diff options
| author |   QiLiang <liangqi1@huawei.com> | 2016-10-27 06:17:50 +0800 |
|---|---|---|
| committer | QiLiang <liangqi1@huawei.com> | 2016-10-27 06:18:46 +0800 |
| commit | 5ac0350135d59f143b91115170b5690631e3f448 (patch) | |
| tree | b272d882be516836a45cb8b31f7da5d8372e080e | |
| parent | dde596264dadaa3e530adc4e30f9205edfaff3ba (diff) | |
add osp9 roles
Change-Id: Ie0085f718c2c737ae32c8abf97fd8c0408360acb
Signed-off-by: QiLiang <liangqi1@huawei.com>
87 files changed, 4476 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/openstack_osp9/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack_osp9/HA-ansible-multinodes.yml new file mode 100755 index 00000000..c91bc90a --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/HA-ansible-multinodes.yml @@ -0,0 +1,265 @@ +--- +- hosts: all + remote_user: root + pre_tasks: + - name: make sure ssh dir exist + file: + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + state: directory + mode: 0755 + with_items: + - path: /root/.ssh + owner: root + group: root + + - name: write ssh config + copy: + content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" + dest: '{{ item.dest }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: 0600 + with_items: + - dest: /root/.ssh/config + owner: root + group: root + + - name: generate ssh keys + shell: if [ ! -f ~/.ssh/id_rsa.pub ]; then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; else echo "already gen ssh key!"; fi; + + - name: fetch ssh keys + fetch: src=/root/.ssh/id_rsa.pub dest=/tmp/ssh-keys-{{ ansible_hostname }} flat=yes + + - authorized_key: + user: root + key: "{{ lookup('file', 'item') }}" + with_fileglob: + - /tmp/ssh-keys-* + max_fail_percentage: 0 + roles: + - common + +- hosts: all + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - setup-network + +- hosts: ha + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - ha + +- hosts: controller + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - memcached + - apache + - database + - mq + - keystone + - nova-controller + - neutron-controller + - cinder-controller + - glance + - neutron-common + - neutron-network + - ceilometer_controller +# - ext-network + - dashboard + - heat + - aodh + +- hosts: all + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - storage + +- hosts: compute + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - nova-compute + - neutron-compute + - cinder-volume + - ceilometer_compute + +- hosts: all + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - secgroup + +- hosts: ceph_adm + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: [] + # - ceph-deploy + +- hosts: ceph + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - ceph-purge + - ceph-config + +- hosts: ceph_mon + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - ceph-mon + +- hosts: ceph_osd + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - ceph-osd + +- hosts: ceph + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - ceph-openstack + +- hosts: all + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - monitor + + +- hosts: all + remote_user: root + #accelerate: true + max_fail_percentage: 0 + tasks: + - name: set bash to nova + user: + name: nova + shell: /bin/bash + + - name: make sure ssh dir exist + file: + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + state: directory + mode: 0755 + with_items: + - path: /var/lib/nova/.ssh + owner: nova + group: nova + + - name: copy ssh keys for nova + shell: cp -rf /root/.ssh/id_rsa /var/lib/nova/.ssh; + + - name: write ssh config + copy: + content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" + dest: '{{ item.dest }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: 0600 + with_items: + - dest: /var/lib/nova/.ssh/config + owner: nova + group: nova + + - authorized_key: + user: nova + key: "{{ lookup('file', 'item') }}" + with_fileglob: + - /tmp/ssh-keys-* + + - name: chown ssh file + shell: chown -R nova:nova /var/lib/nova/.ssh; + + +- hosts: all + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - odl_cluster + +- hosts: all + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - onos_cluster + +- hosts: all + remote_user: root + sudo: True + max_fail_percentage: 0 + roles: + - open-contrail + +- hosts: all + remote_user: root + #accelerate: true + serial: 1 + max_fail_percentage: 0 + roles: + - odl_cluster_neutron + +- hosts: all + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - odl_cluster_post + +- hosts: controller + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - ext-network + +- hosts: controller + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - tacker + +- hosts: controller + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - boot-recovery + +- hosts: controller + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - controller-recovery + +- hosts: compute + remote_user: root + #accelerate: true + max_fail_percentage: 0 + roles: + - compute-recovery + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/handlers/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/handlers/main.yml new file mode 100755 index 00000000..b3399e0c --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/handlers/main.yml @@ -0,0 +1,13 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: restart aodh services + service: name={{ item }} state=restarted enabled=yes + with_items: services | union(services_noarch) + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_config.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_config.yml new file mode 100755 index 00000000..e60d5338 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_config.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: aodh db sync + shell: su -s /bin/sh -c "aodh-dbsync" aodh + notify: + - restart aodh services + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_install.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_install.yml new file mode 100755 index 00000000..eb51fbea --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/aodh_install.yml @@ -0,0 +1,31 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: install aodh packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: update aodh conf + template: src={{ item }} dest=/etc/aodh/aodh.conf + backup=yes + with_items: + - aodh.conf.j2 +# - api_paste.ini.j2 +# - policy.json.j2 + notify: + - restart aodh services + +- name: write services to monitor list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: services | union(services_noarch) + +- name: remove default sqlite db + shell: rm /var/lib/aodh/aodh.sqlite || touch aodh.sqllite.db.removed diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/main.yml new file mode 100755 index 00000000..9b61915f --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/tasks/main.yml @@ -0,0 +1,23 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include: aodh_install.yml + tags: + - install + - aodh_install + - aodh + +- include: aodh_config.yml + when: inventory_hostname == groups['controller'][0] + tags: + - config + - aodh_config + - aodh + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/aodh.conf.j2 b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/aodh.conf.j2 new file mode 100755 index 00000000..d4d232be --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/aodh.conf.j2 @@ -0,0 +1,46 @@ +{% set memcached_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} + +[DEFAULT] +bind_host = {{ internal_ip }} +bind_port = 8042 +rpc_backend = rabbit +auth_strategy = keystone +debug = True + +[oslo_messaging_rabbit] +rabbit_hosts = {{ internal_vip.ip }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +#rabbit_use_ssl = false + +[database] +connection = mysql://aodh:{{ AODH_DBPASS }}@{{ db_host }}/aodh + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +identity_uri = http://{{ internal_vip.ip }}:35357 +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = aodh +password = {{ AODH_PASS }} +memcached_servers = {{ memcached_servers }} +token_cache_time = 300 +revocation_cache_time = 60 + +[service_credentials] +os_auth_url = http://{{ internal_vip.ip }}:5000/v2.0 +os_username = aodh +os_tenant_name = service +os_password = {{ AODH_PASS }} +os_endpoint_type = internalURL +os_region_name = RegionOne + +[api] +host = {{ internal_ip }} diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/api_paste.ini.j2 b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/api_paste.ini.j2 new file mode 100755 index 00000000..151789c4 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/api_paste.ini.j2 @@ -0,0 +1,22 @@ +# aodh API WSGI Pipeline +# Define the filters that make up the pipeline for processing WSGI requests +# Note: This pipeline is PasteDeploy's term rather than aodh's pipeline +# used for processing samples + +# Remove authtoken from the pipeline if you don't want to use keystone authentication +[pipeline:main] +pipeline = cors request_id authtoken api-server + +[app:api-server] +paste.app_factory = aodh.api.app:app_factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +oslo_config_project = aodh + +[filter:request_id] +paste.filter_factory = oslo_middleware:RequestId.factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = aodh diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/policy.json.j2 b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/policy.json.j2 new file mode 100755 index 00000000..4fd873e9 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/templates/policy.json.j2 @@ -0,0 +1,20 @@ +{ + "context_is_admin": "role:admin", + "segregation": "rule:context_is_admin", + "admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "telemetry:get_alarm": "rule:admin_or_owner", + "telemetry:get_alarms": "rule:admin_or_owner", + "telemetry:query_alarm": "rule:admin_or_owner", + + "telemetry:create_alarm": "", + "telemetry:change_alarm": "rule:admin_or_owner", + "telemetry:delete_alarm": "rule:admin_or_owner", + + "telemetry:get_alarm_state": "rule:admin_or_owner", + "telemetry:change_alarm_state": "rule:admin_or_owner", + + "telemetry:alarm_history": "rule:admin_or_owner", + "telemetry:query_alarm_history": "rule:admin_or_owner" +} diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/Debian.yml new file mode 100755 index 00000000..bdf4655e --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/Debian.yml @@ -0,0 +1,22 @@ +############################################################################# +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################# +--- +packages: + - aodh-api + - aodh-evaluator + - aodh-notifier + - aodh-listener + - aodh-expirer + - python-ceilometerclient + +services: + - aodh-api + - aodh-notifier + - aodh-evaluator + - aodh-listener diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/RedHat.yml new file mode 100755 index 00000000..a0381c6b --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/RedHat.yml @@ -0,0 +1,22 @@ +############################################################################# +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################# +--- +packages: + - openstack-aodh-api + - openstack-aodh-evaluator + - openstack-aodh-notifier + - openstack-aodh-listener + - openstack-aodh-expirer + - python-ceilometerclient + +services: + - openstack-aodh-api + - openstack-aodh-notifier + - openstack-aodh-evaluator + - openstack-aodh-listener diff --git a/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/main.yml new file mode 100755 index 00000000..b17f6ed0 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/aodh/vars/main.yml @@ -0,0 +1,12 @@ +############################################################################## +## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +## +## All rights reserved. This program and the accompanying materials +## are made available under the terms of the Apache License, Version 2.0 +## which accompanies this distribution, and is available at +## http://www.apache.org/licenses/LICENSE-2.0 +############################################################################### +--- +packages_noarch: [] + +services_noarch: [] diff --git a/deploy/adapters/ansible/openstack_osp9/roles/apache/files/index.html b/deploy/adapters/ansible/openstack_osp9/roles/apache/files/index.html new file mode 100755 index 00000000..f083c4f1 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/apache/files/index.html @@ -0,0 +1,10 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<html> + <head> + <title>Index</title> + </head> + <body> + <a href="/horizon">Openstack Dashboard</a> + </body> +</html> + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/apache/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/apache/tasks/main.yml new file mode 100755 index 00000000..44407bef --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/apache/tasks/main.yml @@ -0,0 +1,38 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: install packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes" + with_items: packages | union(packages_noarch) + +- name: assure listen port exist + template: + dest: '{{ apache_config_dir }}/ports.conf' + src: ports.conf.j2 + notify: + - restart apache related services + +- name: remove default listen port on centos + lineinfile: + dest: /etc/httpd/conf/httpd.conf + state: absent + regexp: 'Listen 80' + when: ansible_os_family == 'RedHat' + +- name: copy index.html file + copy: src=index.html dest=/var/www/html/index.html mode=0644 + when: ansible_os_family == 'RedHat' + +- name: copy index.html file + copy: src=index.html dest=/var/www/index.html mode=0644 + when: ansible_os_family == 'Debian' + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/Debian.yml new file mode 100755 index 00000000..b749ffaa --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/Debian.yml @@ -0,0 +1,37 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +ceilometer_packages: + - ceilometer-api + - ceilometer-collector + - ceilometer-agent-central + - ceilometer-agent-notification +# - ceilometer-alarm-evaluator +# - ceilometer-alarm-notifier + - python-ceilometerclient + +ceilometer_services: + - ceilometer-agent-central + - ceilometer-agent-notification + - ceilometer-api + - ceilometer-collector +# - ceilometer-alarm-evaluator +# - ceilometer-alarm-notifier + +ceilometer_configs_templates: + - src: ceilometer.j2 + dest: + - /etc/ceilometer/ceilometer.conf + - src: cinder.j2 + dest: + - /etc/cinder/cinder.conf + - src: glance.j2 + dest: + - /etc/glance/glance-api.conf + - /etc/glance/glance-registry.conf diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/RedHat.yml new file mode 100755 index 00000000..6c5f53ec --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ceilometer_controller/vars/RedHat.yml @@ -0,0 +1,36 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +ceilometer_packages: + - openstack-ceilometer-api + - openstack-ceilometer-collector + - openstack-ceilometer-central + - openstack-ceilometer-notification +# - openstack-ceilometer-alarm + - python-ceilometerclient + +ceilometer_services: + - openstack-ceilometer-central + - openstack-ceilometer-notification + - openstack-ceilometer-api + - openstack-ceilometer-collector +# - openstack-ceilometer-alarm-evaluator +# - openstack-ceilometer-alarm-notifier + +ceilometer_configs_templates: + - src: ceilometer.j2 + dest: + - /etc/ceilometer/ceilometer.conf + - src: cinder.j2 + dest: + - /etc/cinder/cinder.conf + - src: glance.j2 + dest: + - /etc/glance/glance-api.conf + - /etc/glance/glance-registry.conf diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-mon/tasks/install_mon.