_git_dest: "/opt/magnum_dashboard_{{ magnum_dashboard_git_install_branch | replace('/', '_') }}" +magnum_dashboard_git_project_group: horizon_all + +## Horizon LBaaS dashboard plugin +neutron_lbaas_dashboard_git_repo: https://git.openstack.org/openstack/neutron-lbaas-dashboard +neutron_lbaas_dashboard_git_install_branch: 3653432bb8287fa0ec1248d866e4717b90ab824b # HEAD of "stable/ocata" as of 15.05.2017 +neutron_lbaas_dashboard_git_dest: "/opt/neutron_lbaas_dashboard_{{ neutron_lbaas_dashboard_git_install_branch | replace('/', '_') }}" +neutron_lbaas_dashboard_git_project_group: horizon_all + +## Horizon Sahara dashboard plugin +sahara_dashboard_git_repo: https://git.openstack.org/openstack/sahara-dashboard +sahara_dashboard_git_install_branch: 5270e94b168b3c20e5c787a3f43d44b7e101c448 # HEAD of "stable/ocata" as of 15.05.2017 +sahara_dashboard_git_dest: "/opt/sahara_dashboard_{{ sahara_dashboard_git_install_branch | replace('/', '_') }}" +sahara_dashboard_git_project_group: horizon_all + + +## Keystone service +keystone_git_repo: https://git.openstack.org/openstack/keystone +keystone_git_install_branch: 955fd6ca3758e217d9d98480852e0014dc11e988 # HEAD of "stable/ocata" as of 15.05.2017 +keystone_git_dest: "/opt/keystone_{{ keystone_git_install_branch | replace('/', '_') }}" +keystone_git_project_group: keystone_all + + +## Neutron service +neutron_git_repo: https://git.openstack.org/openstack/neutron +neutron_git_install_branch: 515a2ff4ce3239f6a077d8b07ff80544023f0631 # HEAD of "stable/ocata" as of 15.05.2017 +neutron_git_dest: "/opt/neutron_{{ neutron_git_install_branch | replace('/', '_') }}" +neutron_git_project_group: neutron_all + +neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas +neutron_lbaas_git_install_branch: 674e3604a6285655f2dc7f2949629cc4de06bbf4 # HEAD of "stable/ocata" as of 15.05.2017 +neutron_lbaas_git_dest: "/opt/neutron_lbaas_{{ neutron_lbaas_git_install_branch | replace('/', '_') }}" +neutron_lbaas_git_project_group: neutron_all + +neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas +neutron_vpnaas_git_install_branch: 4a639ac09ccfc7573452d0ac9d189d934c169d34 # HEAD of "stable/ocata" as of 15.05.2017 +neutron_vpnaas_git_dest: "/opt/neutron_vpnaas_{{ neutron_vpnaas_git_install_branch | replace('/', '_') }}" +neutron_vpnaas_git_project_group: neutron_all + +neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas +neutron_fwaas_git_install_branch: 3301972f46d877d0f68d9cf7f9246e0df897a91e # HEAD of "stable/ocata" as of 15.05.2017 +neutron_fwaas_git_dest: "/opt/neutron_fwaas_{{ neutron_fwaas_git_install_branch | replace('/', '_') }}" +neutron_fwaas_git_project_group: neutron_all + +neutron_dynamic_routing_git_repo: https://git.openstack.org/openstack/neutron-dynamic-routing +neutron_dynamic_routing_git_install_branch: da877412200e460fca34edaf56f84286557bd486 # HEAD of "stable/ocata" as of 15.05.2017 +neutron_dynamic_routing_git_dest: "/opt/neutron_dynamic_routing_{{ neutron_dynamic_routing_git_install_branch | replace('/', '_') }}" +neutron_dynamic_routing_git_project_group: neutron_all + + +## Nova service +nova_git_repo: https://git.openstack.org/openstack/nova +nova_git_install_branch: 506465a027dd1ba1c90949dc58297edae32da7e4 # HEAD of "stable/ocata" as of 15.05.2017 +nova_git_dest: "/opt/nova_{{ nova_git_install_branch | replace('/', '_') }}" +nova_git_project_group: nova_all + + +## PowerVM Virt Driver +nova_powervm_git_repo: https://git.openstack.org/openstack/nova-powervm +nova_powervm_git_install_branch: 53a5c75a0db38b606f51a53fd159b7ffab7c3a33 # HEAD of "stable/ocata" as of 15.05.2017 +nova_powervm_git_dest: "/opt/nova_powervm_{{ nova_powervm_git_install_branch | replace('/', '_') }}" +nova_powervm_git_project_group: nova_compute + + +## LXD Virt Driver +nova_lxd_git_repo: https://git.openstack.org/openstack/nova-lxd +nova_lxd_git_install_branch: ed05fa417c4a78970dd5bdcdd3e1922f3c07f0ac # HEAD of "stable/ocata" as of 15.05.2017 +nova_lxd_git_dest: "/opt/nova_lxd_{{ nova_lxd_git_install_branch | replace('/', '_') }}" +nova_lxd_git_project_group: nova_compute + + +## Sahara service +sahara_git_repo: https://git.openstack.org/openstack/sahara +sahara_git_install_branch: 5241340d3e668bcb3b0e9f09c38afdc21e6c136d # HEAD of "stable/ocata" as of 15.05.2017 +sahara_git_dest: "/opt/sahara_{{ sahara_git_install_branch | replace('/', '_') }}" +sahara_git_project_group: sahara_all + + +## Swift service +swift_git_repo: https://git.openstack.org/openstack/swift +swift_git_install_branch: 177fca2b3a6a7a6e17e20d161c23ac8a10500939 # HEAD of "stable/ocata" as of 15.05.2017 +swift_git_dest: "/opt/swift_{{ swift_git_install_branch | replace('/', '_') }}" +swift_git_project_group: swift_all + + +## Ironic service +ironic_git_repo: https://git.openstack.org/openstack/ironic +ironic_git_install_branch: ed2f6cea892ccb2a1343dd935ad279de8fd3a471 # HEAD of "stable/ocata" as of 15.05.2017 +ironic_git_dest: "/opt/ironic_{{ ironic_git_install_branch | replace('/', '_') }}" +ironic_git_project_group: ironic_all + +## Magnum service +magnum_git_repo: https://git.openstack.org/openstack/magnum +magnum_git_install_branch: 1a685113d8df479c56ad85aa001930f6b8f1e2dd # HEAD of "stable/ocata" as of 15.05.2017 +magnum_git_dest: "/opt/magnum_{{ magnum_git_install_branch | replace('/', '_') }}" +magnum_git_project_group: magnum_all + +## Trove service +trove_git_repo: https://git.openstack.org/openstack/trove +trove_git_install_branch: ca0a1128f91aa5f54b9f57fedf2f5db4b6f82e20 # HEAD of "stable/ocata" as of 15.05.2017 +trove_git_dest: "/opt/trove_{{ trove_git_install_branch | replace('/', '_') }}" +trove_git_project_group: trove_all + +## Horizon Trove dashboard plugin +trove_dashboard_git_repo: https://git.openstack.org/openstack/trove-dashboard +trove_dashboard_git_install_branch: 5fd256e58219074b55cc9474a74516105787ac03 # HEAD of "stable/ocata" as of 15.05.2017 +trove_dashboard_git_dest: "/opt/trove_dashboard_{{ trove_dashboard_git_install_branch | replace('/', '_') }}" +trove_dashboard_git_project_group: horizon_all + +## Tacker service +tacker_git_repo: https://git.openstack.org/openstack/tacker +tacker_git_install_branch: a0f1e680d81c7db66ae7a2a08c3d069901d0765a # HEAD of "ocata" as of 04.09.2017 +tacker_git_project_group: tacker_all diff --git a/compass-tasks/tacker_conf/os-tacker-install.yml b/compass-tasks/tacker_conf/os-tacker-install.yml new file mode 100644 index 0000000..dd96595 --- /dev/null +++ b/compass-tasks/tacker_conf/os-tacker-install.yml @@ -0,0 +1,63 @@ +--- +# Copyright 2017, SUSE LINUX GmbH. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install the tacker components + hosts: tacker_all + gather_facts: "{{ gather_facts | default(True) }}" + max_fail_percentage: 20 + user: root + pre_tasks: + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/rabbitmq-vhost-user.yml + static: no + vars: + user: "{{ tacker_rabbitmq_userid }}" + password: "{{ tacker_rabbitmq_password }}" + vhost: "{{ tacker_rabbitmq_vhost }}" + _rabbitmq_host_group: "{{ tacker_rabbitmq_host_group }}" + when: + - inventory_hostname == groups['tacker_all'][0] + - groups[tacker_rabbitmq_host_group] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-tacker" + dest: "/var/log/tacker" + - include: common-tasks/mysql-db-user.yml + static: no + vars: + user_name: "{{ tacker_galera_user }}" + password: "{{ tacker_container_mysql_password }}" + login_host: "{{ tacker_galera_address }}" + db_name: "{{ tacker_galera_database }}" + when: inventory_hostname == groups['tacker_all'][0] + - include: common-tasks/package-cache-proxy.yml + roles: + - role: "os_tacker" + - role: "openstack_openrc" + tags: + - openrc + - role: "rsyslog_client" + rsyslog_client_log_rotate_file: tacker_log_rotate + rsyslog_client_log_dir: "/var/log/tacker" + rsyslog_client_config_name: "99-tacker-rsyslog-client.conf" + tags: + - rsyslog + vars: + is_metal: "{{ properties.is_metal|default(false) }}" + tacker_galera_address: "{{ internal_lb_vip_address }}" + environment: "{{ deployment_environment_variables | default({}) }}" + tags: + - tacker diff --git a/compass-tasks/tacker_conf/setup-openstack.yml b/compass-tasks/tacker_conf/setup-openstack.yml new file mode 100644 index 0000000..d32eb15 --- /dev/null +++ b/compass-tasks/tacker_conf/setup-openstack.