path: root/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates
diff options
mode: <>2016-07-28 09:42:27 +0000
committerGerrit Code Review <gerrit@>2016-07-28 09:42:27 +0000
commit9e6d6e9715bf4c1e772b74d3886eea88860526f4 (patch)
tree9c513e2ddda5a1795d4d2fd8e3b3a759ecc63ed2 /deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates
parent8adc3eab76774dc5b1486aae8194708a39eabec7 (diff)
parentdab3f653a973223dfcddc3d1b506266d7b83a6e1 (diff)
Merge "add swift and moon in Compass"
Diffstat (limited to 'deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates')
6 files changed, 335 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/
new file mode 100644
index 00000000..6ba620ff
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/
@@ -0,0 +1,15 @@
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# Verify the Identity Service installation
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
+export OS_USERNAME=admin
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/api-paste.ini b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/api-paste.ini
new file mode 100644
index 00000000..f99689b7
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/api-paste.ini
@@ -0,0 +1,106 @@
+# Metadata #
+use = egg:Paste#urlmap
+/: meta
+pipeline = cors metaapp
+paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
+# OpenStack #
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: oscomputeversions
+# starting in Liberty the v21 implementation replaces the v2
+# implementation and is suggested that you use it as the default. If
+# this causes issues with your clients you can rollback to the
+# *frozen* v2 api by commenting out the above stanza and using the
+# following instead::
+# /v2: openstack_compute_api_legacy_v2
+# if rolling back to v2 fixes your issue please file a critical bug
+# at -
+# v21 is an exactly feature match for v2, except it has more stringent
+# input validation on the wsgi surface (prevents fuzzing early on the
+# API). It also provides new features via API microversions which are
+# opt into for clients. Unaware clients will receive the same frozen
+# v2 API feature set, but with some relaxed validation
+/v2: openstack_compute_api_v21_legacy_v2_compatible
+/v2.1: openstack_compute_api_v21
+# NOTE: this is deprecated in favor of openstack_compute_api_v21_legacy_v2_compatible
+use = call:nova.api.auth:pipeline_factory
+noauth2 = cors compute_req_id faultwrap sizelimit noauth2 legacy_ratelimit osapi_compute_app_legacy_v2
+keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext moon legacy_ratelimit osapi_compute_app_legacy_v2
+keystone_nolimit = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_legacy_v2
+use = call:nova.api.auth:pipeline_factory_v21
+noauth2 = cors compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
+keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
+use = call:nova.api.auth:pipeline_factory_v21
+noauth2 = cors compute_req_id faultwrap sizelimit noauth2 legacy_v2_compatible osapi_compute_app_v21
+keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21
+paste.filter_factory = oslo_middleware:RequestId.factory
+paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory
+paste.filter_factory = nova.api.openstack:FaultWrapper.factory
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
+paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
+paste.filter_factory = oslo_middleware:RequestBodySizeLimiter.factory
+paste.filter_factory = nova.api.openstack:LegacyV2CompatibleWrapper.factory
+paste.app_factory = nova.api.openstack.compute:APIRouter.factory
+paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory
+pipeline = faultwrap oscomputeversionapp
+paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
+# Shared #
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = nova
+paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+paste.filter_factory = keystonemiddleware.moon_agent:filter_factory
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/
new file mode 100644
index 00000000..5807e868
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/
@@ -0,0 +1,13 @@
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+export OS_USERNAME=demo
+export OS_TENANT_NAME=demo
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/keystone-paste.ini b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/keystone-paste.ini
new file mode 100644
index 00000000..cd9ebede
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/keystone-paste.ini
@@ -0,0 +1,96 @@
+# Keystone PasteDeploy configuration file.
+pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service
+use = egg:keystone#moon_service
+use = egg:oslo.middleware#debug
+use = egg:oslo.middleware#request_id
+use = egg:keystone#build_auth_context
+use = egg:keystone#token_auth
+# This is deprecated in the M release and will be removed in the O release.
+# Use `keystone-manage bootstrap` and remove this from the pipelines below.
+use = egg:keystone#admin_token_auth
+use = egg:keystone#json_body
+use = egg:oslo.middleware#cors
+oslo_config_project = keystone
+use = egg:keystone#ec2_extension
+use = egg:keystone#ec2_extension_v3
+use = egg:keystone#s3_extension
+use = egg:keystone#url_normalize
+use = egg:oslo.middleware#sizelimit
+use = egg:keystone#public_service
+use = egg:keystone#service_v3
+use = egg:keystone#admin_service
+# The last item in this pipeline must be public_service or an equivalent
+# application. It cannot be a filter.
+pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension public_service
+# The last item in this pipeline must be admin_service or an equivalent
+# application. It cannot be a filter.
+pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension s3_extension admin_service
+# The last item in this pipeline must be service_v3 or an equivalent
+# application. It cannot be a filter.
+pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
+use = egg:keystone#public_version_service
+use = egg:keystone#admin_version_service
+pipeline = cors sizelimit url_normalize public_version_service
+pipeline = cors sizelimit url_normalize admin_version_service
+use = egg:Paste#urlmap
+/moon = moon_pipeline
+/v2.0 = public_api
+/v3 = api_v3
+/ = public_version_api
+use = egg:Paste#urlmap
+/moon = moon_pipeline
+/v2.0 = admin_api
+/v3 = api_v3
+/ = admin_version_api
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/keystone.conf b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/keystone.conf
new file mode 100644
index 00000000..649fc32c
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/keystone.conf
@@ -0,0 +1,59 @@
+{% set memcached_servers = [] %}
+{% set rabbitmq_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% set _ = rabbitmq_servers.append('%s:5672'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+{% set rabbitmq_servers = rabbitmq_servers|join(',') %}
+admin_token={{ ADMIN_TOKEN }}
+debug={{ DEBUG }}
+log_dir = /var/log/keystone
+memcache_servers={{ memcached_servers}}
+connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone?charset=utf8
+public_bind_host= {{ identity_host }}
+admin_bind_host= {{ identity_host }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+rabbit_hosts = {{ rabbitmq_servers }}
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/wsgi-keystone.conf.j2
new file mode 100644
index 00000000..64d864af
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/moon-post/templates/wsgi-keystone.conf.j2
@@ -0,0 +1,46 @@
+ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+<VirtualHost {{ internal_ip }}:5000>
+ WSGIDaemonProcess keystone-public processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-public
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-public
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+<VirtualHost {{ internal_ip }}:35357>
+ WSGIDaemonProcess keystone-admin processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-admin
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/{{ http_service_name }}/keystone.log
+ CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>