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-mon/tasks/install_mon.yml new file mode 100755 index 00000000..0ad666a6 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-mon/tasks/install_mon.yml @@ -0,0 +1,36 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +- include_vars: "{{ ansible_os_family }}.yml" + +- name: Create a default data directory + file: path="/var/lib/ceph/mon/ceph-{{ inventory_hostname }}" state="directory" + +- name: Populate the monitor daemon + shell: "ceph-mon --mkfs -i {{ inventory_hostname }} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring" + +- name: Change ceph/mon dir owner to ceph + shell: "chown -R ceph:ceph /var/lib/ceph/mon" + when: ansible_os_family == "Debian" + +- name: Touch the done and auto start file + file: path="/var/lib/ceph/mon/ceph-{{ inventory_hostname }}/{{ item }}" state="touch" + with_items: + - "done" + - "{{ ceph_start_type }}" + +- name: start mon daemon + shell: "{{ ceph_start_script }}" + +- name: wait for creating osd keyring + wait_for: path=/var/lib/ceph/bootstrap-osd/ceph.keyring + +- name: fetch osd keyring + fetch: src="/var/lib/ceph/bootstrap-osd/ceph.keyring" dest="/tmp/ceph.osd.keyring" flat=yes + run_once: True diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/ceph_openstack_post.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/ceph_openstack_post.yml new file mode 100755 index 00000000..2097ca57 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/ceph_openstack_post.yml @@ -0,0 +1,19 @@ +############################################################################## +## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +## +## All rights reserved. This program and the accompanying materials +## are made available under the terms of the Apache License, Version 2.0 +## which accompanies this distribution, and is available at +## http://www.apache.org/licenses/LICENSE-2.0 +############################################################################### +--- +- name: get mount info + command: mount + register: mount_info + +- name: try unmount image nfs directory + shell: | + umount /var/lib/glance/images + sed -i '/\/var\/lib\/glance\/images/d' /etc/fstab + when: mount_info.stdout.find('images') != -1 + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/main.yml new file mode 100755 index 00000000..06c3acb6 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-openstack/tasks/main.yml @@ -0,0 +1,33 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- include_vars: "{{ ansible_os_family }}.yml" + tags: + - ceph_deploy + - ceph_openstack_pre + - ceph_openstack_conf + - ceph_openstack_post + - ceph_openstack + +- include: ceph_openstack_pre.yml + tags: + - ceph_deploy + - ceph_openstack_pre + - ceph_openstack + +- include: ceph_openstack_conf.yml + tags: + - ceph_deploy + - ceph_openstack_conf + - ceph_openstack + +- include: ceph_openstack_post.yml + tags: + - ceph_deploy + - ceph_openstack_post + - ceph_openstack diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml new file mode 100755 index 00000000..0e476085 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml @@ -0,0 +1,37 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: create osd lv and mount it on /var/local/osd + script: create_osd.sh + +- name: copy osd keyring + copy: src="/tmp/ceph.osd.keyring" dest="/var/lib/ceph/bootstrap-osd/ceph.keyring" + +- name: prepare osd disk + shell: ceph-disk prepare --fs-type xfs /var/local/osd + +- name: change local/osd dir owner to ceph + shell: chown ceph:ceph /var/local/osd + when: ansible_os_family == "Debian" + +- name: activate osd node + shell: ceph-disk activate /var/local/osd + +- name: enable ceph service + service: name=ceph enabled=yes + +- name: rebuild osd after reboot + lineinfile: dest=/etc/init/ceph-osd-all-starter.conf insertafter="^task" line="pre-start script\n set -e\n /opt/setup_storage/losetup.sh\n sleep 3\n mount /dev/storage-volumes/ceph0 /var/local/osd\nend script" + when: ansible_os_family == "Debian" + +- name: rebuild osd after reboot for centos + lineinfile: dest=/etc/init.d/ceph insertafter="^### END INIT INFO" line="\nsleep 1\nmount /dev/storage-volumes/ceph0 /var/local/osd" + when: ansible_os_family == "RedHat" + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-purge/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-purge/tasks/main.yml new file mode 100755 index 00000000..02013762 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-purge/tasks/main.yml @@ -0,0 +1,37 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- name: clear tmp files + local_action: shell rm -rf /tmp/ceph* + tags: + - ceph_purge + - ceph_deploy + +- name: install ceph-related packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: + - ceph-deploy + tags: + - ceph_purge + - ceph_deploy + when: ansible_os_family == "Debian" + +- name: purge ceph + shell: "ceph-deploy purge {{ inventory_hostname }}; ceph-deploy purgedata {{ inventory_hostname }}; ceph-deploy forgetkeys" + tags: + - ceph_purge + - ceph_deploy + when: ansible_os_family == "Debian" + +- name: remove monmap + file: path="/tmp/monmap" state="absent" + tags: + - ceph_purge + - ceph_deploy + + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/RedHat.yml new file mode 100755 index 00000000..b9f01255 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/RedHat.yml @@ -0,0 +1,3 @@ +--- +- name: add yum repository for openstack + template: src=openstack_ppa_repo.repo.j2 dest=/etc/yum.repos.d/openstack_ppa_repo.repo diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/main.yml new file mode 100755 index 00000000..0f4cf334 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/common/tasks/main.yml @@ -0,0 +1,96 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: speed up ansible by purging landscape-common + apt: pkg=landscape-common state=absent purge=yes + when: ansible_os_family == "Debian" + +- name: update hosts files to all hosts + template: src=hosts dest=/etc/hosts backup=yes + +- name: get compass-core hostname + local_action: shell hostname + register: name + +- name: get compass-core addr + shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf + register: COMPASS_SERVER + +- name: run redhat specific play if os is redhat + include: RedHat.yml + when: ansible_distribution == "RedHat" + +- name: update compass-core name and ip to hosts files + shell: | + echo "# compass" >> /etc/hosts + echo {{ COMPASS_SERVER.stdout_lines[0] }} {{ name.stdout_lines[0] }} >> /etc/hosts + +- name: install python-crypto + yum: name=python-crypto state=present + register: python_crypto_result + ignore_errors: yes + when: ansible_os_family == "RedHat" + +- name: remove python crypt egg file to work-around https://bugs.centos.org/view.php?id=9896&nbn=2 + shell: rm -rf /usr/lib64/python2.7/site-packages/pycrypto-2.6.1-py2.7.egg-info + when: ansible_os_family == "RedHat" and python_crypto_result.msg == "Error unpacking rpm package python2-crypto-2.6.1-9.el7.x86_64\n" + +- name: install packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes" + with_items: packages | union(packages_noarch) + +- name: make config template dir exist + file: path=/opt/os_templates state=directory mode=0755 + +- name: create pip config directory + file: path=~/.pip state=directory + +- name: update pip.conf + template: src=pip.conf dest=~/.pip/{{ pip_conf }} + +- name: install pip packages + pip: name={{ item }} state=present extra_args='--pre' + with_items: pip_packages + +- name: install keyczar for accelerate + pip: name=python-keyczar state=present extra_args='--pre' + delegate_to: 127.0.0.1 + run_once: true + +- name: update ntp conf + template: src=ntp.conf dest=/etc/ntp.conf backup=yes + +- name: use ntpdate once for initial sync time + shell: ntpdate {{ ntp_server }} + ignore_errors: True + +- name: sync sys clock to hard clock + shell: hwclock --systohc + ignore_errors: True + +- name: create fireball keys dir + file: path=~/.fireball.keys state=directory mode=0700 + delegate_to: 127.0.0.1 + run_once: true + +- name: restart services + service: name={{ item }} state=restarted enabled=yes + with_items: services| union(services_noarch) + +- name: write services to monitor list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: services| union(services_noarch) + +- name: kill daemon for accelerate + shell: lsof -ni :5099|grep LISTEN|awk '{print $2}'|xargs kill -9 + ignore_errors: true + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/templates/hosts b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/hosts new file mode 100755 index 00000000..6f76de51 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/hosts @@ -0,0 +1,7 @@ + +# localhost +127.0.0.1 localhost +# controller +172.16.1.1 host1 +# compute +172.16.1.1 host1 diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/templates/ntp.conf b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/ntp.conf new file mode 100755 index 00000000..2d560be2 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/ntp.conf @@ -0,0 +1,54 @@ +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + + +# Enable this if you want statistics to be logged. +#statsdir /var/log/ntpstats/ + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +# Specify one or more NTP servers. + +# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board +# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for +# more information. +server {{ ntp_server }} +server {{ internal_vip.ip }} + +# Use local server as a fallback. +server 127.127.1.0 # local clock +fudge 127.127.1.0 stratum 10 + +# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for +# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify +restrict -6 default kod notrap nomodify + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, de-comment the +# next lines. Please do this only if you trust everybody on the network! +#disable auth +#broadcastclient diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/templates/openstack_ppa_repo.repo.j2 b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/openstack_ppa_repo.repo.j2 new file mode 100644 index 00000000..148f3e14 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/openstack_ppa_repo.repo.j2 @@ -0,0 +1,7 @@ +[openstack_ppa_repo] +name=rhel - openstack_repo +proxy=_none_ +baseurl=http://{{ COMPASS_SERVER.stdout_lines[0] }}/cblr/repo_mirror/redhat7-osp9-ppa +enabled=1 +gpgcheck=0 +skip_if_unavailable=1 diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/templates/pip.conf b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/pip.conf new file mode 100755 index 00000000..7bb3e43e --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/common/templates/pip.conf @@ -0,0 +1,5 @@ +[global] +find-links = http://{{ COMPASS_SERVER.stdout_lines[0] }}/pip +no-index = true +[install] +trusted-host={{ COMPASS_SERVER.stdout_lines[0] }} diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/Debian.yml new file mode 100755 index 00000000..1d7972eb --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/Debian.yml @@ -0,0 +1,30 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages: + - ubuntu-cloud-keyring + - python-dev + - openvswitch-datapath-dkms + - openvswitch-switch + - python-memcache + - python-iniparse + - python-lxml + #- python-d* #TODO, need remove + +pip_packages: + - crudini + - python-keyczar + - yang2tosca + +pip_conf: pip.conf + +services: + - ntp + + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/RedHat.yml new file mode 100755 index 00000000..8143e1cb --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/RedHat.yml @@ -0,0 +1,26 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages: + - openvswitch + - python-devel + - python-memcached + - gcc + - redhat-lsb-core + - python-crypto + +pip_packages: + - crudini + - python-keyczar + +pip_conf: pip.conf + +services: + - openvswitch + - ntpd diff --git a/deploy/adapters/ansible/openstack_osp9/roles/common/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/main.yml new file mode 100755 index 00000000..713b6b5f --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/common/vars/main.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages_noarch: + - python-pip + - ntp + +services_noarch: [] diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/handlers/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/handlers/main.yml new file mode 100755 index 00000000..62e0b8e5 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/handlers/main.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: restart dashboard services + service: name={{ item }} state=restarted enabled=yes + with_items: services | union(services_noarch) diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/tasks/main.yml new file mode 100755 index 00000000..a6b813a7 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/tasks/main.yml @@ -0,0 +1,121 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install dashboard packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: remove ubuntu theme + action: "{{ ansible_pkg_mgr }} name=openstack-dashboard-ubuntu-theme state=absent" + when: ansible_os_family == 'Debian' and not enable_ubuntu_theme + notify: + - restart dashboard services + +- name: remove default apache2 config + file: + path: '{{ item }}' + state: absent + when: ansible_os_family == 'Debian' + with_items: + - '{{ apache_config_dir }}/conf-available/openstack-dashboard.conf' + - '{{ apache_config_dir }}/conf-enabled/openstack-dashboard.conf' + - '{{ apache_config_dir }}/sites-available/000-default.conf' + - '{{ apache_config_dir }}/sites-enabled/000-default.conf' + notify: + - restart dashboard services + +- name: update apache2 configs + template: + src: openstack-dashboard.conf.j2 + dest: '{{ apache_config_dir }}/sites-available/openstack-dashboard.conf' + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: update apache2 configs redhat + template: + src: openstack-dashboard-redhat.conf.j2 + dest: '{{ apache_config_dir }}/conf.d/openstack-dashboard.conf' + when: ansible_os_family == 'RedHat' + notify: + - restart dashboard services + +- name: enable dashboard + file: + src: "/etc/apache2/sites-available/openstack-dashboard.conf" + dest: "/etc/apache2/sites-enabled/openstack-dashboard.conf" + state: "link" + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: update ubuntu horizon settings + lineinfile: + dest: /etc/openstack-dashboard/local_settings.py + regexp: '{{ item.regexp }}' + line: '{{ item.line }}' + with_items: + - regexp: '^WEBROOT[ \t]*=.