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: os-keystone-install.yml +- include: os-barbican-install.yml +- include: os-glance-install.yml +- include: os-cinder-install.yml +- include: os-nova-install.yml +- include: os-neutron-install.yml +- include: os-heat-install.yml +- include: os-horizon-install.yml +- include: os-ceilometer-install.yml +- include: os-aodh-install.yml +- include: os-designate-install.yml +#NOTE(stevelle) Ensure Gnocchi identities exist before Swift +- include: os-gnocchi-install.yml + when: + - gnocchi_storage_driver is defined + - gnocchi_storage_driver == 'swift' + vars: + gnocchi_identity_only: True +- include: os-swift-install.yml +- include: os-gnocchi-install.yml +- include: os-ironic-install.yml +- include: os-magnum-install.yml +- include: os-trove-install.yml +- include: os-sahara-install.yml +- include: os-tacker-install.yml +- include: os-tempest-install.yml + when: (tempest_install | default(False)) | bool or (tempest_run | default(False)) | bool + diff --git a/compass-tasks/tacker_conf/tacker.yml b/compass-tasks/tacker_conf/tacker.yml new file mode 100644 index 0000000..9ceabbc --- /dev/null +++ b/compass-tasks/tacker_conf/tacker.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2017, SUSE Linux GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +component_skel: + tacker_server: + belongs_to: + - tacker_all + + +container_skel: + tacker_container: + belongs_to: + - mano_containers + contains: + - tacker_server + + +physical_skel: + mano_containers: + belongs_to: + - all_containers + mano_hosts: + belongs_to: + - hosts diff --git a/compass-tasks/tacker_conf/tacker_all.yml b/compass-tasks/tacker_conf/tacker_all.yml new file mode 100644 index 0000000..95d5b83 --- /dev/null +++ b/compass-tasks/tacker_conf/tacker_all.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2017, SUSE LINUX GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +tacker_service_user_name: tacker +tacker_service_tenant_name: service + +tacker_rabbitmq_userid: tacker +tacker_rabbitmq_vhost: /tacker +tacker_rabbitmq_port: "{{ rabbitmq_port }}" +tacker_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +tacker_rabbitmq_servers: "{{ rabbitmq_servers }}" +tacker_rabbitmq_host_group: "{{ rabbitmq_host_group }}" + +tacker_service_publicuri: "{{ openstack_service_publicuri_proto|default(tacker_service_proto) }}://{{ external_lb_vip_address }}:{{ tacker_service_port }}" +tacker_service_adminurl: "{{ tacker_service_adminuri }}/" +tacker_service_region: "{{ service_region }}" +tacker_service_in_ldap: "{{ service_ldap_backend_enabled }}" + +tacker_aodh_enabled: "{{ groups['aodh_all'] is defined and groups['aodh_all'] | length > 0 }}" +tacker_gnocchi_enabled: "{{ groups['gnocchi_all'] is defined and groups['gnocchi_all'] | length > 0 }}" + +# NOTE: these and their swift_all.yml counterpart should be moved back to all.yml once swift with tacker gets proper SSL support +# swift_rabbitmq_telemetry_port: "{{ rabbitmq_port }}" +# swift_rabbitmq_telemetry_use_ssl: "{{ rabbitmq_use_ssl }}" + +# Ensure that the package state matches the global setting +tacker_package_state: "{{ package_state }}" + +# venv fetch configuration +tacker_venv_tag: "{{ venv_tag }}" +tacker_venv_download_url: "{{ venv_base_download_url }}/tacker-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz" + +# locations for fetching the default files from the git source +tacker_git_config_lookup_location: "{{ openstack_repo_url }}/openstackgit/tacker" diff --git a/compass-tasks/tacker_conf/user_secrets.yml b/compass-tasks/tacker_conf/user_secrets.yml new file mode 100644 index 0000000..b5a5796 --- /dev/null +++ b/compass-tasks/tacker_conf/user_secrets.yml @@ -0,0 +1,155 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +############################# WARNING ######################################## +# The playbooks do not currently manage changing passwords in an existing +# environment. Changing passwords and re-running the playbooks will fail +# and may break your OpenStack environment. +############################# WARNING ######################################## + + +## Rabbitmq Options +rabbitmq_cookie_token: +rabbitmq_monitoring_password: + +## Tokens +memcached_encryption_key: + +## Galera Options +galera_root_password: + +## Keystone Options +keystone_container_mysql_password: +keystone_auth_admin_password: +keystone_service_password: +keystone_rabbitmq_password: + +## Ceilometer Options: +ceilometer_container_db_password: +ceilometer_service_password: +ceilometer_telemetry_secret: +ceilometer_rabbitmq_password: + +## Aodh Options: +aodh_container_db_password: +aodh_service_password: +aodh_rabbitmq_password: + +## Cinder Options +cinder_container_mysql_password: +cinder_service_password: +cinder_profiler_hmac_key: +cinder_rabbitmq_password: + +## Ceph/rbd: a UUID to be used by libvirt to refer to the client.cinder user +cinder_ceph_client_uuid: + +## Glance Options +glance_container_mysql_password: +glance_service_password: +glance_profiler_hmac_key: +glance_rabbitmq_password: + +## Gnocchi Options: +gnocchi_container_mysql_password: +gnocchi_service_password: + +## Heat Options +heat_stack_domain_admin_password: +heat_container_mysql_password: +### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## +heat_auth_encryption_key: +### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ## +heat_service_password: +heat_rabbitmq_password: + +## Ironic options +ironic_rabbitmq_password: +ironic_container_mysql_password: +ironic_service_password: +ironic_swift_temp_url_secret_key: + +## Horizon Options +horizon_container_mysql_password: +horizon_secret_key: + +## Neutron Options +neutron_container_mysql_password: +neutron_service_password: +neutron_rabbitmq_password: +neutron_ha_vrrp_auth_password: + +## Nova Options +nova_container_mysql_password: +nova_api_container_mysql_password: +nova_metadata_proxy_secret: +nova_service_password: +nova_rabbitmq_password: +nova_placement_service_password: +nova_placement_container_mysql_password: + +# LXD Options for nova compute +lxd_trust_password: + +## Sahara Options +sahara_container_mysql_password: +sahara_rabbitmq_password: +sahara_service_password: + +## Swift Options: +swift_service_password: +swift_dispersion_password: +### Once the swift cluster has been setup DO NOT change these hash values! +swift_hash_path_suffix: +swift_hash_path_prefix: +# Swift needs a telemetry password when using ceilometer +swift_rabbitmq_telemetry_password: + +## haproxy stats password +haproxy_stats_password: +haproxy_keepalived_authentication_password: + +## Magnum Options +magnum_service_password: +magnum_galera_password: +magnum_rabbitmq_password: +magnum_trustee_password: + +## Rally Options: +rally_galera_password: + +## Trove Options +trove_galera_password: +trove_rabbitmq_password: +trove_service_password: +trove_admin_user_password: +trove_regular_user_password: +trove_taskmanager_rpc_encr_key: +trove_inst_rpc_key_encr_key: + +## Barbican Options +barbican_galera_password: +barbican_rabbitmq_password: +barbican_service_password: + +## Designate Options +designate_galera_password: +designate_rabbitmq_password: +designate_service_password: + +# Tacker options +tacker_rabbitmq_password: +tacker_service_password: +tacker_container_mysql_password: |