*' + line: 'WEBROOT = "/horizon"' + - regexp: '^COMPRESS_OFFLINE[ \t]*=.*' + line: 'COMPRESS_OFFLINE=True' + - regexp: '^ALLOWED_HOSTS[ \t]*=.*' + line: 'ALLOWED_HOSTS = ["*"]' + - regexp: '^OPENSTACK_HOST[ \t]*=.*' + line: 'OPENSTACK_HOST = "{{ internal_ip }}"' + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: precompile horizon css + shell: /usr/bin/python /usr/share/openstack-dashboard/manage.py compress --force + ignore_errors: True + when: ansible_os_family == 'Debian' + notify: + - restart dashboard services + +- name: update redhat version horizon settings + lineinfile: + dest: /etc/openstack-dashboard/local_settings + regexp: '{{ item.regexp }}' + line: '{{ item.line }}' + with_items: + - regexp: '^WEBROOT[ \t]*=.*' + line: 'WEBROOT = "/horizon"' + - regexp: '^COMPRESS_OFFLINE[ \t]*=.*' + line: 'COMPRESS_OFFLINE=False' + - regexp: '^ALLOWED_HOSTS[ \t]*=.*' + line: 'ALLOWED_HOSTS = ["*"]' + - regexp: '^OPENSTACK_HOST[ \t]*=.*' + line: 'OPENSTACK_HOST = "{{ internal_ip }}"' + when: ansible_os_family == 'RedHat' + notify: + - restart dashboard services + +- name: temperarily workaround for logo image issue + shell: sed -i "s/src=\"\/dashboard/src=\"\/horizon/g" /usr/share/openstack-dashboard/openstack_dashboard/themes/rcue/templates/horizon/common/_sidebar.html + when: ansible_distribution == 'RedHat' + notify: + - restart dashboard services +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard-redhat.conf.j2 b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard-redhat.conf.j2 new file mode 100755 index 00000000..d4d1f297 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard-redhat.conf.j2 @@ -0,0 +1,21 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} + +WSGIDaemonProcess horizon processes={{ work_threads }} threads={{ work_threads }} +WSGIProcessGroup horizon +WSGISocketPrefix run/wsgi + +WSGIScriptAlias /horizon {{ horizon_dir }}/openstack_dashboard/wsgi/django.wsgi +Alias /horizon/static {{ horizon_dir }}/static + +<Directory {{ horizon_dir }}/openstack_dashboard/wsgi> + Options All + AllowOverride All + Require all granted +</Directory> + +<Directory {{ horizon_dir }}/static> + Options All + AllowOverride All + Require all granted +</Directory> + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf new file mode 100755 index 00000000..a5a791a3 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf @@ -0,0 +1,14 @@ +<VirtualHost *:80> + +WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi +WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 +Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ + +<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> +Order allow,deny +Allow from all +</Directory> + + +</VirtualHost> + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf.j2 new file mode 100755 index 00000000..403fcc22 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/openstack-dashboard.conf.j2 @@ -0,0 +1,15 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} + +<VirtualHost {{ internal_ip }}:80> + WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi + WSGIDaemonProcess horizon user=horizon group=horizon processes={{ work_threads }} threads={{ work_threads }} + WSGIProcessGroup horizon + Alias /static {{ horizon_dir }}/static/ + Alias /horizon/static {{ horizon_dir }}/static/ + <Directory {{ horizon_dir }}/wsgi> + Order allow,deny + Allow from all + </Directory> +</VirtualHost> + + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/ports.j2 b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/ports.j2 new file mode 100755 index 00000000..0bfa0428 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/templates/ports.j2 @@ -0,0 +1,15 @@ +# if you just change the port or add more ports here, you will likely also +# have to change the VirtualHost statement in +# /etc/apache2/sites-enabled/000-default.conf + +Listen {{ internal_ip }}:80 + +<IfModule ssl_module> + Listen 443 +</IfModule> + +<IfModule mod_gnutls.c> + Listen 443 +</IfModule> + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/Debian.yml new file mode 100755 index 00000000..aaeb8cdb --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/Debian.yml @@ -0,0 +1,17 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages: [] + +services: + - memcached + - apache2 + +apache_config_dir: /etc/apache2 +horizon_dir: /usr/share/openstack-dashboard/openstack_dashboard diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/RedHat.yml new file mode 100755 index 00000000..651cbee3 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/RedHat.yml @@ -0,0 +1,19 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages: + - mod_wsgi + - httpd + +services: + - httpd + +http_config_file: "/etc/httpd/conf/httpd.conf" +apache_config_dir: /etc/httpd +horizon_dir: /usr/share/openstack-dashboard diff --git a/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/main.yml new file mode 100755 index 00000000..2c940ede --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/dashboard/vars/main.yml @@ -0,0 +1,13 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages_noarch: + - openstack-dashboard + +services_noarch: [] diff --git a/deploy/adapters/ansible/openstack_osp9/roles/database/templates/data.j2 b/deploy/adapters/ansible/openstack_osp9/roles/database/templates/data.j2 new file mode 100755 index 00000000..66c2fead --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/database/templates/data.j2 @@ -0,0 +1,51 @@ +#!/bin/sh +mysql -uroot -Dmysql <<EOF +drop database if exists keystone; +drop database if exists glance; +drop database if exists neutron; +drop database if exists nova; +drop database if exists cinder; +drop database if exists heat; +drop database if exists aodh; + +CREATE DATABASE keystone; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON keystone.* TO 'keystone'@'{{ host }}' IDENTIFIED BY '{{ KEYSTONE_DBPASS }}'; +{% endfor %} + +CREATE DATABASE glance; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON glance.* TO 'glance'@'{{ host }}' IDENTIFIED BY '{{ GLANCE_DBPASS }}'; +{% endfor %} + +CREATE DATABASE neutron; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON neutron.* TO 'neutron'@'{{ host }}' IDENTIFIED BY '{{ NEUTRON_DBPASS }}'; +{% endfor %} + +CREATE DATABASE nova; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON nova.* TO 'nova'@'{{ host }}' IDENTIFIED BY '{{ NOVA_DBPASS }}'; +{% endfor %} + +CREATE DATABASE cinder; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON cinder.* TO 'cinder'@'{{ host }}' IDENTIFIED BY '{{ CINDER_DBPASS }}'; +{% endfor %} + +CREATE DATABASE heat; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON heat.* TO 'heat'@'{{ host }}' IDENTIFIED BY '{{ HEAT_DBPASS }}'; +{% endfor %} + +CREATE DATABASE aodh; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON aodh.* TO 'aodh'@'{{ host }}' IDENTIFIED BY '{{ AODH_DBPASS }}'; +{% endfor %} + +{% if WSREP_SST_USER is defined %} +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON *.* TO '{{ WSREP_SST_USER }}'@'{{ host }}' IDENTIFIED BY '{{ WSREP_SST_PASS }}'; +{% endfor %} +{% endif %} +EOF diff --git a/deploy/adapters/ansible/openstack_osp9/roles/database/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/database/vars/main.yml new file mode 100755 index 00000000..a32897f0 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/database/vars/main.yml @@ -0,0 +1,39 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages_noarch: [] + +services_noarch: + - mysql + +credentials: + - user: keystone + db: keystone + password: "{{ KEYSTONE_DBPASS }}" + - user: neutron + db: neutron + password: "{{ NEUTRON_DBPASS }}" + - user: glance + db: glance + password: "{{ GLANCE_DBPASS }}" + - user: nova + db: nova_api + password: "{{ NOVA_DBPASS }}" + - user: nova + db: nova + password: "{{ NOVA_DBPASS }}" + - user: cinder + db: cinder + password: "{{ CINDER_DBPASS }}" + - user: heat + db: heat + password: "{{ HEAT_DBPASS }}" + - user: aodh + db: aodh + password: "{{ AODH_DBPASS }}" diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/handlers/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/handlers/main.yml new file mode 100755 index 00000000..36e39072 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/handlers/main.yml @@ -0,0 +1,29 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: restart neutron-plugin-openvswitch-agent + service: name=neutron-openvswitch-agent state=restarted enabled=yes + when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: restart neutron-l3-agent + service: name=neutron-l3-agent state=restarted enabled=yes + +- name: kill dnsmasq + command: killall dnsmasq + ignore_errors: True + +- name: restart neutron-dhcp-agent + service: name=neutron-dhcp-agent state=restarted enabled=yes + +- name: restart neutron-metadata-agent + service: name=neutron-metadata-agent state=restarted enabled=yes + +- name: restart xorp + service: name=xorp state=restarted enabled=yes sleep=10 + ignore_errors: True diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/tasks/main.yml new file mode 100755 index 00000000..b52b9178 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/tasks/main.yml @@ -0,0 +1,56 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +# FIXME: temporary workaround for openstack api access random failure +- name: restart api server + service: name={{ item }} state=restarted enabled=yes + with_items: api_services | union(api_services_noarch) + +- name: restart neutron server + service: name=neutron-server state=restarted enabled=yes + +- name: wait for neutron time + shell: "sleep 10" + +- name: create external net + neutron_network: + login_username: ADMIN + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: admin + auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" + name: "{{ public_net_info.network }}" + provider_network_type: "{{ public_net_info.type }}" + provider_physical_network: "{{ public_net_info.provider_network }}" + provider_segmentation_id: "{{ public_net_info.segment_id}}" + shared: false + router_external: yes + state: present + run_once: true + when: 'public_net_info.enable == True' + +- name: create external subnet + neutron_subnet: + login_username: ADMIN + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: admin + auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" + name: "{{ public_net_info.subnet }}" + network_name: "{{ public_net_info.network }}" + cidr: "{{ public_net_info.floating_ip_cidr }}" + enable_dhcp: "{{ public_net_info.enable_dhcp }}" + no_gateway: "{{ public_net_info.no_gateway }}" + gateway_ip: "{{ public_net_info.external_gw }}" + allocation_pool_start: "{{ public_net_info.floating_ip_start }}" + allocation_pool_end: "{{ public_net_info.floating_ip_end }}" + state: present + run_once: true + when: 'public_net_info.enable == True' + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/Debian.yml new file mode 100755 index 00000000..0b5c78b6 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/Debian.yml @@ -0,0 +1,18 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +api_services: + - nova-api + - glance-api + - ceilometer-api + - heat-api + - heat-api-cfn + - aodh-api + - cinder-api + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/RedHat.yml new file mode 100755 index 00000000..886401fd --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/RedHat.yml @@ -0,0 +1,17 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +api_services: + - openstack-nova-api + - openstack-glance-api + - openstack-ceilometer-api + - openstack-heat-api + - openstack-heat-api-cfn + - openstack-cinder-api + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/main.yml new file mode 100755 index 00000000..b19b6ebf --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/ext-network/vars/main.yml @@ -0,0 +1,10 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +api_services_noarch: [] diff --git a/deploy/adapters/ansible/openstack_osp9/roles/glance/tasks/nfs.yml b/deploy/adapters/ansible/openstack_osp9/roles/glance/tasks/nfs.yml new file mode 100755 index 00000000..deec81f8 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/glance/tasks/nfs.yml @@ -0,0 +1,67 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: install nfs packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: nfs_packages + +- name: install nfs + local_action: yum name={{ item }} state=present + with_items: + - rpcbind + - nfs-utils + run_once: True + +- name: create image directory + local_action: file path=/opt/images state=directory mode=0777 + run_once: True + +- name: remove nfs config item if exist + local_action: lineinfile dest=/etc/exports state=absent + regexp="^/opt/images" + run_once: True + +- name: update nfs config + local_action: lineinfile dest=/etc/exports state=present + line="/opt/images *(rw,insecure,sync,all_squash)" + run_once: True + +- name: restart compass nfs service + local_action: service name={{ item }} state=restarted enabled=yes + with_items: + - rpcbind + - nfs-server + run_once: True + +- name: get mount info + command: mount + register: mount_info + tags: + - recovery + +- name: get nfs server + shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf + register: ip_info + tags: + - recovery + +- name: restart host nfs service + service: name={{ item }} state=restarted enabled=yes + with_items: '{{ nfs_services }}' + +- name: mount image directory + shell: | + mount -t nfs -onfsvers=3 {{ ip_info.stdout_lines[0] }}:/opt/images /var/lib/glance/images + sed -i '/\/var\/lib\/glance\/images/d' /etc/fstab + #echo {{ ip_info.stdout_lines[0] }}:/opt/images /var/lib/glance/images/ nfs nfsvers=3 >> /etc/fstab + when: mount_info.stdout.find('images') == -1 + retries: 5 + delay: 3 + tags: + - recovery diff --git a/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/Debian.yml new file mode 100755 index 00000000..d1825012 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/Debian.yml @@ -0,0 +1,21 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages: + - glance + - nfs-common + +nfs_packages: + - nfs-common + +nfs_services: [] + +services: + - glance-registry + - glance-api diff --git a/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/RedHat.yml new file mode 100755 index 00000000..2987d0c4 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/glance/vars/RedHat.yml @@ -0,0 +1,23 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages: + - openstack-glance + - rpcbind + +nfs_packages: + - nfs-utils + - rpcbind + +nfs_services: + - rpcbind + +services: + - openstack-glance-api + - openstack-glance-registry diff --git a/deploy/adapters/ansible/openstack_osp9/roles/heat/tasks/heat_install.yml b/deploy/adapters/ansible/openstack_osp9/roles/heat/tasks/heat_install.yml new file mode 100755 index 00000000..b90e6402 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/heat/tasks/heat_install.yml @@ -0,0 +1,39 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: install heat related packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: generate heat service list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: services | union(services_noarch) + +# ' + +- name: create heat user domain + shell: > + . /opt/admin-openrc-v3.sh; + openstack domain create --description "Stack projects and users" heat; + openstack user create --domain heat --password {{ HEAT_PASS }} heat_domain_admin; + openstack role add --domain heat --user-domain heat --user heat_domain_admin admin; + openstack role create heat_stack_owner; + openstack role add --project demo --user demo heat_stack_owner; + when: inventory_hostname == groups['controller'][0] + +- name: update heat conf + template: src=heat.j2 + dest=/etc/heat/heat.conf + backup=yes + notify: + - restart heat service + - remove heat-sqlite-db + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/heat/templates/heat.j2 b/deploy/adapters/ansible/openstack_osp9/roles/heat/templates/heat.j2 new file mode 100755 index 00000000..62df9fd9 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/heat/templates/heat.j2 @@ -0,0 +1,28 @@ +[DEFAULT] +heat_metadata_server_url = http://{{ internal_vip.ip }}:8000 +heat_waitcondition_server_url = http://{{ internal_vip.ip }}:8000/v1/waitcondition +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +log_dir = /var/log/heat +stack_domain_admin = heat_domain_admin +stack_domain_admin_password = {{ HEAT_PASS }} +stack_user_domain_name = heat + +[database] +connection = mysql://heat:{{ HEAT_DBPASS }}@{{ db_host }}/heat +idle_timeout = 30 +use_db_reconnect = True +pool_timeout = 10 + +[ec2authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = heat +admin_password = {{ HEAT_PASS }} + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/openstack_osp9/roles/keystone/tasks/keystone_install.yml new file mode 100755 index 00000000..ba4fc28e --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/keystone/tasks/keystone_install.yml @@ -0,0 +1,97 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install keystone packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: disable boot auto start + file: + path={{ item }} + state=absent + with_items: + - /etc/init.d/keystone + - /etc/init/keystone.conf + when: ansible_os_family == "Debian" + +- name: generate keystone service list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: services | union(services_noarch) + +- name: delete sqlite database + file: + path: /var/lib/keystone/keystone.db + state: absent + +- name: update keystone conf + template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes + notify: + - restart keystone services + +- name: assure listen port exist + lineinfile: + dest: '{{ apache_config_dir }}/ports.conf' + regexp: '{{ item.regexp }}' + line: '{{ item.line}}' + with_items: + - regexp: "^Listen {{ internal_ip }}:5000" + line: "Listen {{ internal_ip }}:5000" + - regexp: "^Listen {{ internal_ip }}:35357" + line: "Listen {{ internal_ip }}:35357" + notify: + - restart keystone services + +- name: update apache2 configs + template: + src: wsgi-keystone.conf.j2 + dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf' + when: ansible_os_family == 'Debian' + notify: + - restart keystone services + +- name: update apache2 configs + template: + src: wsgi-keystone.conf.j2 + dest: '{{ apache_config_dir }}/wsgi-keystone.conf' + when: ansible_os_family == 'RedHat' + notify: + - restart keystone services + +- name: enable keystone server + file: + src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf" + dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf" + state: "link" + when: ansible_os_family == 'Debian' + notify: + - restart keystone services + +- name: keystone source files + template: src={{ item }} dest=/opt/{{ item }} + with_items: + - admin-openrc.sh + - demo-openrc.sh + - admin-openrc-v3.sh + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/RedHat.yml new file mode 100755 index 00000000..63ddce3c --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/RedHat.yml @@ -0,0 +1,20 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +cron_path: "/var/spool/cron" + +packages: + - openstack-keystone + - python-openstackclient + +services: + - httpd + +apache_config_dir: /etc/httpd/conf.d +http_service_name: httpd diff --git a/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/main.yml new file mode 100755 index 00000000..9e97a29c --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/keystone/vars/main.yml @@ -0,0 +1,164 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages_noarch: + - python-keystoneclient + +services_noarch: [] +os_services: + - name: keystone + type: identity + region: RegionOne + description: "OpenStack Identity" + publicurl: "http://{{ public_vip.ip }}:5000/v2.0" + internalurl: "http://{{ internal_vip.ip }}:5000/v2.0" + adminurl: "http://{{ internal_vip.ip }}:35357/v2.0" + + - name: glance + type: image + region: RegionOne + description: "OpenStack Image Service" + publicurl: "http://{{ public_vip.ip }}:9292" + internalurl: "http://{{ internal_vip.ip }}:9292" + adminurl: "http://{{ internal_vip.ip }}:9292" + + - name: nova + type: compute + region: RegionOne + description: "OpenStack Compute" + publicurl: "http://{{ public_vip.ip }}:8774/v2/%(tenant_id)s" + internalurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s" + adminurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s" + + - name: neutron + type: network + region: RegionOne + description: "OpenStack Networking" + publicurl: "http://{{ public_vip.ip }}:9696" + internalurl: "http://{{ internal_vip.ip }}:9696" + adminurl: "http://{{ internal_vip.ip }}:9696" + + - name: ceilometer + type: metering + region: RegionOne + description: "OpenStack Telemetry" + publicurl: "http://{{ public_vip.ip }}:8777" + internalurl: "http://{{ internal_vip.ip }}:8777" + adminurl: "http://{{ internal_vip.ip }}:8777" + + - name: aodh + type: alarming + region: RegionOne + description: "OpenStack Telemetry" + publicurl: "http://{{ public_vip.ip }}:8042" + internalurl: "http://{{ internal_vip.ip }}:8042" + adminurl: "http://{{ internal_vip.ip }}:8042" + + - name: cinder + type: volume + region: RegionOne + description: "OpenStack Block Storage" + publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s" + internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" + adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" + + - name: cinderv2 + type: volumev2 + region: RegionOne + description: "OpenStack Block Storage v2" + publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s" + internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" + adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" + + - name: heat + type: orchestration + region: RegionOne + description: "OpenStack Orchestration" + publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s" + internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" + adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" + + - name: heat-cfn + type: cloudformation + region: RegionOne + description: "OpenStack CloudFormation Orchestration" + publicurl: "http://{{ public_vip.ip }}:8000/v1" + internalurl: "http://{{ internal_vip.ip }}:8000/v1" + adminurl: "http://{{ internal_vip.ip }}:8000/v1" + +os_users: + - user: admin + password: "{{ ADMIN_PASS }}" + email: admin@admin.com + role: admin + tenant: admin + tenant_description: "Admin Tenant" + + - user: glance + password: "{{ GLANCE_PASS }}" + email: glance@admin.com + role: admin + tenant: service + tenant_description: "Service Tenant" + + - user: nova + password: "{{ NOVA_PASS }}" + email: nova@admin.com + role: admin + tenant: service + tenant_description: "Service Tenant" + + - user: keystone + password: "{{ KEYSTONE_PASS }}" + email: keystone@admin.com + role: admin + tenant: service + tenant_description: "Service Tenant" + + - user: neutron + password: "{{ NEUTRON_PASS }}" + email: neutron@admin.com + role: admin + tenant: service + tenant_description: "Service Tenant" + + - user: ceilometer + password: "{{ CEILOMETER_PASS }}" + email: ceilometer@admin.com + role: admin + tenant: service + tenant_description: "Service Tenant" + + - user: cinder + password: "{{ CINDER_PASS }}" + email: cinder@admin.com + role: admin + tenant: service + tenant_description: "Service Tenant" + + - user: aodh + password: "{{ AODH_PASS }}" + email: aodh@admin.com + role: admin + tenant: service + tenant_description: "Service Tenant" + + - user: heat + password: "{{ HEAT_PASS }}" + email: heat@admin.com + role: admin + tenant: service + tenant_description: "Service Tenant" + + - user: demo + password: "" + email: heat@demo.com + role: heat_stack_user + tenant: demo + tenant_description: "Demo Tenant" diff --git a/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/tasks/main.yml new file mode 100755 index 00000000..fd3e51d3 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/tasks/main.yml @@ -0,0 +1,75 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: activate ipv4 forwarding + sysctl: name=net.ipv4.ip_forward value=1 + state=present reload=yes + +- name: deactivate ipv4 rp filter + sysctl: name=net.ipv4.conf.all.rp_filter value=0 + state=present reload=yes + +- name: deactivate ipv4 default rp filter + sysctl: name=net.ipv4.conf.default.rp_filter + value=0 state=present reload=yes + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install compute-related neutron packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: fix openstack neutron plugin config file + shell: | + sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service + systemctl daemon-reload + when: ansible_os_family == 'RedHat' + +- name: fix openstack neutron plugin config file ubuntu + shell: | + sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /etc/init/neutron-openvswitch-agent.conf + sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /etc/init.d/neutron-openvswitch-agent + when: ansible_os_family == "Debian" + +- name: generate neutron compute service list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: services | union(services_noarch) + +- name: config ml2 plugin + template: src=templates/ml2_conf.ini + dest=/etc/neutron/plugins/ml2/ml2_conf.ini + backup=yes + +- name: ln plugin.ini + file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link + +- name: config neutron + template: src=templates/neutron.conf + dest=/etc/neutron/neutron.conf backup=yes + notify: + - restart neutron compute service + - restart nova-compute services + +- meta: flush_handlers + +- include: ../../neutron-network/tasks/odl.yml + when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}" diff --git a/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/vars/Debian.yml new file mode 100755 index 00000000..6ae52f3b --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/neutron-compute/vars/Debian.yml @@ -0,0 +1,19 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +packages: + - neutron-common + - neutron-plugin-ml2 + - openvswitch-datapath-dkms + - openvswitch-switch + - neutron-plugin-openvswitch-agent + +services: + - neutron-openvswitch-agent diff --git a/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/tasks/main.yml new file mode 100755 index 00000000..31f7f17c --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/tasks/main.yml @@ -0,0 +1,117 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: activate ipv4 forwarding + sysctl: name=net.ipv4.ip_forward value=1 + state=present reload=yes + +- name: deactivate ipv4 rp filter + sysctl: name=net.ipv4.conf.all.rp_filter value=0 + state=present reload=yes + +- name: deactivate ipv4 default rp filter + sysctl: name=net.ipv4.conf.default.rp_filter + value=0 state=present reload=yes + +- name: assert kernel support for vxlan + command: modinfo -F version vxlan + when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" + +- name: assert iproute2 suppport for vxlan + command: ip link add type vxlan help + register: iproute_out + failed_when: iproute_out.rc == 255 + when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install neutron network related packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: generate neutron network service list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: services | union(services_noarch) + +- name: fix openstack neutron plugin config file + shell: | + sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service + systemctl daemon-reload + when: ansible_os_family == 'RedHat' + +- name: fix openstack neutron plugin config file ubuntu + shell: | + sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /etc/init/neutron-openvswitch-agent.conf + sed -i 's,plugins/ml2/openvswitch_agent.ini,plugin.ini,g' /etc/init.d/neutron-openvswitch-agent + when: ansible_os_family == "Debian" + +- name: config l3 agent + template: src=l3_agent.ini dest=/etc/neutron/l3_agent.ini + backup=yes + +- name: config dhcp agent + template: src=dhcp_agent.ini dest=/etc/neutron/dhcp_agent.ini + backup=yes + +- name: update dnsmasq-neutron.conf + template: src=templates/dnsmasq-neutron.conf + dest=/etc/neutron/dnsmasq-neutron.conf + +- name: config metadata agent + template: src=metadata_agent.ini + dest=/etc/neutron/metadata_agent.ini backup=yes + +- name: config ml2 plugin + template: src=templates/ml2_conf.ini + dest=/etc/neutron/plugins/ml2/ml2_conf.ini + backup=yes + +- name: ln plugin.ini + file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link + +- name: config neutron + template: src=templates/neutron.conf + dest=/etc/neutron/neutron.conf backup=yes + +- name: force mtu to 1450 for vxlan + lineinfile: + dest: /etc/neutron/dnsmasq-neutron.conf + regexp: '^dhcp-option-force' + line: 'dhcp-option-force=26,1450' + when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" + +- include: firewall.yml + when: enable_fwaas == True + +- include: vpn.yml + when: enable_vpnaas == True + +- include: odl.yml + when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: restart neutron network relation service + service: name={{ item }} state=restarted enabled=yes + with_flattened: + - services_noarch + - services + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/vars/Debian.yml new file mode 100755 index 00000000..c95d0265 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/neutron-network/vars/Debian.yml @@ -0,0 +1,25 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages: + - neutron-plugin-ml2 + - openvswitch-datapath-dkms + - openvswitch-switch + - neutron-l3-agent + - neutron-dhcp-agent + - neutron-plugin-openvswitch-agent + +services: + - openvswitch-switch + - neutron-openvswitch-agent + +openvswitch_agent: neutron-plugin-openvswitch-agent + +xorp_packages: + - xorp diff --git a/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/tasks/main.yml new file mode 100755 index 00000000..fe544630 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/tasks/main.yml @@ -0,0 +1,58 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + +- name: install nova-compute related packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + +- name: restart virtlogd + service: name=virtlogd state=started enabled=yes + when: ansible_os_family == "Debian" + +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + +- name: update nova-compute conf + template: src={{ item }} dest=/etc/nova/{{ item }} + with_items: + - nova.conf + notify: + - restart nova-compute services + +- name: get number of cpu support virtualization + shell: egrep -c '(vmx|svm)' /proc/cpuinfo + register: kvm_cpu_num + +- name: update nova-compute conf + template: src={{ item }} dest=/etc/nova/{{ item }} + with_items: + - nova-compute.conf + notify: + - restart nova-compute services + +- name: generate neutron control service list + lineinfile: dest=/opt/service create=yes line='{{ item }}' + with_items: services | union(services_noarch) + +- name: remove nova sqlite db + shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.removed + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova-compute.conf b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova-compute.conf new file mode 100755 index 00000000..305d408b --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova-compute.conf @@ -0,0 +1,11 @@ +[DEFAULT] +compute_driver=libvirt.LibvirtDriver +force_raw_images = true +[libvirt] +{% if kvm_cpu_num.stdout_lines[0]|int == 0 %} +virt_type=qemu +{% else %} +virt_type=kvm +{% endif %} +images_type = raw +mem_stats_period_seconds=0 diff --git a/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova.conf b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova.conf new file mode 100755 index 00000000..73b49a5a --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/nova-compute/templates/nova.conf @@ -0,0 +1,89 @@ +[DEFAULT] +block_device_allocate_retries=5 +block_device_allocate_retries_interval=300 +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lib/nova/tmp +force_dhcp_release=True +iscsi_helper=tgtadm +libvirt_use_virtio_for_bridges=True +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +verbose={{ VERBOSE}} +debug={{ DEBUG }} +ec2_private_dns_show_ip=True +api_paste_config=/etc/nova/api-paste.ini +volumes_path=/var/lib/nova/volumes +enabled_apis=osapi_compute,metadata + +default_floating_pool={{ public_net_info.network }} +auth_strategy = keystone + +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +osapi_compute_listen={{ internal_ip }} +metadata_listen={{ internal_ip }} + +my_ip = {{ internal_ip }} +vnc_enabled = True +vncserver_listen = {{ internal_ip }} +vncserver_proxyclient_address = {{ internal_ip }} +novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html + +novncproxy_host = {{ internal_ip }} +novncproxy_port = 6080 + +network_api_class = nova.network.neutronv2.api.API +linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = neutron + +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state +notification_driver = nova.openstack.common.notifier.rpc_notifier +notification_driver = ceilometer.compute.nova_notifier + +[database] +# The SQLAlchemy connection string used to connect to the database +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova +idle_timeout = 30 +use_db_reconnect = True +pool_timeout = 10 + +[api_database] +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova_api +idle_timeout = 30 +use_db_reconnect = True +pool_timeout = 10 + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000/2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = nova +admin_password = {{ NOVA_PASS }} + +[glance] +host = {{ internal_vip.ip }} + +[neutron] +url = http://{{ internal_vip.ip }}:9696 +auth_strategy = keystone +admin_tenant_name = service +admin_username = neutron +admin_password = {{ NEUTRON_PASS }} +admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0 +service_metadata_proxy = True +metadata_proxy_shared_secret = {{ METADATA_SECRET }} +auth_type = password +auth_url = http://{{ internal_vip.ip }}:35357 +password = {{ NEUTRON_PASS }} +username = neutron +project_domain_name = default +user_domain_name = default diff --git a/deploy/adapters/ansible/openstack_osp9/roles/nova-controller/tasks/nova_config.yml b/deploy/adapters/ansible/openstack_osp9/roles/nova-controller/tasks/nova_config.yml new file mode 100755 index 00000000..f332c97a --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/nova-controller/tasks/nova_config.yml @@ -0,0 +1,21 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: nova api db sync + shell: su -s /bin/sh -c "nova-manage api_db sync" nova + ignore_errors: True + notify: + - restart nova service + +- name: nova db sync + nova_manage: action=dbsync + notify: + - restart nova service + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/tasks/openvswitch.yml b/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/tasks/openvswitch.yml new file mode 100755 index 00000000..33099104 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/tasks/openvswitch.yml @@ -0,0 +1,148 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +#- name: Install Crudini +# apt: name={{ item }} state=present +# with_items: +# - crudini + +- name: install compute packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: compute_packages | union(compute_packages_noarch) + +- name: remove neutron-openvswitch-agent service daemon + shell: sed -i '/{{ service_ovs_agent_name }}/d' /opt/service ; + +- name: shut down and disable Neutron's openvswitch agent services + service: name={{ service_ovs_agent_name }} state=stopped enabled=no + +- name: remove Neutron's openvswitch agent services + shell: > + update-rc.d -f {{ service_ovs_agent_name }} remove; + mv /etc/init.d/{{ service_ovs_agent_name }} /home/{{ service_ovs_agent_name }}; + mv /etc/init/{{ service_ovs_agent_name }}.conf /home/{{ service_ovs_agent_name }}.conf; + when: ansible_os_family == "Debian" + + +- name: Stop the Open vSwitch service and clear existing OVSDB + shell: > + service {{ service_ovs_name }} stop ; + rm -rf /var/log/openvswitch/* ; + rm -rf /etc/openvswitch/conf.db ; + service {{ service_ovs_name }} start ; + +- name: set opendaylight as the manager + command: su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ internal_vip.ip }}:6640;" + +- name: check br-int + shell: ovs-vsctl list-br | grep br-int; while [ $? -ne 0 ]; do sleep 10; ovs-vsctl list-br | grep br-int; done + +- name: set local ip in openvswitch + shell: ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) other_config={'local_ip'=' {{ internal_ip }} '}; + +#' + +################################################################## +########### Recover External network for odl l3 ################# +################################################################## + +- name: check br-ex + shell: ovs-vsctl list-br | grep br-ex; while [ $? -ne 0 ]; do sleep 10; ovs-vsctl list-br | grep br-ex; done + when: odl_l3_agent == "Enable" + +- name: add ovs uplink + openvswitch_port: bridge=br-ex port={{ item["interface"] }} state=present + with_items: "{{ network_cfg['provider_net_mappings'] }}" + when: item["type"] == "ovs" and odl_l3_agent == "Enable" + +- name: wait 10 seconds + shell: sleep 10 + when: odl_l3_agent == "Enable" + +- name: set external nic in openvswitch + shell: ovs-vsctl set Open_vSwitch $(ovs-vsctl show | head -n 1) other_config:provider_mappings=br-ex:{{ item["interface"] }} + with_items: "{{ network_cfg['provider_net_mappings'] }}" + when: item["type"] == "ovs" and odl_l3_agent == "Enable" + +- name: copy recovery script + copy: src={{ item }} dest=/opt/setup_networks + with_items: + - recover_network_odl_l3.py + - setup_networks_odl_l3.py + when: odl_l3_agent == "Enable" + +- name: recover external script + shell: python /opt/setup_networks/recover_network_odl_l3.py + when: odl_l3_agent == "Enable" + +- name: update keepalived info + template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf + when: inventory_hostname in groups['odl'] and odl_l3_agent == "Enable" + +- name: modify net-init + shell: sed -i 's/setup_networks.py/setup_networks_odl_l3.py/g' /etc/init.d/net_init + when: odl_l3_agent == "Enable" + +################################################################## +########### Recover External network for odl l2 ################# +################################################################## + +- name: add ovs bridge + openvswitch_bridge: bridge={{ item["name"] }} state=present + with_items: "{{ network_cfg['provider_net_mappings'] }}" + when: item["type"] == "ovs" and odl_l3_agent == "Disable" + +- name: add ovs uplink + openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} state=present + with_items: "{{ network_cfg['provider_net_mappings'] }}" + when: item["type"] == "ovs" and odl_l3_agent == "Disable" + +- name: copy recovery script + copy: src={{ item }} dest=/opt/setup_networks + with_items: + - recover_network.py + when: odl_l3_agent == "Disable" + +- name: recover external script + shell: python /opt/setup_networks/recover_network.py + when: odl_l3_agent == "Disable" + +################################################################## + + +- name: restart keepalived to recover external IP + shell: service keepalived restart + when: inventory_hostname in groups['odl'] + ignore_errors: True + + + +################################################################## +################################################################## +################################################################## +- name: configure opendaylight -> ml2 + shell: > + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True; + +#- name: Adjust Service Daemon +# shell: > +# sed -i '/neutron-openvswitch-agent/d' /opt/service ; +# echo opendaylight >> /opt/service ; + +- name: copy ml2 configuration script + template: + src: ml2_conf.sh + dest: "/opt/ml2_conf.sh" + mode: 0777 + +- name: execute ml2 configuration script + command: su -s /bin/sh -c "/opt/ml2_conf.sh;" diff --git a/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/vars/Debian.yml new file mode 100755 index 00000000..a3d5dd02 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/odl_cluster/vars/Debian.yml @@ -0,0 +1,23 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +controller_packages: +# - openjdk-7-jdk + - crudini + +compute_packages: + - crudini + +service_ovs_name: openvswitch-switch +service_ovs_agent_name: neutron-openvswitch-agent + +service_file: + src: opendaylight.conf + dst: /etc/init/opendaylight.conf diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/log.py b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/log.py new file mode 100755 index 00000000..fffeb589 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/log.py @@ -0,0 +1,41 @@ +import logging +import os +loggers = {} +log_dir="/var/log/setup_network" +try: + os.makedirs(log_dir) +except: + pass + +def getLogger(name): + if name in loggers: + return loggers[name] + + logger = logging.getLogger(name) + logger.setLevel(logging.DEBUG) + + # create file handler which logs even debug messages + log_file = "%s/%s.log" % (log_dir, name) + try: + os.remove(log_file) + except: + pass + + fh = logging.FileHandler(log_file) + fh.setLevel(logging.DEBUG) + + # create console handler with a higher log level + ch = logging.StreamHandler() + ch.setLevel(logging.ERROR) + + # create formatter and add it to the handlers + formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s") + ch.setFormatter(formatter) + fh.setFormatter(formatter) + + # add the handlers to logger + logger.addHandler(ch) + logger.addHandler(fh) + + loggers[name] = logger + return logger diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/net_init b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/net_init new file mode 100755 index 00000000..c27a8bf8 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/net_init @@ -0,0 +1,20 @@ +#!/bin/bash +## BEGIN INIT INFO +# Provides: anamon.init +# Default-Start: 3 5 +# Default-Stop: 0 1 2 4 6 +# Required-Start: $network +# Short-Description: Starts the cobbler anamon boot notification program +# Description: anamon runs the first time a machine is booted after +# installation. +## END INIT INFO + +# +# anamon.init: Starts the cobbler post-install boot notification program +# +# chkconfig: 35 0 6 +# +# description: anamon runs the first time a machine is booted after +# installation. +# +python /opt/setup_networks/setup_networks.py diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/setup_networks.py b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/setup_networks.py new file mode 100755 index 00000000..e58d6c72 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/files/setup_networks/setup_networks.py @@ -0,0 +1,73 @@ +import yaml +import netaddr +import os +import log as logging + +LOG = logging.getLogger("net-init") +config_path = os.path.join(os.path.dirname(__file__), "network.cfg") + +def setup_bondings(bond_mappings): + print bond_mappings + +def add_vlan_link(interface, ifname, vlan_id): + LOG.info("add_vlan_link enter") + cmd = "ip link add link %s name %s type vlan id %s; " % (ifname, interface, vlan_id) + cmd += "ip link set %s up; ip link set %s up" % (interface, ifname) + LOG.info("add_vlan_link: cmd=%s" % cmd) + os.system(cmd) + +def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None): + LOG.info("add_ovs_port enter") + cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname) + if vlan_id: + cmd += " tag=%s" % vlan_id + cmd += " -- set Interface %s type=internal;" % ifname + cmd += "ip link set dev %s address `ip link show %s |awk '/link\/ether/{print $2}'`;" \ + % (ifname, uplink) + cmd += "ip link set %s up;" % ifname + LOG.info("add_ovs_port: cmd=%s" % cmd) + os.system(cmd) + +def setup_intfs(sys_intf_mappings, uplink_map): + LOG.info("setup_intfs enter") + for intf_name, intf_info in sys_intf_mappings.items(): + if intf_info["type"] == "vlan": + add_vlan_link(intf_name, intf_info["interface"], intf_info["vlan_tag"]) + elif intf_info["type"] == "ovs": + add_ovs_port( + intf_info["interface"], + intf_name, + uplink_map[intf_info["interface"]], + vlan_id=intf_info.get("vlan_tag")) + else: + pass + +def setup_ips(ip_settings, sys_intf_mappings): + LOG.info("setup_ips enter") + for intf_info in ip_settings.values(): + network = netaddr.IPNetwork(intf_info["cidr"]) + if sys_intf_mappings[intf_info["name"]]["type"] == "ovs": + intf_name = intf_info["name"] + else: + intf_name = intf_info["alias"] + cmd = "ip addr add %s/%s brd %s dev %s;" \ + % (intf_info["ip"], intf_info["netmask"], str(network.broadcast),intf_name) + if "gw" in intf_info: + cmd += "route del default;" + cmd += "ip route add default via %s dev %s" % (intf_info["gw"], intf_name) + LOG.info("setup_ips: cmd=%s" % cmd) + os.system(cmd) + +def main(config): + uplink_map = {} + setup_bondings(config["bond_mappings"]) + for provider_net in config["provider_net_mappings"]: + uplink_map[provider_net['name']] = provider_net['interface'] + + setup_intfs(config["sys_intf_mappings"], uplink_map) + setup_ips(config["ip_settings"], config["sys_intf_mappings"]) + +if __name__ == "__main__": + os.system("service openvswitch-switch status|| service openvswitch-switch start") + config = yaml.load(open(config_path)) + main(config) diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/handlers/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/handlers/main.yml new file mode 100755 index 00000000..e099fcf4 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/handlers/main.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: restart onos service + service: name=onos state=restarted enabled=yes diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/main.yml new file mode 100755 index 00000000..6b619057 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/main.yml @@ -0,0 +1,121 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: install onos related packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages | union(packages_noarch) + when: groups['onos']|length !=0 + +- name: remove neutron-openvswitch-agent auto start + shell: > + update-rc.d neutron-openvswitch-agent remove; + sed -i /neutron-openvswitch-agent/d /opt/service + when: groups['onos']|length !=0 + ignore_errors: True + +- name: shut down and disable Neutron's agent services + service: name=neutron-openvswitch-agent state=stopped + when: groups['onos']|length !=0 + ignore_errors: True + +- name: remove neutron-l3-agent auto start + shell: > + update-rc.d neutron-l3-agent remove; + sed -i /neutron-l3-agent/d /opt/service + when: inventory_hostname in groups['onos'] + ignore_errors: True + +- name: shut down and disable Neutron's l3 agent services + service: name=neutron-l3-agent state=stopped + when: inventory_hostname in groups['onos'] + ignore_errors: True + +- name: Stop the Open vSwitch service and clear existing OVSDB + shell: > + service openvswitch-switch stop ; + rm -rf /var/log/openvswitch/* ; + rm -rf /etc/openvswitch/conf.db ; + service openvswitch-switch start ; + when: groups['onos']|length !=0 + ignore_errors: True + +################################################################## +########### Recover External network ################# +################################################################## + +- name: add ovs bridge + openvswitch_bridge: bridge={{ item["name"] }} state=present + with_items: "{{ network_cfg['provider_net_mappings'] }}" + when: item["type"] == "ovs" and groups['onos']|length !=0 + +- name: add ovs uplink + openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} state=present + with_items: "{{ network_cfg['provider_net_mappings'] }}" + when: item["type"] == "ovs" and groups['onos']|length !=0 + +- name: add ovs uplink + shell: ip link set {{ item["interface"] }} up + with_items: "{{ network_cfg['provider_net_mappings'] }}" + when: item["type"] == "ovs" and groups['onos']|length !=0 + +- name: ensure script dir exist + shell: mkdir -p /opt/setup_networks + when: groups['onos']|length !=0 + +- name: copy scripts + copy: src={{ item }} dest=/opt/setup_networks + with_items: + - setup_networks/log.py + - setup_networks/setup_networks.py + when: groups['onos']|length !=0 + +- name: copy boot scripts + copy: src={{ item }} dest=/etc/init.d/ mode=0755 + with_items: + - setup_networks/net_init + when: groups['onos']|length !=0 + +- name: copy config files + template: src=network.cfg dest=/opt/setup_networks + when: groups['onos']|length !=0 + +- name: make sure python lib exist + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: + - python-yaml + - python-netaddr + when: groups['onos']|length !=0 + +- name: run scripts + shell: python /opt/setup_networks/setup_networks.py + when: groups['onos']|length !=0 + +- name: add to boot scripts + service: name=net_init enabled=yes + when: groups['onos']|length !=0 +################################################################## + +- name: restart keepalived to recover external IP + shell: service keepalived restart + when: inventory_hostname in groups['onos'] + ignore_errors: True + +- name: Install ONOS Cluster on Controller + include: onos_controller.yml + when: inventory_hostname in groups['onos'] and onos_sfc == "Disable" + +- name: Install ONOS Cluster on Controller + include: onos_sfc_controller.yml + when: inventory_hostname in groups['onos'] and onos_sfc == "Enable" + +- name: Config ONOS Cluster + include: openvswitch.yml + when: groups['onos']|length !=0 diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_controller.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_controller.yml new file mode 100755 index 00000000..9ab8d1c1 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_controller.yml @@ -0,0 +1,131 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: get image http server + shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf + register: http_server + +- name: download onos driver packages + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_driver }}" dest=/opt/ + +- name: unarchive onos driver package + command: su -s /bin/sh -c "tar xvf /opt/networking-onos.tar -C /opt/" + +- name: install onos driver + command: su -s /bin/sh -c "/opt/networking-onos/install_driver.sh" + +- name: install onos required packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages + +- name: download oracle-jdk8 package file + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_pkg_name }}" dest=/opt/{{ jdk8_pkg_name }} + +- name: download oracle-jdk8 script file + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_script_name }}" dest=/opt/ + +- name: unarchive onos driver package + command: su -s /bin/sh -c "tar xvf /opt/install_jdk8.tar -C /opt/" + +- name: install install_jdk8 package + command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh" + +- name: create JAVA_HOME environment variable + shell: > + export J2SDKDIR=/usr/lib/jvm/java-8-oracle; + export J2REDIR=/usr/lib/jvm/java-8-oracle/jre; + export PATH=$PATH:/usr/lib/jvm/java-8-oracle/bin:/usr/lib/jvm/java-8-oracle/db/bin:/usr/lib/jvm/java-8-oracle/jre/bin; + export JAVA_HOME=/usr/lib/jvm/java-8-oracle; + export DERBY_HOME=/usr/lib/jvm/java-8-oracle/db; + +- name: create onos group + group: name=onos system=yes state=present + +- name: create onos user + user: + name: onos + group: onos + home: "{{ onos_home }}" + createhome: "yes" + system: "yes" + shell: "/bin/false" + +- name: download onos package + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_pkg_name }}" dest=/opt/{{ onos_pkg_name }} + +- name: create new jar repository + command: su -s /bin/sh -c "mkdir ~/.m2" + ignore_errors: True + +- name: download jar repository + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ repository }}" dest=~/.m2/ + +- name: extract jar repository + command: su -s /bin/sh -c "tar xvf ~/.m2/repository.tar -C ~/.m2/" + +- name: extract onos package + command: su -s /bin/sh -c "tar xzf /opt/{{ onos_pkg_name }} -C {{ onos_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files" onos + +- name: configure onos service + shell: > + echo 'export ONOS_OPTS=debug' > {{ onos_home }}/options; + echo 'export ONOS_USER=root' >> {{ onos_home }}/options; + mkdir {{ onos_home }}/var; + mkdir {{ onos_home }}/config; + sed -i '/pre-stop/i\env JAVA_HOME=/usr/lib/jvm/java-8-oracle' {{ onos_home }}/init/onos.conf; + cp -rf {{ onos_home }}/init/onos.conf /etc/init/; + cp -rf {{ onos_home }}/init/onos.conf /etc/init.d/; + +- name: configure onos boot feature + shell: > + sed -i '/^featuresBoot=/c\featuresBoot={{ onos_boot_features }}' {{ onos_home }}/{{ karaf_dist }}/etc/org.apache.karaf.features.cfg; + +- name: wait for config time + shell: "sleep 10" + +- name: start onos service + service: name=onos state=started enabled=yes + +- name: wait for onos start time + shell: "sleep 200" + +- name: add onos auto start + shell: > + echo "onos">>/opt/service + +########################################################################################################## +################################ ONOS connect with OpenStack ################################ +########################################################################################################## +- name: Configure Neutron1 + shell: > + crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins onos_router; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers onos_ml2; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers vxlan + +- name: Create ML2 Configuration File + template: + src: ml2_conf.sh + dest: "/opt/ml2_conf.sh" + mode: 0777 + +- name: Configure Neutron2 + command: su -s /bin/sh -c "/opt/ml2_conf.sh;" + +- name: Configure Neutron3 + shell: > + mysql -e "drop database if exists neutron_ml2;"; + mysql -e "create database neutron_ml2 character set utf8;"; + mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';"; + su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron; + su -s /bin/sh -c "neutron-db-manage --subproject networking-sfc upgrade head" neutron; + +- name: Restart neutron-server + service: name=neutron-server state=restarted diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_sfc_controller.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_sfc_controller.yml new file mode 100755 index 00000000..226923e8 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/onos_sfc_controller.yml @@ -0,0 +1,140 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: get image http server + shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf + register: http_server + +- name: download onos driver packages + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_driver }}" dest=/opt/ + +- name: download onos sfc driver package + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_sfc_driver }}" dest=/opt/ + +- name: unarchive onos driver package + command: su -s /bin/sh -c "tar xvf /opt/networking-onos.tar -C /opt/" + +- name: unarchive onos sfc driver package + command: su -s /bin/sh -c "tar xvf /opt/networking-sfc.tar -C /opt/" + +- name: install onos driver + command: su -s /bin/sh -c "/opt/networking-onos/install_driver.sh" + +- name: install onos sfc driver + command: su -s /bin/sh -c "/opt/networking-sfc/install_driver.sh" + +- name: install onos required packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: packages + +- name: download oracle-jdk8 package file + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_pkg_name }}" dest=/opt/{{ jdk8_pkg_name }} + +- name: download oracle-jdk8 script file + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ jdk8_script_name }}" dest=/opt/ + +- name: unarchive onos driver package + command: su -s /bin/sh -c "tar xvf /opt/install_jdk8.tar -C /opt/" + +- name: install install_jdk8 package + command: su -s /bin/sh -c "/opt/install_jdk8/install_jdk8.sh" + +- name: create JAVA_HOME environment variable + shell: > + export J2SDKDIR=/usr/lib/jvm/java-8-oracle; + export J2REDIR=/usr/lib/jvm/java-8-oracle/jre; + export PATH=$PATH:/usr/lib/jvm/java-8-oracle/bin:/usr/lib/jvm/java-8-oracle/db/bin:/usr/lib/jvm/java-8-oracle/jre/bin; + export JAVA_HOME=/usr/lib/jvm/java-8-oracle; + export DERBY_HOME=/usr/lib/jvm/java-8-oracle/db; + +- name: create onos group + group: name=onos system=yes state=present + +- name: create onos user + user: + name: onos + group: onos + home: "{{ onos_home }}" + createhome: "yes" + system: "yes" + shell: "/bin/false" + +- name: download onos package + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ onos_pkg_name }}" dest=/opt/{{ onos_pkg_name }} + +- name: create new jar repository + command: su -s /bin/sh -c "mkdir ~/.m2" + ignore_errors: True + +- name: download jar repository + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/onos/{{ repository }}" dest=~/.m2/ + +- name: extract jar repository + command: su -s /bin/sh -c "tar xvf ~/.m2/repository.tar -C ~/.m2/" + +- name: extract onos package + command: su -s /bin/sh -c "tar xzf /opt/{{ onos_pkg_name }} -C {{ onos_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files" onos + +- name: configure onos service + shell: > + echo 'export ONOS_OPTS=debug' > {{ onos_home }}/options; + echo 'export ONOS_USER=root' >> {{ onos_home }}/options; + mkdir {{ onos_home }}/var; + mkdir {{ onos_home }}/config; + sed -i '/pre-stop/i\env JAVA_HOME=/usr/lib/jvm/java-8-oracle' {{ onos_home }}/init/onos.conf; + cp -rf {{ onos_home }}/init/onos.conf /etc/init/; + cp -rf {{ onos_home }}/init/onos.conf /etc/init.d/; + +- name: configure onos boot feature + shell: > + sed -i '/^featuresBoot=/c\featuresBoot={{ onos_boot_features }}' {{ onos_home }}/{{ karaf_dist }}/etc/org.apache.karaf.features.cfg; + +- name: wait for config time + shell: "sleep 10" + +- name: start onos service + service: name=onos state=started enabled=yes + +- name: wait for onos start time + shell: "sleep 200" + +- name: add onos auto start + shell: > + echo "onos">>/opt/service + +########################################################################################################## +################################ ONOS connect with OpenStack ################################ +########################################################################################################## +- name: Configure Neutron1 + shell: > + crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins networking_sfc.services.sfc.plugin.SfcPlugin,networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin,onos_router; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers onos_ml2; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan; + crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers vxlan + +- name: Create ML2 Configuration File + template: + src: ml2_conf.sh + dest: "/opt/ml2_conf.sh" + mode: 0777 + +- name: Configure Neutron2 + command: su -s /bin/sh -c "/opt/ml2_conf.sh;" + +- name: Configure Neutron3 + shell: > + mysql -e "drop database if exists neutron_ml2;"; + mysql -e "create database neutron_ml2 character set utf8;"; + mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';"; + su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron; + su -s /bin/sh -c "neutron-db-manage --subproject networking-sfc upgrade head" neutron; + +- name: Restart neutron-server + service: name=neutron-server state=restarted diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/openvswitch.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/openvswitch.yml new file mode 100755 index 00000000..76863890 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/tasks/openvswitch.yml @@ -0,0 +1,64 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: set veth port + shell: > + ip link add onos_port1 type veth peer name onos_port2; + ifconfig onos_port1 up; + ifconfig onos_port2 up; + ignore_errors: True + +- name: set veth to ovs + shell: > + export externamMac=`ifconfig eth1 | grep -Eo '\<[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'`; + ifconfig onos_port2 hw ether $externamMac; + ovs-vsctl add-port br-prv onos_port1; + ignore_errors: True + +- name: add openflow-base feature + command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-openflow-base'"; + when: inventory_hostname in groups['onos'] + +- name: add openflow feature + command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-openflow'"; + when: inventory_hostname in groups['onos'] + +- name: add ovsdatabase feature + command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-ovsdatabase'"; + when: inventory_hostname in groups['onos'] + +- name: add ovsdb-base feature + command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-ovsdb-base'"; + when: inventory_hostname in groups['onos'] + +- name: add onos driver ovsdb feature + command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-drivers-ovsdb'"; + when: inventory_hostname in groups['onos'] + +- name: add ovsdb provider host feature + command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-ovsdb-provider-host'"; + when: inventory_hostname in groups['onos'] + +- name: add vtn feature + command: su -s /bin/sh -c "/opt/onos/bin/onos 'feature:install onos-app-vtn-onosfw'"; + when: inventory_hostname in groups['onos'] + +- name: set public eth card start + command: su -s /bin/sh -c "/opt/onos/bin/onos 'externalportname-set -n onos_port2'" + when: inventory_hostname in groups['onos'] + +- name: Set ONOS as the manager + command: su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ ip_settings[groups['onos'][0]]['mgmt']['ip'] }}:6640;" + +- name: delete default gateway + shell: > + route delete default; + when: inventory_hostname not in groups['onos'] + ignore_errors: True diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/keepalived.conf b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/keepalived.conf new file mode 100755 index 00000000..4ccf1c43 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/keepalived.conf @@ -0,0 +1,47 @@ +global_defs { + router_id {{ inventory_hostname }} +} + +vrrp_sync_group VG1 { + group { + internal_vip + public_vip + } +} + +vrrp_instance internal_vip { + interface {{ internal_vip.interface }} + virtual_router_id {{ vrouter_id_internal }} + state BACKUP + nopreempt + advert_int 1 + priority {{ 50 + (host_index[inventory_hostname] * 50) }} + + authentication { + auth_type PASS + auth_pass 1234 + } + + virtual_ipaddress { + {{ internal_vip.ip }}/{{ internal_vip.netmask }} dev {{ internal_vip.interface }} + } +} + +vrrp_instance public_vip { + interface br-ex + virtual_router_id {{ vrouter_id_public }} + state BACKUP + nopreempt + advert_int 1 + priority {{ 50 + (host_index[inventory_hostname] * 50) }} + + authentication { + auth_type PASS + auth_pass 4321 + } + + virtual_ipaddress { + {{ network_cfg.public_vip.ip }}/{{ network_cfg.public_vip.netmask }} dev br-ex + } + +} diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/ml2_conf.sh b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/ml2_conf.sh new file mode 100755 index 00000000..8af03df4 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/ml2_conf.sh @@ -0,0 +1,15 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +cat <<EOT>> /etc/neutron/plugins/ml2/ml2_conf.ini +[onos] +password = admin +username = admin +url_path = http://{{ ip_settings[groups['onos'][0]]['mgmt']['ip'] }}:8181/onos/vtn +EOT + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/my_configs.debian b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/my_configs.debian new file mode 100755 index 00000000..5ab1519b --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/my_configs.debian @@ -0,0 +1,14 @@ +{%- for alias, intf in host_ip_settings.items() %} + +auto {{ alias }} +iface {{ alias }} inet static + address {{ intf["ip"] }} + netmask {{ intf["netmask"] }} +{% if "gw" in intf %} + gateway {{ intf["gw"] }} +{% endif %} +{% if intf["name"] == alias %} + pre-up ip link set {{ sys_intf_mappings[alias]["interface"] }} up + pre-up ip link add link {{ sys_intf_mappings[alias]["interface"] }} name {{ alias }} type vlan id {{ sys_intf_mappings[alias]["vlan_tag"] }} +{% endif %} +{% endfor %} diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/network.cfg b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/network.cfg new file mode 100755 index 00000000..75ba90cb --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/templates/network.cfg @@ -0,0 +1,5 @@ +bond_mappings: {{ network_cfg["bond_mappings"] }} +ip_settings: {{ ip_settings[inventory_hostname] }} +sys_intf_mappings: {{ sys_intf_mappings }} +provider_net_mappings: {{ network_cfg["provider_net_mappings"] }} + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/Debian.yml new file mode 100755 index 00000000..c480dd9f --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/Debian.yml @@ -0,0 +1,15 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages: + - software-properties-common + - crudini + - git + +services: [] diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/RedHat.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/RedHat.yml new file mode 100755 index 00000000..c480dd9f --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/RedHat.yml @@ -0,0 +1,15 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages: + - software-properties-common + - crudini + - git + +services: [] diff --git a/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/main.yml b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/main.yml new file mode 100755 index 00000000..0f6204e2 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/onos_cluster/vars/main.yml @@ -0,0 +1,23 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages_noarch: [] + +services_noarch: [] +onos_pkg_name: onos-1.6.0.tar.gz +onos_home: /opt/onos/ +karaf_dist: apache-karaf-3.0.5 +jdk8_pkg_name: jdk-8u51-linux-x64.tar.gz +jdk8_script_name: install_jdk8.tar +onos_driver: networking-onos.tar +onos_sfc_driver: networking-sfc.tar +repository: repository.tar +onos_boot_features: config,standard,region,package,kar,ssh,management,webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui,onos-openflow-base, onos-openflow, onos-ovsdatabase, onos-ovsdb-base, onos-drivers-ovsdb, onos-ovsdb-provider-host, onos-app-vtn-onosfw + + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/open-contrail/tasks/uninstall-openvswitch.yml b/deploy/adapters/ansible/openstack_osp9/roles/open-contrail/tasks/uninstall-openvswitch.yml new file mode 100755 index 00000000..836cb78b --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/open-contrail/tasks/uninstall-openvswitch.yml @@ -0,0 +1,46 @@ +--- +- name: del ovs bridge + shell: ovs-vsctl del-br br-int; ovs-vsctl del-br br-tun; ovs-vsctl del-br br-prv; + +- name: remove ovs and ovs-plugin daeman + shell: > + sed -i '/neutron-openvswitch-agent/d' /opt/service ; + sed -i '/openvswitch-switch/d' /opt/service ; + +- name: stop ovs and ovs-plugin + shell: service openvswitch-switch stop; service neutron-openvswitch-agent stop; + +- name: remove ovs and ovs-plugin files + shell: > + update-rc.d -f neutron-openvswitch-agent remove; + mv /etc/init.d/neutron-openvswitch-agent /home/neutron-openvswitch-agent; + mv /etc/init/neutron-openvswitch-agent.conf /home/neutron-openvswitch-agent.conf; + update-rc.d -f openvswitch-switch remove ; + mv /etc/init.d/openvswitch-switch /home/openvswitch-switch ; + mv /etc/init/openvswitch-switch.conf /home/openvswitch-switch.conf ; + update-rc.d -f neutron-ovs-cleanup remove ; + mv /etc/init.d/neutron-ovs-cleanup /home/neutron-ovs-cleanup ; + mv /etc/init/neutron-ovs-cleanup.conf /home/neutron-ovs-cleanup.conf ; + +- name: remove ovs kernel module + shell: rmmod vport_vxlan; rmmod openvswitch; + ignore_errors: True + +- name: copy recovery script + copy: src={{ item }} dest=/opt/setup_networks + with_items: +# - recover_network_opencontrail.py + - setup_networks_opencontrail.py + +#- name: recover external script +# shell: python /opt/setup_networks/recover_network_opencontrail.py + +- name: modify net-init + shell: sed -i 's/setup_networks.py/setup_networks_opencontrail.py/g' /etc/init.d/net_init + +- name: resolve dual NIC problem + shell: > + echo "net.ipv4.conf.all.arp_ignore=1" >> /etc/sysctl.conf ; + /sbin/sysctl -p ; + echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore ; + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/neutron.j2 b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/neutron.j2 new file mode 100755 index 00000000..e7107660 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/neutron.j2 @@ -0,0 +1,7 @@ +[securitygroup] +firewall_driver = neutron.agent.firewall.NoopFirewallDriver +enable_security_group = True + +[agent] +prevent_arp_spoofing = False + diff --git a/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/nova.j2 b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/nova.j2 new file mode 100755 index 00000000..7dbc216a --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/templates/nova.j2 @@ -0,0 +1,3 @@ +[DEFAULT] +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = neutron diff --git a/deploy/adapters/ansible/openstack_osp9/roles/secgroup/vars/Debian.yml b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/vars/Debian.yml new file mode 100755 index 00000000..221a3d92 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/secgroup/vars/Debian.yml @@ -0,0 +1,35 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +configs_templates: + - src: nova.j2 + dest: + - /etc/nova/nova.conf + - src: neutron.j2 + dest: + - /etc/neutron/plugins/ml2/ml2_conf.ini + - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini + - /etc/neutron/plugins/ml2/restproxy.ini + +controller_services: + - nova-api + - nova-cert + - nova-conductor + - nova-consoleauth + - nova-novncproxy + - nova-scheduler + - neutron-server + - neutron-openvswitch-agent + - neutron-l3-agent + - neutron-dhcp-agent + - neutron-metadata-agent + +compute_services: + - nova-compute + - neutron-openvswitch-agent diff --git a/deploy/adapters/ansible/openstack_osp9/roles/tacker/templates/tacker.j2 b/deploy/adapters/ansible/openstack_osp9/roles/tacker/templates/tacker.j2 new file mode 100755 index 00000000..f1d9125b --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/roles/tacker/templates/tacker.j2 @@ -0,0 +1,426 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = True + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = True + +# Where to store Tacker state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/tacker + +# Where to store lock files +lock_path = $state_path/lock + +auth_strategy = keystone +policy_file = /usr/local/etc/tacker/policy.json + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +# log_dir = + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ internal_ip }} + +# Port the bind the API server to +bind_port = 8888 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of tacker.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Tacker core plugin entrypoint to be loaded from the +# tacker.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the tacker source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +# core_plugin = +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# tacker.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the tacker source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering + +service_plugins = vnfm,nfvo + +# Paste configuration file +# api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +# auth_strategy = keystone + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Tacker is +# being used in conjunction with nova security groups +# allow_overlapping_ips = False +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = tacker.openstack.common.rpc.impl_kombu +# Size of RPC thread pool +# rpc_thread_pool_size = 64 +# Size of RPC connection pool +# rpc_conn_pool_size = 30 +# Seconds to wait for a response from call or multicall +# rpc_response_timeout = 60 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +# rpc_cast_timeout = 30 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = tacker.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = tacker + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# IP address of the RabbitMQ installation +# rabbit_host = localhost +# Password of the RabbitMQ server +# rabbit_password = guest +# Port where RabbitMQ server is running/listening +# rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +# rabbit_userid = guest +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false + +# QPID +# rpc_backend=tacker.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=tacker.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = tacker.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = tacker.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = tacker.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +# default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +# notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +# agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# tacker server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to tacker server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +# api_workers = 0 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +# rpc_workers = 0 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== tacker nova interactions ========== +# Send notification to nova when port status is active. +# notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +# notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +# nova_url = http://127.0.0.1:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +# nova_region_name = + +# Username for connection to nova in admin context +# nova_admin_username = + +# The uuid of the admin nova tenant +# nova_admin_tenant_id = + +# Password for connection to nova in admin context. +# nova_admin_password = + +# Authorization URL for connection to nova in admin context. +# nova_admin_auth_url = + +# CA file for novaclient to verify server certificates +# nova_ca_certificates_file = + +# Boolean to control ignoring SSL errors on the nova url +# nova_api_insecure = False + +# Number of seconds between sending events to nova if there are any events to send +# send_events_interval = 2 + +# ======== end of tacker nova interactions ========== + +[agent] +# Use "sudo tacker-rootwrap /etc/tacker/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = sudo /usr/local/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +# report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +signing_dir = /var/cache/tacker +#cafile = /opt/stack/data/ca-bundle.pem +#project_domain_id = default +project_name = service +#user_domain_id = default +password = console +username = tacker +auth_url = http://{{ internal_vip.ip }}:35357 +auth_plugin = password +identity_uri = http://{{ internal_vip.ip }}:5000 +auth_uri = http://{{ internal_vip.ip }}:5000 + + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/tacker +connection = mysql://tacker:TACKER_DBPASS@{{ internal_vip.ip }}:3306/tacker?charset=utf8 +# Replace 127.0.0.1 above with the IP address of the database used by the +# main tacker server. (Leave it as is if the database runs on this host.) +# connection = sqlite:// +# NOTE: In deployment the [database] section and its connection attribute may +# be set in the corresponding core plugin '.ini' file. However, it is suggested +# to put the [database] section and its connection attribute in this +# configuration file. + +# Database engine for which script will be generated when using offline +# migration +# engine = + +# The SQLAlchemy connection string used to connect to the slave database +# slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +# retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +# min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +# max_pool_size = 10 + +# Timeout in seconds before idle sql connections are reaped +# idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +# max_overflow = 20 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +# connection_debug = 0 + +# Add python stack traces to SQL as comment strings +# connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +# pool_timeout = 10 + +[tacker] +# Specify drivers for hosting device +# infra_driver = heat,nova,noop + +# Specify drivers for mgmt +# mgmt_driver = noop,openwrt + +# Specify drivers for monitoring +# monitor_driver = ping, http_ping + +[nfvo_vim] +# Supported VIM drivers, resource orchestration controllers such as OpenStack, kvm +#Default VIM driver is OpenStack +#vim_drivers = openstack +#Default VIM placement if vim id is not provided +default_vim = VIM0 + +[vim_keys] +#openstack = /etc/tacker/vim/fernet_keys +[tacker_nova] +# parameters for novaclient to talk to nova +region_name = RegionOne +#project_domain_id = default +project_name = service +#user_domain_id = default +password = console +username = nova +auth_url = http://{{ internal_vip.ip }}:35357 +auth_plugin = password + +[tacker_heat] +heat_uri = http://{{ internal_vip.ip }}:8004/v1 +stack_retries = 60 +stack_retry_wait = 5 diff --git a/deploy/adapters/ansible/openstack_osp9/templates/dnsmasq-neutron.conf b/deploy/adapters/ansible/openstack_osp9/templates/dnsmasq-neutron.conf new file mode 100755 index 00000000..7bcbd9df --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/templates/dnsmasq-neutron.conf @@ -0,0 +1,2 @@ +dhcp-option-force=26,1454 + diff --git a/deploy/adapters/ansible/openstack_osp9/templates/ml2_conf.ini b/deploy/adapters/ansible/openstack_osp9/templates/ml2_conf.ini new file mode 100755 index 00000000..7b3e76da --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/templates/ml2_conf.ini @@ -0,0 +1,113 @@ +[ml2] +# (ListOpt) List of network type driver entrypoints to be loaded from +# the neutron.ml2.type_drivers namespace. +# +# type_drivers = local,flat,vlan,gre,vxlan +# Example: type_drivers = flat,vlan,gre,vxlan +type_drivers = {{ NEUTRON_TYPE_DRIVERS |join(",") }} + +# (ListOpt) Ordered list of network_types to allocate as tenant +# networks. The default value 'local' is useful for single-box testing +# but provides no connectivity between hosts. +# +# tenant_network_types = local +# Example: tenant_network_types = vlan,gre,vxlan +tenant_network_types = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }} + +# (ListOpt) Ordered list of networking mechanism driver entrypoints +# to be loaded from the neutron.ml2.mechanism_drivers namespace. +# mechanism_drivers = +# Example: mechanism_drivers = openvswitch,mlnx +# Example: mechanism_drivers = arista +# Example: mechanism_drivers = cisco,logger +# Example: mechanism_drivers = openvswitch,brocade +# Example: mechanism_drivers = linuxbridge,brocade +mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }} + +[ml2_type_flat] +# (ListOpt) List of physical_network names with which flat networks +# can be created. Use * to allow flat networks with arbitrary +# physical_network names. +# +flat_networks = * +# Example:flat_networks = physnet1,physnet2 +# Example:flat_networks = * + +[ml2_type_vlan] +# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples +# specifying physical_network names usable for VLAN provider and +# tenant networks, as well as ranges of VLAN tags on each +# physical_network available for allocation as tenant networks. +# +network_vlan_ranges = {{ NEUTRON_VLAN_RANGES|join(",") }} +# Example: network_vlan_ranges = physnet1:1000:2999,physnet2 + +[ml2_type_gre] +# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation +tunnel_id_ranges = 1:1000 + +[ml2_type_vxlan] +# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating +# ranges of VXLAN VNI IDs that are available for tenant network allocation. +# +vni_ranges = 1001:4095 + +# (StrOpt) Multicast group for the VXLAN interface. When configured, will +# enable sending all broadcast traffic to this multicast group. When left +# unconfigured, will disable multicast VXLAN mode. +# +vxlan_group = 239.1.1.1 +# Example: vxlan_group = 239.1.1.1 + +[securitygroup] +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +enable_security_group = True + +[database] +connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron?charset=utf8 + +[ovs] +local_ip = {{ internal_ip }} +{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %} +integration_bridge = br-int +{% if NEUTRON_TUNNEL_TYPES %} +tunnel_bridge = br-tun +tunnel_id_ranges = 1001:4095 +tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +{% endif %} +bridge_mappings = {{ NEUTRON_OVS_BRIDGE_MAPPINGS | join(",") }} +{% endif %} + +[agent] +root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf +tunnel_types = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +{% if 'vxlan' in NEUTRON_TUNNEL_TYPES %} +vxlan_udp_port = 4789 +{% endif %} +l2_population = False + +[odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +network_vlan_ranges = 1001:4095 +{% if NEUTRON_TUNNEL_TYPES %} +tunnel_id_ranges = 1001:4095 +tun_peer_patch_port = patch-int +int_peer_patch_port = patch-tun +tunnel_bridge = br-tun +{% endif %} + +tenant_network_type = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }} +integration_bridge = br-int +controllers = 10.1.0.15:8080:admin:admin +{% endif %} + +[ml2_odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +username = {{ odl_username }} +password = {{ odl_password }} +url = http://{{ controller }}:{{ odl_api_port }}/controller/nb/v2/neutron +{% endif %} + diff --git a/deploy/adapters/ansible/openstack_osp9/templates/neutron.conf b/deploy/adapters/ansible/openstack_osp9/templates/neutron.conf new file mode 100755 index 00000000..33231ed5 --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/templates/neutron.conf @@ -0,0 +1,486 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = {{ VERBOSE }} + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ VERBOSE }} + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +notify_nova_on_port_status_changes = True +notify_nova_on_port_data_changes = True + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +log_dir = /var/log/neutron + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ network_server_host }} + +# Port the bind the API server to +bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = router + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = neutron.openstack.common.rpc.impl_kombu +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} + +# Size of RPC thread pool +rpc_thread_pool_size = 240 +# Size of RPC connection pool +rpc_conn_pool_size = 100 +# Seconds to wait for a response from call or multicall +rpc_response_timeout = 300 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +rpc_cast_timeout = 300 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = neutron + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# Port where RabbitMQ server is running/listening +rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +rabbit_userid = {{ RABBIT_USER }} +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false +# QPID +# rpc_backend=neutron.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=neutron.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = neutron.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = neutron.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = neutron.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +api_workers = 8 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +rpc_workers = 8 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ internal_vip.ip }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = RegionOne + +# Username for connection to nova in admin context +nova_admin_username = nova + +# The uuid of the admin nova tenant +{% if NOVA_ADMIN_TENANT_ID|default('') %} +nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }} +{% endif %} +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_PASS }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0 + +# Number of seconds between sending events to nova if there are any events to send +send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +[quotas] +# Default driver to use for quota checks +quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +quota_network = 100 + +# Number of subnets allowed per tenant. A negative value means unlimited. +quota_subnet = 100 + +# Number of ports allowed per tenant. A negative value means unlimited. +quota_port = 8000 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +quota_security_group = 1000 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +quota_security_group_rule = 1000 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitors = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:////var/lib/neutron/neutron.sqlite +connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron + +# The SQLAlchemy connection string used to connect to the slave database +slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +max_pool_size = 100 + +# Timeout in seconds before idle sql connections are reaped +idle_timeout = 30 +use_db_reconnect = True + +# If set, use this value for max_overflow with sqlalchemy +max_overflow = 100 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +connection_debug = 0 + +# Add python stack traces to SQL as comment strings +connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewllDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default + +{% if enable_fwaas %} +[fwaas] +driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver +enabled = True +{% endif %} + +[nova] +auth_url = http://{{ internal_vip.ip }}:35357 +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = nova +password = {{ NOVA_PASS }} + diff --git a/deploy/adapters/ansible/openstack_osp9/templates/nova.conf b/deploy/adapters/ansible/openstack_osp9/templates/nova.conf new file mode 100755 index 00000000..3a5735cf --- /dev/null +++ b/deploy/adapters/ansible/openstack_osp9/templates/nova.conf @@ -0,0 +1,96 @@ +{% set memcached_servers = [] %} +{% for host in haproxy_hosts.values() %} +{% set _ = memcached_servers.append('%s:11211'% host) %} +{% endfor %} +{% set memcached_servers = memcached_servers|join(',') %} + +[DEFAULT] +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lib/nova/tmp +force_dhcp_release=True +iscsi_helper=tgtadm +libvirt_use_virtio_for_bridges=True +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +verbose={{ VERBOSE}} +debug={{ DEBUG }} +ec2_private_dns_show_ip=True +api_paste_config=/etc/nova/api-paste.ini +volumes_path=/var/lib/nova/volumes +enabled_apis=osapi_compute,metadata + +default_floating_pool={{ public_net_info.network }} +auth_strategy = keystone + +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +osapi_compute_listen={{ internal_ip }} +metadata_listen={{ internal_ip }} + +my_ip = {{ internal_ip }} +vnc_enabled = True +vncserver_listen = {{ internal_ip }} +vncserver_proxyclient_address = {{ internal_ip }} +novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html + +novncproxy_host = {{ internal_ip }} +novncproxy_port = 6080 + +network_api_class = nova.network.neutronv2.api.API +linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = neutron + +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state +notification_driver = nova.openstack.common.notifier.rpc_notifier +notification_driver = ceilometer.compute.nova_notifier + +memcached_servers = {{ memcached_servers }} + +[database] +# The SQLAlchemy connection string used to connect to the database +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova +idle_timeout = 30 +use_db_reconnect = True +pool_timeout = 10 + +[api_database] +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova_api +idle_timeout = 30 +use_db_reconnect = True +pool_timeout = 10 + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000/2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = nova +admin_password = {{ NOVA_PASS }} +memcached_servers = {{ memcached_servers }} + +[glance] +host = {{ internal_vip.ip }} + +[neutron] +url = http://{{ internal_vip.ip }}:9696 +auth_strategy = keystone +admin_tenant_name = service +admin_username = neutron +admin_password = {{ NEUTRON_PASS }} +admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0 +service_metadata_proxy = True +metadata_proxy_shared_secret = {{ METADATA_SECRET }} +auth_type = password +auth_url = http://{{ internal_vip.ip }}:35357 +password = {{ NEUTRON_PASS }} +username = neutron +project_domain_name = default +user_domain_name = default |